Changeset 148142 in webkit
- Timestamp:
- Apr 10, 2013 3:25:36 PM (11 years ago)
- Location:
- trunk
- Files:
-
- 3 added
- 4 edited
-
LayoutTests/ChangeLog (modified) (1 diff)
-
LayoutTests/fast/js/get-by-pname-only-prototype-properties-expected.txt (added)
-
LayoutTests/fast/js/get-by-pname-only-prototype-properties.html (added)
-
LayoutTests/fast/js/script-tests/get-by-pname-only-prototype-properties.js (added)
-
Source/JavaScriptCore/ChangeLog (modified) (1 diff)
-
Source/JavaScriptCore/runtime/JSObject.cpp (modified) (2 diffs)
-
Source/JavaScriptCore/runtime/PropertyNameArray.h (modified) (4 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r148139 r148142 1 2013-04-10 Mark Hahnenberg <mhahnenberg@apple.com> 2 3 JSObject::getOwnNonIndexPropertyNames calculates numCacheableSlots incorrectly 4 https://bugs.webkit.org/show_bug.cgi?id=114235 5 6 Reviewed by Filip Pizlo. 7 8 If the object doesn't have any properties but the prototype does, we'll assume those prototype properties are 9 accessible in the base object's backing store, which is bad. 10 11 * fast/js/get-by-pname-only-prototype-properties-expected.txt: Added. 12 * fast/js/get-by-pname-only-prototype-properties.html: Added. 13 * fast/js/script-tests/get-by-pname-only-prototype-properties.js: Added. 14 (foo): 15 1 16 2013-04-10 Hans Muller <hmuller@adobe.com> 2 17 -
trunk/Source/JavaScriptCore/ChangeLog
r148134 r148142 1 2013-04-10 Mark Hahnenberg <mhahnenberg@apple.com> 2 3 JSObject::getOwnNonIndexPropertyNames calculates numCacheableSlots incorrectly 4 https://bugs.webkit.org/show_bug.cgi?id=114235 5 6 Reviewed by Filip Pizlo. 7 8 If the object doesn't have any properties but the prototype does, we'll assume those prototype properties are 9 accessible in the base object's backing store, which is bad. 10 11 * runtime/JSObject.cpp: 12 (JSC::JSObject::getPropertyNames): 13 (JSC::JSObject::getOwnNonIndexPropertyNames): 14 * runtime/PropertyNameArray.h: 15 (JSC::PropertyNameArray::PropertyNameArray): 16 (JSC::PropertyNameArray::setNumCacheableSlotsForObject): 17 (JSC::PropertyNameArray::setBaseObject): 18 (PropertyNameArray): 19 1 20 2013-04-10 Patrick Gansterer <paroga@webkit.org> 2 21 -
trunk/Source/JavaScriptCore/runtime/JSObject.cpp
r148036 r148142 1443 1443 void JSObject::getPropertyNames(JSObject* object, ExecState* exec, PropertyNameArray& propertyNames, EnumerationMode mode) 1444 1444 { 1445 propertyNames.setBaseObject(object); 1445 1446 object->methodTable()->getOwnPropertyNames(object, exec, propertyNames, mode); 1446 1447 … … 1538 1539 1539 1540 if (canCachePropertiesFromStructure) 1540 propertyNames.setNumCacheableSlots (propertyNames.size());1541 propertyNames.setNumCacheableSlotsForObject(object, propertyNames.size()); 1541 1542 } 1542 1543 -
trunk/Source/JavaScriptCore/runtime/PropertyNameArray.h
r147570 r148142 57 57 , m_globalData(globalData) 58 58 , m_numCacheableSlots(0) 59 , m_baseObject(0) 59 60 { 60 61 } … … 64 65 , m_globalData(&exec->globalData()) 65 66 , m_numCacheableSlots(0) 67 , m_baseObject(0) 66 68 { 67 69 } … … 87 89 88 90 size_t numCacheableSlots() const { return m_numCacheableSlots; } 89 void setNumCacheableSlots(size_t numCacheableSlots) { m_numCacheableSlots = numCacheableSlots; } 91 void setNumCacheableSlotsForObject(JSObject* object, size_t numCacheableSlots) 92 { 93 if (object != m_baseObject) 94 return; 95 m_numCacheableSlots = numCacheableSlots; 96 } 97 void setBaseObject(JSObject* object) 98 { 99 if (m_baseObject) 100 return; 101 m_baseObject = object; 102 } 90 103 91 104 private: … … 96 109 JSGlobalData* m_globalData; 97 110 size_t m_numCacheableSlots; 111 JSObject* m_baseObject; 98 112 }; 99 113
Note: See TracChangeset
for help on using the changeset viewer.
