Changeset 245031 in webkit


Ignore:
Timestamp:
May 7, 2019 1:59:44 PM (5 years ago)
Author:
rmorisset@apple.com
Message:

All prototypes should call didBecomePrototype()
https://bugs.webkit.org/show_bug.cgi?id=196315

Reviewed by Saam Barati.

JSTests:

  • stress/function-prototype-indexed-accessor.js: Added.

Source/JavaScriptCore:

Otherwise we won't remember to run haveABadTime() when someone adds to them an indexed accessor.

I added a check used in both Structure::finishCreation() and Structure::changePrototypeTransition to make sure we don't
create structures with invalid prototypes.
It found a lot of objects that are used as prototypes in JSGlobalObject and yet were missing didBecomePrototype() in their finishCreation().
Somewhat surprisingly, some of them have names like FunctionConstructor and not only FooPrototype.

  • runtime/BigIntPrototype.cpp:

(JSC::BigIntPrototype::finishCreation):

  • runtime/BooleanPrototype.cpp:

(JSC::BooleanPrototype::finishCreation):

  • runtime/DatePrototype.cpp:

(JSC::DatePrototype::finishCreation):

  • runtime/ErrorConstructor.cpp:

(JSC::ErrorConstructor::finishCreation):

  • runtime/ErrorPrototype.cpp:

(JSC::ErrorPrototype::finishCreation):

  • runtime/FunctionConstructor.cpp:

(JSC::FunctionConstructor::finishCreation):

  • runtime/FunctionPrototype.cpp:

(JSC::FunctionPrototype::finishCreation):

  • runtime/IntlCollatorPrototype.cpp:

(JSC::IntlCollatorPrototype::finishCreation):

  • runtime/IntlDateTimeFormatPrototype.cpp:

(JSC::IntlDateTimeFormatPrototype::finishCreation):

  • runtime/IntlNumberFormatPrototype.cpp:

(JSC::IntlNumberFormatPrototype::finishCreation):

  • runtime/IntlPluralRulesPrototype.cpp:

(JSC::IntlPluralRulesPrototype::finishCreation):

  • runtime/JSArrayBufferPrototype.cpp:

(JSC::JSArrayBufferPrototype::finishCreation):

  • runtime/JSDataViewPrototype.cpp:

(JSC::JSDataViewPrototype::finishCreation):

  • runtime/JSGenericTypedArrayViewPrototypeInlines.h:

(JSC::JSGenericTypedArrayViewPrototype<ViewClass>::finishCreation):

  • runtime/JSGlobalObject.cpp:

(JSC::createConsoleProperty):

  • runtime/JSPromisePrototype.cpp:

(JSC::JSPromisePrototype::finishCreation):

  • runtime/JSTypedArrayViewConstructor.cpp:

(JSC::JSTypedArrayViewConstructor::finishCreation):

  • runtime/JSTypedArrayViewPrototype.cpp:

(JSC::JSTypedArrayViewPrototype::finishCreation):

  • runtime/NumberPrototype.cpp:

(JSC::NumberPrototype::finishCreation):

  • runtime/RegExpPrototype.cpp:

(JSC::RegExpPrototype::finishCreation):

  • runtime/StringPrototype.cpp:

(JSC::StringPrototype::finishCreation):

  • runtime/Structure.cpp:

(JSC::Structure::isValidPrototype):
(JSC::Structure::changePrototypeTransition):

  • runtime/Structure.h:
  • runtime/SymbolPrototype.cpp:

(JSC::SymbolPrototype::finishCreation):

  • wasm/js/WebAssemblyCompileErrorPrototype.cpp:

(JSC::WebAssemblyCompileErrorPrototype::finishCreation):

  • wasm/js/WebAssemblyInstancePrototype.cpp:

(JSC::WebAssemblyInstancePrototype::finishCreation):

  • wasm/js/WebAssemblyLinkErrorPrototype.cpp:

(JSC::WebAssemblyLinkErrorPrototype::finishCreation):

  • wasm/js/WebAssemblyMemoryPrototype.cpp:

(JSC::WebAssemblyMemoryPrototype::finishCreation):

  • wasm/js/WebAssemblyModulePrototype.cpp:

(JSC::WebAssemblyModulePrototype::finishCreation):

  • wasm/js/WebAssemblyPrototype.cpp:

(JSC::WebAssemblyPrototype::finishCreation):

  • wasm/js/WebAssemblyRuntimeErrorPrototype.cpp:

(JSC::WebAssemblyRuntimeErrorPrototype::finishCreation):

  • wasm/js/WebAssemblyTablePrototype.cpp:

(JSC::WebAssemblyTablePrototype::finishCreation):

Source/WebCore:

It was found by existing tests, with the new assert in JSC::Structure

  • bindings/js/JSWindowProxy.cpp:

(WebCore::JSWindowProxy::setWindow):

  • bindings/scripts/CodeGeneratorJS.pm:

(GeneratePrototypeDeclaration):
(GenerateConstructorHelperMethods):

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/JSTests/ChangeLog

    r245026 r245031  
     12019-05-07  Robin Morisset  <rmorisset@apple.com>
     2
     3        All prototypes should call didBecomePrototype()
     4        https://bugs.webkit.org/show_bug.cgi?id=196315
     5
     6        Reviewed by Saam Barati.
     7
     8        * stress/function-prototype-indexed-accessor.js: Added.
     9
    1102019-05-07  Commit Queue  <commit-queue@webkit.org>
    211

  • trunk/Source/JavaScriptCore/ChangeLog

    r245030 r245031  
     12019-05-07  Robin Morisset  <rmorisset@apple.com>
     2
     3        All prototypes should call didBecomePrototype()
     4        https://bugs.webkit.org/show_bug.cgi?id=196315
     5
     6        Reviewed by Saam Barati.
     7
     8        Otherwise we won't remember to run haveABadTime() when someone adds to them an indexed accessor.
     9
     10        I added a check used in both Structure::finishCreation() and Structure::changePrototypeTransition to make sure we don't
     11        create structures with invalid prototypes.
     12        It found a lot of objects that are used as prototypes in JSGlobalObject and yet were missing didBecomePrototype() in their finishCreation().
     13        Somewhat surprisingly, some of them have names like FunctionConstructor and not only FooPrototype.
     14
     15        * runtime/BigIntPrototype.cpp:
     16        (JSC::BigIntPrototype::finishCreation):
     17        * runtime/BooleanPrototype.cpp:
     18        (JSC::BooleanPrototype::finishCreation):
     19        * runtime/DatePrototype.cpp:
     20        (JSC::DatePrototype::finishCreation):
     21        * runtime/ErrorConstructor.cpp:
     22        (JSC::ErrorConstructor::finishCreation):
     23        * runtime/ErrorPrototype.cpp:
     24        (JSC::ErrorPrototype::finishCreation):
     25        * runtime/FunctionConstructor.cpp:
     26        (JSC::FunctionConstructor::finishCreation):
     27        * runtime/FunctionPrototype.cpp:
     28        (JSC::FunctionPrototype::finishCreation):
     29        * runtime/IntlCollatorPrototype.cpp:
     30        (JSC::IntlCollatorPrototype::finishCreation):
     31        * runtime/IntlDateTimeFormatPrototype.cpp:
     32        (JSC::IntlDateTimeFormatPrototype::finishCreation):
     33        * runtime/IntlNumberFormatPrototype.cpp:
     34        (JSC::IntlNumberFormatPrototype::finishCreation):
     35        * runtime/IntlPluralRulesPrototype.cpp:
     36        (JSC::IntlPluralRulesPrototype::finishCreation):
     37        * runtime/JSArrayBufferPrototype.cpp:
     38        (JSC::JSArrayBufferPrototype::finishCreation):
     39        * runtime/JSDataViewPrototype.cpp:
     40        (JSC::JSDataViewPrototype::finishCreation):
     41        * runtime/JSGenericTypedArrayViewPrototypeInlines.h:
     42        (JSC::JSGenericTypedArrayViewPrototype<ViewClass>::finishCreation):
     43        * runtime/JSGlobalObject.cpp:
     44        (JSC::createConsoleProperty):
     45        * runtime/JSPromisePrototype.cpp:
     46        (JSC::JSPromisePrototype::finishCreation):
     47        * runtime/JSTypedArrayViewConstructor.cpp:
     48        (JSC::JSTypedArrayViewConstructor::finishCreation):
     49        * runtime/JSTypedArrayViewPrototype.cpp:
     50        (JSC::JSTypedArrayViewPrototype::finishCreation):
     51        * runtime/NumberPrototype.cpp:
     52        (JSC::NumberPrototype::finishCreation):
     53        * runtime/RegExpPrototype.cpp:
     54        (JSC::RegExpPrototype::finishCreation):
     55        * runtime/StringPrototype.cpp:
     56        (JSC::StringPrototype::finishCreation):
     57        * runtime/Structure.cpp:
     58        (JSC::Structure::isValidPrototype):
     59        (JSC::Structure::changePrototypeTransition):
     60        * runtime/Structure.h:
     61        * runtime/SymbolPrototype.cpp:
     62        (JSC::SymbolPrototype::finishCreation):
     63        * wasm/js/WebAssemblyCompileErrorPrototype.cpp:
     64        (JSC::WebAssemblyCompileErrorPrototype::finishCreation):
     65        * wasm/js/WebAssemblyInstancePrototype.cpp:
     66        (JSC::WebAssemblyInstancePrototype::finishCreation):
     67        * wasm/js/WebAssemblyLinkErrorPrototype.cpp:
     68        (JSC::WebAssemblyLinkErrorPrototype::finishCreation):
     69        * wasm/js/WebAssemblyMemoryPrototype.cpp:
     70        (JSC::WebAssemblyMemoryPrototype::finishCreation):
     71        * wasm/js/WebAssemblyModulePrototype.cpp:
     72        (JSC::WebAssemblyModulePrototype::finishCreation):
     73        * wasm/js/WebAssemblyPrototype.cpp:
     74        (JSC::WebAssemblyPrototype::finishCreation):
     75        * wasm/js/WebAssemblyRuntimeErrorPrototype.cpp:
     76        (JSC::WebAssemblyRuntimeErrorPrototype::finishCreation):
     77        * wasm/js/WebAssemblyTablePrototype.cpp:
     78        (JSC::WebAssemblyTablePrototype::finishCreation):
     79
    1802019-05-07  Robin Morisset  <rmorisset@apple.com>
    281

  • trunk/Source/WebCore/ChangeLog

    r245025 r245031  
     12019-05-07  Robin Morisset  <rmorisset@apple.com>
     2
     3        All prototypes should call didBecomePrototype()
     4        https://bugs.webkit.org/show_bug.cgi?id=196315
     5
     6        Reviewed by Saam Barati.
     7
     8        It was found by existing tests, with the new assert in JSC::Structure
     9
     10        * bindings/js/JSWindowProxy.cpp:
     11        (WebCore::JSWindowProxy::setWindow):
     12        * bindings/scripts/CodeGeneratorJS.pm:
     13        (GeneratePrototypeDeclaration):
     14        (GenerateConstructorHelperMethods):
     15
    1162019-05-07  John Wilander  <wilander@apple.com>
    217
Note: See TracChangeset for help on using the changeset viewer.