Ignore:
Timestamp:
Aug 15, 2013, 12:44:16 PM (12 years ago)
Author:
[email protected]
Message:

<https://webkit.org/b/119830> Assigning to a readonly global results in DFG byte code parse failure

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

Make sure dfgCapabilities doesn't report a Dynamic put as
being compilable when we don't actually support it.

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):

  • dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

LayoutTests:

Add a test

  • fast/js/dfg-put-to-readonly-property-expected.txt: Added.
  • fast/js/dfg-put-to-readonly-property.html: Added.
  • fast/js/script-tests/dfg-put-to-readonly-property.js: Added.

(foo):
(bar):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/dfg/DFGCapabilities.cpp

    r153248 r154120  
    171171    case op_in:
    172172    case op_get_from_scope:
    173     case op_put_to_scope:
    174173        return CanCompileAndInline;
     174
     175    case op_put_to_scope: {
     176        ResolveType resolveType = ResolveModeAndType(pc[4].u.operand).type();
     177        // If we're writing to a readonly property we emit a Dynamic put that
     178        // the DFG can't currently handle.
     179        if (resolveType == Dynamic)
     180            return CannotCompile;
     181        return CanCompileAndInline;
     182    }
    175183
    176184    case op_resolve_scope: {
    177185        // We don't compile 'catch' or 'with', so there's no point in compiling variable resolution within them.
    178         ResolveType resolveType = static_cast<ResolveType>(pc[3].u.operand);
     186        ResolveType resolveType = ResolveModeAndType(pc[4].u.operand).type();
    179187        if (resolveType == Dynamic)
    180188            return CannotCompile;
Note: See TracChangeset for help on using the changeset viewer.