Changeset 197412 in webkit for trunk/Source/JavaScriptCore/runtime

Timestamp:

Mar 1, 2016, 1:45:16 PM (9 years ago)

Author:

[email protected]

Message:

IsExtensible should be a virtual method in the method table
​https://bugs.webkit.org/show_bug.cgi?id=154799

Reviewed by Mark Lam.

This patch makes us more consistent with how the ES6 specification models the
IsExtensible trap. Moving this method into ClassInfo::methodTable
is a prerequisite for implementing Proxy.IsExtensible.

• runtime/ClassInfo.h:
• runtime/JSCell.cpp:

(JSC::JSCell::preventExtensions):
(JSC::JSCell::isExtensible):

• runtime/JSCell.h:
• runtime/JSGlobalObjectFunctions.cpp:

(JSC::globalFuncProtoSetter):

• runtime/JSObject.cpp:

(JSC::JSObject::preventExtensions):
(JSC::JSObject::isExtensible):
(JSC::JSObject::reifyAllStaticProperties):
(JSC::JSObject::defineOwnIndexedProperty):
(JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage):
(JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
(JSC::JSObject::defineOwnNonIndexProperty):
(JSC::JSObject::defineOwnProperty):

• runtime/JSObject.h:

(JSC::JSObject::isSealed):
(JSC::JSObject::isFrozen):
(JSC::JSObject::isExtensibleImpl):
(JSC::JSObject::isStructureExtensible):
(JSC::JSObject::isExtensibleInline):
(JSC::JSObject::indexingShouldBeSparse):
(JSC::JSObject::putDirectInternal):
(JSC::JSObject::isExtensible): Deleted.

• runtime/ObjectConstructor.cpp:

(JSC::objectConstructorSetPrototypeOf):
(JSC::objectConstructorIsSealed):
(JSC::objectConstructorIsFrozen):
(JSC::objectConstructorIsExtensible):
(JSC::objectConstructorIs):

• runtime/ProxyObject.cpp:

(JSC::ProxyObject::performInternalMethodGetOwnProperty):
(JSC::ProxyObject::performHasProperty):

• runtime/ReflectObject.cpp:

(JSC::reflectObjectIsExtensible):
(JSC::reflectObjectSetPrototypeOf):

• runtime/SparseArrayValueMap.cpp:

(JSC::SparseArrayValueMap::putEntry):
(JSC::SparseArrayValueMap::putDirect):

• runtime/StringObject.cpp:

(JSC::StringObject::defineOwnProperty):

• runtime/Structure.cpp:

(JSC::Structure::isSealed):
(JSC::Structure::isFrozen):

• runtime/Structure.h:

Location:

trunk/Source/JavaScriptCore/runtime

Files:

• ClassInfo.h (modified) (2 diffs)
• JSCell.cpp (modified) (1 diff)
• JSCell.h (modified) (1 diff)
• JSGlobalObjectFunctions.cpp (modified) (1 diff)
• JSObject.cpp (modified) (8 diffs)
• JSObject.h (modified) (3 diffs)
• ObjectConstructor.cpp (modified) (4 diffs)
• ProxyObject.cpp (modified) (4 diffs)
• ReflectObject.cpp (modified) (2 diffs)
• SparseArrayValueMap.cpp (modified) (2 diffs)
• StringObject.cpp (modified) (1 diff)
• Structure.cpp (modified) (2 diffs)
• Structure.h (modified) (1 diff)

trunk/Source/JavaScriptCore/runtime/ClassInfo.h

@@ -106 +106 @@
     typedef bool (*PreventExtensionsFunctionPtr)(JSObject*, ExecState*);
     PreventExtensionsFunctionPtr preventExtensions;
+
+    typedef bool (*IsExtensibleFunctionPtr)(JSObject*, ExecState*);
+    IsExtensibleFunctionPtr isExtensible;
 
     typedef void (*DumpToStreamFunctionPtr)(const JSCell*, PrintStream&);
@@ -159 +162 @@
         &ClassName::getTypedArrayImpl, \
         &ClassName::preventExtensions, \
+        &ClassName::isExtensible, \
         &ClassName::dumpToStream, \
         &ClassName::estimatedSize \

trunk/Source/JavaScriptCore/runtime/JSCell.cpp

@@ -276 +276 @@
 }
 
+bool JSCell::isExtensible(JSObject*, ExecState*)
+{
+    RELEASE_ASSERT_NOT_REACHED();
+}
+
 } // namespace JSC

trunk/Source/JavaScriptCore/runtime/JSCell.h

@@ -208 +208 @@
     static NO_RETURN_DUE_TO_CRASH void getGenericPropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode);
     static NO_RETURN_DUE_TO_CRASH bool preventExtensions(JSObject*, ExecState*);
+    static NO_RETURN_DUE_TO_CRASH bool isExtensible(JSObject*, ExecState*);
 
     static String className(const JSObject*);

trunk/Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp

@@ -886 +886 @@
         return JSValue::encode(jsUndefined());
 
-    if (!thisObject->isExtensible())
+    bool isExtensible = thisObject->isExtensibleInline(exec);
+    if (exec->hadException())
+        return JSValue::encode(jsUndefined());
+    if (!isExtensible)
         return throwVMError(exec, createTypeError(exec, StrictModeReadonlyPropertyWriteError));
 

trunk/Source/JavaScriptCore/runtime/JSObject.cpp

@@ -1678 +1678 @@
 bool JSObject::preventExtensions(JSObject* object, ExecState* exec)
 {
-    if (!object->isExtensible())
+    if (!object->isStructureExtensible()) {
+        // We've already set the internal [[PreventExtensions]] field to false.
+        // We don't call the methodTable isExtensible here because it's not defined
+        // that way in the specification. We are just doing an optimization here.
         return true;
+    }
 
     VM& vm = exec->vm();
@@ -1685 +1689 @@
     object->setStructure(vm, Structure::preventExtensionsTransition(vm, object->structure(vm)));
     return true;
+}
+
+bool JSObject::isExtensible(JSObject* obj, ExecState*)
+{
+    return obj->isExtensibleImpl();
 }
 
@@ -1822 +1831 @@
     // 4. If current is undefined and extensible is true, then
     if (result.isNewEntry) {
-        if (!isExtensible()) {
+        if (!isStructureExtensible()) {
             map->remove(result.iterator);
             return reject(exec, throwException, "Attempting to define property on object that is not extensible.");
@@ -2038 +2047 @@
     if (LIKELY(!map)) {
         // If the array is not extensible, we should have entered dictionary mode, and created the sparse map.
-        ASSERT(isExtensible());
+        ASSERT(isStructureExtensible());
     
         // Update m_length if necessary.
@@ -2064 +2073 @@
     if (i >= length) {
         // Prohibit growing the array if length is not writable.
-        if (map->lengthIsReadOnly() || !isExtensible()) {
+        if (map->lengthIsReadOnly() || !isStructureExtensible()) {
             if (shouldThrow)
                 throwTypeError(exec, StrictModeReadonlyPropertyWriteError);
@@ -2184 +2193 @@
     if (LIKELY(!map)) {
         // If the array is not extensible, we should have entered dictionary mode, and created the spare map.
-        ASSERT(isExtensible());
+        ASSERT(isStructureExtensible());
     
         // Update m_length if necessary.
@@ -2214 +2223 @@
             if (map->lengthIsReadOnly())
                 return reject(exec, mode == PutDirectIndexShouldThrow, StrictModeReadonlyPropertyWriteError);
-            if (!isExtensible())
+            if (!isStructureExtensible())
                 return reject(exec, mode == PutDirectIndexShouldThrow, "Attempting to define property on object that is not extensible.");
         }
@@ -2849 +2858 @@
     PropertyDescriptor current;
     bool isCurrentDefined = getOwnPropertyDescriptor(exec, propertyName, current);
-    return validateAndApplyPropertyDescriptor(exec, this, propertyName, isExtensible(), descriptor, isCurrentDefined, current, throwException);
+    bool isExtensible = isExtensibleInline(exec);
+    if (UNLIKELY(exec->hadException()))
+        return false;
+    return validateAndApplyPropertyDescriptor(exec, this, propertyName, isExtensible, descriptor, isCurrentDefined, current, throwException);
 }
 

trunk/Source/JavaScriptCore/runtime/JSObject.h

@@ -616 +616 @@
     JS_EXPORT_PRIVATE void freeze(VM&);
     JS_EXPORT_PRIVATE static bool preventExtensions(JSObject*, ExecState*);
+    JS_EXPORT_PRIVATE static bool isExtensible(JSObject*, ExecState*);
     bool isSealed(VM& vm) { return structure(vm)->isSealed(vm); }
     bool isFrozen(VM& vm) { return structure(vm)->isFrozen(vm); }
-    bool isExtensible() { return structure()->isExtensible(); }
+private:
+    ALWAYS_INLINE bool isExtensibleImpl() { return isStructureExtensible(); }
+public:
+    // You should only call isStructureExtensible() when:
+    // - Performing this check in a way that isn't described in the specification 
+    //   as calling the virtual [[IsExtensible]] trap.
+    // - When you're guaranteed that object->methodTable()->isExtensible isn't
+    //   overridden.
+    ALWAYS_INLINE bool isStructureExtensible() { return structure()->isStructureExtensible(); }
+    // You should call this when performing [[IsExtensible]] trap in a place
+    // that is described in the specification. This performs the fully virtual
+    // [[IsExtensible]] trap.
+    ALWAYS_INLINE bool isExtensibleInline(ExecState* exec)
+    { 
+        VM& vm = exec->vm();
+        auto isExtensibleMethod = methodTable(vm)->isExtensible;
+        if (LIKELY(isExtensibleMethod == JSObject::isExtensible))
+            return isExtensibleImpl();
+
+        return isExtensibleMethod(this, exec);
+    }
     bool indexingShouldBeSparse()
     {
-        return !isExtensible()
+        return !isStructureExtensible()
             || structure()->typeInfo().interceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero();
     }
@@ -1273 +1294 @@
         }
 
-        if ((mode == PutModePut) && !isExtensible())
+        if ((mode == PutModePut) && !isStructureExtensible())
             return false;
 
@@ -1338 +1359 @@
     }
 
-    if ((mode == PutModePut) && !isExtensible())
+    if ((mode == PutModePut) && !isStructureExtensible())
         return false;
 

trunk/Source/JavaScriptCore/runtime/ObjectConstructor.cpp

@@ -213 +213 @@
         return JSValue::encode(objectValue);
 
-    if (!object->isExtensible())
+    bool isExtensible = object->isExtensibleInline(exec);
+    if (exec->hadException())
+        return JSValue::encode(JSValue());
+    if (!isExtensible)
         return throwVMError(exec, createTypeError(exec, StrictModeReadonlyPropertyWriteError));
 
@@ -617 +620 @@
     // 3. If the [[Extensible]] internal property of O is false, then return true.
     // 4. Otherwise, return false.
-    return JSValue::encode(jsBoolean(!object->isExtensible()));
+    bool isExtensible = object->isExtensibleInline(exec);
+    if (exec->hadException())
+        return JSValue::encode(JSValue());
+    return JSValue::encode(jsBoolean(!isExtensible));
 }
 
@@ -651 +657 @@
     // 3. If the [[Extensible]] internal property of O is false, then return true.
     // 4. Otherwise, return false.
-    return JSValue::encode(jsBoolean(!object->isExtensible()));
+    bool isExtensible = object->isExtensibleInline(exec);
+    if (exec->hadException())
+        return JSValue::encode(JSValue());
+    return JSValue::encode(jsBoolean(!isExtensible));
 }
 
@@ -659 +668 @@
     if (!obj.isObject())
         return JSValue::encode(jsBoolean(false));
-    return JSValue::encode(jsBoolean(asObject(obj)->isExtensible()));
+    JSObject* object = asObject(obj);
+    bool isExtensible = object->isExtensibleInline(exec);
+    if (exec->hadException())
+        return JSValue::encode(JSValue());
+    return JSValue::encode(jsBoolean(isExtensible));
 }
 

trunk/Source/JavaScriptCore/runtime/ProxyObject.cpp

@@ -197 +197 @@
         // FIXME: this doesn't work if 'target' is another Proxy. We don't have isExtensible implemented in a way that fits w/ Proxys.
         // https://bugs.webkit.org/show_bug.cgi?id=154375
-        if (!target->isExtensible()) {
+        bool isExtensible = target->isExtensibleInline(exec);
+        if (exec->hadException())
+            return false;
+        if (!isExtensible) {
             // FIXME: Come up with a test for this error. I'm not sure how to because
             // Object.seal(o) will make all fields [[Configurable]] false.
@@ -208 +211 @@
     }
 
+    bool isExtensible = target->isExtensibleInline(exec);
+    if (exec->hadException())
+        return false;
     PropertyDescriptor trapResultAsDescriptor;
     toPropertyDescriptor(exec, trapResult, trapResultAsDescriptor);
@@ -213 +219 @@
         return false;
     bool throwException = false;
-    bool valid = validateAndApplyPropertyDescriptor(exec, nullptr, propertyName, target->isExtensible(),
+    bool valid = validateAndApplyPropertyDescriptor(exec, nullptr, propertyName, isExtensible,
         trapResultAsDescriptor, isTargetPropertyDescriptorDefined, targetPropertyDescriptor, throwException);
     if (!valid) {
@@ -289 +295 @@
                 return false;
             }
-            if (!target->isExtensible()) {
+            bool isExtensible = target->isExtensibleInline(exec);
+            if (exec->hadException())
+                return false;
+            if (!isExtensible) {
                 throwVMTypeError(exec, ASCIILiteral("Proxy 'has' must return 'true' for a non-extensible 'target' object with a configurable property."));
                 return false;

trunk/Source/JavaScriptCore/runtime/ReflectObject.cpp

@@ -169 +169 @@
     if (!target.isObject())
         return JSValue::encode(throwTypeError(exec, ASCIILiteral("Reflect.isExtensible requires the first argument be an object")));
-    return JSValue::encode(jsBoolean(asObject(target)->isExtensible()));
+
+    bool isExtensible = asObject(target)->isExtensibleInline(exec);
+    if (exec->hadException())
+        return JSValue::encode(JSValue());
+    return JSValue::encode(jsBoolean(isExtensible));
 }
 
@@ -212 +216 @@
         return JSValue::encode(jsBoolean(true));
 
-    if (!object->isExtensible())
+    bool isExtensible = object->isExtensibleInline(exec);
+    if (exec->hadException())
+        return JSValue::encode(JSValue());
+    if (!isExtensible)
         return JSValue::encode(jsBoolean(false));
 

trunk/Source/JavaScriptCore/runtime/SparseArrayValueMap.cpp

@@ -99 +99 @@
     // In the uncommon case that this is a new property, and the array is not
     // extensible, this is not the right thing to have done - so remove again.
-    if (result.isNewEntry && !array->isExtensible()) {
+    if (result.isNewEntry && !array->isStructureExtensible()) {
         remove(result.iterator);
         if (shouldThrow)
@@ -119 +119 @@
     // In the uncommon case that this is a new property, and the array is not
     // extensible, this is not the right thing to have done - so remove again.
-    if (mode != PutDirectIndexLikePutDirect && result.isNewEntry && !array->isExtensible()) {
+    if (mode != PutDirectIndexLikePutDirect && result.isNewEntry && !array->isStructureExtensible()) {
         remove(result.iterator);
         return reject(exec, mode == PutDirectIndexShouldThrow, "Attempting to define property on object that is not extensible.");

trunk/Source/JavaScriptCore/runtime/StringObject.cpp

@@ -87 +87 @@
 
     if (propertyName == exec->propertyNames().length) {
-        if (!object->isExtensible()) {
+        bool isExtensible = object->isExtensibleInline(exec);
+        if (exec->hadException())
+            return false;
+        if (!isExtensible) {
             if (throwException)
                 exec->vm().throwException(exec, createTypeError(exec, ASCIILiteral("Attempting to define property on object that is not extensible.")));

trunk/Source/JavaScriptCore/runtime/Structure.cpp

@@ -692 +692 @@
 bool Structure::isSealed(VM& vm)
 {
-    if (isExtensible())
+    if (isStructureExtensible())
         return false;
 
@@ -711 +711 @@
 bool Structure::isFrozen(VM& vm)
 {
-    if (isExtensible())
+    if (isStructureExtensible())
         return false;
 

trunk/Source/JavaScriptCore/runtime/Structure.h

@@ -184 +184 @@
     JS_EXPORT_PRIVATE bool isSealed(VM&);
     JS_EXPORT_PRIVATE bool isFrozen(VM&);
-    bool isExtensible() const { return !didPreventExtensions(); }
+    bool isStructureExtensible() const { return !didPreventExtensions(); }
     bool putWillGrowOutOfLineStorage();
     size_t suggestedNewOutOfLineStorageCapacity();