Changeset 34945 in webkit for trunk/JavaScriptCore/VM/Machine.cpp


Ignore:
Timestamp:
Jul 1, 2008, 10:39:23 PM (17 years ago)
Author:
[email protected]
Message:

2008-07-01 Geoffrey Garen <[email protected]>

Reviewed by Oliver Hunt.


Removed and/or reordered exception checks in array-style a[n] access.


SunSpider says 1.4% faster.

  • VM/Machine.cpp: (KJS::Machine::privateExecute): No need to check for exceptions before calling toString, toNumber and/or get. If the call ends up being observable through toString, valueOf, or a getter, we short-circuit it there, instead. In the op_del_by_val case, I removed the incorrect comment without actually removing the code, since I didn't want to tempt the GCC fates!
  • kjs/JSObject.cpp: (KJS::callDefaultValueFunction): Added exception check to prevent toString and valueOf functions from observing execution after an exception has been thrown. This removes some of the burden of exception checking from the machine.

(KJS::JSObject::defaultValue): Removed redundant exception check here.

  • kjs/PropertySlot.cpp: (KJS::PropertySlot::functionGetter): Added exception check to prevent getter functions from observing execution after an exception has been thrown. This removes some of the burden of exception checking from the machine.
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/VM/Machine.cpp

    r34943 r34945  
    18391839            result = baseValue->get(exec, i);
    18401840        else {
    1841             JSObject* baseObj = baseValue->toObject(exec); // may throw
    1842        
    1843             Identifier property;
    1844             if (subscript->isObject()) {
    1845                 VM_CHECK_EXCEPTION(); // If toObject threw, we must not call toString, which may execute arbitrary code
    1846                 property = Identifier(exec, subscript->toString(exec));
    1847             } else
    1848                 property = Identifier(exec, subscript->toString(exec));
    1849 
    1850             VM_CHECK_EXCEPTION(); // This check is needed to prevent us from incorrectly calling a getter after an exception is thrown
    1851             result = baseObj->get(exec, property);
     1841            Identifier property(exec, subscript->toString(exec));
     1842            result = baseValue->get(exec, property);
    18521843        }
    18531844
     
    18811872            baseValue->put(exec, i, r[value].u.jsValue);
    18821873        else {
    1883             JSObject* baseObj = baseValue->toObject(exec);
    1884 
    1885             Identifier property;
    1886             if (subscript->isObject()) {
    1887                 VM_CHECK_EXCEPTION(); // If toObject threw, we must not call toString, which may execute arbitrary code
    1888                 property = Identifier(exec, subscript->toString(exec));
    1889             } else
    1890                 property = Identifier(exec, subscript->toString(exec));
    1891 
    1892             VM_CHECK_EXCEPTION(); // This check is needed to prevent us from incorrectly calling a setter after an exception is thrown
    1893             baseObj->put(exec, property, r[value].u.jsValue);
     1874            Identifier property(exec, subscript->toString(exec));
     1875            if (!exec->hadException()) // Don't put to an object if toString threw an exception.
     1876                baseValue->put(exec, property, r[value].u.jsValue);
    18941877        }
    18951878
     
    19181901            result = jsBoolean(baseObj->deleteProperty(exec, i));
    19191902        else {
    1920             VM_CHECK_EXCEPTION(); // If toObject threw, we must not call toString, which may execute arbitrary code
     1903            VM_CHECK_EXCEPTION();
    19211904            Identifier property(exec, subscript->toString(exec));
    19221905            VM_CHECK_EXCEPTION();
Note: See TracChangeset for help on using the changeset viewer.