Ignore:
Timestamp:
Dec 14, 2015, 9:37:59 AM (10 years ago)
Author:
Chris Dumez
Message:

Roll out r193974 and follow-up fixes as it caused JSC crashes
https://bugs.webkit.org/show_bug.cgi?id=152256

Source/JavaScriptCore:

Unreviewed, Roll out r193974 and follow-up fixes as it caused JSC crashes.

  • API/JSCallbackObject.h:
  • builtins/FunctionPrototype.js:
  • bytecode/BytecodeBasicBlock.cpp:

(JSC::isBranch):

  • bytecode/BytecodeList.json:
  • bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):

  • bytecode/ExitKind.cpp:

(JSC::exitKindToString): Deleted.

  • bytecode/ExitKind.h:
  • bytecode/PreciseJumpTargets.cpp:

(JSC::getJumpTargetsForBytecodeOffset):

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitCheckHasInstance):
(JSC::BytecodeGenerator::emitGetById): Deleted.

  • bytecompiler/BytecodeGenerator.h:

(JSC::BytecodeGenerator::emitTypeOf): Deleted.

  • bytecompiler/NodesCodegen.cpp:

(JSC::InstanceOfNode::emitBytecode):
(JSC::LogicalOpNode::emitBytecode): Deleted.
(JSC::LogicalOpNode::emitBytecodeInConditionContext): Deleted.

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGHeapLocation.cpp:

(WTF::printInternal):

  • dfg/DFGHeapLocation.h:
  • dfg/DFGNode.h:

(JSC::DFG::Node::hasCellOperand): Deleted.
(JSC::DFG::Node::hasTransition): Deleted.

  • dfg/DFGNodeType.h:
  • dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

  • dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileInstanceOf): Deleted.
(JSC::DFG::SpeculativeJIT::compileArithAdd): Deleted.

  • dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callOperation): Deleted.

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLIntrinsicRepository.h:
  • ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
(JSC::FTL::DFG::LowerDFGToLLVM::compileCheckHasInstance):
(JSC::FTL::DFG::LowerDFGToLLVM::compileInstanceOf): Deleted.
(JSC::FTL::DFG::LowerDFGToLLVM::compileHasIndexedProperty): Deleted.

  • jit/CCallHelpers.h:

(JSC::CCallHelpers::setupArguments): Deleted.
(JSC::CCallHelpers::setupArgumentsWithExecState): Deleted.

  • jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):

  • jit/JIT.h:
  • jit/JITInlines.h:

(JSC::JIT::callOperationNoExceptionCheck): Deleted.
(JSC::JIT::callOperation): Deleted.

  • jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_check_has_instance):
(JSC::JIT::emit_op_instanceof):
(JSC::JIT::emitSlow_op_check_has_instance):
(JSC::JIT::emitSlow_op_instanceof):
(JSC::JIT::emit_op_is_undefined): Deleted.
(JSC::JIT::emitSlow_op_to_number): Deleted.
(JSC::JIT::emitSlow_op_to_string): Deleted.

  • jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_check_has_instance):
(JSC::JIT::emit_op_instanceof):
(JSC::JIT::emitSlow_op_check_has_instance):
(JSC::JIT::emitSlow_op_instanceof):
(JSC::JIT::emit_op_is_undefined): Deleted.

  • jit/JITOperations.cpp:
  • jit/JITOperations.h:
  • llint/LLIntData.cpp:

(JSC::LLInt::Data::performAssertions): Deleted.

  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

  • llint/LLIntSlowPaths.h:
  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:
  • runtime/CommonIdentifiers.h:
  • runtime/ExceptionHelpers.cpp:

(JSC::invalidParameterInstanceofSourceAppender):
(JSC::createInvalidInstanceofParameterError):
(JSC::createError): Deleted.
(JSC::createNotAFunctionError): Deleted.
(JSC::createNotAnObjectError): Deleted.

  • runtime/ExceptionHelpers.h:
  • runtime/FunctionPrototype.cpp:

(JSC::FunctionPrototype::addFunctionProperties):

  • runtime/FunctionPrototype.h:
  • runtime/JSBoundFunction.cpp:

(JSC::JSBoundFunction::create): Deleted.
(JSC::JSBoundFunction::customHasInstance): Deleted.

  • runtime/JSBoundFunction.h:
  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::visitChildren): Deleted.

  • runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::throwTypeErrorGetterSetter): Deleted.

  • runtime/JSObject.cpp:

(JSC::JSObject::hasInstance):
(JSC::JSObject::defaultHasInstance): Deleted.
(JSC::JSObject::getPropertyNames): Deleted.
(JSC::JSObject::getOwnPropertyNames): Deleted.

  • runtime/JSObject.h:

(JSC::JSFinalObject::create): Deleted.

  • runtime/JSTypeInfo.h:

(JSC::TypeInfo::TypeInfo):
(JSC::TypeInfo::overridesHasInstance):

  • runtime/WriteBarrier.h:

(JSC::WriteBarrierBase<Unknown>::slot):

  • tests/es6.yaml:
  • tests/stress/instanceof-custom-hasinstancesymbol.js: Removed.
  • tests/stress/symbol-hasInstance.js: Removed.

LayoutTests:

Unreviewed, roll out r193974 and follow-up fixes as it caused JSC crashes.

  • inspector/model/remote-object-get-properties-expected.txt:
  • js/Object-getOwnPropertyNames-expected.txt:
  • js/exception-for-nonobject-expected.txt:
  • js/exception-instanceof-expected.txt:
  • js/instance-of-immediates-expected.txt:
  • js/regress/instanceof-bound-expected.txt: Removed.
  • js/regress/instanceof-bound.html: Removed.
  • js/regress/script-tests/instanceof-bound.js: Removed.
  • js/script-tests/Object-getOwnPropertyNames.js:
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp

    r193974 r194036  
    287287    JSFunction* callFunction = 0;
    288288    JSFunction* applyFunction = 0;
    289     JSFunction* hasInstanceSymbolFunction = 0;
    290     m_functionPrototype->addFunctionProperties(exec, this, &callFunction, &applyFunction, &hasInstanceSymbolFunction);
     289    m_functionPrototype->addFunctionProperties(exec, this, &callFunction, &applyFunction);
    291290    m_callFunction.set(vm, this, callFunction);
    292291    m_applyFunction.set(vm, this, applyFunction);
     
    294293    m_initializePromiseFunction.set(vm, this, JSFunction::createBuiltinFunction(vm, promiseOperationsInitializePromiseCodeGenerator(vm), this));
    295294    m_newPromiseCapabilityFunction.set(vm, this, JSFunction::createBuiltinFunction(vm, promiseOperationsNewPromiseCapabilityCodeGenerator(vm), this));
    296     m_functionProtoHasInstanceSymbolFunction.set(vm, this, hasInstanceSymbolFunction);
    297295    m_nullGetterFunction.set(vm, this, NullGetterFunction::create(vm, NullGetterFunction::createStructure(vm, this, m_functionPrototype.get())));
    298296    m_nullSetterFunction.set(vm, this, NullSetterFunction::create(vm, NullSetterFunction::createStructure(vm, this, m_functionPrototype.get())));
     
    524522    JSFunction* privateFuncTypedArrayLength = JSFunction::create(vm, this, 0, String(), typedArrayViewPrivateFuncLength);
    525523    JSFunction* privateFuncTypedArraySort = JSFunction::create(vm, this, 0, String(), typedArrayViewPrivateFuncSort);
    526     JSFunction* privateFuncIsBoundFunction = JSFunction::create(vm, this, 0, String(), isBoundFunction);
    527     JSFunction* privateFuncHasInstanceBoundFunction = JSFunction::create(vm, this, 0, String(), hasInstanceBoundFunction);
    528     JSFunction* privateFuncInstanceOf = JSFunction::create(vm, this, 0, String(), objectPrivateFuncInstanceOf);
    529524
    530525    GlobalPropertyInfo staticGlobals[] = {
     
    541536        GlobalPropertyInfo(vm.propertyNames->typedArrayLengthPrivateName, privateFuncTypedArrayLength, DontEnum | DontDelete | ReadOnly),
    542537        GlobalPropertyInfo(vm.propertyNames->typedArraySortPrivateName, privateFuncTypedArraySort, DontEnum | DontDelete | ReadOnly),
    543         GlobalPropertyInfo(vm.propertyNames->isBoundFunctionPrivateName, privateFuncIsBoundFunction, DontEnum | DontDelete | ReadOnly),
    544         GlobalPropertyInfo(vm.propertyNames->hasInstanceBoundFunctionPrivateName, privateFuncHasInstanceBoundFunction, DontEnum | DontDelete | ReadOnly),
    545         GlobalPropertyInfo(vm.propertyNames->instanceOfPrivateName, privateFuncInstanceOf, DontEnum | DontDelete | ReadOnly),
    546538        GlobalPropertyInfo(vm.propertyNames->BuiltinLogPrivateName, builtinLog, DontEnum | DontDelete | ReadOnly),
    547539        GlobalPropertyInfo(vm.propertyNames->ArrayPrivateName, arrayConstructor, DontEnum | DontDelete | ReadOnly),
     
    841833    visitor.append(&thisObject->m_initializePromiseFunction);
    842834    visitor.append(&thisObject->m_newPromiseCapabilityFunction);
    843     visitor.append(&thisObject->m_functionProtoHasInstanceSymbolFunction);
    844835    visitor.append(&thisObject->m_throwTypeErrorGetterSetter);
    845836    visitor.append(&thisObject->m_moduleLoader);
Note: See TracChangeset for help on using the changeset viewer.