Ignore:
Timestamp:
May 25, 2018, 4:18:15 PM (7 years ago)
Author:
[email protected]
Message:

Enforce invariant that GetterSetter objects are invariant.
https://bugs.webkit.org/show_bug.cgi?id=185968
<rdar://problem/40541416>

Reviewed by Saam Barati.

The code already assumes the invariant that GetterSetter objects are immutable.
For example, the use of @tryGetById in builtins expect this invariant to be true.
The existing code mostly enforces this except for one case: JSObject's
validateAndApplyPropertyDescriptor, where it will re-use the same GetterSetter
object.

This patch enforces this invariant by removing the setGetter and setSetter methods
of GetterSetter, and requiring the getter/setter callback functions to be
specified at construction time.

  • jit/JITOperations.cpp:
  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

  • runtime/GetterSetter.cpp:

(JSC::GetterSetter::withGetter): Deleted.
(JSC::GetterSetter::withSetter): Deleted.

  • runtime/GetterSetter.h:
  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):

  • runtime/JSObject.cpp:

(JSC::JSObject::putIndexedDescriptor):
(JSC::JSObject::putDirectNativeIntrinsicGetter):
(JSC::putDescriptor):
(JSC::validateAndApplyPropertyDescriptor):

  • runtime/JSTypedArrayViewPrototype.cpp:

(JSC::JSTypedArrayViewPrototype::finishCreation):

  • runtime/Lookup.cpp:

(JSC::reifyStaticAccessor):

  • runtime/PropertyDescriptor.cpp:

(JSC::PropertyDescriptor::slowGetterSetter):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/runtime/Lookup.cpp

    r230105 r232211  
    3030{
    3131    JSGlobalObject* globalObject = thisObject.globalObject();
    32     GetterSetter* accessor = GetterSetter::create(vm, globalObject);
     32    JSObject* getter = nullptr;
    3333    if (value.accessorGetter()) {
    34         JSFunction* function = nullptr;
    3534        if (value.attributes() & PropertyAttribute::Builtin)
    36             function = JSFunction::create(vm, value.builtinAccessorGetterGenerator()(vm), globalObject);
     35            getter = JSFunction::create(vm, value.builtinAccessorGetterGenerator()(vm), globalObject);
    3736        else {
    3837            String getterName = tryMakeString(ASCIILiteral("get "), String(*propertyName.publicName()));
    3938            if (!getterName)
    4039                return;
    41             function = JSFunction::create(vm, globalObject, 0, getterName, value.accessorGetter());
     40            getter = JSFunction::create(vm, globalObject, 0, getterName, value.accessorGetter());
    4241        }
    43         accessor->setGetter(vm, globalObject, function);
    4442    }
     43    GetterSetter* accessor = GetterSetter::create(vm, globalObject, getter, nullptr);
    4544    thisObject.putDirectNonIndexAccessor(vm, propertyName, accessor, attributesForStructure(value.attributes()));
    4645}
Note: See TracChangeset for help on using the changeset viewer.