NEW 236330
[JSC] OrdinarySet should invoke custom [[Set]] methods for indexed puts 
https://bugs.webkit.org/show_bug.cgi?id=236330
Summary [JSC] OrdinarySet should invoke custom [[Set]] methods for indexed puts
Alexey Shvayka
Reported 2022-02-08 14:39:27 PST
[JSC] OrdinarySet should invoke custom [[Set]] methods for indexed puts
Attachments
Patch (48.29 KB, patch)
2022-02-08 14:44 PST, Alexey Shvayka 		no flags
DetailsFormatted DiffDiff
Patch (53.58 KB, patch)
2022-02-09 09:09 PST, Alexey Shvayka 		saam: review-
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Alexey Shvayka
Comment 1 2022-02-08 14:44:35 PST
Created attachment 451306 [details] Patch
Alexey Shvayka
Comment 2 2022-02-09 09:09:32 PST
Created attachment 451388 [details] Patch Adjust tests.
Saam Barati
Comment 3 2022-02-09 10:37:41 PST
Comment on attachment 451388 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=451388&action=review > Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h:405 > + if (UNLIKELY(slot.thisValue() != thisObject)) { can we do the "isThisValueAltered" thing? > Source/JavaScriptCore/runtime/JSObject.cpp:2899 > + if (current->structure(vm)->typeInfo().interceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero()) { this is bizarre that we're using this flag to indicate what to do for put. This feels like an inconsistent fix to me. > Source/JavaScriptCore/runtime/StructureInlines.h:93 > + if (typeInfo().interceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero()) > + return true; this is not the intention of this flag. Now, if you put a typed array in a prototype chain, you're going to "have a bad time". Why is this needed?
Radar WebKit Bug Importer
Comment 4 2022-02-15 14:40:16 PST
<rdar://problem/88988175>
Note You need to log in before you can comment on or make changes to this bug.