Changeset 154113 in webkit for trunk/Source/JavaScriptCore


Ignore:
Timestamp:
Aug 15, 2013, 11:49:05 AM (12 years ago)
Author:
[email protected]
Message:

https://bugs.webkit.org/show_bug.cgi?id=119843
PropertySlot::setValue is ambiguous

Reviewed by Geoff Garen.

There are three different versions of PropertySlot::setValue, one for cacheable properties, and two that are used interchangeably and inconsistently.
The problematic variants are the ones that just take a value, and one that takes a value and also the object containing the property.
Unify on always providing the object, and remove the version that just takes a value.
This always works except for JSString, where we optimize out the object (logically we should be instantiating a temporary StringObject on every property access).
Provide a version of setValue that takes a JSString as the owner of the property.
We won't store this, but it makes it clear that this interface should only be used from JSString.

  • API/JSCallbackObjectFunctions.h:

(JSC::::getOwnPropertySlot):

  • JSCTypedArrayStubs.h:
  • runtime/Arguments.cpp:

(JSC::Arguments::getOwnPropertySlotByIndex):
(JSC::Arguments::getOwnPropertySlot):

  • runtime/JSActivation.cpp:

(JSC::JSActivation::symbolTableGet):
(JSC::JSActivation::getOwnPropertySlot):

  • runtime/JSArray.cpp:

(JSC::JSArray::getOwnPropertySlot):

  • runtime/JSObject.cpp:

(JSC::JSObject::getOwnPropertySlotByIndex):

  • runtime/JSString.h:

(JSC::JSString::getStringPropertySlot):

  • runtime/JSSymbolTableObject.h:

(JSC::symbolTableGet):

  • runtime/SparseArrayValueMap.cpp:

(JSC::SparseArrayEntry::get):

  • Pass object containing property to PropertySlot::setValue
  • runtime/PropertySlot.h:

(JSC::PropertySlot::setValue):

  • Logically, the base of a string property access is a temporary StringObject, but we optimize that away.

(JSC::PropertySlot::setUndefined):

  • removed setValue(JSValue), added setValue(JSString*, JSValue)
Location:
trunk/Source/JavaScriptCore
Files:
11 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/API/JSCallbackObjectFunctions.h

    r154038 r154113  
    152152                if (exception) {
    153153                    throwError(exec, toJS(exec, exception));
    154                     slot.setValue(jsUndefined());
     154                    slot.setValue(thisObject, jsUndefined());
    155155                    return true;
    156156                }
    157157                if (value) {
    158                     slot.setValue(toJS(exec, value));
     158                    slot.setValue(thisObject, toJS(exec, value));
    159159                    return true;
    160160                }
     
    165165                    JSValue value = thisObject->getStaticValue(exec, propertyName);
    166166                    if (value) {
    167                         slot.setValue(value);
     167                        slot.setValue(thisObject, value);
    168168                        return true;
    169169                    }

  • trunk/Source/JavaScriptCore/ChangeLog

    r154108 r154113  
     12013-08-15  Gavin Barraclough  <[email protected]>
     2
     3        https://bugs.webkit.org/show_bug.cgi?id=119843
     4        PropertySlot::setValue is ambiguous
     5
     6        Reviewed by Geoff Garen.
     7
     8        There are three different versions of PropertySlot::setValue, one for cacheable properties, and two that are used interchangeably and inconsistently.
     9        The problematic variants are the ones that just take a value, and one that takes a value and also the object containing the property.
     10        Unify on always providing the object, and remove the version that just takes a value.
     11        This always works except for JSString, where we optimize out the object (logically we should be instantiating a temporary StringObject on every property access).
     12        Provide a version of setValue that takes a JSString as the owner of the property.
     13        We won't store this, but it makes it clear that this interface should only be used from JSString.
     14
     15        * API/JSCallbackObjectFunctions.h:
     16        (JSC::::getOwnPropertySlot):
     17        * JSCTypedArrayStubs.h:
     18        * runtime/Arguments.cpp:
     19        (JSC::Arguments::getOwnPropertySlotByIndex):
     20        (JSC::Arguments::getOwnPropertySlot):
     21        * runtime/JSActivation.cpp:
     22        (JSC::JSActivation::symbolTableGet):
     23        (JSC::JSActivation::getOwnPropertySlot):
     24        * runtime/JSArray.cpp:
     25        (JSC::JSArray::getOwnPropertySlot):
     26        * runtime/JSObject.cpp:
     27        (JSC::JSObject::getOwnPropertySlotByIndex):
     28        * runtime/JSString.h:
     29        (JSC::JSString::getStringPropertySlot):
     30        * runtime/JSSymbolTableObject.h:
     31        (JSC::symbolTableGet):
     32        * runtime/SparseArrayValueMap.cpp:
     33        (JSC::SparseArrayEntry::get):
     34            - Pass object containing property to PropertySlot::setValue
     35        * runtime/PropertySlot.h:
     36        (JSC::PropertySlot::setValue):
     37            - Logically, the base of a string property access is a temporary StringObject, but we optimize that away.
     38        (JSC::PropertySlot::setUndefined):
     39            - removed setValue(JSValue), added setValue(JSString*, JSValue)
     40
    1412013-08-15  Oliver Hunt  <[email protected]>
    242

  • trunk/Source/JavaScriptCore/JSCTypedArrayStubs.h

    r154038 r154113  
    108108    if (index < thisObject->m_storageLength) {\
    109109        ASSERT(index != PropertyName::NotAnIndex);\
    110         slot.setValue(thisObject->getByIndex(exec, index));\
     110        slot.setValue(thisObject, thisObject->getByIndex(exec, index));\
    111111        return true;\
    112112    }\
     
    132132    ASSERT_GC_OBJECT_INHERITS(thisObject, info());\
    133133    if (propertyName < thisObject->m_storageLength) {\
    134         slot.setValue(thisObject->getByIndex(exec, propertyName));\
     134        slot.setValue(thisObject, thisObject->getByIndex(exec, propertyName));\
    135135        return true;\
    136136    }\

  • trunk/Source/JavaScriptCore/runtime/Arguments.cpp

    r154038 r154113  
    9595    Arguments* thisObject = jsCast<Arguments*>(object);
    9696    if (JSValue value = thisObject->tryGetArgument(i)) {
    97         slot.setValue(value);
     97        slot.setValue(thisObject, value);
    9898        return true;
    9999    }
     
    130130    if (JSValue value = thisObject->tryGetArgument(i)) {
    131131        RELEASE_ASSERT(i < PropertyName::NotAnIndex);
    132         slot.setValue(value);
     132        slot.setValue(thisObject, value);
    133133        return true;
    134134    }
    135135
    136136    if (propertyName == exec->propertyNames().length && LIKELY(!thisObject->m_overrodeLength)) {
    137         slot.setValue(jsNumber(thisObject->m_numArguments));
     137        slot.setValue(thisObject, jsNumber(thisObject->m_numArguments));
    138138        return true;
    139139    }
     
    141141    if (propertyName == exec->propertyNames().callee && LIKELY(!thisObject->m_overrodeCallee)) {
    142142        if (!thisObject->m_isStrictMode) {
    143             slot.setValue(thisObject->m_callee.get());
     143            slot.setValue(thisObject, thisObject->m_callee.get());
    144144            return true;
    145145        }

  • trunk/Source/JavaScriptCore/runtime/JSActivation.cpp

    r154038 r154113  
    6767        return false;
    6868
    69     slot.setValue(registerAt(entry.getIndex()).get());
     69    slot.setValue(this, registerAt(entry.getIndex()).get());
    7070    return true;
    7171}
     
    167167
    168168    if (JSValue value = thisObject->getDirect(exec->vm(), propertyName)) {
    169         slot.setValue(value);
     169        slot.setValue(thisObject, value);
    170170        return true;
    171171    }

  • trunk/Source/JavaScriptCore/runtime/JSArray.cpp

    r153532 r154113  
    182182    JSArray* thisObject = jsCast<JSArray*>(object);
    183183    if (propertyName == exec->propertyNames().length) {
    184         slot.setValue(jsNumber(thisObject->length()));
     184        slot.setValue(thisObject, jsNumber(thisObject->length()));
    185185        return true;
    186186    }

  • trunk/Source/JavaScriptCore/runtime/JSObject.cpp

    r154038 r154113  
    290290        JSValue value = butterfly->contiguous()[i].get();
    291291        if (value) {
    292             slot.setValue(value);
     292            slot.setValue(thisObject, value);
    293293            return true;
    294294        }
     
    304304        double value = butterfly->contiguousDouble()[i];
    305305        if (value == value) {
    306             slot.setValue(JSValue(JSValue::EncodeAsDouble, value));
     306            slot.setValue(thisObject, JSValue(JSValue::EncodeAsDouble, value));
    307307            return true;
    308308        }
     
    319319            JSValue value = storage->m_vector[i].get();
    320320            if (value) {
    321                 slot.setValue(value);
     321                slot.setValue(thisObject, value);
    322322                return true;
    323323            }

  • trunk/Source/JavaScriptCore/runtime/JSString.h

    r154038 r154113  
    474474    {
    475475        if (propertyName == exec->propertyNames().length) {
    476             slot.setValue(jsNumber(m_length));
     476            slot.setValue(this, jsNumber(m_length));
    477477            return true;
    478478        }
     
    481481        if (i < m_length) {
    482482            ASSERT(i != PropertyName::NotAnIndex); // No need for an explicit check, the above test would always fail!
    483             slot.setValue(getIndex(exec, i));
     483            slot.setValue(this, getIndex(exec, i));
    484484            return true;
    485485        }
     
    491491    {
    492492        if (propertyName < m_length) {
    493             slot.setValue(getIndex(exec, propertyName));
     493            slot.setValue(this, getIndex(exec, propertyName));
    494494            return true;
    495495        }

  • trunk/Source/JavaScriptCore/runtime/JSSymbolTableObject.h

    r153170 r154113  
    8080    SymbolTableEntry::Fast entry = iter->value;
    8181    ASSERT(!entry.isNull());
    82     slot.setValue(object->registerAt(entry.getIndex()).get());
     82    slot.setValue(object, object->registerAt(entry.getIndex()).get());
    8383    return true;
    8484}
     
    112112    SymbolTableEntry::Fast entry = iter->value;
    113113    ASSERT(!entry.isNull());
    114     slot.setValue(object->registerAt(entry.getIndex()).get());
     114    slot.setValue(object, object->registerAt(entry.getIndex()).get());
    115115    slotIsWriteable = !entry.isReadOnly();
    116116    return true;

  • trunk/Source/JavaScriptCore/runtime/PropertySlot.h

    r153673 r154113  
    102102    }
    103103
    104     void setValue(JSValue value)
     104    void setValue(JSString*, JSValue value)
    105105    {
    106106        ASSERT(value);
     
    170170    void setUndefined()
    171171    {
    172         setValue(jsUndefined());
     172        m_data.value = JSValue::encode(jsUndefined());
     173
     174        m_slotBase = 0;
     175        m_propertyType = TypeValue;
     176        m_offset = invalidOffset;
    173177    }
    174178

  • trunk/Source/JavaScriptCore/runtime/SparseArrayValueMap.cpp

    r154038 r154113  
    129129
    130130    if (LIKELY(!value.isGetterSetter())) {
    131         slot.setValue(value);
     131        slot.setValue(thisObject, value);
    132132        return;
    133133    }
Note: See TracChangeset for help on using the changeset viewer.