WebKit Bugzilla
Attachment 341314 Details for
Bug 185968
: Enforce invariant that GetterSetter objects are immutable.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for landing.
bug-185968.patch (text/plain), 25.19 KB, created by
Mark Lam
on 2018-05-25 13:07:08 PDT
(
hide
)
Description:
patch for landing.
Filename:
MIME Type:
Creator:
Mark Lam
Created:
2018-05-25 13:07:08 PDT
Size:
25.19 KB
patch
obsolete
>Index: Source/JavaScriptCore/ChangeLog >=================================================================== >--- Source/JavaScriptCore/ChangeLog (revision 232197) >+++ Source/JavaScriptCore/ChangeLog (working copy) >@@ -1,3 +1,42 @@ >+2018-05-25 Mark Lam <mark.lam@apple.com> >+ >+ Enforce invariant that GetterSetter objects are invariant. >+ https://bugs.webkit.org/show_bug.cgi?id=185968 >+ <rdar://problem/40541416> >+ >+ Reviewed by Saam Barati. >+ >+ The code already assumes the invariant that GetterSetter objects are immutable. >+ For example, the use of @tryGetById in builtins expect this invariant to be true. >+ The existing code mostly enforces this except for one case: JSObject's >+ validateAndApplyPropertyDescriptor, where it will re-use the same GetterSetter >+ object. >+ >+ This patch enforces this invariant by removing the setGetter and setSetter methods >+ of GetterSetter, and requiring the getter/setter callback functions to be >+ specified at construction time. >+ >+ * jit/JITOperations.cpp: >+ * llint/LLIntSlowPaths.cpp: >+ (JSC::LLInt::LLINT_SLOW_PATH_DECL): >+ * runtime/GetterSetter.cpp: >+ (JSC::GetterSetter::withGetter): Deleted. >+ (JSC::GetterSetter::withSetter): Deleted. >+ * runtime/GetterSetter.h: >+ * runtime/JSGlobalObject.cpp: >+ (JSC::JSGlobalObject::init): >+ * runtime/JSObject.cpp: >+ (JSC::JSObject::putIndexedDescriptor): >+ (JSC::JSObject::putDirectNativeIntrinsicGetter): >+ (JSC::putDescriptor): >+ (JSC::validateAndApplyPropertyDescriptor): >+ * runtime/JSTypedArrayViewPrototype.cpp: >+ (JSC::JSTypedArrayViewPrototype::finishCreation): >+ * runtime/Lookup.cpp: >+ (JSC::reifyStaticAccessor): >+ * runtime/PropertyDescriptor.cpp: >+ (JSC::PropertyDescriptor::slowGetterSetter): >+ > 2018-05-25 Saam Barati <sbarati@apple.com> > > Have a memory test where we can validate JSCs mini memory mode >Index: Source/JavaScriptCore/jit/JITOperations.cpp >=================================================================== >--- Source/JavaScriptCore/jit/JITOperations.cpp (revision 232197) >+++ Source/JavaScriptCore/jit/JITOperations.cpp (working copy) >@@ -1781,23 +1781,15 @@ void JIT_OPERATION operationPutGetterSet > ASSERT(object && object->isObject()); > JSObject* baseObject = asObject(object); > >- GetterSetter* accessor = GetterSetter::create(vm, exec->lexicalGlobalObject()); >- > JSValue getter = JSValue::decode(encodedGetterValue); > JSValue setter = JSValue::decode(encodedSetterValue); >- ASSERT(getter.isObject() || getter.isUndefined()); >- ASSERT(setter.isObject() || setter.isUndefined()); > ASSERT(getter.isObject() || setter.isObject()); >- >- if (!getter.isUndefined()) >- accessor->setGetter(vm, exec->lexicalGlobalObject(), asObject(getter)); >- if (!setter.isUndefined()) >- accessor->setSetter(vm, exec->lexicalGlobalObject(), asObject(setter)); >+ GetterSetter* accessor = GetterSetter::create(vm, exec->lexicalGlobalObject(), getter, setter); > CommonSlowPaths::putDirectAccessorWithReify(vm, exec, baseObject, uid, accessor, attribute); > } > > #else >-void JIT_OPERATION operationPutGetterSetter(ExecState* exec, JSCell* object, UniquedStringImpl* uid, int32_t attribute, JSCell* getter, JSCell* setter) >+void JIT_OPERATION operationPutGetterSetter(ExecState* exec, JSCell* object, UniquedStringImpl* uid, int32_t attribute, JSCell* getterCell, JSCell* setterCell) > { > VM& vm = exec->vm(); > NativeCallFrameTracer tracer(&vm, exec); >@@ -1805,16 +1797,10 @@ void JIT_OPERATION operationPutGetterSet > ASSERT(object && object->isObject()); > JSObject* baseObject = asObject(object); > >- GetterSetter* accessor = GetterSetter::create(vm, exec->lexicalGlobalObject()); >- >- ASSERT(!getter || getter->isObject()); >- ASSERT(!setter || setter->isObject()); > ASSERT(getter || setter); >- >- if (getter) >- accessor->setGetter(vm, exec->lexicalGlobalObject(), getter->getObject()); >- if (setter) >- accessor->setSetter(vm, exec->lexicalGlobalObject(), setter->getObject()); >+ JSObject* getter = getterCell ? getterCell->getObject() : nullptr; >+ JSObject* setter = setterCell ? setterCell->getObject() : nullptr; >+ GetterSetter* accessor = GetterSetter::create(vm, exec->lexicalGlobalObject(), getter, setter); > CommonSlowPaths::putDirectAccessorWithReify(vm, exec, baseObject, uid, accessor, attribute); > } > #endif >Index: Source/JavaScriptCore/llint/LLIntSlowPaths.cpp >=================================================================== >--- Source/JavaScriptCore/llint/LLIntSlowPaths.cpp (revision 232197) >+++ Source/JavaScriptCore/llint/LLIntSlowPaths.cpp (working copy) >@@ -1078,20 +1078,12 @@ LLINT_SLOW_PATH_DECL(slow_path_put_gette > LLINT_BEGIN(); > ASSERT(LLINT_OP(1).jsValue().isObject()); > JSObject* baseObject = asObject(LLINT_OP(1).jsValue()); >- >- GetterSetter* accessor = GetterSetter::create(vm, exec->lexicalGlobalObject()); >- LLINT_CHECK_EXCEPTION(); > > JSValue getter = LLINT_OP(4).jsValue(); > JSValue setter = LLINT_OP(5).jsValue(); >- ASSERT(getter.isObject() || getter.isUndefined()); >- ASSERT(setter.isObject() || setter.isUndefined()); > ASSERT(getter.isObject() || setter.isObject()); >- >- if (!getter.isUndefined()) >- accessor->setGetter(vm, exec->lexicalGlobalObject(), asObject(getter)); >- if (!setter.isUndefined()) >- accessor->setSetter(vm, exec->lexicalGlobalObject(), asObject(setter)); >+ GetterSetter* accessor = GetterSetter::create(vm, exec->lexicalGlobalObject(), getter, setter); >+ > CommonSlowPaths::putDirectAccessorWithReify(vm, exec, baseObject, exec->codeBlock()->identifier(pc[2].u.operand), accessor, pc[3].u.operand); > LLINT_END(); > } >Index: Source/JavaScriptCore/runtime/GetterSetter.cpp >=================================================================== >--- Source/JavaScriptCore/runtime/GetterSetter.cpp (revision 232197) >+++ Source/JavaScriptCore/runtime/GetterSetter.cpp (working copy) >@@ -45,32 +45,6 @@ void GetterSetter::visitChildren(JSCell* > visitor.append(thisObject->m_setter); > } > >-GetterSetter* GetterSetter::withGetter(VM& vm, JSGlobalObject* globalObject, JSObject* newGetter) >-{ >- if (isGetterNull()) { >- setGetter(vm, globalObject, newGetter); >- return this; >- } >- >- GetterSetter* result = GetterSetter::create(vm, globalObject); >- result->setGetter(vm, globalObject, newGetter); >- result->setSetter(vm, globalObject, setter()); >- return result; >-} >- >-GetterSetter* GetterSetter::withSetter(VM& vm, JSGlobalObject* globalObject, JSObject* newSetter) >-{ >- if (isSetterNull()) { >- setSetter(vm, globalObject, newSetter); >- return this; >- } >- >- GetterSetter* result = GetterSetter::create(vm, globalObject); >- result->setGetter(vm, globalObject, getter()); >- result->setSetter(vm, globalObject, newSetter); >- return result; >-} >- > JSValue callGetter(ExecState* exec, JSValue base, JSValue getterSetter) > { > VM& vm = exec->vm(); >Index: Source/JavaScriptCore/runtime/GetterSetter.h >=================================================================== >--- Source/JavaScriptCore/runtime/GetterSetter.h (revision 232197) >+++ Source/JavaScriptCore/runtime/GetterSetter.h (working copy) >@@ -44,24 +44,38 @@ class GetterSetter final : public JSNonF > friend class JIT; > typedef JSNonFinalObject Base; > private: >- GetterSetter(VM& vm, JSGlobalObject* globalObject) >+ GetterSetter(VM& vm, JSGlobalObject* globalObject, JSObject* getter, JSObject* setter) > : Base(vm, globalObject->getterSetterStructure()) > { >- m_getter.set(vm, this, globalObject->nullGetterFunction()); >- m_setter.set(vm, this, globalObject->nullSetterFunction()); >+ WTF::storeStoreFence(); >+ m_getter.set(vm, this, getter ? getter : globalObject->nullGetterFunction()); >+ m_setter.set(vm, this, setter ? setter : globalObject->nullSetterFunction()); > } > > public: > > static const unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | StructureIsImmortal; > >- static GetterSetter* create(VM& vm, JSGlobalObject* globalObject) >+ static GetterSetter* create(VM& vm, JSGlobalObject* globalObject, JSObject* getter, JSObject* setter) > { >- GetterSetter* getterSetter = new (NotNull, allocateCell<GetterSetter>(vm.heap)) GetterSetter(vm, globalObject); >+ GetterSetter* getterSetter = new (NotNull, allocateCell<GetterSetter>(vm.heap)) GetterSetter(vm, globalObject, getter, setter); > getterSetter->finishCreation(vm); > return getterSetter; > } > >+ static GetterSetter* create(VM& vm, JSGlobalObject* globalObject, JSValue getter, JSValue setter) >+ { >+ ASSERT(getter.isUndefined() || getter.isObject()); >+ ASSERT(setter.isUndefined() || setter.isObject()); >+ JSObject* getterObject { nullptr }; >+ JSObject* setterObject { nullptr }; >+ if (getter.isObject()) >+ getterObject = asObject(getter); >+ if (setter.isObject()) >+ setterObject = asObject(setter); >+ return create(vm, globalObject, getterObject, setterObject); >+ } >+ > static void visitChildren(JSCell*, SlotVisitor&); > > JSObject* getter() const { return m_getter.get(); } >@@ -76,18 +90,6 @@ public: > bool isGetterNull() const { return !!jsDynamicCast<NullGetterFunction*>(*m_getter.get()->vm(), m_getter.get()); } > bool isSetterNull() const { return !!jsDynamicCast<NullSetterFunction*>(*m_setter.get()->vm(), m_setter.get()); } > >- // Set the getter. It's only valid to call this if you've never set the getter on this >- // object. >- void setGetter(VM& vm, JSGlobalObject* globalObject, JSObject* getter) >- { >- if (!getter) >- getter = jsCast<JSObject*>(globalObject->nullGetterFunction()); >- >- RELEASE_ASSERT(isGetterNull()); >- WTF::storeStoreFence(); >- m_getter.set(vm, this, getter); >- } >- > JSObject* setter() const { return m_setter.get(); } > > JSObject* setterConcurrently() const >@@ -97,21 +99,6 @@ public: > return result; > } > >- // Set the setter. It's only valid to call this if you've never set the setter on this >- // object. >- void setSetter(VM& vm, JSGlobalObject* globalObject, JSObject* setter) >- { >- if (!setter) >- setter = jsCast<JSObject*>(globalObject->nullSetterFunction()); >- >- RELEASE_ASSERT(isSetterNull()); >- WTF::storeStoreFence(); >- m_setter.set(vm, this, setter); >- } >- >- GetterSetter* withGetter(VM&, JSGlobalObject*, JSObject* getter); >- GetterSetter* withSetter(VM&, JSGlobalObject*, JSObject* setter); >- > static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype) > { > return Structure::create(vm, globalObject, prototype, TypeInfo(GetterSetterType), info()); >Index: Source/JavaScriptCore/runtime/JSGlobalObject.cpp >=================================================================== >--- Source/JavaScriptCore/runtime/JSGlobalObject.cpp (revision 232197) >+++ Source/JavaScriptCore/runtime/JSGlobalObject.cpp (working copy) >@@ -466,33 +466,28 @@ void JSGlobalObject::init(VM& vm) > m_throwTypeErrorGetterSetter.initLater( > [] (const Initializer<GetterSetter>& init) { > JSFunction* thrower = init.owner->throwTypeErrorFunction(); >- GetterSetter* getterSetter = GetterSetter::create(init.vm, init.owner); >- getterSetter->setGetter(init.vm, init.owner, thrower); >- getterSetter->setSetter(init.vm, init.owner, thrower); >+ GetterSetter* getterSetter = GetterSetter::create(init.vm, init.owner, thrower, thrower); > init.set(getterSetter); > }); > > m_nullGetterFunction.set(vm, this, NullGetterFunction::create(vm, NullGetterFunction::createStructure(vm, this, m_functionPrototype.get()))); > m_nullSetterFunction.set(vm, this, NullSetterFunction::create(vm, NullSetterFunction::createStructure(vm, this, m_functionPrototype.get()))); > m_objectPrototype.set(vm, this, ObjectPrototype::create(vm, this, ObjectPrototype::createStructure(vm, this, jsNull()))); >- GetterSetter* protoAccessor = GetterSetter::create(vm, this); >- protoAccessor->setGetter(vm, this, JSFunction::create(vm, this, 0, makeString("get ", vm.propertyNames->underscoreProto.string()), globalFuncProtoGetter, UnderscoreProtoIntrinsic)); >- protoAccessor->setSetter(vm, this, JSFunction::create(vm, this, 0, makeString("set ", vm.propertyNames->underscoreProto.string()), globalFuncProtoSetter)); >+ GetterSetter* protoAccessor = GetterSetter::create(vm, this, >+ JSFunction::create(vm, this, 0, makeString("get ", vm.propertyNames->underscoreProto.string()), globalFuncProtoGetter, UnderscoreProtoIntrinsic), >+ JSFunction::create(vm, this, 0, makeString("set ", vm.propertyNames->underscoreProto.string()), globalFuncProtoSetter)); > m_objectPrototype->putDirectNonIndexAccessor(vm, vm.propertyNames->underscoreProto, protoAccessor, PropertyAttribute::Accessor | PropertyAttribute::DontEnum); > m_functionPrototype->structure()->setPrototypeWithoutTransition(vm, m_objectPrototype.get()); > m_objectStructureForObjectConstructor.set(vm, this, vm.structureCache.emptyObjectStructureForPrototype(this, m_objectPrototype.get(), JSFinalObject::defaultInlineCapacity())); > m_objectProtoValueOfFunction.set(vm, this, jsCast<JSFunction*>(objectPrototype()->getDirect(vm, vm.propertyNames->valueOf))); > > JSFunction* thrower = JSFunction::create(vm, this, 0, String(), globalFuncThrowTypeErrorArgumentsCalleeAndCaller); >- GetterSetter* getterSetter = GetterSetter::create(vm, this); >- getterSetter->setGetter(vm, this, thrower); >- getterSetter->setSetter(vm, this, thrower); >+ GetterSetter* getterSetter = GetterSetter::create(vm, this, thrower, thrower); > m_throwTypeErrorArgumentsCalleeAndCallerGetterSetter.set(vm, this, getterSetter); > > m_functionPrototype->initRestrictedProperties(exec, this); > >- m_speciesGetterSetter.set(vm, this, GetterSetter::create(vm, this)); >- m_speciesGetterSetter->setGetter(vm, this, JSFunction::create(vm, globalOperationsSpeciesGetterCodeGenerator(vm), this)); >+ m_speciesGetterSetter.set(vm, this, GetterSetter::create(vm, this, JSFunction::create(vm, globalOperationsSpeciesGetterCodeGenerator(vm), this), nullptr)); > > m_typedArrayProto.initLater( > [] (const Initializer<JSTypedArrayViewPrototype>& init) { >Index: Source/JavaScriptCore/runtime/JSObject.cpp >=================================================================== >--- Source/JavaScriptCore/runtime/JSObject.cpp (revision 232197) >+++ Source/JavaScriptCore/runtime/JSObject.cpp (working copy) >@@ -2456,22 +2456,18 @@ bool JSObject::putIndexedDescriptor(Exec > } > > if (descriptor.isAccessorDescriptor()) { >- JSObject* getter = 0; >+ JSObject* getter = nullptr; > if (descriptor.getterPresent()) > getter = descriptor.getterObject(); > else if (oldDescriptor.isAccessorDescriptor()) > getter = oldDescriptor.getterObject(); >- JSObject* setter = 0; >+ JSObject* setter = nullptr; > if (descriptor.setterPresent()) > setter = descriptor.setterObject(); > else if (oldDescriptor.isAccessorDescriptor()) > setter = oldDescriptor.setterObject(); > >- GetterSetter* accessor = GetterSetter::create(vm, exec->lexicalGlobalObject()); >- if (getter) >- accessor->setGetter(vm, exec->lexicalGlobalObject(), getter); >- if (setter) >- accessor->setSetter(vm, exec->lexicalGlobalObject(), setter); >+ GetterSetter* accessor = GetterSetter::create(vm, exec->lexicalGlobalObject(), getter, setter); > > entryInMap->set(vm, map, accessor); > entryInMap->attributes = descriptor.attributesOverridingCurrent(oldDescriptor) & ~PropertyAttribute::ReadOnly; >@@ -3054,9 +3050,8 @@ bool JSObject::putDirectIndexSlowOrBeyon > > bool JSObject::putDirectNativeIntrinsicGetter(VM& vm, JSGlobalObject* globalObject, Identifier name, NativeFunction nativeFunction, Intrinsic intrinsic, unsigned attributes) > { >- GetterSetter* accessor = GetterSetter::create(vm, globalObject); > JSFunction* function = JSFunction::create(vm, globalObject, 0, makeString("get ", name.string()), nativeFunction, intrinsic); >- accessor->setGetter(vm, globalObject, function); >+ GetterSetter* accessor = GetterSetter::create(vm, globalObject, function, nullptr); > return putDirectNonIndexAccessor(vm, name, accessor, attributes); > } > >@@ -3414,11 +3409,9 @@ static bool putDescriptor(ExecState* exe > VM& vm = exec->vm(); > if (descriptor.isGenericDescriptor() || descriptor.isDataDescriptor()) { > if (descriptor.isGenericDescriptor() && oldDescriptor.isAccessorDescriptor()) { >- GetterSetter* accessor = GetterSetter::create(vm, exec->lexicalGlobalObject()); >- if (oldDescriptor.getterPresent()) >- accessor->setGetter(vm, exec->lexicalGlobalObject(), oldDescriptor.getterObject()); >- if (oldDescriptor.setterPresent()) >- accessor->setSetter(vm, exec->lexicalGlobalObject(), oldDescriptor.setterObject()); >+ JSObject* getter = oldDescriptor.getterPresent() ? oldDescriptor.getterObject() : nullptr; >+ JSObject* setter = oldDescriptor.setterPresent() ? oldDescriptor.setterObject() : nullptr; >+ GetterSetter* accessor = GetterSetter::create(vm, exec->lexicalGlobalObject(), getter, setter); > target->putDirectAccessor(exec, propertyName, accessor, attributes | PropertyAttribute::Accessor); > return true; > } >@@ -3433,16 +3426,14 @@ static bool putDescriptor(ExecState* exe > return true; > } > attributes &= ~PropertyAttribute::ReadOnly; >- GetterSetter* accessor = GetterSetter::create(vm, exec->lexicalGlobalObject()); > >- if (descriptor.getterPresent()) >- accessor->setGetter(vm, exec->lexicalGlobalObject(), descriptor.getterObject()); >- else if (oldDescriptor.getterPresent()) >- accessor->setGetter(vm, exec->lexicalGlobalObject(), oldDescriptor.getterObject()); >- if (descriptor.setterPresent()) >- accessor->setSetter(vm, exec->lexicalGlobalObject(), descriptor.setterObject()); >- else if (oldDescriptor.setterPresent()) >- accessor->setSetter(vm, exec->lexicalGlobalObject(), oldDescriptor.setterObject()); >+ JSObject* getter = descriptor.getterPresent() >+ ? descriptor.getterObject() : oldDescriptor.getterPresent() >+ ? oldDescriptor.getterObject() : nullptr; >+ JSObject* setter = descriptor.setterPresent() >+ ? descriptor.setterObject() : oldDescriptor.setterPresent() >+ ? oldDescriptor.setterObject() : nullptr; >+ GetterSetter* accessor = GetterSetter::create(vm, exec->lexicalGlobalObject(), getter, setter); > > target->putDirectAccessor(exec, propertyName, accessor, attributes | PropertyAttribute::Accessor); > return true; >@@ -3559,29 +3550,36 @@ bool validateAndApplyPropertyDescriptor( > JSValue accessor = object->getDirect(vm, propertyName); > if (!accessor) > return false; >- GetterSetter* getterSetter; >+ JSObject* getter = nullptr; >+ JSObject* setter = nullptr; > bool getterSetterChanged = false; >+ > if (accessor.isCustomGetterSetter()) { >- getterSetter = GetterSetter::create(vm, exec->lexicalGlobalObject()); > auto* customGetterSetter = jsCast<CustomGetterSetter*>(accessor); > if (customGetterSetter->setter()) >- getterSetter->setSetter(vm, exec->lexicalGlobalObject(), getCustomGetterSetterFunctionForGetterSetter(exec, propertyName, customGetterSetter, JSCustomGetterSetterFunction::Type::Setter)); >+ setter = getCustomGetterSetterFunctionForGetterSetter(exec, propertyName, customGetterSetter, JSCustomGetterSetterFunction::Type::Setter); > if (customGetterSetter->getter()) >- getterSetter->setGetter(vm, exec->lexicalGlobalObject(), getCustomGetterSetterFunctionForGetterSetter(exec, propertyName, customGetterSetter, JSCustomGetterSetterFunction::Type::Getter)); >+ getter = getCustomGetterSetterFunctionForGetterSetter(exec, propertyName, customGetterSetter, JSCustomGetterSetterFunction::Type::Getter); > } else { > ASSERT(accessor.isGetterSetter()); >- getterSetter = jsCast<GetterSetter*>(accessor); >+ auto* getterSetter = jsCast<GetterSetter*>(accessor); >+ getter = getterSetter->getter(); >+ setter = getterSetter->setter(); > } > if (descriptor.setterPresent()) { >- getterSetter = getterSetter->withSetter(vm, exec->lexicalGlobalObject(), descriptor.setterObject()); >+ setter = descriptor.setterObject(); > getterSetterChanged = true; > } > if (descriptor.getterPresent()) { >- getterSetter = getterSetter->withGetter(vm, exec->lexicalGlobalObject(), descriptor.getterObject()); >+ getter = descriptor.getterObject(); > getterSetterChanged = true; > } >+ > if (current.attributesEqual(descriptor) && !getterSetterChanged) > return true; >+ >+ GetterSetter* getterSetter = GetterSetter::create(vm, exec->lexicalGlobalObject(), getter, setter); >+ > object->methodTable(vm)->deleteProperty(object, exec, propertyName); > RETURN_IF_EXCEPTION(scope, false); > unsigned attrs = descriptor.attributesOverridingCurrent(current); >Index: Source/JavaScriptCore/runtime/JSTypedArrayViewPrototype.cpp >=================================================================== >--- Source/JavaScriptCore/runtime/JSTypedArrayViewPrototype.cpp (revision 232197) >+++ Source/JavaScriptCore/runtime/JSTypedArrayViewPrototype.cpp (working copy) >@@ -326,8 +326,7 @@ void JSTypedArrayViewPrototype::finishCr > JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->toLocaleString, typedArrayPrototypeToLocaleStringCodeGenerator, static_cast<unsigned>(PropertyAttribute::DontEnum)); > > JSFunction* toStringTagFunction = JSFunction::create(vm, globalObject, 0, ASCIILiteral("get [Symbol.toStringTag]"), typedArrayViewProtoGetterFuncToStringTag, NoIntrinsic); >- GetterSetter* toStringTagAccessor = GetterSetter::create(vm, globalObject); >- toStringTagAccessor->setGetter(vm, globalObject, toStringTagFunction); >+ GetterSetter* toStringTagAccessor = GetterSetter::create(vm, globalObject, toStringTagFunction, nullptr); > putDirectNonIndexAccessor(vm, vm.propertyNames->toStringTagSymbol, toStringTagAccessor, PropertyAttribute::DontEnum | PropertyAttribute::ReadOnly | PropertyAttribute::Accessor); > > JSFunction* valuesFunction = JSFunction::create(vm, typedArrayPrototypeValuesCodeGenerator(vm), globalObject); >Index: Source/JavaScriptCore/runtime/Lookup.cpp >=================================================================== >--- Source/JavaScriptCore/runtime/Lookup.cpp (revision 232197) >+++ Source/JavaScriptCore/runtime/Lookup.cpp (working copy) >@@ -29,19 +29,18 @@ namespace JSC { > void reifyStaticAccessor(VM& vm, const HashTableValue& value, JSObject& thisObject, PropertyName propertyName) > { > JSGlobalObject* globalObject = thisObject.globalObject(); >- GetterSetter* accessor = GetterSetter::create(vm, globalObject); >+ JSObject* getter = nullptr; > if (value.accessorGetter()) { >- JSFunction* function = nullptr; > if (value.attributes() & PropertyAttribute::Builtin) >- function = JSFunction::create(vm, value.builtinAccessorGetterGenerator()(vm), globalObject); >+ getter = JSFunction::create(vm, value.builtinAccessorGetterGenerator()(vm), globalObject); > else { > String getterName = tryMakeString(ASCIILiteral("get "), String(*propertyName.publicName())); > if (!getterName) > return; >- function = JSFunction::create(vm, globalObject, 0, getterName, value.accessorGetter()); >+ getter = JSFunction::create(vm, globalObject, 0, getterName, value.accessorGetter()); > } >- accessor->setGetter(vm, globalObject, function); > } >+ GetterSetter* accessor = GetterSetter::create(vm, globalObject, getter, nullptr); > thisObject.putDirectNonIndexAccessor(vm, propertyName, accessor, attributesForStructure(value.attributes())); > } > >Index: Source/JavaScriptCore/runtime/PropertyDescriptor.cpp >=================================================================== >--- Source/JavaScriptCore/runtime/PropertyDescriptor.cpp (revision 232197) >+++ Source/JavaScriptCore/runtime/PropertyDescriptor.cpp (working copy) >@@ -75,17 +75,10 @@ void PropertyDescriptor::setUndefined() > GetterSetter* PropertyDescriptor::slowGetterSetter(ExecState* exec) > { > VM& vm = exec->vm(); >- auto scope = DECLARE_THROW_SCOPE(vm); >- > JSGlobalObject* globalObject = exec->lexicalGlobalObject(); >- GetterSetter* getterSetter = GetterSetter::create(vm, globalObject); >- RETURN_IF_EXCEPTION(scope, nullptr); >- if (m_getter && !m_getter.isUndefined()) >- getterSetter->setGetter(vm, globalObject, jsCast<JSObject*>(m_getter)); >- if (m_setter && !m_setter.isUndefined()) >- getterSetter->setSetter(vm, globalObject, jsCast<JSObject*>(m_setter)); >- >- return getterSetter; >+ JSValue getter = m_getter && !m_getter.isUndefined() ? jsCast<JSObject*>(m_getter) : jsUndefined(); >+ JSValue setter = m_setter && !m_setter.isUndefined() ? jsCast<JSObject*>(m_setter) : jsUndefined(); >+ return GetterSetter::create(vm, globalObject, getter, setter); > } > > JSValue PropertyDescriptor::getter() const
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=341314">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 185968
:
341237
| 341314