Changeset 209442 in webkit
- Timestamp:
- Dec 6, 2016 7:12:05 PM (7 years ago)
- Location:
- trunk
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r209439 r209442 1 2016-12-06 Mark Lam <mark.lam@apple.com> 2 3 GetByID IC is wrongly unwrapping the global proxy this value for getter/setters. 4 https://bugs.webkit.org/show_bug.cgi?id=165401 5 6 Reviewed by Saam Barati. 7 8 Set the test loose now that this bug is fixed. 9 10 * TestExpectations: 11 * js/script-tests/prototype-assignment.js: 12 1 13 2016-12-06 Dean Jackson <dino@apple.com> 2 14 -
trunk/LayoutTests/TestExpectations
r209424 r209442 641 641 [ Debug ] js/regress-141098.html [ Slow ] 642 642 643 webkit.org/b/165401 js/prototype-assignment.html [ Skip ]644 645 643 # IDBVersionChangeEvent tests need to be rewritten to use event constructors instead of createEvent, 646 644 # after we implement the IDBVersionChangeEvent constructor. -
trunk/LayoutTests/js/script-tests/prototype-assignment.js
r209424 r209442 1 //@ runFTLNoCJIT("--useJIT=false") 2 // FIXME: Remove the "--useJIT=false" option when https://bugs.webkit.org/show_bug.cgi?id=165401 is fixed. 1 //@ runFTLNoCJIT 3 2 4 3 // This test suite compares the behavior of setting the prototype on various values -
trunk/Source/JavaScriptCore/ChangeLog
r209440 r209442 1 2016-12-06 Mark Lam <mark.lam@apple.com> 2 3 GetByID IC is wrongly unwrapping the global proxy this value for getter/setters. 4 https://bugs.webkit.org/show_bug.cgi?id=165401 5 6 Reviewed by Saam Barati. 7 8 When the this value for a property access is the JS global and that property 9 access is via a GetterSetter, the underlying getter / setter functions would 10 expect the this value they receive to be the JSProxy instance instead of the 11 JSGlobalObject. This is consistent with how the LLINT and runtime code behaves. 12 The IC code should behave the same way. 13 14 Also added some ASSERTs to document invariants in the code, and help detect 15 bugs sooner if the code gets changed in a way that breaks those invariants in 16 the future. 17 18 * bytecode/PolymorphicAccess.cpp: 19 (JSC::AccessCase::generateImpl): 20 1 21 2016-12-06 Joseph Pecoraro <pecoraro@apple.com> 2 22 -
trunk/Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp
r208860 r209442 886 886 case CustomValueSetter: 887 887 case CustomAccessorSetter: { 888 GPRReg valueRegsPayloadGPR = valueRegs.payloadGPR(); 889 888 890 if (isValidOffset(m_offset)) { 889 891 Structure* currStructure; … … 897 899 GPRReg baseForGetGPR; 898 900 if (viaProxy()) { 899 baseForGetGPR = valueRegs.payloadGPR(); 901 ASSERT(m_type != CustomValueSetter || m_type != CustomAccessorSetter); // Because setters need to not trash valueRegsPayloadGPR. 902 if (m_type == Getter || m_type == Setter) 903 baseForGetGPR = scratchGPR; 904 else 905 baseForGetGPR = valueRegsPayloadGPR; 906 907 ASSERT((m_type != Getter && m_type != Setter) || baseForGetGPR != baseGPR); 908 ASSERT(m_type != Setter || baseForGetGPR != valueRegsPayloadGPR); 909 900 910 jit.loadPtr( 901 911 CCallHelpers::Address(baseGPR, JSProxy::targetOffset()), … … 916 926 if (m_type != CustomValueGetter && m_type != CustomAccessorGetter && m_type != CustomValueSetter && m_type != CustomAccessorSetter) { 917 927 if (m_type == Load || m_type == GetGetter) 918 loadedValueGPR = valueRegs .payloadGPR();928 loadedValueGPR = valueRegsPayloadGPR; 919 929 else 920 930 loadedValueGPR = scratchGPR; 931 932 ASSERT((m_type != Getter && m_type != Setter) || loadedValueGPR != baseGPR); 933 ASSERT(m_type != Setter || loadedValueGPR != valueRegsPayloadGPR); 921 934 922 935 GPRReg storageGPR; … … 987 1000 988 1001 if (m_type == Getter || m_type == Setter) { 1002 ASSERT(baseGPR != loadedValueGPR); 1003 ASSERT(m_type != Setter || (baseGPR != valueRegsPayloadGPR && loadedValueGPR != valueRegsPayloadGPR)); 1004 989 1005 // Create a JS call using a JS call inline cache. Assume that: 990 1006 // … … 1065 1081 1066 1082 jit.storeCell( 1067 base ForGetGPR,1083 baseGPR, 1068 1084 calleeFrame.withOffset(virtualRegisterForArgument(0).offset() * sizeof(Register))); 1069 1085 … … 1119 1135 }); 1120 1136 } else { 1137 ASSERT(m_type == CustomValueGetter || m_type == CustomAccessorGetter || m_type == CustomValueSetter || m_type == CustomAccessorSetter); 1138 1121 1139 // Need to make room for the C call so any of our stack spillage isn't overwritten. It's 1122 1140 // hard to track if someone did spillage or not, so we just assume that we always need
Note: See TracChangeset
for help on using the changeset viewer.