Changeset 154120 in webkit for trunk/Source/JavaScriptCore

Timestamp:

Aug 15, 2013, 12:44:16 PM (12 years ago)

Author:

[email protected]

Message:

<​https://webkit.org/b/119830> Assigning to a readonly global results in DFG byte code parse failure

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

Make sure dfgCapabilities doesn't report a Dynamic put as
being compilable when we don't actually support it.

• bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):

• dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

LayoutTests:

Add a test

• fast/js/dfg-put-to-readonly-property-expected.txt: Added.
• fast/js/dfg-put-to-readonly-property.html: Added.
• fast/js/script-tests/dfg-put-to-readonly-property.js: Added.

(foo):
(bar):

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• bytecode/CodeBlock.cpp (modified) (1 diff)
• dfg/DFGCapabilities.cpp (modified) (1 diff)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2013-08-15  Oliver Hunt  <[email protected]>
+
+        <https://webkit.org/b/119830> Assigning to a readonly global results in DFG byte code parse failure
+
+        Reviewed by Filip Pizlo.
+
+        Make sure dfgCapabilities doesn't report a Dynamic put as
+        being compilable when we don't actually support it.  
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dumpBytecode):
+        * dfg/DFGCapabilities.cpp:
+        (JSC::DFG::capabilityLevel):
+
 2013-08-15  Brent Fulgham  <[email protected]>
 

trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp

@@ -1292 +1292 @@
             int r0 = (++it)->u.operand;
             int id0 = (++it)->u.operand;
-            ++it; // ResolveType
+            int resolveModeAndType = (++it)->u.operand;
             ++it; // depth
-            out.printf("[%4d] resolve_scope\t %s, %s", location, registerName(r0).data(), idName(id0, identifier(id0)).data());
+            out.printf("[%4d] resolve_scope\t %s, %s, %d", location, registerName(r0).data(), idName(id0, identifier(id0)).data(), resolveModeAndType);
             break;
         }

trunk/Source/JavaScriptCore/dfg/DFGCapabilities.cpp

@@ -171 +171 @@
     case op_in:
     case op_get_from_scope:
-    case op_put_to_scope:
         return CanCompileAndInline;
+
+    case op_put_to_scope: {
+        ResolveType resolveType = ResolveModeAndType(pc[4].u.operand).type();
+        // If we're writing to a readonly property we emit a Dynamic put that
+        // the DFG can't currently handle.
+        if (resolveType == Dynamic)
+            return CannotCompile;
+        return CanCompileAndInline;
+    }
 
     case op_resolve_scope: {
         // We don't compile 'catch' or 'with', so there's no point in compiling variable resolution within them.
-        ResolveType resolveType = static_cast<ResolveType>(pc[3].u.operand);
+        ResolveType resolveType = ResolveModeAndType(pc[4].u.operand).type();
         if (resolveType == Dynamic)
             return CannotCompile;