Changeset 84679 in webkit

Timestamp:

Apr 22, 2011 2:17:20 PM (13 years ago)

Author:

oliver@apple.com

Message:

2011-04-22 Oliver Hunt <​oliver@apple.com>

Reviewed by Geoffrey Garen.

Object.create creates uncachable objects
​https://bugs.webkit.org/show_bug.cgi?id=59164

Use the prototype object's inheritorID, as we
should always have done

• runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::reset): (JSC::JSGlobalObject::visitChildren):
• runtime/JSGlobalObject.h: (JSC::JSGlobalObject::nullPrototypeObjectStructure):
• runtime/ObjectConstructor.cpp: (JSC::objectConstructorCreate):

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• runtime/JSGlobalObject.cpp (modified) (2 diffs)
• runtime/JSGlobalObject.h (modified) (2 diffs)
• runtime/ObjectConstructor.cpp (modified) (1 diff)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2011-04-22  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoffrey Garen.
+
+        Object.create creates uncachable objects
+        https://bugs.webkit.org/show_bug.cgi?id=59164
+
+        Use the prototype object's inheritorID, as we
+        should always have done
+
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::reset):
+        (JSC::JSGlobalObject::visitChildren):
+        * runtime/JSGlobalObject.h:
+        (JSC::JSGlobalObject::nullPrototypeObjectStructure):
+        * runtime/ObjectConstructor.cpp:
+        (JSC::objectConstructorCreate):
+
 2011-04-22  Gavin Barraclough  <barraclough@apple.com>
 

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp

@@ -182 +182 @@
 
     m_emptyObjectStructure.set(exec->globalData(), this, m_objectPrototype->inheritorID(exec->globalData()));
+    m_nullPrototypeObjectStructure.set(exec->globalData(), this, createEmptyObjectStructure(exec->globalData(), jsNull()));
 
     m_callbackFunctionStructure.set(exec->globalData(), this, JSCallbackFunction::createStructure(exec->globalData(), m_functionPrototype.get()));
@@ -345 +346 @@
     visitIfNeeded(visitor, &m_dateStructure);
     visitIfNeeded(visitor, &m_emptyObjectStructure);
+    visitIfNeeded(visitor, &m_nullPrototypeObjectStructure);
     visitIfNeeded(visitor, &m_errorStructure);
     visitIfNeeded(visitor, &m_functionStructure);

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h

@@ -96 +96 @@
         WriteBarrier<Structure> m_dateStructure;
         WriteBarrier<Structure> m_emptyObjectStructure;
+        WriteBarrier<Structure> m_nullPrototypeObjectStructure;
         WriteBarrier<Structure> m_errorStructure;
         WriteBarrier<Structure> m_functionStructure;
@@ -203 +204 @@
         Structure* dateStructure() const { return m_dateStructure.get(); }
         Structure* emptyObjectStructure() const { return m_emptyObjectStructure.get(); }
+        Structure* nullPrototypeObjectStructure() const { return m_nullPrototypeObjectStructure.get(); }
         Structure* errorStructure() const { return m_errorStructure.get(); }
         Structure* functionStructure() const { return m_functionStructure.get(); }

trunk/Source/JavaScriptCore/runtime/ObjectConstructor.cpp

@@ -342 +342 @@
     if (!exec->argument(0).isObject() && !exec->argument(0).isNull())
         return throwVMError(exec, createTypeError(exec, "Object prototype may only be an Object or null."));
-    JSObject* newObject = constructEmptyObject(exec);
-    newObject->setPrototype(exec->globalData(), exec->argument(0));
+    JSValue proto = exec->argument(0);
+    JSObject* newObject = proto.isObject() ? constructEmptyObject(exec, asObject(proto)->inheritorID(exec->globalData())) : constructEmptyObject(exec, exec->lexicalGlobalObject()->nullPrototypeObjectStructure());
     if (exec->argument(1).isUndefined())
         return JSValue::encode(newObject);