Changeset 104871 in webkit


Ignore:
Timestamp:
Jan 12, 2012 3:51:44 PM (12 years ago)
Author:
barraclough@apple.com
Message:

https://bugs.webkit.org/show_bug.cgi?id=76141
defineSetter/defineGetter may fail to update Accessor attribute

Reviewed by Oliver Hunt.

  • runtime/JSObject.cpp:

(JSC::JSObject::defineGetter):
(JSC::JSObject::initializeGetterSetterProperty):
(JSC::JSObject::defineSetter):

  • runtime/Structure.cpp:

(JSC::Structure::attributeChangeTransition):

  • runtime/Structure.h:
Location:
trunk/Source/JavaScriptCore
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/JavaScriptCore/ChangeLog

    r104867 r104871  
     12012-01-12  Gavin Barraclough  <barraclough@apple.com>
     2
     3        https://bugs.webkit.org/show_bug.cgi?id=76141
     4        defineSetter/defineGetter may fail to update Accessor attribute
     5
     6        Reviewed by Oliver Hunt.
     7
     8        * runtime/JSObject.cpp:
     9        (JSC::JSObject::defineGetter):
     10        (JSC::JSObject::initializeGetterSetterProperty):
     11        (JSC::JSObject::defineSetter):
     12        * runtime/Structure.cpp:
     13        (JSC::Structure::attributeChangeTransition):
     14        * runtime/Structure.h:
     15
    1162012-01-12  David Levin  <levin@chromium.org>
    217
  • trunk/Source/JavaScriptCore/runtime/JSObject.cpp

    r104836 r104871  
    367367    // getters and setters, though, we also need to change our Structure
    368368    // if we override an existing non-getter or non-setter.
    369     if (slot.type() != PutPropertySlot::NewProperty) {
    370         if (!thisObject->structure()->isDictionary())
    371             thisObject->setStructure(exec->globalData(), Structure::getterSetterTransition(globalData, thisObject->structure()));
    372     }
     369    if (slot.type() != PutPropertySlot::NewProperty)
     370        thisObject->setStructure(exec->globalData(), Structure::attributeChangeTransition(globalData, thisObject->structure(), propertyName, attributes | Accessor));
    373371
    374372    thisObject->structure()->setHasGetterSetterProperties(true);
     
    389387    // getters and setters, though, we also need to change our Structure
    390388    // if we override an existing non-getter or non-setter.
    391     if (slot.type() != PutPropertySlot::NewProperty) {
    392         if (!structure()->isDictionary())
    393             setStructure(exec->globalData(), Structure::getterSetterTransition(globalData, structure()));
    394     }
     389    if (slot.type() != PutPropertySlot::NewProperty)
     390        setStructure(exec->globalData(), Structure::attributeChangeTransition(globalData, structure(), propertyName, attributes));
    395391
    396392    structure()->setHasGetterSetterProperties(true);
     
    418414    // getters and setters, though, we also need to change our Structure
    419415    // if we override an existing non-getter or non-setter.
    420     if (slot.type() != PutPropertySlot::NewProperty) {
    421         if (!thisObject->structure()->isDictionary())
    422             thisObject->setStructure(exec->globalData(), Structure::getterSetterTransition(exec->globalData(), thisObject->structure()));
    423     }
     416    if (slot.type() != PutPropertySlot::NewProperty)
     417        thisObject->setStructure(exec->globalData(), Structure::attributeChangeTransition(exec->globalData(), thisObject->structure(), propertyName, attributes | Accessor));
    424418
    425419    thisObject->structure()->setHasGetterSetterProperties(true);
  • trunk/Source/JavaScriptCore/runtime/Structure.cpp

    r103083 r104871  
    402402}
    403403
    404 Structure* Structure::getterSetterTransition(JSGlobalData& globalData, Structure* structure)
    405 {
    406     Structure* transition = create(globalData, structure);
    407 
    408     // Don't set m_offset, as one can not transition to this.
    409 
    410     structure->materializePropertyMapIfNecessary(globalData);
    411     transition->m_propertyTable = structure->copyPropertyTableForPinning(globalData, transition);
    412     transition->pin();
    413 
    414     return transition;
     404Structure* Structure::attributeChangeTransition(JSGlobalData& globalData, Structure* structure, const Identifier& propertyName, unsigned attributes)
     405{
     406    if (!structure->isUncacheableDictionary()) {
     407        Structure* transition = create(globalData, structure);
     408
     409        // Don't set m_offset, as one can not transition to this.
     410
     411        structure->materializePropertyMapIfNecessary(globalData);
     412        transition->m_propertyTable = structure->copyPropertyTableForPinning(globalData, transition);
     413        transition->pin();
     414       
     415        structure = transition;
     416    }
     417
     418    ASSERT(structure->m_propertyTable);
     419    PropertyMapEntry* entry = structure->m_propertyTable->find(propertyName.impl()).first;
     420    ASSERT(entry);
     421    entry->attributes = attributes;
     422
     423    return structure;
    415424}
    416425
  • trunk/Source/JavaScriptCore/runtime/Structure.h

    r103243 r104871  
    9090        static Structure* changePrototypeTransition(JSGlobalData&, Structure*, JSValue prototype);
    9191        static Structure* despecifyFunctionTransition(JSGlobalData&, Structure*, const Identifier&);
    92         static Structure* getterSetterTransition(JSGlobalData&, Structure*);
     92        static Structure* attributeChangeTransition(JSGlobalData&, Structure*, const Identifier& propertyName, unsigned attributes);
    9393        static Structure* toCacheableDictionaryTransition(JSGlobalData&, Structure*);
    9494        static Structure* toUncacheableDictionaryTransition(JSGlobalData&, Structure*);
Note: See TracChangeset for help on using the changeset viewer.