Changeset 250932 in webkit
- Timestamp:
- Oct 9, 2019 2:23:56 PM (4 years ago)
- Location:
- trunk
- Files:
-
- 1 deleted
- 11 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/JSTests/ChangeLog
r250878 r250932 1 2019-10-09 Yusuke Suzuki <ysuzuki@apple.com> 2 3 Unreviewed, roll out r250878 4 https://bugs.webkit.org/show_bug.cgi?id=202656 5 6 Breaking vimeo page. 7 8 * stress/getter-setter-should-be-cell.js: Removed. 9 1 10 2019-10-08 Yusuke Suzuki <ysuzuki@apple.com> 2 11 -
trunk/Source/JavaScriptCore/ChangeLog
r250909 r250932 1 2019-10-09 Yusuke Suzuki <ysuzuki@apple.com> 2 3 Unreviewed, roll out r250878 4 https://bugs.webkit.org/show_bug.cgi?id=202656 5 6 Breaking vimeo page. 7 8 * dfg/DFGAbstractInterpreterInlines.h: 9 (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): 10 * dfg/DFGFixupPhase.cpp: 11 * runtime/GetterSetter.cpp: 12 * runtime/GetterSetter.h: 13 * runtime/JSGlobalObject.cpp: 14 (JSC::getGetterById): 15 (JSC::JSGlobalObject::init): 16 (JSC::JSGlobalObject::visitChildren): 17 * runtime/JSGlobalObject.h: 18 (JSC::JSGlobalObject::regExpProtoGlobalGetter const): 19 (JSC::JSGlobalObject::regExpProtoUnicodeGetter const): 20 (JSC::JSGlobalObject::getterSetterStructure const): 21 * runtime/JSType.h: 22 * runtime/VM.cpp: 23 (JSC::VM::VM): 24 * runtime/VM.h: 25 1 26 2019-10-09 Adrian Perez de Castro <aperez@igalia.com> 2 27 -
trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
r250878 r250932 3467 3467 } 3468 3468 3469 setForNode(node, m_vm.getterSetterStructure.get()); 3469 if (base.value() && base.value().isObject()) { 3470 setForNode(node, asObject(base.value())->globalObject()->getterSetterStructure()); 3471 break; 3472 } 3473 3474 setTypeForNode(node, SpecObjectOther); 3470 3475 break; 3471 3476 } -
trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
r250878 r250932 35 35 #include "DFGPredictionPropagationPhase.h" 36 36 #include "DFGVariableAccessDataDump.h" 37 #include "GetterSetter.h"38 37 #include "JSCInlines.h" 39 38 #include "TypeLocation.h" -
trunk/Source/JavaScriptCore/runtime/GetterSetter.cpp
r250878 r250932 34 34 STATIC_ASSERT_IS_TRIVIALLY_DESTRUCTIBLE(GetterSetter); 35 35 36 const ClassInfo GetterSetter::s_info = { "GetterSetter", nullptr, nullptr, nullptr, CREATE_METHOD_TABLE(GetterSetter) };36 const ClassInfo GetterSetter::s_info = { "GetterSetter", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(GetterSetter) }; 37 37 38 38 void GetterSetter::visitChildren(JSCell* cell, SlotVisitor& visitor) -
trunk/Source/JavaScriptCore/runtime/GetterSetter.h
r250878 r250932 41 41 // that constant is observed to have a non-null setter (or getter) then we can 42 42 // constant fold that setter (or getter). 43 class GetterSetter final : public JS Cell{43 class GetterSetter final : public JSNonFinalObject { 44 44 friend class JIT; 45 using Base = JSCell;45 typedef JSNonFinalObject Base; 46 46 private: 47 47 GetterSetter(VM& vm, JSGlobalObject* globalObject, JSObject* getter, JSObject* setter) 48 : Base(vm, vm.getterSetterStructure.get())48 : Base(vm, globalObject->getterSetterStructure()) 49 49 { 50 50 WTF::storeStoreFence(); -
trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp
r250878 r250932 451 451 } 452 452 453 static GetterSetter* getGetterById(ExecState* exec, JSObject* base, const Identifier& ident)453 static JSObject* getGetterById(ExecState* exec, JSObject* base, const Identifier& ident) 454 454 { 455 455 JSValue baseValue = JSValue(base); 456 456 PropertySlot slot(baseValue, PropertySlot::InternalMethodType::VMInquiry); 457 457 baseValue.getPropertySlot(exec, ident, slot); 458 return jsCast<GetterSetter*>(slot.getPureResult());458 return slot.getPureResult().toObject(exec); 459 459 } 460 460 … … 515 515 init.set(JSBoundFunction::createStructure(init.vm, init.owner, init.owner->m_functionPrototype.get())); 516 516 }); 517 m_getterSetterStructure.set(vm, this, GetterSetter::createStructure(vm, this, jsNull())); 517 518 m_nativeStdFunctionStructure.initLater( 518 519 [] (const Initializer<Structure>& init) { … … 939 940 JSFunction* privateFuncSetBucketKey = JSFunction::create(vm, this, 0, String(), setPrivateFuncSetBucketKey, JSSetBucketKeyIntrinsic); 940 941 941 GetterSetter* regExpProtoFlagsGetter= getGetterById(exec, m_regExpPrototype.get(), vm.propertyNames->flags);942 JSObject* regExpProtoFlagsGetterObject = getGetterById(exec, m_regExpPrototype.get(), vm.propertyNames->flags); 942 943 catchScope.assertNoException(); 943 GetterSetter* regExpProtoGlobalGetter= getGetterById(exec, m_regExpPrototype.get(), vm.propertyNames->global);944 JSObject* regExpProtoGlobalGetterObject = getGetterById(exec, m_regExpPrototype.get(), vm.propertyNames->global); 944 945 catchScope.assertNoException(); 945 m_regExpProtoGlobalGetter.set(vm, this, regExpProtoGlobalGetter );946 GetterSetter* regExpProtoIgnoreCaseGetter= getGetterById(exec, m_regExpPrototype.get(), vm.propertyNames->ignoreCase);946 m_regExpProtoGlobalGetter.set(vm, this, regExpProtoGlobalGetterObject); 947 JSObject* regExpProtoIgnoreCaseGetterObject = getGetterById(exec, m_regExpPrototype.get(), vm.propertyNames->ignoreCase); 947 948 catchScope.assertNoException(); 948 GetterSetter* regExpProtoMultilineGetter= getGetterById(exec, m_regExpPrototype.get(), vm.propertyNames->multiline);949 JSObject* regExpProtoMultilineGetterObject = getGetterById(exec, m_regExpPrototype.get(), vm.propertyNames->multiline); 949 950 catchScope.assertNoException(); 950 GetterSetter* regExpProtoSourceGetter= getGetterById(exec, m_regExpPrototype.get(), vm.propertyNames->source);951 JSObject* regExpProtoSourceGetterObject = getGetterById(exec, m_regExpPrototype.get(), vm.propertyNames->source); 951 952 catchScope.assertNoException(); 952 GetterSetter* regExpProtoStickyGetter= getGetterById(exec, m_regExpPrototype.get(), vm.propertyNames->sticky);953 JSObject* regExpProtoStickyGetterObject = getGetterById(exec, m_regExpPrototype.get(), vm.propertyNames->sticky); 953 954 catchScope.assertNoException(); 954 GetterSetter* regExpProtoUnicodeGetter= getGetterById(exec, m_regExpPrototype.get(), vm.propertyNames->unicode);955 JSObject* regExpProtoUnicodeGetterObject = getGetterById(exec, m_regExpPrototype.get(), vm.propertyNames->unicode); 955 956 catchScope.assertNoException(); 956 m_regExpProtoUnicodeGetter.set(vm, this, regExpProtoUnicodeGetter );957 m_regExpProtoUnicodeGetter.set(vm, this, regExpProtoUnicodeGetterObject); 957 958 JSObject* builtinRegExpExec = asObject(m_regExpPrototype->getDirect(vm, vm.propertyNames->exec).asCell()); 958 959 m_regExpProtoExec.set(vm, this, builtinRegExpExec); … … 1024 1025 GlobalPropertyInfo(vm.propertyNames->builtinNames().isConstructorPrivateName(), JSFunction::create(vm, this, 1, String(), esSpecIsConstructor, NoIntrinsic), PropertyAttribute::DontEnum | PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly), 1025 1026 1026 GlobalPropertyInfo(vm.propertyNames->builtinNames().regExpProtoFlagsGetterPrivateName(), regExpProtoFlagsGetter , PropertyAttribute::DontEnum | PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly),1027 GlobalPropertyInfo(vm.propertyNames->builtinNames().regExpProtoGlobalGetterPrivateName(), regExpProtoGlobalGetter , PropertyAttribute::DontEnum | PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly),1028 GlobalPropertyInfo(vm.propertyNames->builtinNames().regExpProtoIgnoreCaseGetterPrivateName(), regExpProtoIgnoreCaseGetter , PropertyAttribute::DontEnum | PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly),1029 GlobalPropertyInfo(vm.propertyNames->builtinNames().regExpProtoMultilineGetterPrivateName(), regExpProtoMultilineGetter , PropertyAttribute::DontEnum | PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly),1030 GlobalPropertyInfo(vm.propertyNames->builtinNames().regExpProtoSourceGetterPrivateName(), regExpProtoSourceGetter , PropertyAttribute::DontEnum | PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly),1031 GlobalPropertyInfo(vm.propertyNames->builtinNames().regExpProtoStickyGetterPrivateName(), regExpProtoStickyGetter , PropertyAttribute::DontEnum | PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly),1032 GlobalPropertyInfo(vm.propertyNames->builtinNames().regExpProtoUnicodeGetterPrivateName(), regExpProtoUnicodeGetter , PropertyAttribute::DontEnum | PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly),1027 GlobalPropertyInfo(vm.propertyNames->builtinNames().regExpProtoFlagsGetterPrivateName(), regExpProtoFlagsGetterObject, PropertyAttribute::DontEnum | PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly), 1028 GlobalPropertyInfo(vm.propertyNames->builtinNames().regExpProtoGlobalGetterPrivateName(), regExpProtoGlobalGetterObject, PropertyAttribute::DontEnum | PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly), 1029 GlobalPropertyInfo(vm.propertyNames->builtinNames().regExpProtoIgnoreCaseGetterPrivateName(), regExpProtoIgnoreCaseGetterObject, PropertyAttribute::DontEnum | PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly), 1030 GlobalPropertyInfo(vm.propertyNames->builtinNames().regExpProtoMultilineGetterPrivateName(), regExpProtoMultilineGetterObject, PropertyAttribute::DontEnum | PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly), 1031 GlobalPropertyInfo(vm.propertyNames->builtinNames().regExpProtoSourceGetterPrivateName(), regExpProtoSourceGetterObject, PropertyAttribute::DontEnum | PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly), 1032 GlobalPropertyInfo(vm.propertyNames->builtinNames().regExpProtoStickyGetterPrivateName(), regExpProtoStickyGetterObject, PropertyAttribute::DontEnum | PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly), 1033 GlobalPropertyInfo(vm.propertyNames->builtinNames().regExpProtoUnicodeGetterPrivateName(), regExpProtoUnicodeGetterObject, PropertyAttribute::DontEnum | PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly), 1033 1034 1034 1035 // RegExp.prototype helpers. … … 1760 1761 thisObject->m_customGetterSetterFunctionStructure.visit(visitor); 1761 1762 thisObject->m_boundFunctionStructure.visit(visitor); 1763 visitor.append(thisObject->m_getterSetterStructure); 1762 1764 thisObject->m_nativeStdFunctionStructure.visit(visitor); 1763 1765 visitor.append(thisObject->m_regExpStructure); -
trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h
r250878 r250932 307 307 WriteBarrier<JSObject> m_regExpProtoExec; 308 308 WriteBarrier<JSObject> m_regExpProtoSymbolReplace; 309 WriteBarrier< GetterSetter> m_regExpProtoGlobalGetter;310 WriteBarrier< GetterSetter> m_regExpProtoUnicodeGetter;309 WriteBarrier<JSObject> m_regExpProtoGlobalGetter; 310 WriteBarrier<JSObject> m_regExpProtoUnicodeGetter; 311 311 WriteBarrier<GetterSetter> m_throwTypeErrorArgumentsCalleeAndCallerGetterSetter; 312 312 … … 366 366 LazyProperty<JSGlobalObject, Structure> m_boundFunctionStructure; 367 367 LazyProperty<JSGlobalObject, Structure> m_customGetterSetterFunctionStructure; 368 WriteBarrier<Structure> m_getterSetterStructure; 368 369 LazyProperty<JSGlobalObject, Structure> m_nativeStdFunctionStructure; 369 370 PropertyOffset m_functionNameOffset; … … 622 623 JSObject* regExpProtoExecFunction() const { return m_regExpProtoExec.get(); } 623 624 JSObject* regExpProtoSymbolReplaceFunction() const { return m_regExpProtoSymbolReplace.get(); } 624 GetterSetter* regExpProtoGlobalGetter() const { return m_regExpProtoGlobalGetter.get(); }625 GetterSetter* regExpProtoUnicodeGetter() const { return m_regExpProtoUnicodeGetter.get(); }625 JSObject* regExpProtoGlobalGetter() const { return m_regExpProtoGlobalGetter.get(); } 626 JSObject* regExpProtoUnicodeGetter() const { return m_regExpProtoUnicodeGetter.get(); } 626 627 GetterSetter* throwTypeErrorArgumentsCalleeAndCallerGetterSetter() 627 628 { … … 748 749 Structure* boundFunctionStructure() const { return m_boundFunctionStructure.get(this); } 749 750 Structure* customGetterSetterFunctionStructure() const { return m_customGetterSetterFunctionStructure.get(this); } 751 Structure* getterSetterStructure() const { return m_getterSetterStructure.get(); } 750 752 Structure* nativeStdFunctionStructure() const { return m_nativeStdFunctionStructure.get(this); } 751 753 PropertyOffset functionNameOffset() const { return m_functionNameOffset; } -
trunk/Source/JavaScriptCore/runtime/JSType.h
r250878 r250932 30 30 BigIntType, 31 31 32 GetterSetterType,33 32 CustomGetterSetterType, 34 33 APIValueWrapperType, … … 89 88 DataViewType, 90 89 // End JSArrayBufferView types. 90 91 GetterSetterType, 91 92 92 93 // JSScope <- JSWithScope -
trunk/Source/JavaScriptCore/runtime/VM.cpp
r250878 r250932 343 343 terminatedExecutionErrorStructure.set(*this, TerminatedExecutionError::createStructure(*this, 0, jsNull())); 344 344 propertyNameEnumeratorStructure.set(*this, JSPropertyNameEnumerator::createStructure(*this, 0, jsNull())); 345 getterSetterStructure.set(*this, GetterSetter::createStructure(*this, 0, jsNull()));346 345 customGetterSetterStructure.set(*this, CustomGetterSetter::createStructure(*this, 0, jsNull())); 347 346 domAttributeGetterSetterStructure.set(*this, DOMAttributeGetterSetter::createStructure(*this, 0, jsNull())); -
trunk/Source/JavaScriptCore/runtime/VM.h
r250878 r250932 505 505 Strong<Structure> stringStructure; 506 506 Strong<Structure> propertyNameEnumeratorStructure; 507 Strong<Structure> getterSetterStructure;508 507 Strong<Structure> customGetterSetterStructure; 509 508 Strong<Structure> domAttributeGetterSetterStructure;
Note: See TracChangeset
for help on using the changeset viewer.