Changeset 153673 in webkit
- Timestamp:
- Aug 2, 2013 3:30:48 PM (11 years ago)
- Location:
- trunk/Source/JavaScriptCore
- Files:
-
- 12 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/ChangeLog
r153671 r153673 1 2013-08-02 Gavin Barraclough <barraclough@apple.com> 2 3 Remove no-arguments constructor to PropertySlot 4 https://bugs.webkit.org/show_bug.cgi?id=119460 5 6 Reviewed by Geoff Garen. 7 8 This constructor was unsafe if getValue is subsequently called, 9 and the property is a getter. Simplest to just remove it. 10 11 * runtime/Arguments.cpp: 12 (JSC::Arguments::defineOwnProperty): 13 * runtime/JSActivation.cpp: 14 (JSC::JSActivation::getOwnPropertyDescriptor): 15 * runtime/JSFunction.cpp: 16 (JSC::JSFunction::getOwnPropertyDescriptor): 17 (JSC::JSFunction::getOwnNonIndexPropertyNames): 18 (JSC::JSFunction::put): 19 (JSC::JSFunction::defineOwnProperty): 20 * runtime/JSGlobalObject.cpp: 21 (JSC::JSGlobalObject::defineOwnProperty): 22 * runtime/JSGlobalObject.h: 23 (JSC::JSGlobalObject::hasOwnPropertyForWrite): 24 * runtime/JSNameScope.cpp: 25 (JSC::JSNameScope::put): 26 * runtime/JSONObject.cpp: 27 (JSC::Stringifier::Holder::appendNextProperty): 28 (JSC::Walker::walk): 29 * runtime/JSObject.cpp: 30 (JSC::JSObject::hasProperty): 31 (JSC::JSObject::hasOwnProperty): 32 (JSC::JSObject::reifyStaticFunctionsForDelete): 33 * runtime/Lookup.h: 34 (JSC::getStaticPropertyDescriptor): 35 (JSC::getStaticFunctionDescriptor): 36 (JSC::getStaticValueDescriptor): 37 * runtime/ObjectConstructor.cpp: 38 (JSC::defineProperties): 39 * runtime/PropertySlot.h: 40 1 41 2013-08-02 Mark Hahnenberg <mhahnenberg@apple.com> 2 42 -
trunk/Source/JavaScriptCore/runtime/Arguments.cpp
r153532 r153673 288 288 RELEASE_ASSERT(i < PropertyName::NotAnIndex); 289 289 // If the property is not yet present on the object, and is not yet marked as deleted, then add it now. 290 PropertySlot slot ;290 PropertySlot slot(thisObject); 291 291 if (!thisObject->isDeletedArgument(i) && !JSObject::getOwnPropertySlot(thisObject, exec, propertyName, slot)) { 292 292 JSValue value = thisObject->tryGetArgument(i); -
trunk/Source/JavaScriptCore/runtime/JSActivation.cpp
r153532 r153673 185 185 // Defend against the inspector asking for the arguments object after it has been optimized out. 186 186 if (!thisObject->isTornOff()) { 187 PropertySlot slot ;187 PropertySlot slot(thisObject); 188 188 JSActivation::getOwnPropertySlot(thisObject, exec, propertyName, slot); 189 189 descriptor.setDescriptor(slot.getValue(exec, propertyName), DontEnum); -
trunk/Source/JavaScriptCore/runtime/JSFunction.cpp
r153532 r153673 309 309 310 310 if (propertyName == exec->propertyNames().prototype) { 311 PropertySlot slot ;311 PropertySlot slot(thisObject); 312 312 thisObject->methodTable()->getOwnPropertySlot(thisObject, exec, propertyName, slot); 313 313 return Base::getOwnPropertyDescriptor(thisObject, exec, propertyName, descriptor); … … 360 360 if (!thisObject->isHostFunction() && (mode == IncludeDontEnumProperties)) { 361 361 // Make sure prototype has been reified. 362 PropertySlot slot ;362 PropertySlot slot(thisObject); 363 363 thisObject->methodTable()->getOwnPropertySlot(thisObject, exec, exec->propertyNames().prototype, slot); 364 364 … … 381 381 // Make sure prototype has been reified, such that it can only be overwritten 382 382 // following the rules set out in ECMA-262 8.12.9. 383 PropertySlot slot ;383 PropertySlot slot(thisObject); 384 384 thisObject->methodTable()->getOwnPropertySlot(thisObject, exec, propertyName, slot); 385 385 thisObject->m_allocationProfile.clear(); … … 428 428 // Make sure prototype has been reified, such that it can only be overwritten 429 429 // following the rules set out in ECMA-262 8.12.9. 430 PropertySlot slot ;430 PropertySlot slot(thisObject); 431 431 thisObject->methodTable()->getOwnPropertySlot(thisObject, exec, propertyName, slot); 432 432 thisObject->m_allocationProfile.clear(); -
trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp
r153532 r153673 179 179 { 180 180 JSGlobalObject* thisObject = jsCast<JSGlobalObject*>(object); 181 PropertySlot slot ;181 PropertySlot slot(thisObject); 182 182 // silently ignore attempts to add accessors aliasing vars. 183 183 if (descriptor.isAccessorDescriptor() && symbolTableGet(thisObject, propertyName, slot)) -
trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h
r153532 r153673 460 460 inline bool JSGlobalObject::hasOwnPropertyForWrite(ExecState* exec, PropertyName propertyName) 461 461 { 462 PropertySlot slot ;462 PropertySlot slot(this); 463 463 if (Base::getOwnPropertySlot(this, exec, propertyName, slot)) 464 464 return true; -
trunk/Source/JavaScriptCore/runtime/JSNameScope.cpp
r153532 r153673 62 62 // Also with a single entry the symbol table lookup should simply be 63 63 // a pointer compare. 64 PropertySlot slot ;64 PropertySlot slot(thisObject); 65 65 bool isWritable = true; 66 66 symbolTableGet(thisObject, propertyName, slot, isWritable); -
trunk/Source/JavaScriptCore/runtime/JSONObject.cpp
r153532 r153673 516 516 else { 517 517 PropertySlot slot(m_object.get()); 518 if (!m_object->methodTable()->getOwnPropertySlotByIndex(m_object.get(), exec, index, slot)) 519 slot.setUndefined(); 520 if (exec->hadException()) 521 return false; 522 value = slot.getValue(exec, index); 518 if (m_object->methodTable()->getOwnPropertySlotByIndex(m_object.get(), exec, index, slot)) { 519 value = slot.getValue(exec, index); 520 if (exec->hadException()) 521 return false; 522 } else 523 value = jsUndefined(); 523 524 } 524 525 … … 671 672 inValue = array->getIndexQuickly(index); 672 673 else { 673 PropertySlot slot ;674 PropertySlot slot(array); 674 675 if (array->methodTable()->getOwnPropertySlotByIndex(array, m_exec, index, slot)) 675 676 inValue = slot.getValue(m_exec, index); … … 723 724 break; 724 725 } 725 PropertySlot slot ;726 PropertySlot slot(object); 726 727 if (object->methodTable()->getOwnPropertySlot(object, m_exec, properties[index], slot)) 727 728 inValue = slot.getValue(m_exec, properties[index]); -
trunk/Source/JavaScriptCore/runtime/JSObject.cpp
r153657 r153673 1204 1204 bool JSObject::hasProperty(ExecState* exec, PropertyName propertyName) const 1205 1205 { 1206 PropertySlot slot ;1206 PropertySlot slot(this); 1207 1207 return const_cast<JSObject*>(this)->getPropertySlot(exec, propertyName, slot); 1208 1208 } … … 1210 1210 bool JSObject::hasProperty(ExecState* exec, unsigned propertyName) const 1211 1211 { 1212 PropertySlot slot ;1212 PropertySlot slot(this); 1213 1213 return const_cast<JSObject*>(this)->getPropertySlot(exec, propertyName, slot); 1214 1214 } … … 1249 1249 bool JSObject::hasOwnProperty(ExecState* exec, PropertyName propertyName) const 1250 1250 { 1251 PropertySlot slot ;1251 PropertySlot slot(this); 1252 1252 return const_cast<JSObject*>(this)->methodTable()->getOwnPropertySlot(const_cast<JSObject*>(this), exec, propertyName, slot); 1253 1253 } … … 1590 1590 if (!hashTable) 1591 1591 continue; 1592 PropertySlot slot ;1592 PropertySlot slot(this); 1593 1593 for (HashTable::ConstIterator iter = hashTable->begin(vm); iter != hashTable->end(vm); ++iter) { 1594 1594 if (iter->attributes() & Function) -
trunk/Source/JavaScriptCore/runtime/Lookup.h
r149001 r153673 264 264 return ParentImp::getOwnPropertyDescriptor(thisObj, exec, propertyName, descriptor); 265 265 266 PropertySlot slot ;266 PropertySlot slot(thisObj); 267 267 if (entry->attributes() & Function) { 268 268 bool present = setUpStaticFunctionSlot(exec, entry, thisObj, propertyName, slot); … … 310 310 return false; 311 311 312 PropertySlot slot ;312 PropertySlot slot(thisObj); 313 313 bool present = setUpStaticFunctionSlot(exec, entry, thisObj, propertyName, slot); 314 314 if (present) … … 348 348 349 349 ASSERT(!(entry->attributes() & Function)); 350 PropertySlot slot ;350 PropertySlot slot(thisObj); 351 351 slot.setCustom(thisObj, entry->propertyGetter()); 352 352 descriptor.setDescriptor(slot.getValue(exec, propertyName), entry->attributes()); -
trunk/Source/JavaScriptCore/runtime/ObjectConstructor.cpp
r153532 r153673 316 316 MarkedArgumentBuffer markBuffer; 317 317 for (size_t i = 0; i < numProperties; i++) { 318 PropertySlot slot;319 318 JSValue prop = properties->get(exec, propertyNames[i]); 320 319 if (exec->hadException()) -
trunk/Source/JavaScriptCore/runtime/PropertySlot.h
r153556 r153673 44 44 45 45 public: 46 PropertySlot()47 : m_propertyType(TypeUnset)48 , m_offset(invalidOffset)49 {50 }51 52 46 explicit PropertySlot(const JSValue thisValue) 53 47 : m_propertyType(TypeUnset)
Note: See TracChangeset
for help on using the changeset viewer.