Changeset 264679 in webkit
- Timestamp:
- Jul 21, 2020 2:10:29 PM (4 years ago)
- Location:
- trunk/Source/JavaScriptCore
- Files:
-
- 4 edited
-
ChangeLog (modified) (1 diff)
-
llint/LLIntSlowPaths.cpp (modified) (1 diff)
-
runtime/JSObjectInlines.h (modified) (2 diffs)
-
runtime/PropertySlot.h (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/ChangeLog
r264673 r264679 1 2020-07-21 Mark Lam <mark.lam@apple.com> 2 3 llint_slow_path_get_private_name() should not be using PropertySlot::InternalMethodType::VMInquiry. 4 https://bugs.webkit.org/show_bug.cgi?id=214603 5 6 Reviewed by Yusuke Suzuki. 7 8 VMInquiry means (1) the get operation should not call back into JS, (2) it should 9 not throw any exceptions (except for OutOfMemoryError or StackOverflowError which 10 can be thrown at any time), or have any side effects that is observable from JS 11 code. In this case, llint_slow_path_get_private_name() is just implementating 12 PrivateFieldGet (https://tc39.es/proposal-class-fields/#sec-privatefieldget) and 13 should actually be using PropertySlot::InternalMethodType::GetOwnProperty 14 (according to https://tc39.es/proposal-class-fields/#sec-privatefieldfind). 15 16 This patch makes the above change, and also adds an assert in JSObject::getPrivateField 17 to ensure that no one calls it for a VMInquiry since it is not supported. 18 19 Also added a PropertySlot::isVMInquiry() convenience query method. 20 21 * llint/LLIntSlowPaths.cpp: 22 (JSC::LLInt::LLINT_SLOW_PATH_DECL): 23 * runtime/JSObjectInlines.h: 24 (JSC::JSObject::getPrivateField): 25 * runtime/PropertySlot.h: 26 (JSC::PropertySlot::isVMInquiry const): 27 1 28 2020-07-21 Keith Miller <keith_miller@apple.com> 2 29 -
trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp
r264105 r264679 1094 1094 ASSERT(property.isPrivateName()); 1095 1095 1096 PropertySlot slot(baseValue, PropertySlot::InternalMethodType:: VMInquiry);1096 PropertySlot slot(baseValue, PropertySlot::InternalMethodType::GetOwnProperty); 1097 1097 asObject(baseValue)->getPrivateField(globalObject, property, slot); 1098 1098 LLINT_CHECK_EXCEPTION(); -
trunk/Source/JavaScriptCore/runtime/JSObjectInlines.h
r264574 r264679 2 2 * Copyright (C) 1999-2001 Harri Porten (porten@kde.org) 3 3 * Copyright (C) 2001 Peter Kelly (pmk@post.com) 4 * Copyright (C) 2003-20 19Apple Inc. All rights reserved.4 * Copyright (C) 2003-2020 Apple Inc. All rights reserved. 5 5 * Copyright (C) 2007 Eric Seidel (eric@webkit.org) 6 6 * … … 604 604 VM& vm = getVM(globalObject); 605 605 auto scope = DECLARE_THROW_SCOPE(vm); 606 ASSERT(!slot.isVMInquiry()); 606 607 if (!JSObject::getPrivateFieldSlot(this, globalObject, propertyName, slot)) { 607 608 throwException(globalObject, scope, createInvalidPrivateNameError(globalObject)); -
trunk/Source/JavaScriptCore/runtime/PropertySlot.h
r261464 r264679 1 1 /* 2 * Copyright (C) 2005-20 19Apple Inc. All rights reserved.2 * Copyright (C) 2005-2020 Apple Inc. All rights reserved. 3 3 * 4 4 * This library is free software; you can redistribute it and/or … … 140 140 141 141 InternalMethodType internalMethodType() const { return m_internalMethodType; } 142 bool isVMInquiry() const { return m_internalMethodType == InternalMethodType::VMInquiry; } 142 143 143 144 void disableCaching()
Note: See TracChangeset
for help on using the changeset viewer.
