Changeset 231839 in webkit


Ignore:
Timestamp:
May 16, 2018 12:05:27 AM (6 years ago)
Author:
Yusuke Suzuki
Message:

[JSC] Check TypeInfo first before calling getCallData when we would like to check whether given object is a function
https://bugs.webkit.org/show_bug.cgi?id=185601

Reviewed by Saam Barati.

Source/JavaScriptCore:

Rename TypeOfShouldCallGetCallData to OverridesGetCallData. And check OverridesGetCallData
before calling getCallData when we would like to check whether a given object is callable
since getCallData is a virtual call. When we call the object anyway, directly calling getCallData
is fine. But if we would like to check whether the object is callable, we can have non
callable objects frequently. In that case, we should not call getCallData if we can avoid it.

To do this cleanly, we refactor JSValue::{isFunction,isCallable}. We add JSCell::{isFunction,isCallable}
and JSValue ones call into these functions. Inside JSCell::{isFunction,isCallable}, we perform
OverridesGetCallData checking before calling getCallData.

We found that this virtual call exists in JSON.stringify's critial path. Checking
OverridesGetCallData improves Kraken/json-stringify-tinderbox by 2-4%.

baseline patched

json-stringify-tinderbox 38.807+-0.350 37.216+-0.337 definitely 1.0427x faster

In addition to that, we also add OverridesGetCallData flag to JSFunction while we keep JSFunctionType checking fast path
since major cases are covered by this fast JSFunctionType checking.

  • API/JSCallbackObject.h:
  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGOperations.cpp:
  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileIsObjectOrNull):
(JSC::DFG::SpeculativeJIT::compileIsFunction):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::isExoticForTypeof):

  • jit/AssemblyHelpers.h:

(JSC::AssemblyHelpers::emitTypeOf):

  • runtime/ExceptionHelpers.cpp:

(JSC::createError):
(JSC::createInvalidFunctionApplyParameterError):

  • runtime/FunctionPrototype.cpp:

(JSC::functionProtoFuncToString):

  • runtime/InternalFunction.h:
  • runtime/JSCJSValue.h:
  • runtime/JSCJSValueInlines.h:

(JSC::JSValue::isFunction const):
(JSC::JSValue::isCallable const):

  • runtime/JSCell.h:
  • runtime/JSCellInlines.h:

(JSC::JSCell::isFunction):
ALWAYS_INLINE works well for my environment.
(JSC::JSCell::isCallable):

  • runtime/JSFunction.h:
  • runtime/JSONObject.cpp:

(JSC::Stringifier::toJSON):
(JSC::Stringifier::toJSONImpl):
(JSC::Stringifier::appendStringifiedValue):

  • runtime/JSObjectInlines.h:

(JSC::createListFromArrayLike):

  • runtime/JSTypeInfo.h:

(JSC::TypeInfo::overridesGetCallData const):
(JSC::TypeInfo::typeOfShouldCallGetCallData const): Deleted.

  • runtime/Operations.cpp:

(JSC::jsTypeStringForValue):
(JSC::jsIsObjectTypeOrNull):

  • runtime/ProxyObject.h:
  • runtime/RuntimeType.cpp:

(JSC::runtimeTypeForValue):

  • runtime/RuntimeType.h:
  • runtime/Structure.cpp:

(JSC::Structure::Structure):

  • runtime/TypeProfilerLog.cpp:

(JSC::TypeProfilerLog::TypeProfilerLog):
(JSC::TypeProfilerLog::processLogEntries):

  • runtime/TypeProfilerLog.h:
  • runtime/VM.cpp:

(JSC::VM::enableTypeProfiler):

  • tools/JSDollarVM.cpp:

(JSC::functionFindTypeForExpression):
(JSC::functionReturnTypeFor):
(JSC::functionHasBasicBlockExecuted):
(JSC::functionBasicBlockExecutionCount):

  • wasm/js/JSWebAssemblyHelpers.h:

(JSC::getWasmBufferFromValue):

  • wasm/js/JSWebAssemblyInstance.cpp:

(JSC::JSWebAssemblyInstance::create):

  • wasm/js/WebAssemblyFunction.cpp:

(JSC::callWebAssemblyFunction):

  • wasm/js/WebAssemblyInstanceConstructor.cpp:

(JSC::constructJSWebAssemblyInstance):

  • wasm/js/WebAssemblyModuleRecord.cpp:

(JSC::WebAssemblyModuleRecord::link):

  • wasm/js/WebAssemblyPrototype.cpp:

(JSC::webAssemblyInstantiateFunc):
(JSC::webAssemblyInstantiateStreamingInternal):

  • wasm/js/WebAssemblyWrapperFunction.cpp:

(JSC::WebAssemblyWrapperFunction::finishCreation):

Source/WebCore:

No behavior change.

  • Modules/plugins/QuickTimePluginReplacement.mm:

(WebCore::QuickTimePluginReplacement::ensureReplacementScriptInjected):

  • bindings/js/JSCustomElementRegistryCustom.cpp:

(WebCore::getCustomElementCallback):

  • bindings/js/JSDOMConstructorBase.h:
  • bindings/js/JSDOMConvertCallbacks.h:

(WebCore::Converter<IDLCallbackFunction<T>>::convert):

  • bindings/js/JSDOMPromise.cpp:

(WebCore::DOMPromise::whenSettled):

  • bindings/js/ReadableStream.cpp:

(WebCore::ReadableStream::pipeTo):
(WebCore::ReadableStream::tee):

  • bindings/js/ReadableStreamDefaultController.cpp:

(WebCore::ReadableStreamDefaultController::invoke):

  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateHeader):
(GenerateOverloadDispatcher):

  • bindings/scripts/test/JS/JSTestObj.h:
  • bindings/scripts/test/JS/JSTestPluginInterface.h:
  • bridge/objc/objc_runtime.h:
  • bridge/runtime_method.h:
  • bridge/runtime_object.h:
  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::ensureMediaControlsInjectedScript):

  • testing/Internals.cpp:

(WebCore::Internals::parserMetaData):
(WebCore::Internals::cloneArrayBuffer):

Source/WebKit:

  • WebProcess/Plugins/Netscape/JSNPObject.h:
Location:
trunk/Source
Files:
52 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/JavaScriptCore/API/JSCallbackObject.h

    r229413 r231839  
    135135public:
    136136    typedef Parent Base;
    137     static const unsigned StructureFlags = Base::StructureFlags | ProhibitsPropertyCaching | OverridesGetOwnPropertySlot | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | ImplementsHasInstance | OverridesGetPropertyNames | TypeOfShouldCallGetCallData;
     137    static const unsigned StructureFlags = Base::StructureFlags | ProhibitsPropertyCaching | OverridesGetOwnPropertySlot | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | ImplementsHasInstance | OverridesGetPropertyNames | OverridesGetCallData;
    138138
    139139    ~JSCallbackObject();
  • trunk/Source/JavaScriptCore/ChangeLog

    r231819 r231839  
     12018-05-15  Yusuke Suzuki  <utatane.tea@gmail.com>
     2
     3        [JSC] Check TypeInfo first before calling getCallData when we would like to check whether given object is a function
     4        https://bugs.webkit.org/show_bug.cgi?id=185601
     5
     6        Reviewed by Saam Barati.
     7
     8        Rename TypeOfShouldCallGetCallData to OverridesGetCallData. And check OverridesGetCallData
     9        before calling getCallData when we would like to check whether a given object is callable
     10        since getCallData is a virtual call. When we call the object anyway, directly calling getCallData
     11        is fine. But if we would like to check whether the object is callable, we can have non
     12        callable objects frequently. In that case, we should not call getCallData if we can avoid it.
     13
     14        To do this cleanly, we refactor JSValue::{isFunction,isCallable}. We add JSCell::{isFunction,isCallable}
     15        and JSValue ones call into these functions. Inside JSCell::{isFunction,isCallable}, we perform
     16        OverridesGetCallData checking before calling getCallData.
     17
     18        We found that this virtual call exists in JSON.stringify's critial path. Checking
     19        OverridesGetCallData improves Kraken/json-stringify-tinderbox by 2-4%.
     20
     21                                               baseline                  patched
     22
     23            json-stringify-tinderbox        38.807+-0.350      ^      37.216+-0.337         ^ definitely 1.0427x faster
     24
     25        In addition to that, we also add OverridesGetCallData flag to JSFunction while we keep JSFunctionType checking fast path
     26        since major cases are covered by this fast JSFunctionType checking.
     27
     28        * API/JSCallbackObject.h:
     29        * dfg/DFGAbstractInterpreterInlines.h:
     30        (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
     31        * dfg/DFGOperations.cpp:
     32        * dfg/DFGSpeculativeJIT.cpp:
     33        (JSC::DFG::SpeculativeJIT::compileIsObjectOrNull):
     34        (JSC::DFG::SpeculativeJIT::compileIsFunction):
     35        * ftl/FTLLowerDFGToB3.cpp:
     36        (JSC::FTL::DFG::LowerDFGToB3::isExoticForTypeof):
     37        * jit/AssemblyHelpers.h:
     38        (JSC::AssemblyHelpers::emitTypeOf):
     39        * runtime/ExceptionHelpers.cpp:
     40        (JSC::createError):
     41        (JSC::createInvalidFunctionApplyParameterError):
     42        * runtime/FunctionPrototype.cpp:
     43        (JSC::functionProtoFuncToString):
     44        * runtime/InternalFunction.h:
     45        * runtime/JSCJSValue.h:
     46        * runtime/JSCJSValueInlines.h:
     47        (JSC::JSValue::isFunction const):
     48        (JSC::JSValue::isCallable const):
     49        * runtime/JSCell.h:
     50        * runtime/JSCellInlines.h:
     51        (JSC::JSCell::isFunction):
     52        ALWAYS_INLINE works well for my environment.
     53        (JSC::JSCell::isCallable):
     54        * runtime/JSFunction.h:
     55        * runtime/JSONObject.cpp:
     56        (JSC::Stringifier::toJSON):
     57        (JSC::Stringifier::toJSONImpl):
     58        (JSC::Stringifier::appendStringifiedValue):
     59        * runtime/JSObjectInlines.h:
     60        (JSC::createListFromArrayLike):
     61        * runtime/JSTypeInfo.h:
     62        (JSC::TypeInfo::overridesGetCallData const):
     63        (JSC::TypeInfo::typeOfShouldCallGetCallData const): Deleted.
     64        * runtime/Operations.cpp:
     65        (JSC::jsTypeStringForValue):
     66        (JSC::jsIsObjectTypeOrNull):
     67        * runtime/ProxyObject.h:
     68        * runtime/RuntimeType.cpp:
     69        (JSC::runtimeTypeForValue):
     70        * runtime/RuntimeType.h:
     71        * runtime/Structure.cpp:
     72        (JSC::Structure::Structure):
     73        * runtime/TypeProfilerLog.cpp:
     74        (JSC::TypeProfilerLog::TypeProfilerLog):
     75        (JSC::TypeProfilerLog::processLogEntries):
     76        * runtime/TypeProfilerLog.h:
     77        * runtime/VM.cpp:
     78        (JSC::VM::enableTypeProfiler):
     79        * tools/JSDollarVM.cpp:
     80        (JSC::functionFindTypeForExpression):
     81        (JSC::functionReturnTypeFor):
     82        (JSC::functionHasBasicBlockExecuted):
     83        (JSC::functionBasicBlockExecutionCount):
     84        * wasm/js/JSWebAssemblyHelpers.h:
     85        (JSC::getWasmBufferFromValue):
     86        * wasm/js/JSWebAssemblyInstance.cpp:
     87        (JSC::JSWebAssemblyInstance::create):
     88        * wasm/js/WebAssemblyFunction.cpp:
     89        (JSC::callWebAssemblyFunction):
     90        * wasm/js/WebAssemblyInstanceConstructor.cpp:
     91        (JSC::constructJSWebAssemblyInstance):
     92        * wasm/js/WebAssemblyModuleRecord.cpp:
     93        (JSC::WebAssemblyModuleRecord::link):
     94        * wasm/js/WebAssemblyPrototype.cpp:
     95        (JSC::webAssemblyInstantiateFunc):
     96        (JSC::webAssemblyInstantiateStreamingInternal):
     97        * wasm/js/WebAssemblyWrapperFunction.cpp:
     98        (JSC::WebAssemblyWrapperFunction::finishCreation):
     99
    11002018-05-15  Devin Rousso  <webkit@devinrousso.com>
    2101
  • trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h

    r231607 r231839  
    12611261                    if (object->type() == JSFunctionType)
    12621262                        setConstant(node, jsBoolean(false));
    1263                     else if (!(object->inlineTypeFlags() & TypeOfShouldCallGetCallData))
     1263                    else if (!(object->inlineTypeFlags() & OverridesGetCallData))
    12641264                        setConstant(node, jsBoolean(!child.value().asCell()->structure()->masqueradesAsUndefined(m_codeBlock->globalObjectFor(node->origin.semantic))));
    12651265                    else {
     
    12761276                    if (object->type() == JSFunctionType)
    12771277                        setConstant(node, jsBoolean(true));
    1278                     else if (!(object->inlineTypeFlags() & TypeOfShouldCallGetCallData))
     1278                    else if (!(object->inlineTypeFlags() & OverridesGetCallData))
    12791279                        setConstant(node, jsBoolean(false));
    12801280                    else {
  • trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp

    r231607 r231839  
    17421742    if (object->structure(vm)->masqueradesAsUndefined(globalObject))
    17431743        return false;
    1744     if (object->type() == JSFunctionType)
     1744    if (object->isFunction(vm))
    17451745        return false;
    1746     if (object->inlineTypeFlags() & TypeOfShouldCallGetCallData) {
    1747         CallData callData;
    1748         if (object->methodTable(vm)->getCallData(object, callData) != CallType::None)
    1749             return false;
    1750     }
    1751    
    17521746    return true;
    17531747}
     
    17621756    if (object->structure(vm)->masqueradesAsUndefined(globalObject))
    17631757        return false;
    1764     if (object->type() == JSFunctionType)
     1758    if (object->isFunction(vm))
    17651759        return true;
    1766     if (object->inlineTypeFlags() & TypeOfShouldCallGetCallData) {
    1767         CallData callData;
    1768         if (object->methodTable(vm)->getCallData(object, callData) != CallType::None)
    1769             return true;
    1770     }
    1771    
    17721760    return false;
    17731761}
     
    17821770    if (object->structure(vm)->masqueradesAsUndefined(globalObject))
    17831771        return vm.smallStrings.undefinedString();
    1784     if (object->type() == JSFunctionType)
     1772    if (object->isFunction(vm))
    17851773        return vm.smallStrings.functionString();
    1786     if (object->inlineTypeFlags() & TypeOfShouldCallGetCallData) {
    1787         CallData callData;
    1788         if (object->methodTable(vm)->getCallData(object, callData) != CallType::None)
    1789             return vm.smallStrings.functionString();
    1790     }
    1791    
    17921774    return vm.smallStrings.objectString();
    17931775}
     
    18021784    if (object->structure(vm)->masqueradesAsUndefined(globalObject))
    18031785        return static_cast<int32_t>(TypeofType::Undefined);
    1804     if (object->type() == JSFunctionType)
     1786    if (object->isFunction(vm))
    18051787        return static_cast<int32_t>(TypeofType::Function);
    1806     if (object->inlineTypeFlags() & TypeOfShouldCallGetCallData) {
    1807         CallData callData;
    1808         if (object->methodTable(vm)->getCallData(object, callData) != CallType::None)
    1809             return static_cast<int32_t>(TypeofType::Function);
    1810     }
    1811    
    18121788    return static_cast<int32_t>(TypeofType::Object);
    18131789}
  • trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp

    r231286 r231839  
    87578757        JITCompiler::NonZero,
    87588758        JITCompiler::Address(valueRegs.payloadGPR(), JSCell::typeInfoFlagsOffset()),
    8759         TrustedImm32(MasqueradesAsUndefined | TypeOfShouldCallGetCallData));
     8759        TrustedImm32(MasqueradesAsUndefined | OverridesGetCallData));
    87608760   
    87618761    isNull.link(&m_jit);
     
    87958795        JITCompiler::NonZero,
    87968796        JITCompiler::Address(valueRegs.payloadGPR(), JSCell::typeInfoFlagsOffset()),
    8797         TrustedImm32(MasqueradesAsUndefined | TypeOfShouldCallGetCallData));
     8797        TrustedImm32(MasqueradesAsUndefined | OverridesGetCallData));
    87988798   
    87998799    notCell.link(&m_jit);
  • trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp

    r231471 r231839  
    1510115101        return m_out.testNonZero32(
    1510215102            m_out.load8ZeroExt32(cell, m_heaps.JSCell_typeInfoFlags),
    15103             m_out.constInt32(MasqueradesAsUndefined | TypeOfShouldCallGetCallData));
     15103            m_out.constInt32(MasqueradesAsUndefined | OverridesGetCallData));
    1510415104    }
    1510515105
  • trunk/Source/JavaScriptCore/jit/AssemblyHelpers.h

    r230626 r231839  
    15291529                NonZero,
    15301530                Address(cellGPR, JSCell::typeInfoFlagsOffset()),
    1531                 TrustedImm32(MasqueradesAsUndefined | TypeOfShouldCallGetCallData)));
     1531                TrustedImm32(MasqueradesAsUndefined | OverridesGetCallData)));
    15321532        functor(TypeofType::Object, false);
    15331533       
  • trunk/Source/JavaScriptCore/runtime/ExceptionHelpers.cpp

    r229410 r231839  
    271271    String errorMessage = makeString(errorDescriptionForValue(exec, value)->value(exec), ' ', message);
    272272    scope.assertNoException();
    273     JSObject* exception = createTypeError(exec, errorMessage, appender, runtimeTypeForValue(value));
     273    JSObject* exception = createTypeError(exec, errorMessage, appender, runtimeTypeForValue(vm, value));
    274274    ASSERT(exception->isErrorInstance());
    275275
     
    279279JSObject* createInvalidFunctionApplyParameterError(ExecState* exec, JSValue value)
    280280{
    281     JSObject* exception = createTypeError(exec, makeString("second argument to Function.prototype.apply must be an Array-like object"), defaultSourceAppender, runtimeTypeForValue(value));
     281    VM& vm = exec->vm();
     282    JSObject* exception = createTypeError(exec, makeString("second argument to Function.prototype.apply must be an Array-like object"), defaultSourceAppender, runtimeTypeForValue(vm, value));
    282283    ASSERT(exception->isErrorInstance());
    283284    return exception;
  • trunk/Source/JavaScriptCore/runtime/FunctionPrototype.cpp

    r231015 r231839  
    126126    if (thisValue.isObject()) {
    127127        JSObject* object = asObject(thisValue);
    128         if (object->inlineTypeFlags() & TypeOfShouldCallGetCallData) {
    129             CallData callData;
    130             if (object->methodTable(vm)->getCallData(object, callData) != CallType::None) {
    131                 if (auto* classInfo = object->classInfo(vm)) {
    132                     scope.release();
    133                     return JSValue::encode(jsMakeNontrivialString(exec, "function ", classInfo->className, "() {\n    [native code]\n}"));
    134                 }
    135             }
     128        if (object->isFunction(vm)) {
     129            scope.release();
     130            return JSValue::encode(jsMakeNontrivialString(exec, "function ", object->classInfo(vm)->className, "() {\n    [native code]\n}"));
    136131        }
    137132    }
  • trunk/Source/JavaScriptCore/runtime/InternalFunction.h

    r230813 r231839  
    3737public:
    3838    typedef JSDestructibleObject Base;
    39     static const unsigned StructureFlags = Base::StructureFlags | ImplementsHasInstance | ImplementsDefaultHasInstance | TypeOfShouldCallGetCallData;
     39    static const unsigned StructureFlags = Base::StructureFlags | ImplementsHasInstance | ImplementsDefaultHasInstance | OverridesGetCallData;
    4040
    4141    template<typename CellType>
  • trunk/Source/JavaScriptCore/runtime/JSCJSValue.h

    r231733 r231839  
    219219    // Querying the type.
    220220    bool isEmpty() const;
    221     bool isFunction() const;
    222     bool isFunction(CallType&, CallData&) const;
    223     bool isCallable(CallType&, CallData&) const;
     221    bool isFunction(VM&) const;
     222    bool isCallable(VM&, CallType&, CallData&) const;
    224223    bool isConstructor() const;
    225224    bool isConstructor(ConstructType&, ConstructData&) const;
  • trunk/Source/JavaScriptCore/runtime/JSCJSValueInlines.h

    r231733 r231839  
    760760}
    761761
    762 inline bool JSValue::isFunction() const
     762inline bool JSValue::isFunction(VM& vm) const
    763763{
    764764    if (!isCell())
    765765        return false;
    766     JSCell* cell = asCell();
    767     CallData ignored;
    768     return cell->methodTable()->getCallData(cell, ignored) != CallType::None;
    769 }
    770 
    771 inline bool JSValue::isFunction(CallType& callType, CallData& callData) const
    772 {
    773     return isCallable(callType, callData);
    774 }
    775 
    776 inline bool JSValue::isCallable(CallType& callType, CallData& callData) const
     766    return asCell()->isFunction(vm);
     767}
     768
     769inline bool JSValue::isCallable(VM& vm, CallType& callType, CallData& callData) const
    777770{
    778771    if (!isCell())
    779772        return false;
    780     JSCell* cell = asCell();
    781     callType = cell->methodTable()->getCallData(cell, callData);
    782     return callType != CallType::None;
     773    return asCell()->isCallable(vm, callType, callData);
    783774}
    784775
  • trunk/Source/JavaScriptCore/runtime/JSCell.h

    r231166 r231839  
    116116    bool isCustomGetterSetter() const;
    117117    bool isProxy() const;
     118    bool isFunction(VM&);
     119    bool isCallable(VM&, CallType&, CallData&);
    118120    bool inherits(VM&, const ClassInfo*) const;
    119121    template<typename Target> bool inherits(VM&) const;
     
    154156    // Returns information about how to call/construct this cell as a function/constructor. May tell
    155157    // you that the cell is not callable or constructor (default is that it's not either). If it
    156     // says that the function is callable, and the TypeOfShouldCallGetCallData type flag is set, and
     158    // says that the function is callable, and the OverridesGetCallData type flag is set, and
    157159    // this is an object, then typeof will return "function" instead of "object". These methods
    158160    // cannot change their minds and must be thread-safe. They are sometimes called from compiler
  • trunk/Source/JavaScriptCore/runtime/JSCellInlines.h

    r231172 r231839  
    219219}
    220220
     221ALWAYS_INLINE bool JSCell::isFunction(VM& vm)
     222{
     223    if (type() == JSFunctionType)
     224        return true;
     225    if (inlineTypeFlags() & OverridesGetCallData) {
     226        CallData ignoredCallData;
     227        return methodTable(vm)->getCallData(this, ignoredCallData) != CallType::None;
     228    }
     229    return false;
     230}
     231
     232inline bool JSCell::isCallable(VM& vm, CallType& callType, CallData& callData)
     233{
     234    if (type() != JSFunctionType && !(inlineTypeFlags() & OverridesGetCallData))
     235        return false;
     236    callType = methodTable(vm)->getCallData(this, callData);
     237    return callType != CallType::None;
     238}
     239
    221240inline bool JSCell::isAPIValueWrapper() const
    222241{
  • trunk/Source/JavaScriptCore/runtime/JSFunction.h

    r229547 r231839  
    7070   
    7171    typedef JSCallee Base;
    72     const static unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetPropertyNames;
     72    const static unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetPropertyNames | OverridesGetCallData;
    7373
    7474    static size_t allocationSize(Checked<size_t> inlineCapacity)
  • trunk/Source/JavaScriptCore/runtime/JSONObject.cpp

    r231310 r231839  
    112112
    113113    JSValue toJSON(JSValue, const PropertyNameForFunctionCall&);
    114     JSValue toJSONImpl(JSValue value, JSValue toJSONFunction, const PropertyNameForFunctionCall&);
     114    JSValue toJSONImpl(VM&, JSValue, JSValue toJSONFunction, const PropertyNameForFunctionCall&);
    115115
    116116    enum StringifyResult { StringifyFailed, StringifySucceeded, StringifyFailedDueToUndefinedOrSymbolValue };
     
    300300    RETURN_IF_EXCEPTION(scope, { });
    301301    scope.release();
    302     return toJSONImpl(value, toJSONFunction, propertyName);
    303 }
    304 
    305 JSValue Stringifier::toJSONImpl(JSValue value, JSValue toJSONFunction, const PropertyNameForFunctionCall& propertyName)
     302    return toJSONImpl(vm, value, toJSONFunction, propertyName);
     303}
     304
     305JSValue Stringifier::toJSONImpl(VM& vm, JSValue value, JSValue toJSONFunction, const PropertyNameForFunctionCall& propertyName)
    306306{
    307307    CallType callType;
    308308    CallData callData;
    309     if (!toJSONFunction.isCallable(callType, callData))
     309    if (!toJSONFunction.isCallable(vm, callType, callData))
    310310        return value;
    311311
     
    381381
    382382    JSObject* object = asObject(value);
    383 
    384     CallData callData;
    385     if (object->methodTable(vm)->getCallData(object, callData) != CallType::None) {
     383    if (object->isFunction(vm)) {
    386384        if (holder.isArray()) {
    387385            builder.appendLiteral("null");
  • trunk/Source/JavaScriptCore/runtime/JSObjectInlines.h

    r231687 r231839  
    4949        RETURN_IF_EXCEPTION(scope, void());
    5050       
    51         RuntimeType type = runtimeTypeForValue(next);
     51        RuntimeType type = runtimeTypeForValue(vm, next);
    5252        if (!(type & legalTypesFilter)) {
    5353            throwTypeError(exec, scope, errorMessage);
  • trunk/Source/JavaScriptCore/runtime/JSTypeInfo.h

    r231172 r231839  
    4040static const unsigned MasqueradesAsUndefined = 1; // WebCore uses MasqueradesAsUndefined to make document.all undetectable.
    4141static const unsigned ImplementsDefaultHasInstance = 1 << 1;
    42 static const unsigned TypeOfShouldCallGetCallData = 1 << 2; // Need this flag if you override getCallData() and you want typeof to use this to determine if it should say "function". Currently we always set this flag when we override getCallData().
     42static const unsigned OverridesGetCallData = 1 << 2; // Need this flag if you implement [[Callable]] interface, which means overriding getCallData. The object may not be callable since getCallData can say it is not callable.
    4343static const unsigned OverridesGetOwnPropertySlot = 1 << 3;
    4444static const unsigned OverridesToThis = 1 << 4; // If this is false then this returns something other than 'this'. Non-object cells that are visible to JS have this set as do some exotic objects.
     
    8686    bool implementsHasInstance() const { return isSetOnFlags2(ImplementsHasInstance); }
    8787    bool implementsDefaultHasInstance() const { return isSetOnFlags1(ImplementsDefaultHasInstance); }
    88     bool typeOfShouldCallGetCallData() const { return isSetOnFlags1(TypeOfShouldCallGetCallData); }
     88    bool overridesGetCallData() const { return isSetOnFlags1(OverridesGetCallData); }
    8989    bool overridesGetOwnPropertySlot() const { return overridesGetOwnPropertySlot(inlineTypeFlags()); }
    9090    static bool overridesGetOwnPropertySlot(InlineTypeFlags flags) { return flags & OverridesGetOwnPropertySlot; }
  • trunk/Source/JavaScriptCore/runtime/Operations.cpp

    r225799 r231839  
    9191        if (object->structure(vm)->masqueradesAsUndefined(globalObject))
    9292            return vm.smallStrings.undefinedString();
    93         if (object->type() == JSFunctionType)
     93        if (object->isFunction(vm))
    9494            return vm.smallStrings.functionString();
    95         if (object->inlineTypeFlags() & TypeOfShouldCallGetCallData) {
    96             CallData callData;
    97             JSObject* object = asObject(v);
    98             if (object->methodTable(vm)->getCallData(object, callData) != CallType::None)
    99                 return vm.smallStrings.functionString();
    100         }
    10195    }
    10296    return vm.smallStrings.objectString();
     
    120114        if (asObject(v)->structure(vm)->masqueradesAsUndefined(callFrame->lexicalGlobalObject()))
    121115            return false;
    122         CallData callData;
    123116        JSObject* object = asObject(v);
    124         if (object->methodTable(vm)->getCallData(object, callData) != CallType::None)
     117        if (object->isFunction(vm))
    125118            return false;
    126119    }
  • trunk/Source/JavaScriptCore/runtime/ProxyObject.h

    r229410 r231839  
    3535    typedef JSNonFinalObject Base;
    3636
    37     const static unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | TypeOfShouldCallGetCallData | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | OverridesGetPropertyNames | ProhibitsPropertyCaching;
     37    const static unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetCallData | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | OverridesGetPropertyNames | ProhibitsPropertyCaching;
    3838
    3939    static ProxyObject* create(ExecState* exec, JSGlobalObject* globalObject, JSValue target, JSValue handler)
  • trunk/Source/JavaScriptCore/runtime/RuntimeType.cpp

    r205462 r231839  
    3333namespace JSC {
    3434
    35 RuntimeType runtimeTypeForValue(JSValue value)
     35RuntimeType runtimeTypeForValue(VM& vm, JSValue value)
    3636{
    3737    if (UNLIKELY(!value))
     
    5252    if (value.isObject())
    5353        return TypeObject;
    54     if (value.isFunction())
     54    if (value.isFunction(vm))
    5555        return TypeFunction;
    5656    if (value.isSymbol())
  • trunk/Source/JavaScriptCore/runtime/RuntimeType.h

    r206525 r231839  
    4949
    5050class JSValue;
    51 RuntimeType runtimeTypeForValue(JSValue);
     51RuntimeType runtimeTypeForValue(VM&, JSValue);
    5252String runtimeTypeAsString(RuntimeType);
    5353
  • trunk/Source/JavaScriptCore/runtime/Structure.cpp

    r231703 r231839  
    209209    ASSERT(hasReadOnlyOrGetterSetterPropertiesExcludingProto() || !m_classInfo->hasStaticSetterOrReadonlyProperties());
    210210    ASSERT(hasGetterSetterProperties() || !m_classInfo->hasStaticSetterOrReadonlyProperties());
     211    ASSERT(!this->typeInfo().overridesGetCallData() || m_classInfo->methodTable.getCallData != &JSCell::getCallData);
    211212}
    212213
     
    244245    ASSERT(hasReadOnlyOrGetterSetterPropertiesExcludingProto() || !m_classInfo->hasStaticSetterOrReadonlyProperties());
    245246    ASSERT(hasGetterSetterProperties() || !m_classInfo->hasStaticSetterOrReadonlyProperties());
     247    ASSERT(!this->typeInfo().overridesGetCallData() || m_classInfo->methodTable.getCallData != &JSCell::getCallData);
    246248}
    247249
     
    287289    ASSERT(hasReadOnlyOrGetterSetterPropertiesExcludingProto() || !m_classInfo->hasStaticSetterOrReadonlyProperties());
    288290    ASSERT(hasGetterSetterProperties() || !m_classInfo->hasStaticSetterOrReadonlyProperties());
     291    ASSERT(!this->typeInfo().overridesGetCallData() || m_classInfo->methodTable.getCallData != &JSCell::getCallData);
    289292}
    290293
  • trunk/Source/JavaScriptCore/runtime/TypeProfilerLog.cpp

    r229324 r231839  
    4141}
    4242
    43 TypeProfilerLog::TypeProfilerLog()
    44     : m_logSize(50000)
     43TypeProfilerLog::TypeProfilerLog(VM& vm)
     44    : m_vm(vm)
     45    , m_logSize(50000)
    4546    , m_logStartPtr(new LogEntry[m_logSize])
    4647    , m_currentLogEntryPtr(m_logStartPtr)
     
    9697        }
    9798
    98         RuntimeType type = runtimeTypeForValue(value);
     99        RuntimeType type = runtimeTypeForValue(m_vm, value);
    99100        TypeLocation* location = entry->location;
    100101        location->m_lastSeenType = type;
  • trunk/Source/JavaScriptCore/runtime/TypeProfilerLog.h

    r229309 r231839  
    5454
    5555
    56     TypeProfilerLog();
     56    TypeProfilerLog(VM&);
    5757    ~TypeProfilerLog();
    5858
     
    6868    friend class LLIntOffsetsExtractor;
    6969
     70    VM& m_vm;
    7071    unsigned m_logSize;
    7172    LogEntry* m_logStartPtr;
  • trunk/Source/JavaScriptCore/runtime/VM.cpp

    r231695 r231839  
    10441044    auto enableTypeProfiler = [this] () {
    10451045        this->m_typeProfiler = std::make_unique<TypeProfiler>();
    1046         this->m_typeProfilerLog = std::make_unique<TypeProfilerLog>();
     1046        this->m_typeProfilerLog = std::make_unique<TypeProfilerLog>(*this);
    10471047    };
    10481048
  • trunk/Source/JavaScriptCore/tools/JSDollarVM.cpp

    r230956 r231839  
    16151615
    16161616    JSValue functionValue = exec->argument(0);
    1617     RELEASE_ASSERT(functionValue.isFunction());
     1617    RELEASE_ASSERT(functionValue.isFunction(vm));
    16181618    FunctionExecutable* executable = (jsDynamicCast<JSFunction*>(vm, functionValue.asCell()->getObject()))->jsExecutable();
    16191619
     
    16341634
    16351635    JSValue functionValue = exec->argument(0);
    1636     RELEASE_ASSERT(functionValue.isFunction());
     1636    RELEASE_ASSERT(functionValue.isFunction(vm));
    16371637    FunctionExecutable* executable = (jsDynamicCast<JSFunction*>(vm, functionValue.asCell()->getObject()))->jsExecutable();
    16381638
     
    16561656
    16571657    JSValue functionValue = exec->argument(0);
    1658     RELEASE_ASSERT(functionValue.isFunction());
     1658    RELEASE_ASSERT(functionValue.isFunction(vm));
    16591659    FunctionExecutable* executable = (jsDynamicCast<JSFunction*>(vm, functionValue.asCell()->getObject()))->jsExecutable();
    16601660
     
    16751675
    16761676    JSValue functionValue = exec->argument(0);
    1677     RELEASE_ASSERT(functionValue.isFunction());
     1677    RELEASE_ASSERT(functionValue.isFunction(vm));
    16781678    FunctionExecutable* executable = (jsDynamicCast<JSFunction*>(vm, functionValue.asCell()->getObject()))->jsExecutable();
    16791679
  • trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyHelpers.h

    r230759 r231839  
    6666    if (!(arrayBuffer || arrayBufferView)) {
    6767        throwException(exec, throwScope, createTypeError(exec,
    68             ASCIILiteral("first argument must be an ArrayBufferView or an ArrayBuffer"), defaultSourceAppender, runtimeTypeForValue(value)));
     68            ASCIILiteral("first argument must be an ArrayBufferView or an ArrayBuffer"), defaultSourceAppender, runtimeTypeForValue(vm, value)));
    6969        return { nullptr, 0 };
    7070    }
     
    7272    if (arrayBufferView ? arrayBufferView->isNeutered() : arrayBuffer->impl()->isNeutered()) {
    7373        throwException(exec, throwScope, createTypeError(exec,
    74             ASCIILiteral("underlying TypedArray has been detatched from the ArrayBuffer"), defaultSourceAppender, runtimeTypeForValue(value)));
     74            ASCIILiteral("underlying TypedArray has been detatched from the ArrayBuffer"), defaultSourceAppender, runtimeTypeForValue(vm, value)));
    7575        return { nullptr, 0 };
    7676    }
  • trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp

    r230768 r231839  
    219219            // 2. If Type(o) is not Object, throw a TypeError.
    220220            if (!importModuleValue.isObject())
    221                 return exception(createTypeError(exec, importFailMessage(import, "import", "must be an object"), defaultSourceAppender, runtimeTypeForValue(importModuleValue)));
     221                return exception(createTypeError(exec, importFailMessage(import, "import", "must be an object"), defaultSourceAppender, runtimeTypeForValue(vm, importModuleValue)));
    222222
    223223            // 3. Let v be the value of performing Get(o, i.item_name)
  • trunk/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp

    r230106 r231839  
    5656    WebAssemblyFunction* wasmFunction = jsDynamicCast<WebAssemblyFunction*>(vm, exec->jsCallee());
    5757    if (!wasmFunction)
    58         return JSValue::encode(throwException(exec, scope, createTypeError(exec, "expected a WebAssembly function", defaultSourceAppender, runtimeTypeForValue(exec->jsCallee()))));
     58        return JSValue::encode(throwException(exec, scope, createTypeError(exec, "expected a WebAssembly function", defaultSourceAppender, runtimeTypeForValue(vm, exec->jsCallee()))));
    5959    Wasm::SignatureIndex signatureIndex = wasmFunction->signatureIndex();
    6060    const Wasm::Signature& signature = Wasm::SignatureInformation::get(signatureIndex);
  • trunk/Source/JavaScriptCore/wasm/js/WebAssemblyInstanceConstructor.cpp

    r230759 r231839  
    6767    JSWebAssemblyModule* module = jsDynamicCast<JSWebAssemblyModule*>(vm, exec->argument(0));
    6868    if (!module)
    69         return JSValue::encode(throwException(exec, scope, createTypeError(exec, ASCIILiteral("first argument to WebAssembly.Instance must be a WebAssembly.Module"), defaultSourceAppender, runtimeTypeForValue(exec->argument(0)))));
     69        return JSValue::encode(throwException(exec, scope, createTypeError(exec, ASCIILiteral("first argument to WebAssembly.Instance must be a WebAssembly.Module"), defaultSourceAppender, runtimeTypeForValue(vm, exec->argument(0)))));
    7070
    7171    // If the importObject parameter is not undefined and Type(importObject) is not Object, a TypeError is thrown.
     
    7373    JSObject* importObject = importArgument.getObject();
    7474    if (!importArgument.isUndefined() && !importObject)
    75         return JSValue::encode(throwException(exec, scope, createTypeError(exec, ASCIILiteral("second argument to WebAssembly.Instance must be undefined or an Object"), defaultSourceAppender, runtimeTypeForValue(importArgument))));
     75        return JSValue::encode(throwException(exec, scope, createTypeError(exec, ASCIILiteral("second argument to WebAssembly.Instance must be undefined or an Object"), defaultSourceAppender, runtimeTypeForValue(vm, importArgument))));
    7676   
    7777    Structure* instanceStructure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), exec->lexicalGlobalObject()->WebAssemblyInstanceStructure());
  • trunk/Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp

    r230768 r231839  
    137137            // 2. If Type(o) is not Object, throw a TypeError.
    138138            if (!importModuleValue.isObject())
    139                 return exception(createTypeError(exec, importFailMessage(import, "import", "must be an object"), defaultSourceAppender, runtimeTypeForValue(importModuleValue)));
     139                return exception(createTypeError(exec, importFailMessage(import, "import", "must be an object"), defaultSourceAppender, runtimeTypeForValue(vm, importModuleValue)));
    140140
    141141            // 3. Let v be the value of performing Get(o, i.item_name)
     
    190190            // 4. If i is a function import:
    191191            // i. If IsCallable(v) is false, throw a WebAssembly.LinkError.
    192             if (!value.isFunction())
     192            if (!value.isFunction(vm))
    193193                return exception(createJSWebAssemblyLinkError(exec, vm, importFailMessage(import, "import function", "must be callable")));
    194194
  • trunk/Source/JavaScriptCore/wasm/js/WebAssemblyPrototype.cpp

    r231194 r231839  
    272272        if (UNLIKELY(!importArgument.isUndefined() && !importObject)) {
    273273            promise->reject(exec, createTypeError(exec,
    274                 ASCIILiteral("second argument to WebAssembly.instantiate must be undefined or an Object"), defaultSourceAppender, runtimeTypeForValue(importArgument)));
     274                ASCIILiteral("second argument to WebAssembly.instantiate must be undefined or an Object"), defaultSourceAppender, runtimeTypeForValue(vm, importArgument)));
    275275            CLEAR_AND_RETURN_IF_EXCEPTION(catchScope, JSValue::encode(promise->promise()));
    276276        } else {
     
    341341        if (UNLIKELY(!importArgument.isUndefined() && !importObject)) {
    342342            promise->reject(exec, createTypeError(exec,
    343                 ASCIILiteral("second argument to WebAssembly.instantiateStreaming must be undefined or an Object"), defaultSourceAppender, runtimeTypeForValue(importArgument)));
     343                ASCIILiteral("second argument to WebAssembly.instantiateStreaming must be undefined or an Object"), defaultSourceAppender, runtimeTypeForValue(vm, importArgument)));
    344344            CLEAR_AND_RETURN_IF_EXCEPTION(catchScope, JSValue::encode(promise->promise()));
    345345        } else {
  • trunk/Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.cpp

    r230096 r231839  
    7373{
    7474    Base::finishCreation(vm, executable, length, name, instance);
    75     RELEASE_ASSERT(JSValue(function).isFunction());
     75    RELEASE_ASSERT(JSValue(function).isFunction(vm));
    7676    m_function.set(vm, this, function);
    7777}
  • trunk/Source/WebCore/ChangeLog

    r231838 r231839  
     12018-05-15  Yusuke Suzuki  <utatane.tea@gmail.com>
     2
     3        [JSC] Check TypeInfo first before calling getCallData when we would like to check whether given object is a function
     4        https://bugs.webkit.org/show_bug.cgi?id=185601
     5
     6        Reviewed by Saam Barati.
     7
     8        No behavior change.
     9
     10        * Modules/plugins/QuickTimePluginReplacement.mm:
     11        (WebCore::QuickTimePluginReplacement::ensureReplacementScriptInjected):
     12        * bindings/js/JSCustomElementRegistryCustom.cpp:
     13        (WebCore::getCustomElementCallback):
     14        * bindings/js/JSDOMConstructorBase.h:
     15        * bindings/js/JSDOMConvertCallbacks.h:
     16        (WebCore::Converter<IDLCallbackFunction<T>>::convert):
     17        * bindings/js/JSDOMPromise.cpp:
     18        (WebCore::DOMPromise::whenSettled):
     19        * bindings/js/ReadableStream.cpp:
     20        (WebCore::ReadableStream::pipeTo):
     21        (WebCore::ReadableStream::tee):
     22        * bindings/js/ReadableStreamDefaultController.cpp:
     23        (WebCore::ReadableStreamDefaultController::invoke):
     24        * bindings/scripts/CodeGeneratorJS.pm:
     25        (GenerateHeader):
     26        (GenerateOverloadDispatcher):
     27        * bindings/scripts/test/JS/JSTestObj.h:
     28        * bindings/scripts/test/JS/JSTestPluginInterface.h:
     29        * bridge/objc/objc_runtime.h:
     30        * bridge/runtime_method.h:
     31        * bridge/runtime_object.h:
     32        * html/HTMLMediaElement.cpp:
     33        (WebCore::HTMLMediaElement::ensureMediaControlsInjectedScript):
     34        * testing/Internals.cpp:
     35        (WebCore::Internals::parserMetaData):
     36        (WebCore::Internals::cloneArrayBuffer):
     37
    1382018-05-15  Matt Baker  <mattbaker@apple.com>
    239
  • trunk/Source/WebCore/Modules/plugins/QuickTimePluginReplacement.mm

    r230211 r231839  
    160160   
    161161    JSC::JSValue replacementFunction = globalObject->get(exec, JSC::Identifier::fromString(exec, "createPluginReplacement"));
    162     if (replacementFunction.isFunction())
     162    if (replacementFunction.isFunction(vm))
    163163        return true;
    164164   
  • trunk/Source/WebCore/bindings/js/JSCustomElementRegistryCustom.cpp

    r223476 r231839  
    5050    if (callback.isUndefined())
    5151        return nullptr;
    52     if (!callback.isFunction()) {
     52    if (!callback.isFunction(vm)) {
    5353        throwTypeError(&state, scope, ASCIILiteral("A custom element callback must be a function"));
    5454        return nullptr;
  • trunk/Source/WebCore/bindings/js/JSDOMConstructorBase.h

    r211892 r231839  
    2929    using Base = JSDOMObject;
    3030
    31     static const unsigned StructureFlags = Base::StructureFlags | JSC::ImplementsHasInstance | JSC::ImplementsDefaultHasInstance | JSC::TypeOfShouldCallGetCallData;
     31    static const unsigned StructureFlags = Base::StructureFlags | JSC::ImplementsHasInstance | JSC::ImplementsDefaultHasInstance | JSC::OverridesGetCallData;
    3232    static JSC::Structure* createStructure(JSC::VM&, JSC::JSGlobalObject*, JSC::JSValue);
    3333
  • trunk/Source/WebCore/bindings/js/JSDOMConvertCallbacks.h

    r215777 r231839  
    4141        auto scope = DECLARE_THROW_SCOPE(vm);
    4242
    43         if (!value.isFunction()) {
     43        if (!value.isFunction(vm)) {
    4444            exceptionThrower(state, scope);
    4545            return nullptr;
  • trunk/Source/WebCore/bindings/js/JSDOMPromise.cpp

    r228258 r231839  
    6565    auto* promise = this->promise();
    6666    auto thenFunction = promise->get(&state, privateName);
    67     ASSERT(thenFunction.isFunction());
     67    ASSERT(thenFunction.isFunction(vm));
    6868
    6969    JSC::MarkedArgumentBuffer arguments;
  • trunk/Source/WebCore/bindings/js/ReadableStream.cpp

    r229416 r231839  
    8080
    8181    auto readableStreamPipeTo = m_globalObject->get(&state, privateName);
    82     ASSERT(readableStreamPipeTo.isFunction());
     82    ASSERT(readableStreamPipeTo.isFunction(state.vm()));
    8383
    8484    MarkedArgumentBuffer arguments;
     
    9696
    9797    auto readableStreamTee = m_globalObject->get(&state, privateName);
    98     ASSERT(readableStreamTee.isFunction());
     98    ASSERT(readableStreamTee.isFunction(state.vm()));
    9999
    100100    MarkedArgumentBuffer arguments;
  • trunk/Source/WebCore/bindings/js/ReadableStreamDefaultController.cpp

    r228218 r231839  
    5858    RETURN_IF_EXCEPTION(scope, JSC::JSValue());
    5959
    60     if (!function.isFunction()) {
     60    if (!function.isFunction(vm)) {
    6161        if (!function.isUndefined())
    6262            throwTypeError(&state, scope, ASCIILiteral("ReadableStream trying to call a property that is not callable"));
  • trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm

    r231622 r231839  
    26352635        push(@headerContent, "    static JSC::CallType getCallData(JSC::JSCell*, JSC::CallData&);\n\n");
    26362636        $headerIncludes{"<JavaScriptCore/CallData.h>"} = 1;
    2637         $structureFlags{"JSC::TypeOfShouldCallGetCallData"} = 1;
     2637        $structureFlags{"JSC::OverridesGetCallData"} = 1;
    26382638    }
    26392639   
     
    34203420
    34213421            $overload = GetOverloadThatMatches($S, $d, \&$isObjectOrCallbackFunctionParameter);
    3422             &$generateOverloadCallIfNecessary($overload, "distinguishingArg.isFunction()");
     3422            &$generateOverloadCallIfNecessary($overload, "distinguishingArg.isFunction(vm)");
    34233423
    34243424            # FIXME: Avoid invoking GetMethod(object, Symbol.iterator) again in convert<IDLSequence<T>>(...).
  • trunk/Source/WebCore/bindings/scripts/test/JS/JSTestObj.h

    r228038 r231839  
    7676    JSC::JSValue testCustomReturnsOwnPromiseFunction(JSC::ExecState&);
    7777public:
    78     static const unsigned StructureFlags = JSC::HasStaticPropertyTable | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames | JSC::TypeOfShouldCallGetCallData | Base::StructureFlags;
     78    static const unsigned StructureFlags = JSC::HasStaticPropertyTable | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetCallData | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames | Base::StructureFlags;
    7979protected:
    8080    JSTestObj(JSC::Structure*, JSDOMGlobalObject&, Ref<TestObj>&&);
  • trunk/Source/WebCore/bindings/scripts/test/JS/JSTestPluginInterface.h

    r228038 r231839  
    5858    static JSC::JSValue getConstructor(JSC::VM&, const JSC::JSGlobalObject*);
    5959public:
    60     static const unsigned StructureFlags = JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetOwnPropertySlot | JSC::TypeOfShouldCallGetCallData | Base::StructureFlags;
     60    static const unsigned StructureFlags = JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetCallData | JSC::OverridesGetOwnPropertySlot | Base::StructureFlags;
    6161protected:
    6262    JSTestPluginInterface(JSC::Structure*, JSDOMGlobalObject&, Ref<TestPluginInterface>&&);
  • trunk/Source/WebCore/bridge/objc/objc_runtime.h

    r228218 r231839  
    9494public:
    9595    typedef JSDestructibleObject Base;
    96     static const unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | TypeOfShouldCallGetCallData;
     96    static const unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetCallData;
    9797
    9898    static ObjcFallbackObjectImp* create(ExecState* exec, JSGlobalObject* globalObject, ObjcInstance* instance, const String& propertyName)
  • trunk/Source/WebCore/bridge/runtime_method.h

    r230813 r231839  
    3636public:
    3737    typedef InternalFunction Base;
    38     static const unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | TypeOfShouldCallGetCallData;
     38    static const unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetCallData;
    3939
    4040    template<typename CellType>
  • trunk/Source/WebCore/bridge/runtime_object.h

    r228218 r231839  
    3636public:
    3737    typedef JSDestructibleObject Base;
    38     static const unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetPropertyNames | TypeOfShouldCallGetCallData;
     38    static const unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetPropertyNames | OverridesGetCallData;
    3939
    4040    static RuntimeObject* create(VM& vm, Structure* structure, RefPtr<Instance>&& instance)
  • trunk/Source/WebCore/html/HTMLMediaElement.cpp

    r231817 r231839  
    70917091
    70927092    JSC::JSValue functionValue = globalObject->get(exec, JSC::Identifier::fromString(exec, "createControls"));
    7093     if (functionValue.isFunction())
     7093    if (functionValue.isFunction(vm))
    70947094        return true;
    70957095
  • trunk/Source/WebCore/testing/Internals.cpp

    r231817 r231839  
    20512051        CodeBlock* codeBlock = iter.codeBlock();
    20522052        executable = codeBlock->ownerScriptExecutable();
    2053     } else if (code.isFunction()) {
     2053    } else if (code.isFunction(vm)) {
    20542054        JSFunction* funcObj = JSC::jsCast<JSFunction*>(code.toObject(exec));
    20552055        executable = funcObj->jsExecutable();
     
    40274027    globalObject->methodTable(vm)->getOwnPropertySlot(globalObject, &state, privateName, propertySlot);
    40284028    value = propertySlot.getValue(&state, privateName);
    4029     ASSERT(value.isFunction());
     4029    ASSERT(value.isFunction(vm));
    40304030
    40314031    JSObject* function = value.getObject();
  • trunk/Source/WebKit/ChangeLog

    r231837 r231839  
     12018-05-15  Yusuke Suzuki  <utatane.tea@gmail.com>
     2
     3        [JSC] Check TypeInfo first before calling getCallData when we would like to check whether given object is a function
     4        https://bugs.webkit.org/show_bug.cgi?id=185601
     5
     6        Reviewed by Saam Barati.
     7
     8        * WebProcess/Plugins/Netscape/JSNPObject.h:
     9
    1102018-05-15  Sihui Liu  <sihui_liu@apple.com>
    211
  • trunk/Source/WebKit/WebProcess/Plugins/Netscape/JSNPObject.h

    r230813 r231839  
    4545public:
    4646    typedef JSC::JSDestructibleObject Base;
    47     static const unsigned StructureFlags = Base::StructureFlags | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames | JSC::TypeOfShouldCallGetCallData;
     47    static const unsigned StructureFlags = Base::StructureFlags | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames | JSC::OverridesGetCallData;
    4848
    4949    template<typename CellType>
Note: See TracChangeset for help on using the changeset viewer.