JSC supports special 'custom' properties implemented as a c++ callback, and these custom properties can be used to implement either value- or accessor-like behavior. getOwnPropertyDescriptor behavior is selected via the CustomAccessor attribute. Value- or accessor-like object selection is current supported by passing both the slotBase and the thisValue to the callback,and hoping it uses the right one. This is probably inefficient, bug-prone, and leads to crazy like JSBoundSlotBaseFunction.
Instead, just pass one thisValue to the callback functions, consistent with CustomAccessor.
Created attachment 270914 [details]
Attachment 270914 [details] did not pass style-queue:
Total errors found: 1 in 59 files
If any of these errors are false positives, please file a bug against check-webkit-style.
As a follow up to this, more cleanup around JSBoundSlotBaseFunction/CustomGetter should be possible.
JSBoundSlotBaseFunction no longer needs to bind the slotBase (it's never used!), And we can probably merge these back with CustomGetters (reify of value/accessor properties always just creates a CustomGetter; lazily create a JSFunction derivate only if requested by getOwnPropertyDescriptor).
Created attachment 270915 [details]
With style fix
Created attachment 270939 [details]
Comment on attachment 270939 [details]
Fixed in r196331
(In reply to comment #7)
> Fixed in r196331
It made ~180 JSC tests crash on ARMv7 Linux bots: bug154064
Do you think if it is a Linux specific bug or have you noticed
this regression on your internal iOS ARM JSC tester bots too?
(In reply to comment #8)
> (In reply to comment #7)
> > Fixed in r196331
> It made ~180 JSC tests crash on ARMv7 Linux bots: bug154064
> Do you think if it is a Linux specific bug or have you noticed
> this regression on your internal iOS ARM JSC tester bots too?
I found the bug and fixed it in bug154064. The problem is related to ARM EABI,
which says that 64 bits value should be aligned to even numbered register.