Changeset 44171 in webkit for trunk/JavaScriptCore/runtime/JSObject.h

Timestamp:

May 26, 2009, 7:47:35 PM (16 years ago)

Author:

[email protected]

Message:

2009-05-26 Gavin Barraclough <​[email protected]>

Reviewed by Oliver Hunt.

Fix for: <rdar://problem/6918095> REGRESSION: jQuery load() issue (25981),
and also an ASSERT failure on ​http://ihasahotdog.com/.

When overwriting a property on a dictionary with a cached specific value,
clear the cache if new value being written is different.

• JavaScriptCore.exp:

Export the new symbols.

• jit/JITStubs.cpp: (JSC::JITStubs::cti_op_get_by_id_method_check_second):

Close dictionary prototypes upon caching a method access, as would happen when caching
a regular get_by_id.

• runtime/JSObject.h: (JSC::JSObject::propertyStorage): (JSC::JSObject::locationForOffset):

Make these methods private.

(JSC::JSObject::putDirectInternal):

When overwriting a property on a dictionary with a cached specific value,
clear the cache if new value being written is different.

• runtime/Structure.cpp: (JSC::Structure::despecifyDictionaryFunction):

Reset the specific value field for a given property in a dictionary.

(JSC::Structure::despecifyFunctionTransition):

Rename of 'changeFunctionTransition' (this was already internally refered to as a despecification).

• runtime/Structure.h:

Declare new method.

File:

• trunk/JavaScriptCore/runtime/JSObject.h (modified) (6 diffs)

trunk/JavaScriptCore/runtime/JSObject.h

@@ -85 +85 @@
         Structure* inheritorID();
 
-        ConstPropertyStorage propertyStorage() const { return (isUsingInlineStorage() ? m_inlineStorage : m_externalStorage); }
-        PropertyStorage propertyStorage() { return (isUsingInlineStorage() ? m_inlineStorage : m_externalStorage); }
-
         virtual UString className() const;
 
@@ -141 +138 @@
         }
 
-        size_t getOffset(const Identifier& propertyName)
-        {
-            return m_structure->get(propertyName);
-        }
-
         JSValue* getDirectLocation(const Identifier& propertyName)
         {
@@ -164 +156 @@
         }
 
-        const JSValue* locationForOffset(size_t offset) const
-        {
-            return reinterpret_cast<const JSValue*>(&propertyStorage()[offset]);
-        }
-
-        JSValue* locationForOffset(size_t offset)
-        {
-            return reinterpret_cast<JSValue*>(&propertyStorage()[offset]);
-        }
-
         void transitionTo(Structure*);
 
@@ -224 +206 @@
 
     private:
+        ConstPropertyStorage propertyStorage() const { return (isUsingInlineStorage() ? m_inlineStorage : m_externalStorage); }
+        PropertyStorage propertyStorage() { return (isUsingInlineStorage() ? m_inlineStorage : m_externalStorage); }
+
+        const JSValue* locationForOffset(size_t offset) const
+        {
+            return reinterpret_cast<const JSValue*>(&propertyStorage()[offset]);
+        }
+
+        JSValue* locationForOffset(size_t offset)
+        {
+            return reinterpret_cast<JSValue*>(&propertyStorage()[offset]);
+        }
+
         void putDirectInternal(const Identifier& propertyName, JSValue value, unsigned attr, bool checkReadOnly, PutPropertySlot& slot, JSCell*);
         void putDirectInternal(JSGlobalData&, const Identifier& propertyName, JSValue value, unsigned attr, bool checkReadOnly, PutPropertySlot& slot);
@@ -427 +422 @@
         size_t offset = m_structure->get(propertyName, currentAttributes, currentSpecificFunction);
         if (offset != WTF::notFound) {
+            if (currentSpecificFunction && (specificFunction != currentSpecificFunction))
+                m_structure->despecifyDictionaryFunction(propertyName);
             if (checkReadOnly && currentAttributes & ReadOnly)
                 return;
             putDirectOffset(offset, value);
-            slot.setExistingProperty(this, offset);
+            if (!specificFunction && !currentSpecificFunction)
+                slot.setExistingProperty(this, offset);
             return;
         }
@@ -470 +468 @@
 
         if (currentSpecificFunction && (specificFunction != currentSpecificFunction)) {
-            setStructure(Structure::changeFunctionTransition(m_structure, propertyName));
+            setStructure(Structure::despecifyFunctionTransition(m_structure, propertyName));
             putDirectOffset(offset, value);
             // Function transitions are not currently cachable, so leave the slot in an uncachable state.