RESOLVED FIXED 202379
Make assertion in JSObject::putOwnDataProperty more precise 
https://bugs.webkit.org/show_bug.cgi?id=202379
Summary Make assertion in JSObject::putOwnDataProperty more precise
Tadeu Zagallo
Reported 2019-09-30 16:12:06 PDT
<rdar://problem/49515980>
Attachments
Patch (4.84 KB, patch)
2019-09-30 16:34 PDT, Tadeu Zagallo 		no flags
DetailsFormatted DiffDiff
Patch (5.94 KB, patch)
2019-09-30 16:37 PDT, Tadeu Zagallo 		no flags
DetailsFormatted DiffDiff
Patch (6.45 KB, patch)
2019-09-30 17:02 PDT, Tadeu Zagallo 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Tadeu Zagallo
Comment 1 2019-09-30 16:34:34 PDT
Created attachment 379854 [details] Patch
Tadeu Zagallo
Comment 2 2019-09-30 16:37:32 PDT
Created attachment 379855 [details] Patch Include test
Yusuke Suzuki
Comment 3 2019-09-30 16:42:12 PDT
Comment on attachment 379855 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=379855&action=review > Source/JavaScriptCore/runtime/JSObjectInlines.h:482 > +#if !ASSERT_DISABLED > +#define VALIDATE_PUT_OWN_DATA_PROPERTY() \ > + do { \ > + ASSERT(value); \ > + ASSERT(!Heap::heap(value) || Heap::heap(value) == Heap::heap(this)); \ > + unsigned attributes; \ > + PropertyOffset offset = structure(vm)->get(vm, propertyName, attributes); \ > + if (isValidOffset(offset)) \ > + ASSERT(!(attributes & (PropertyAttribute::Accessor | PropertyAttribute::CustomAccessor | PropertyAttribute::ReadOnly))); \ > + else if (TypeInfo::hasStaticPropertyTable(inlineTypeFlags())) { \ > + if (auto entry = findPropertyHashEntry(vm, propertyName)) { \ > + ASSERT(!(entry->value->attributes() & (PropertyAttribute::Accessor | PropertyAttribute::CustomAccessor | PropertyAttribute::ReadOnly))); \ > + } \ > + } \ > + } while (false) > +#else > +#define VALIDATE_PUT_OWN_DATA_PROPERTY() > +#endif Why not making it as an inline function?
Tadeu Zagallo
Comment 4 2019-09-30 16:43:55 PDT
Comment on attachment 379855 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=379855&action=review Thanks for the review. >> Source/JavaScriptCore/runtime/JSObjectInlines.h:482 >> +#endif > > Why not making it as an inline function? I just didn't want to pass all the values through, but that does seem better. I'll update.
Tadeu Zagallo
Comment 5 2019-09-30 17:02:00 PDT
Created attachment 379861 [details] Patch Refactor validation into inline function
WebKit Commit Bot
Comment 6 2019-09-30 21:06:31 PDT
Comment on attachment 379861 [details] Patch Clearing flags on attachment: 379861 Committed r250543: <https://trac.webkit.org/changeset/250543>
WebKit Commit Bot
Comment 7 2019-09-30 21:06:33 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.