Changeset 153673 in webkit


Ignore:
Timestamp:
Aug 2, 2013 3:30:48 PM (11 years ago)
Author:
barraclough@apple.com
Message:

Remove no-arguments constructor to PropertySlot
https://bugs.webkit.org/show_bug.cgi?id=119460

Reviewed by Geoff Garen.

This constructor was unsafe if getValue is subsequently called,
and the property is a getter. Simplest to just remove it.

  • runtime/Arguments.cpp:

(JSC::Arguments::defineOwnProperty):

  • runtime/JSActivation.cpp:

(JSC::JSActivation::getOwnPropertyDescriptor):

  • runtime/JSFunction.cpp:

(JSC::JSFunction::getOwnPropertyDescriptor):
(JSC::JSFunction::getOwnNonIndexPropertyNames):
(JSC::JSFunction::put):
(JSC::JSFunction::defineOwnProperty):

  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::defineOwnProperty):

  • runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::hasOwnPropertyForWrite):

  • runtime/JSNameScope.cpp:

(JSC::JSNameScope::put):

  • runtime/JSONObject.cpp:

(JSC::Stringifier::Holder::appendNextProperty):
(JSC::Walker::walk):

  • runtime/JSObject.cpp:

(JSC::JSObject::hasProperty):
(JSC::JSObject::hasOwnProperty):
(JSC::JSObject::reifyStaticFunctionsForDelete):

  • runtime/Lookup.h:

(JSC::getStaticPropertyDescriptor):
(JSC::getStaticFunctionDescriptor):
(JSC::getStaticValueDescriptor):

  • runtime/ObjectConstructor.cpp:

(JSC::defineProperties):

  • runtime/PropertySlot.h:
Location:
trunk/Source/JavaScriptCore
Files:
12 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/JavaScriptCore/ChangeLog

    r153671 r153673  
     12013-08-02  Gavin Barraclough  <barraclough@apple.com>
     2
     3        Remove no-arguments constructor to PropertySlot
     4        https://bugs.webkit.org/show_bug.cgi?id=119460
     5
     6        Reviewed by Geoff Garen.
     7
     8        This constructor was unsafe if getValue is subsequently called,
     9        and the property is a getter. Simplest to just remove it.
     10
     11        * runtime/Arguments.cpp:
     12        (JSC::Arguments::defineOwnProperty):
     13        * runtime/JSActivation.cpp:
     14        (JSC::JSActivation::getOwnPropertyDescriptor):
     15        * runtime/JSFunction.cpp:
     16        (JSC::JSFunction::getOwnPropertyDescriptor):
     17        (JSC::JSFunction::getOwnNonIndexPropertyNames):
     18        (JSC::JSFunction::put):
     19        (JSC::JSFunction::defineOwnProperty):
     20        * runtime/JSGlobalObject.cpp:
     21        (JSC::JSGlobalObject::defineOwnProperty):
     22        * runtime/JSGlobalObject.h:
     23        (JSC::JSGlobalObject::hasOwnPropertyForWrite):
     24        * runtime/JSNameScope.cpp:
     25        (JSC::JSNameScope::put):
     26        * runtime/JSONObject.cpp:
     27        (JSC::Stringifier::Holder::appendNextProperty):
     28        (JSC::Walker::walk):
     29        * runtime/JSObject.cpp:
     30        (JSC::JSObject::hasProperty):
     31        (JSC::JSObject::hasOwnProperty):
     32        (JSC::JSObject::reifyStaticFunctionsForDelete):
     33        * runtime/Lookup.h:
     34        (JSC::getStaticPropertyDescriptor):
     35        (JSC::getStaticFunctionDescriptor):
     36        (JSC::getStaticValueDescriptor):
     37        * runtime/ObjectConstructor.cpp:
     38        (JSC::defineProperties):
     39        * runtime/PropertySlot.h:
     40
    1412013-08-02  Mark Hahnenberg  <mhahnenberg@apple.com>
    242
  • trunk/Source/JavaScriptCore/runtime/Arguments.cpp

    r153532 r153673  
    288288        RELEASE_ASSERT(i < PropertyName::NotAnIndex);
    289289        // If the property is not yet present on the object, and is not yet marked as deleted, then add it now.
    290         PropertySlot slot;
     290        PropertySlot slot(thisObject);
    291291        if (!thisObject->isDeletedArgument(i) && !JSObject::getOwnPropertySlot(thisObject, exec, propertyName, slot)) {
    292292            JSValue value = thisObject->tryGetArgument(i);
  • trunk/Source/JavaScriptCore/runtime/JSActivation.cpp

    r153532 r153673  
    185185        // Defend against the inspector asking for the arguments object after it has been optimized out.
    186186        if (!thisObject->isTornOff()) {
    187             PropertySlot slot;
     187            PropertySlot slot(thisObject);
    188188            JSActivation::getOwnPropertySlot(thisObject, exec, propertyName, slot);
    189189            descriptor.setDescriptor(slot.getValue(exec, propertyName), DontEnum);
  • trunk/Source/JavaScriptCore/runtime/JSFunction.cpp

    r153532 r153673  
    309309   
    310310    if (propertyName == exec->propertyNames().prototype) {
    311         PropertySlot slot;
     311        PropertySlot slot(thisObject);
    312312        thisObject->methodTable()->getOwnPropertySlot(thisObject, exec, propertyName, slot);
    313313        return Base::getOwnPropertyDescriptor(thisObject, exec, propertyName, descriptor);
     
    360360    if (!thisObject->isHostFunction() && (mode == IncludeDontEnumProperties)) {
    361361        // Make sure prototype has been reified.
    362         PropertySlot slot;
     362        PropertySlot slot(thisObject);
    363363        thisObject->methodTable()->getOwnPropertySlot(thisObject, exec, exec->propertyNames().prototype, slot);
    364364
     
    381381        // Make sure prototype has been reified, such that it can only be overwritten
    382382        // following the rules set out in ECMA-262 8.12.9.
    383         PropertySlot slot;
     383        PropertySlot slot(thisObject);
    384384        thisObject->methodTable()->getOwnPropertySlot(thisObject, exec, propertyName, slot);
    385385        thisObject->m_allocationProfile.clear();
     
    428428        // Make sure prototype has been reified, such that it can only be overwritten
    429429        // following the rules set out in ECMA-262 8.12.9.
    430         PropertySlot slot;
     430        PropertySlot slot(thisObject);
    431431        thisObject->methodTable()->getOwnPropertySlot(thisObject, exec, propertyName, slot);
    432432        thisObject->m_allocationProfile.clear();
  • trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp

    r153532 r153673  
    179179{
    180180    JSGlobalObject* thisObject = jsCast<JSGlobalObject*>(object);
    181     PropertySlot slot;
     181    PropertySlot slot(thisObject);
    182182    // silently ignore attempts to add accessors aliasing vars.
    183183    if (descriptor.isAccessorDescriptor() && symbolTableGet(thisObject, propertyName, slot))
  • trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h

    r153532 r153673  
    460460inline bool JSGlobalObject::hasOwnPropertyForWrite(ExecState* exec, PropertyName propertyName)
    461461{
    462     PropertySlot slot;
     462    PropertySlot slot(this);
    463463    if (Base::getOwnPropertySlot(this, exec, propertyName, slot))
    464464        return true;
  • trunk/Source/JavaScriptCore/runtime/JSNameScope.cpp

    r153532 r153673  
    6262        // Also with a single entry the symbol table lookup should simply be
    6363        // a pointer compare.
    64         PropertySlot slot;
     64        PropertySlot slot(thisObject);
    6565        bool isWritable = true;
    6666        symbolTableGet(thisObject, propertyName, slot, isWritable);
  • trunk/Source/JavaScriptCore/runtime/JSONObject.cpp

    r153532 r153673  
    516516        else {
    517517            PropertySlot slot(m_object.get());
    518             if (!m_object->methodTable()->getOwnPropertySlotByIndex(m_object.get(), exec, index, slot))
    519                 slot.setUndefined();
    520             if (exec->hadException())
    521                 return false;
    522             value = slot.getValue(exec, index);
     518            if (m_object->methodTable()->getOwnPropertySlotByIndex(m_object.get(), exec, index, slot)) {
     519                value = slot.getValue(exec, index);
     520                if (exec->hadException())
     521                    return false;
     522            } else
     523                value = jsUndefined();
    523524        }
    524525
     
    671672                    inValue = array->getIndexQuickly(index);
    672673                else {
    673                     PropertySlot slot;
     674                    PropertySlot slot(array);
    674675                    if (array->methodTable()->getOwnPropertySlotByIndex(array, m_exec, index, slot))
    675676                        inValue = slot.getValue(m_exec, index);
     
    723724                    break;
    724725                }
    725                 PropertySlot slot;
     726                PropertySlot slot(object);
    726727                if (object->methodTable()->getOwnPropertySlot(object, m_exec, properties[index], slot))
    727728                    inValue = slot.getValue(m_exec, properties[index]);
  • trunk/Source/JavaScriptCore/runtime/JSObject.cpp

    r153657 r153673  
    12041204bool JSObject::hasProperty(ExecState* exec, PropertyName propertyName) const
    12051205{
    1206     PropertySlot slot;
     1206    PropertySlot slot(this);
    12071207    return const_cast<JSObject*>(this)->getPropertySlot(exec, propertyName, slot);
    12081208}
     
    12101210bool JSObject::hasProperty(ExecState* exec, unsigned propertyName) const
    12111211{
    1212     PropertySlot slot;
     1212    PropertySlot slot(this);
    12131213    return const_cast<JSObject*>(this)->getPropertySlot(exec, propertyName, slot);
    12141214}
     
    12491249bool JSObject::hasOwnProperty(ExecState* exec, PropertyName propertyName) const
    12501250{
    1251     PropertySlot slot;
     1251    PropertySlot slot(this);
    12521252    return const_cast<JSObject*>(this)->methodTable()->getOwnPropertySlot(const_cast<JSObject*>(this), exec, propertyName, slot);
    12531253}
     
    15901590        if (!hashTable)
    15911591            continue;
    1592         PropertySlot slot;
     1592        PropertySlot slot(this);
    15931593        for (HashTable::ConstIterator iter = hashTable->begin(vm); iter != hashTable->end(vm); ++iter) {
    15941594            if (iter->attributes() & Function)
  • trunk/Source/JavaScriptCore/runtime/Lookup.h

    r149001 r153673  
    264264            return ParentImp::getOwnPropertyDescriptor(thisObj, exec, propertyName, descriptor);
    265265 
    266         PropertySlot slot;
     266        PropertySlot slot(thisObj);
    267267        if (entry->attributes() & Function) {
    268268            bool present = setUpStaticFunctionSlot(exec, entry, thisObj, propertyName, slot);
     
    310310            return false;
    311311       
    312         PropertySlot slot;
     312        PropertySlot slot(thisObj);
    313313        bool present = setUpStaticFunctionSlot(exec, entry, thisObj, propertyName, slot);
    314314        if (present)
     
    348348       
    349349        ASSERT(!(entry->attributes() & Function));
    350         PropertySlot slot;
     350        PropertySlot slot(thisObj);
    351351        slot.setCustom(thisObj, entry->propertyGetter());
    352352        descriptor.setDescriptor(slot.getValue(exec, propertyName), entry->attributes());
  • trunk/Source/JavaScriptCore/runtime/ObjectConstructor.cpp

    r153532 r153673  
    316316    MarkedArgumentBuffer markBuffer;
    317317    for (size_t i = 0; i < numProperties; i++) {
    318         PropertySlot slot;
    319318        JSValue prop = properties->get(exec, propertyNames[i]);
    320319        if (exec->hadException())
  • trunk/Source/JavaScriptCore/runtime/PropertySlot.h

    r153556 r153673  
    4444
    4545public:
    46     PropertySlot()
    47         : m_propertyType(TypeUnset)
    48         , m_offset(invalidOffset)
    49     {
    50     }
    51 
    5246    explicit PropertySlot(const JSValue thisValue)
    5347        : m_propertyType(TypeUnset)
Note: See TracChangeset for help on using the changeset viewer.