Changeset 178894 in webkit for trunk/Source/JavaScriptCore/runtime/PropertyName.h

Timestamp:

Jan 22, 2015, 12:54:52 AM (10 years ago)

Author:

Yusuke Suzuki

Message:

put_by_val_direct need to check the property is index or not for using putDirect / putDirectIndex
​https://bugs.webkit.org/show_bug.cgi?id=140426

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

In the put_by_val_direct operation, we use JSObject::putDirect.
However, it only accepts non-index property. For index property, we need to use JSObject::putDirectIndex.
This patch changes Identifier::asIndex() to return Optional<uint32_t>.
It forces callers to check the value is index or not explicitly.
Additionally, it checks toString-ed Identifier is index or not to choose putDirect / putDirectIndex.

• bytecode/GetByIdStatus.cpp:

(JSC::GetByIdStatus::computeFor):

• bytecode/PutByIdStatus.cpp:

(JSC::PutByIdStatus::computeFor):

• bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitDirectPutById):

• dfg/DFGOperations.cpp:

(JSC::DFG::operationPutByValInternal):

• jit/JITOperations.cpp:
• jit/Repatch.cpp:

(JSC::emitPutTransitionStubAndGetOldStructure):

• jsc.cpp:
• llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

• runtime/Arguments.cpp:

(JSC::Arguments::getOwnPropertySlot):
(JSC::Arguments::put):
(JSC::Arguments::deleteProperty):
(JSC::Arguments::defineOwnProperty):

• runtime/ArrayPrototype.cpp:

(JSC::arrayProtoFuncSort):

• runtime/JSArray.cpp:

(JSC::JSArray::defineOwnProperty):

• runtime/JSCJSValue.cpp:

(JSC::JSValue::putToPrimitive):

• runtime/JSGenericTypedArrayViewInlines.h:

(JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlot):
(JSC::JSGenericTypedArrayView<Adaptor>::put):
(JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
(JSC::JSGenericTypedArrayView<Adaptor>::deleteProperty):

• runtime/JSObject.cpp:

(JSC::JSObject::put):
(JSC::JSObject::putDirectAccessor):
(JSC::JSObject::putDirectCustomAccessor):
(JSC::JSObject::deleteProperty):
(JSC::JSObject::putDirectMayBeIndex):
(JSC::JSObject::defineOwnProperty):

• runtime/JSObject.h:

(JSC::JSObject::getOwnPropertySlot):
(JSC::JSObject::getPropertySlot):
(JSC::JSObject::putDirectInternal):

• runtime/JSString.cpp:

(JSC::JSString::getStringPropertyDescriptor):

• runtime/JSString.h:

(JSC::JSString::getStringPropertySlot):

• runtime/LiteralParser.cpp:

(JSC::LiteralParser<CharType>::parse):

• runtime/PropertyName.h:

(JSC::toUInt32FromCharacters):
(JSC::toUInt32FromStringImpl):
(JSC::PropertyName::asIndex):

• runtime/PropertyNameArray.cpp:

(JSC::PropertyNameArray::add):

• runtime/StringObject.cpp:

(JSC::StringObject::deleteProperty):

• runtime/Structure.cpp:

(JSC::Structure::prototypeChainMayInterceptStoreTo):

Source/WebCore:

Test: js/dfg-put-by-val-direct-with-edge-numbers.html

• bindings/js/JSDOMWindowCustom.cpp:

(WebCore::JSDOMWindow::getOwnPropertySlot):

• bindings/js/JSHTMLAllCollectionCustom.cpp:

(WebCore::callHTMLAllCollection):
(WebCore::JSHTMLAllCollection::item):

• bindings/scripts/CodeGeneratorJS.pm:

(GenerateGetOwnPropertySlotBody):
(GenerateImplementation):

• bindings/scripts/test/JS/JSFloat64Array.cpp:

(WebCore::JSFloat64Array::getOwnPropertySlot):
(WebCore::JSFloat64Array::getOwnPropertyDescriptor):
(WebCore::JSFloat64Array::put):

• bindings/scripts/test/JS/JSTestEventTarget.cpp:

(WebCore::JSTestEventTarget::getOwnPropertySlot):

• bridge/runtime_array.cpp:

(JSC::RuntimeArray::getOwnPropertySlot):
(JSC::RuntimeArray::put):

LayoutTests:

• js/dfg-put-by-val-direct-with-edge-numbers-expected.txt: Added.
• js/dfg-put-by-val-direct-with-edge-numbers.html: Added.
• js/script-tests/dfg-put-by-val-direct-with-edge-numbers.js: Added.

(lookupWithKey):
(dfgShouldThrow):
(lookupWithKey2):
(toStringThrowsError.toString):

File:

• trunk/Source/JavaScriptCore/runtime/PropertyName.h (modified) (3 diffs)

trunk/Source/JavaScriptCore/runtime/PropertyName.h

@@ -29 +29 @@
 #include "Identifier.h"
 #include "PrivateName.h"
+#include <wtf/Optional.h>
 
 namespace JSC {
 
 template <typename CharType>
-ALWAYS_INLINE uint32_t toUInt32FromCharacters(const CharType* characters, unsigned length)
+ALWAYS_INLINE Optional<uint32_t> toUInt32FromCharacters(const CharType* characters, unsigned length)
 {
     // An empty string is not a number.
     if (!length)
-        return UINT_MAX;
+        return Nullopt;
 
     // Get the first character, turning it into a digit.
     uint32_t value = characters[0] - '0';
     if (value > 9)
-        return UINT_MAX;
+        return Nullopt;
     
     // Check for leading zeros. If the first characher is 0, then the
     // length of the string must be one - e.g. "042" is not equal to "42".
     if (!value && length > 1)
-        return UINT_MAX;
+        return Nullopt;
     
     while (--length) {
         // Multiply value by 10, checking for overflow out of 32 bits.
         if (value > 0xFFFFFFFFU / 10)
-            return UINT_MAX;
+            return Nullopt;
         value *= 10;
         
@@ -58 +59 @@
         uint32_t newValue = *(++characters) - '0';
         if (newValue > 9)
-            return UINT_MAX;
+            return Nullopt;
         
         // Add in the old value, checking for overflow out of 32 bits.
         newValue += value;
         if (newValue < value)
-            return UINT_MAX;
+            return Nullopt;
         value = newValue;
     }
-    
+
+    if (value == UINT_MAX)
+        return Nullopt;
     return value;
 }
 
-ALWAYS_INLINE uint32_t toUInt32FromStringImpl(StringImpl* impl)
+ALWAYS_INLINE Optional<uint32_t> toUInt32FromStringImpl(StringImpl* impl)
 {
     if (impl->is8Bit())
@@ -110 +113 @@
     static const uint32_t NotAnIndex = UINT_MAX;
 
-    uint32_t asIndex()
+    Optional<uint32_t> asIndex()
     {
-        return m_impl ? toUInt32FromStringImpl(m_impl) : NotAnIndex;
+        return m_impl ? toUInt32FromStringImpl(m_impl) : Nullopt;
     }
-    
+
     void dump(PrintStream& out) const
     {