Bug 236330 - [JSC] OrdinarySet should invoke custom [[Set]] methods for indexed puts
Summary: [JSC] OrdinarySet should invoke custom [[Set]] methods for indexed puts
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Alexey Shvayka
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2022-02-08 14:39 PST by Alexey Shvayka
Modified: 2022-02-15 14:40 PST (History)
8 users (show)

See Also:

Attachments
Patch (48.29 KB, patch)
2022-02-08 14:44 PST, Alexey Shvayka 		no flags Details | Formatted Diff | Diff
Patch (53.58 KB, patch)
2022-02-09 09:09 PST, Alexey Shvayka 		saam: review-
Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexey Shvayka 2022-02-08 14:39:27 PST 
[JSC] OrdinarySet should invoke custom [[Set]] methods for indexed puts
Comment 1 Alexey Shvayka 2022-02-08 14:44:35 PST 
Created attachment 451306 [details]
Patch
Comment 2 Alexey Shvayka 2022-02-09 09:09:32 PST 
Created attachment 451388 [details]
Patch

Adjust tests.
Comment 3 Saam Barati 2022-02-09 10:37:41 PST 
Comment on attachment 451388 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=451388&action=review

> Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h:405
> +        if (UNLIKELY(slot.thisValue() != thisObject)) {

can we do the "isThisValueAltered" thing?

> Source/JavaScriptCore/runtime/JSObject.cpp:2899
> +        if (current->structure(vm)->typeInfo().interceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero()) {

this is bizarre that we're using this flag to indicate what to do for put. This feels like an inconsistent fix to me.

> Source/JavaScriptCore/runtime/StructureInlines.h:93
> +    if (typeInfo().interceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero())
> +        return true;

this is not the intention of this flag. Now, if you put a typed array in a prototype chain, you're going to "have a bad time". Why is this needed?
Comment 4 Radar WebKit Bug Importer 2022-02-15 14:40:16 PST 
<rdar://problem/88988175>