Diff
Modified: trunk/Source/_javascript_Core/API/JSCallbackObject.h (231838 => 231839)
--- trunk/Source/_javascript_Core/API/JSCallbackObject.h 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/_javascript_Core/API/JSCallbackObject.h 2018-05-16 07:05:27 UTC (rev 231839)
@@ -134,7 +134,7 @@
public:
typedef Parent Base;
- static const unsigned StructureFlags = Base::StructureFlags | ProhibitsPropertyCaching | OverridesGetOwnPropertySlot | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | ImplementsHasInstance | OverridesGetPropertyNames | TypeOfShouldCallGetCallData;
+ static const unsigned StructureFlags = Base::StructureFlags | ProhibitsPropertyCaching | OverridesGetOwnPropertySlot | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | ImplementsHasInstance | OverridesGetPropertyNames | OverridesGetCallData;
~JSCallbackObject();
Modified: trunk/Source/_javascript_Core/ChangeLog (231838 => 231839)
--- trunk/Source/_javascript_Core/ChangeLog 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/_javascript_Core/ChangeLog 2018-05-16 07:05:27 UTC (rev 231839)
@@ -1,3 +1,102 @@
+2018-05-15 Yusuke Suzuki <utatane....@gmail.com>
+
+ [JSC] Check TypeInfo first before calling getCallData when we would like to check whether given object is a function
+ https://bugs.webkit.org/show_bug.cgi?id=185601
+
+ Reviewed by Saam Barati.
+
+ Rename TypeOfShouldCallGetCallData to OverridesGetCallData. And check OverridesGetCallData
+ before calling getCallData when we would like to check whether a given object is callable
+ since getCallData is a virtual call. When we call the object anyway, directly calling getCallData
+ is fine. But if we would like to check whether the object is callable, we can have non
+ callable objects frequently. In that case, we should not call getCallData if we can avoid it.
+
+ To do this cleanly, we refactor JSValue::{isFunction,isCallable}. We add JSCell::{isFunction,isCallable}
+ and JSValue ones call into these functions. Inside JSCell::{isFunction,isCallable}, we perform
+ OverridesGetCallData checking before calling getCallData.
+
+ We found that this virtual call exists in JSON.stringify's critial path. Checking
+ OverridesGetCallData improves Kraken/json-stringify-tinderbox by 2-4%.
+
+ baseline patched
+
+ json-stringify-tinderbox 38.807+-0.350 ^ 37.216+-0.337 ^ definitely 1.0427x faster
+
+ In addition to that, we also add OverridesGetCallData flag to JSFunction while we keep JSFunctionType checking fast path
+ since major cases are covered by this fast JSFunctionType checking.
+
+ * API/JSCallbackObject.h:
+ * dfg/DFGAbstractInterpreterInlines.h:
+ (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileIsObjectOrNull):
+ (JSC::DFG::SpeculativeJIT::compileIsFunction):
+ * ftl/FTLLowerDFGToB3.cpp:
+ (JSC::FTL::DFG::LowerDFGToB3::isExoticForTypeof):
+ * jit/AssemblyHelpers.h:
+ (JSC::AssemblyHelpers::emitTypeOf):
+ * runtime/ExceptionHelpers.cpp:
+ (JSC::createError):
+ (JSC::createInvalidFunctionApplyParameterError):
+ * runtime/FunctionPrototype.cpp:
+ (JSC::functionProtoFuncToString):
+ * runtime/InternalFunction.h:
+ * runtime/JSCJSValue.h:
+ * runtime/JSCJSValueInlines.h:
+ (JSC::JSValue::isFunction const):
+ (JSC::JSValue::isCallable const):
+ * runtime/JSCell.h:
+ * runtime/JSCellInlines.h:
+ (JSC::JSCell::isFunction):
+ ALWAYS_INLINE works well for my environment.
+ (JSC::JSCell::isCallable):
+ * runtime/JSFunction.h:
+ * runtime/JSONObject.cpp:
+ (JSC::Stringifier::toJSON):
+ (JSC::Stringifier::toJSONImpl):
+ (JSC::Stringifier::appendStringifiedValue):
+ * runtime/JSObjectInlines.h:
+ (JSC::createListFromArrayLike):
+ * runtime/JSTypeInfo.h:
+ (JSC::TypeInfo::overridesGetCallData const):
+ (JSC::TypeInfo::typeOfShouldCallGetCallData const): Deleted.
+ * runtime/Operations.cpp:
+ (JSC::jsTypeStringForValue):
+ (JSC::jsIsObjectTypeOrNull):
+ * runtime/ProxyObject.h:
+ * runtime/RuntimeType.cpp:
+ (JSC::runtimeTypeForValue):
+ * runtime/RuntimeType.h:
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ * runtime/TypeProfilerLog.cpp:
+ (JSC::TypeProfilerLog::TypeProfilerLog):
+ (JSC::TypeProfilerLog::processLogEntries):
+ * runtime/TypeProfilerLog.h:
+ * runtime/VM.cpp:
+ (JSC::VM::enableTypeProfiler):
+ * tools/JSDollarVM.cpp:
+ (JSC::functionFindTypeForExpression):
+ (JSC::functionReturnTypeFor):
+ (JSC::functionHasBasicBlockExecuted):
+ (JSC::functionBasicBlockExecutionCount):
+ * wasm/js/JSWebAssemblyHelpers.h:
+ (JSC::getWasmBufferFromValue):
+ * wasm/js/JSWebAssemblyInstance.cpp:
+ (JSC::JSWebAssemblyInstance::create):
+ * wasm/js/WebAssemblyFunction.cpp:
+ (JSC::callWebAssemblyFunction):
+ * wasm/js/WebAssemblyInstanceConstructor.cpp:
+ (JSC::constructJSWebAssemblyInstance):
+ * wasm/js/WebAssemblyModuleRecord.cpp:
+ (JSC::WebAssemblyModuleRecord::link):
+ * wasm/js/WebAssemblyPrototype.cpp:
+ (JSC::webAssemblyInstantiateFunc):
+ (JSC::webAssemblyInstantiateStreamingInternal):
+ * wasm/js/WebAssemblyWrapperFunction.cpp:
+ (JSC::WebAssemblyWrapperFunction::finishCreation):
+
2018-05-15 Devin Rousso <web...@devinrousso.com>
Web Inspector: Add rulers and guides
Modified: trunk/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h (231838 => 231839)
--- trunk/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h 2018-05-16 07:05:27 UTC (rev 231839)
@@ -1260,7 +1260,7 @@
JSObject* object = asObject(child.value());
if (object->type() == JSFunctionType)
setConstant(node, jsBoolean(false));
- else if (!(object->inlineTypeFlags() & TypeOfShouldCallGetCallData))
+ else if (!(object->inlineTypeFlags() & OverridesGetCallData))
setConstant(node, jsBoolean(!child.value().asCell()->structure()->masqueradesAsUndefined(m_codeBlock->globalObjectFor(node->origin.semantic))));
else {
// FIXME: This could just call getCallData.
@@ -1275,7 +1275,7 @@
JSObject* object = asObject(child.value());
if (object->type() == JSFunctionType)
setConstant(node, jsBoolean(true));
- else if (!(object->inlineTypeFlags() & TypeOfShouldCallGetCallData))
+ else if (!(object->inlineTypeFlags() & OverridesGetCallData))
setConstant(node, jsBoolean(false));
else {
// FIXME: This could just call getCallData.
Modified: trunk/Source/_javascript_Core/dfg/DFGOperations.cpp (231838 => 231839)
--- trunk/Source/_javascript_Core/dfg/DFGOperations.cpp 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/_javascript_Core/dfg/DFGOperations.cpp 2018-05-16 07:05:27 UTC (rev 231839)
@@ -1741,14 +1741,8 @@
if (object->structure(vm)->masqueradesAsUndefined(globalObject))
return false;
- if (object->type() == JSFunctionType)
+ if (object->isFunction(vm))
return false;
- if (object->inlineTypeFlags() & TypeOfShouldCallGetCallData) {
- CallData callData;
- if (object->methodTable(vm)->getCallData(object, callData) != CallType::None)
- return false;
- }
-
return true;
}
@@ -1761,14 +1755,8 @@
if (object->structure(vm)->masqueradesAsUndefined(globalObject))
return false;
- if (object->type() == JSFunctionType)
+ if (object->isFunction(vm))
return true;
- if (object->inlineTypeFlags() & TypeOfShouldCallGetCallData) {
- CallData callData;
- if (object->methodTable(vm)->getCallData(object, callData) != CallType::None)
- return true;
- }
-
return false;
}
@@ -1781,14 +1769,8 @@
if (object->structure(vm)->masqueradesAsUndefined(globalObject))
return vm.smallStrings.undefinedString();
- if (object->type() == JSFunctionType)
+ if (object->isFunction(vm))
return vm.smallStrings.functionString();
- if (object->inlineTypeFlags() & TypeOfShouldCallGetCallData) {
- CallData callData;
- if (object->methodTable(vm)->getCallData(object, callData) != CallType::None)
- return vm.smallStrings.functionString();
- }
-
return vm.smallStrings.objectString();
}
@@ -1801,14 +1783,8 @@
if (object->structure(vm)->masqueradesAsUndefined(globalObject))
return static_cast<int32_t>(TypeofType::Undefined);
- if (object->type() == JSFunctionType)
+ if (object->isFunction(vm))
return static_cast<int32_t>(TypeofType::Function);
- if (object->inlineTypeFlags() & TypeOfShouldCallGetCallData) {
- CallData callData;
- if (object->methodTable(vm)->getCallData(object, callData) != CallType::None)
- return static_cast<int32_t>(TypeofType::Function);
- }
-
return static_cast<int32_t>(TypeofType::Object);
}
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (231838 => 231839)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2018-05-16 07:05:27 UTC (rev 231839)
@@ -8756,7 +8756,7 @@
JITCompiler::Jump slowPath = m_jit.branchTest8(
JITCompiler::NonZero,
JITCompiler::Address(valueRegs.payloadGPR(), JSCell::typeInfoFlagsOffset()),
- TrustedImm32(MasqueradesAsUndefined | TypeOfShouldCallGetCallData));
+ TrustedImm32(MasqueradesAsUndefined | OverridesGetCallData));
isNull.link(&m_jit);
m_jit.move(TrustedImm32(1), resultGPR);
@@ -8794,7 +8794,7 @@
JITCompiler::Jump slowPath = m_jit.branchTest8(
JITCompiler::NonZero,
JITCompiler::Address(valueRegs.payloadGPR(), JSCell::typeInfoFlagsOffset()),
- TrustedImm32(MasqueradesAsUndefined | TypeOfShouldCallGetCallData));
+ TrustedImm32(MasqueradesAsUndefined | OverridesGetCallData));
notCell.link(&m_jit);
notObject.link(&m_jit);
Modified: trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp (231838 => 231839)
--- trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2018-05-16 07:05:27 UTC (rev 231839)
@@ -15100,7 +15100,7 @@
return m_out.booleanFalse;
return m_out.testNonZero32(
m_out.load8ZeroExt32(cell, m_heaps.JSCell_typeInfoFlags),
- m_out.constInt32(MasqueradesAsUndefined | TypeOfShouldCallGetCallData));
+ m_out.constInt32(MasqueradesAsUndefined | OverridesGetCallData));
}
LValue isType(LValue cell, JSType type)
Modified: trunk/Source/_javascript_Core/jit/AssemblyHelpers.h (231838 => 231839)
--- trunk/Source/_javascript_Core/jit/AssemblyHelpers.h 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/_javascript_Core/jit/AssemblyHelpers.h 2018-05-16 07:05:27 UTC (rev 231839)
@@ -1528,7 +1528,7 @@
branchTest8(
NonZero,
Address(cellGPR, JSCell::typeInfoFlagsOffset()),
- TrustedImm32(MasqueradesAsUndefined | TypeOfShouldCallGetCallData)));
+ TrustedImm32(MasqueradesAsUndefined | OverridesGetCallData)));
functor(TypeofType::Object, false);
notObject.link(this);
Modified: trunk/Source/_javascript_Core/runtime/ExceptionHelpers.cpp (231838 => 231839)
--- trunk/Source/_javascript_Core/runtime/ExceptionHelpers.cpp 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/_javascript_Core/runtime/ExceptionHelpers.cpp 2018-05-16 07:05:27 UTC (rev 231839)
@@ -270,7 +270,7 @@
String errorMessage = makeString(errorDescriptionForValue(exec, value)->value(exec), ' ', message);
scope.assertNoException();
- JSObject* exception = createTypeError(exec, errorMessage, appender, runtimeTypeForValue(value));
+ JSObject* exception = createTypeError(exec, errorMessage, appender, runtimeTypeForValue(vm, value));
ASSERT(exception->isErrorInstance());
return exception;
@@ -278,7 +278,8 @@
JSObject* createInvalidFunctionApplyParameterError(ExecState* exec, JSValue value)
{
- JSObject* exception = createTypeError(exec, makeString("second argument to Function.prototype.apply must be an Array-like object"), defaultSourceAppender, runtimeTypeForValue(value));
+ VM& vm = exec->vm();
+ JSObject* exception = createTypeError(exec, makeString("second argument to Function.prototype.apply must be an Array-like object"), defaultSourceAppender, runtimeTypeForValue(vm, value));
ASSERT(exception->isErrorInstance());
return exception;
}
Modified: trunk/Source/_javascript_Core/runtime/FunctionPrototype.cpp (231838 => 231839)
--- trunk/Source/_javascript_Core/runtime/FunctionPrototype.cpp 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/_javascript_Core/runtime/FunctionPrototype.cpp 2018-05-16 07:05:27 UTC (rev 231839)
@@ -125,14 +125,9 @@
if (thisValue.isObject()) {
JSObject* object = asObject(thisValue);
- if (object->inlineTypeFlags() & TypeOfShouldCallGetCallData) {
- CallData callData;
- if (object->methodTable(vm)->getCallData(object, callData) != CallType::None) {
- if (auto* classInfo = object->classInfo(vm)) {
- scope.release();
- return JSValue::encode(jsMakeNontrivialString(exec, "function ", classInfo->className, "() {\n [native code]\n}"));
- }
- }
+ if (object->isFunction(vm)) {
+ scope.release();
+ return JSValue::encode(jsMakeNontrivialString(exec, "function ", object->classInfo(vm)->className, "() {\n [native code]\n}"));
}
}
Modified: trunk/Source/_javascript_Core/runtime/InternalFunction.h (231838 => 231839)
--- trunk/Source/_javascript_Core/runtime/InternalFunction.h 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/_javascript_Core/runtime/InternalFunction.h 2018-05-16 07:05:27 UTC (rev 231839)
@@ -36,7 +36,7 @@
friend class LLIntOffsetsExtractor;
public:
typedef JSDestructibleObject Base;
- static const unsigned StructureFlags = Base::StructureFlags | ImplementsHasInstance | ImplementsDefaultHasInstance | TypeOfShouldCallGetCallData;
+ static const unsigned StructureFlags = Base::StructureFlags | ImplementsHasInstance | ImplementsDefaultHasInstance | OverridesGetCallData;
template<typename CellType>
static IsoSubspace* subspaceFor(VM& vm)
Modified: trunk/Source/_javascript_Core/runtime/JSCJSValue.h (231838 => 231839)
--- trunk/Source/_javascript_Core/runtime/JSCJSValue.h 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/_javascript_Core/runtime/JSCJSValue.h 2018-05-16 07:05:27 UTC (rev 231839)
@@ -218,9 +218,8 @@
// Querying the type.
bool isEmpty() const;
- bool isFunction() const;
- bool isFunction(CallType&, CallData&) const;
- bool isCallable(CallType&, CallData&) const;
+ bool isFunction(VM&) const;
+ bool isCallable(VM&, CallType&, CallData&) const;
bool isConstructor() const;
bool isConstructor(ConstructType&, ConstructData&) const;
bool isUndefined() const;
Modified: trunk/Source/_javascript_Core/runtime/JSCJSValueInlines.h (231838 => 231839)
--- trunk/Source/_javascript_Core/runtime/JSCJSValueInlines.h 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/_javascript_Core/runtime/JSCJSValueInlines.h 2018-05-16 07:05:27 UTC (rev 231839)
@@ -759,27 +759,18 @@
return isCell() ? asCell()->toObject(exec, globalObject) : toObjectSlowCase(exec, globalObject);
}
-inline bool JSValue::isFunction() const
+inline bool JSValue::isFunction(VM& vm) const
{
if (!isCell())
return false;
- JSCell* cell = asCell();
- CallData ignored;
- return cell->methodTable()->getCallData(cell, ignored) != CallType::None;
+ return asCell()->isFunction(vm);
}
-inline bool JSValue::isFunction(CallType& callType, CallData& callData) const
+inline bool JSValue::isCallable(VM& vm, CallType& callType, CallData& callData) const
{
- return isCallable(callType, callData);
-}
-
-inline bool JSValue::isCallable(CallType& callType, CallData& callData) const
-{
if (!isCell())
return false;
- JSCell* cell = asCell();
- callType = cell->methodTable()->getCallData(cell, callData);
- return callType != CallType::None;
+ return asCell()->isCallable(vm, callType, callData);
}
inline bool JSValue::isConstructor() const
Modified: trunk/Source/_javascript_Core/runtime/JSCell.h (231838 => 231839)
--- trunk/Source/_javascript_Core/runtime/JSCell.h 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/_javascript_Core/runtime/JSCell.h 2018-05-16 07:05:27 UTC (rev 231839)
@@ -115,6 +115,8 @@
bool isGetterSetter() const;
bool isCustomGetterSetter() const;
bool isProxy() const;
+ bool isFunction(VM&);
+ bool isCallable(VM&, CallType&, CallData&);
bool inherits(VM&, const ClassInfo*) const;
template<typename Target> bool inherits(VM&) const;
bool isAPIValueWrapper() const;
@@ -153,7 +155,7 @@
// Returns information about how to call/construct this cell as a function/constructor. May tell
// you that the cell is not callable or constructor (default is that it's not either). If it
- // says that the function is callable, and the TypeOfShouldCallGetCallData type flag is set, and
+ // says that the function is callable, and the OverridesGetCallData type flag is set, and
// this is an object, then typeof will return "function" instead of "object". These methods
// cannot change their minds and must be thread-safe. They are sometimes called from compiler
// threads.
Modified: trunk/Source/_javascript_Core/runtime/JSCellInlines.h (231838 => 231839)
--- trunk/Source/_javascript_Core/runtime/JSCellInlines.h 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/_javascript_Core/runtime/JSCellInlines.h 2018-05-16 07:05:27 UTC (rev 231839)
@@ -218,6 +218,25 @@
return m_type == ImpureProxyType || m_type == PureForwardingProxyType;
}
+ALWAYS_INLINE bool JSCell::isFunction(VM& vm)
+{
+ if (type() == JSFunctionType)
+ return true;
+ if (inlineTypeFlags() & OverridesGetCallData) {
+ CallData ignoredCallData;
+ return methodTable(vm)->getCallData(this, ignoredCallData) != CallType::None;
+ }
+ return false;
+}
+
+inline bool JSCell::isCallable(VM& vm, CallType& callType, CallData& callData)
+{
+ if (type() != JSFunctionType && !(inlineTypeFlags() & OverridesGetCallData))
+ return false;
+ callType = methodTable(vm)->getCallData(this, callData);
+ return callType != CallType::None;
+}
+
inline bool JSCell::isAPIValueWrapper() const
{
return m_type == APIValueWrapperType;
Modified: trunk/Source/_javascript_Core/runtime/JSFunction.h (231838 => 231839)
--- trunk/Source/_javascript_Core/runtime/JSFunction.h 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/_javascript_Core/runtime/JSFunction.h 2018-05-16 07:05:27 UTC (rev 231839)
@@ -69,7 +69,7 @@
}
typedef JSCallee Base;
- const static unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetPropertyNames;
+ const static unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetPropertyNames | OverridesGetCallData;
static size_t allocationSize(Checked<size_t> inlineCapacity)
{
Modified: trunk/Source/_javascript_Core/runtime/JSONObject.cpp (231838 => 231839)
--- trunk/Source/_javascript_Core/runtime/JSONObject.cpp 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/_javascript_Core/runtime/JSONObject.cpp 2018-05-16 07:05:27 UTC (rev 231839)
@@ -111,7 +111,7 @@
friend class Holder;
JSValue toJSON(JSValue, const PropertyNameForFunctionCall&);
- JSValue toJSONImpl(JSValue value, JSValue toJSONFunction, const PropertyNameForFunctionCall&);
+ JSValue toJSONImpl(VM&, JSValue, JSValue toJSONFunction, const PropertyNameForFunctionCall&);
enum StringifyResult { StringifyFailed, StringifySucceeded, StringifyFailedDueToUndefinedOrSymbolValue };
StringifyResult appendStringifiedValue(StringBuilder&, JSValue, const Holder&, const PropertyNameForFunctionCall&);
@@ -299,14 +299,14 @@
JSValue toJSONFunction = slot.getValue(m_exec, vm.propertyNames->toJSON);
RETURN_IF_EXCEPTION(scope, { });
scope.release();
- return toJSONImpl(value, toJSONFunction, propertyName);
+ return toJSONImpl(vm, value, toJSONFunction, propertyName);
}
-JSValue Stringifier::toJSONImpl(JSValue value, JSValue toJSONFunction, const PropertyNameForFunctionCall& propertyName)
+JSValue Stringifier::toJSONImpl(VM& vm, JSValue value, JSValue toJSONFunction, const PropertyNameForFunctionCall& propertyName)
{
CallType callType;
CallData callData;
- if (!toJSONFunction.isCallable(callType, callData))
+ if (!toJSONFunction.isCallable(vm, callType, callData))
return value;
MarkedArgumentBuffer args;
@@ -380,9 +380,7 @@
return StringifyFailed;
JSObject* object = asObject(value);
-
- CallData callData;
- if (object->methodTable(vm)->getCallData(object, callData) != CallType::None) {
+ if (object->isFunction(vm)) {
if (holder.isArray()) {
builder.appendLiteral("null");
return StringifySucceeded;
Modified: trunk/Source/_javascript_Core/runtime/JSObjectInlines.h (231838 => 231839)
--- trunk/Source/_javascript_Core/runtime/JSObjectInlines.h 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/_javascript_Core/runtime/JSObjectInlines.h 2018-05-16 07:05:27 UTC (rev 231839)
@@ -48,7 +48,7 @@
JSValue next = arrayLikeValue.get(exec, index);
RETURN_IF_EXCEPTION(scope, void());
- RuntimeType type = runtimeTypeForValue(next);
+ RuntimeType type = runtimeTypeForValue(vm, next);
if (!(type & legalTypesFilter)) {
throwTypeError(exec, scope, errorMessage);
return;
Modified: trunk/Source/_javascript_Core/runtime/JSTypeInfo.h (231838 => 231839)
--- trunk/Source/_javascript_Core/runtime/JSTypeInfo.h 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/_javascript_Core/runtime/JSTypeInfo.h 2018-05-16 07:05:27 UTC (rev 231839)
@@ -39,7 +39,7 @@
static const unsigned MasqueradesAsUndefined = 1; // WebCore uses MasqueradesAsUndefined to make document.all undetectable.
static const unsigned ImplementsDefaultHasInstance = 1 << 1;
-static const unsigned TypeOfShouldCallGetCallData = 1 << 2; // Need this flag if you override getCallData() and you want typeof to use this to determine if it should say "function". Currently we always set this flag when we override getCallData().
+static const unsigned OverridesGetCallData = 1 << 2; // Need this flag if you implement [[Callable]] interface, which means overriding getCallData. The object may not be callable since getCallData can say it is not callable.
static const unsigned OverridesGetOwnPropertySlot = 1 << 3;
static const unsigned OverridesToThis = 1 << 4; // If this is false then this returns something other than 'this'. Non-object cells that are visible to JS have this set as do some exotic objects.
static const unsigned HasStaticPropertyTable = 1 << 5;
@@ -85,7 +85,7 @@
bool masqueradesAsUndefined() const { return isSetOnFlags1(MasqueradesAsUndefined); }
bool implementsHasInstance() const { return isSetOnFlags2(ImplementsHasInstance); }
bool implementsDefaultHasInstance() const { return isSetOnFlags1(ImplementsDefaultHasInstance); }
- bool typeOfShouldCallGetCallData() const { return isSetOnFlags1(TypeOfShouldCallGetCallData); }
+ bool overridesGetCallData() const { return isSetOnFlags1(OverridesGetCallData); }
bool overridesGetOwnPropertySlot() const { return overridesGetOwnPropertySlot(inlineTypeFlags()); }
static bool overridesGetOwnPropertySlot(InlineTypeFlags flags) { return flags & OverridesGetOwnPropertySlot; }
static bool hasStaticPropertyTable(InlineTypeFlags flags) { return flags & HasStaticPropertyTable; }
Modified: trunk/Source/_javascript_Core/runtime/Operations.cpp (231838 => 231839)
--- trunk/Source/_javascript_Core/runtime/Operations.cpp 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/_javascript_Core/runtime/Operations.cpp 2018-05-16 07:05:27 UTC (rev 231839)
@@ -90,14 +90,8 @@
// as null when doing comparisons.
if (object->structure(vm)->masqueradesAsUndefined(globalObject))
return vm.smallStrings.undefinedString();
- if (object->type() == JSFunctionType)
+ if (object->isFunction(vm))
return vm.smallStrings.functionString();
- if (object->inlineTypeFlags() & TypeOfShouldCallGetCallData) {
- CallData callData;
- JSObject* object = asObject(v);
- if (object->methodTable(vm)->getCallData(object, callData) != CallType::None)
- return vm.smallStrings.functionString();
- }
}
return vm.smallStrings.objectString();
}
@@ -119,9 +113,8 @@
if (type >= ObjectType) {
if (asObject(v)->structure(vm)->masqueradesAsUndefined(callFrame->lexicalGlobalObject()))
return false;
- CallData callData;
JSObject* object = asObject(v);
- if (object->methodTable(vm)->getCallData(object, callData) != CallType::None)
+ if (object->isFunction(vm))
return false;
}
return true;
Modified: trunk/Source/_javascript_Core/runtime/ProxyObject.h (231838 => 231839)
--- trunk/Source/_javascript_Core/runtime/ProxyObject.h 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/_javascript_Core/runtime/ProxyObject.h 2018-05-16 07:05:27 UTC (rev 231839)
@@ -34,7 +34,7 @@
public:
typedef JSNonFinalObject Base;
- const static unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | TypeOfShouldCallGetCallData | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | OverridesGetPropertyNames | ProhibitsPropertyCaching;
+ const static unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetCallData | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | OverridesGetPropertyNames | ProhibitsPropertyCaching;
static ProxyObject* create(ExecState* exec, JSGlobalObject* globalObject, JSValue target, JSValue handler)
{
Modified: trunk/Source/_javascript_Core/runtime/RuntimeType.cpp (231838 => 231839)
--- trunk/Source/_javascript_Core/runtime/RuntimeType.cpp 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/_javascript_Core/runtime/RuntimeType.cpp 2018-05-16 07:05:27 UTC (rev 231839)
@@ -32,7 +32,7 @@
namespace JSC {
-RuntimeType runtimeTypeForValue(JSValue value)
+RuntimeType runtimeTypeForValue(VM& vm, JSValue value)
{
if (UNLIKELY(!value))
return TypeNothing;
@@ -51,7 +51,7 @@
return TypeBoolean;
if (value.isObject())
return TypeObject;
- if (value.isFunction())
+ if (value.isFunction(vm))
return TypeFunction;
if (value.isSymbol())
return TypeSymbol;
Modified: trunk/Source/_javascript_Core/runtime/RuntimeType.h (231838 => 231839)
--- trunk/Source/_javascript_Core/runtime/RuntimeType.h 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/_javascript_Core/runtime/RuntimeType.h 2018-05-16 07:05:27 UTC (rev 231839)
@@ -48,7 +48,7 @@
static const RuntimeTypeMask RuntimeTypeMaskAllTypes = TypeFunction | TypeUndefined | TypeNull | TypeBoolean | TypeAnyInt | TypeNumber | TypeString | TypeObject | TypeSymbol;
class JSValue;
-RuntimeType runtimeTypeForValue(JSValue);
+RuntimeType runtimeTypeForValue(VM&, JSValue);
String runtimeTypeAsString(RuntimeType);
ALWAYS_INLINE bool runtimeTypeIsPrimitive(RuntimeTypeMask type)
Modified: trunk/Source/_javascript_Core/runtime/Structure.cpp (231838 => 231839)
--- trunk/Source/_javascript_Core/runtime/Structure.cpp 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/_javascript_Core/runtime/Structure.cpp 2018-05-16 07:05:27 UTC (rev 231839)
@@ -208,6 +208,7 @@
ASSERT(!hasRareData());
ASSERT(hasReadOnlyOrGetterSetterPropertiesExcludingProto() || !m_classInfo->hasStaticSetterOrReadonlyProperties());
ASSERT(hasGetterSetterProperties() || !m_classInfo->hasStaticSetterOrReadonlyProperties());
+ ASSERT(!this->typeInfo().overridesGetCallData() || m_classInfo->methodTable.getCallData != &JSCell::getCallData);
}
const ClassInfo Structure::s_info = { "Structure", nullptr, nullptr, nullptr, CREATE_METHOD_TABLE(Structure) };
@@ -243,6 +244,7 @@
ASSERT(hasReadOnlyOrGetterSetterPropertiesExcludingProto() || !m_classInfo->hasStaticSetterOrReadonlyProperties());
ASSERT(hasGetterSetterProperties() || !m_classInfo->hasStaticSetterOrReadonlyProperties());
+ ASSERT(!this->typeInfo().overridesGetCallData() || m_classInfo->methodTable.getCallData != &JSCell::getCallData);
}
Structure::Structure(VM& vm, Structure* previous, DeferredStructureTransitionWatchpointFire* deferred)
@@ -286,6 +288,7 @@
m_globalObject.set(vm, this, previous->m_globalObject.get());
ASSERT(hasReadOnlyOrGetterSetterPropertiesExcludingProto() || !m_classInfo->hasStaticSetterOrReadonlyProperties());
ASSERT(hasGetterSetterProperties() || !m_classInfo->hasStaticSetterOrReadonlyProperties());
+ ASSERT(!this->typeInfo().overridesGetCallData() || m_classInfo->methodTable.getCallData != &JSCell::getCallData);
}
Structure::~Structure()
Modified: trunk/Source/_javascript_Core/runtime/TypeProfilerLog.cpp (231838 => 231839)
--- trunk/Source/_javascript_Core/runtime/TypeProfilerLog.cpp 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/_javascript_Core/runtime/TypeProfilerLog.cpp 2018-05-16 07:05:27 UTC (rev 231839)
@@ -40,8 +40,9 @@
static const bool verbose = false;
}
-TypeProfilerLog::TypeProfilerLog()
- : m_logSize(50000)
+TypeProfilerLog::TypeProfilerLog(VM& vm)
+ : m_vm(vm)
+ , m_logSize(50000)
, m_logStartPtr(new LogEntry[m_logSize])
, m_currentLogEntryPtr(m_logStartPtr)
, m_logEndPtr(m_logStartPtr + m_logSize)
@@ -95,7 +96,7 @@
shape = iter->value;
}
- RuntimeType type = runtimeTypeForValue(value);
+ RuntimeType type = runtimeTypeForValue(m_vm, value);
TypeLocation* location = entry->location;
location->m_lastSeenType = type;
if (location->m_globalTypeSet)
Modified: trunk/Source/_javascript_Core/runtime/TypeProfilerLog.h (231838 => 231839)
--- trunk/Source/_javascript_Core/runtime/TypeProfilerLog.h 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/_javascript_Core/runtime/TypeProfilerLog.h 2018-05-16 07:05:27 UTC (rev 231839)
@@ -53,7 +53,7 @@
};
- TypeProfilerLog();
+ TypeProfilerLog(VM&);
~TypeProfilerLog();
JS_EXPORT_PRIVATE void processLogEntries(const String&);
@@ -67,6 +67,7 @@
private:
friend class LLIntOffsetsExtractor;
+ VM& m_vm;
unsigned m_logSize;
LogEntry* m_logStartPtr;
LogEntry* m_currentLogEntryPtr;
Modified: trunk/Source/_javascript_Core/runtime/VM.cpp (231838 => 231839)
--- trunk/Source/_javascript_Core/runtime/VM.cpp 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/_javascript_Core/runtime/VM.cpp 2018-05-16 07:05:27 UTC (rev 231839)
@@ -1043,7 +1043,7 @@
{
auto enableTypeProfiler = [this] () {
this->m_typeProfiler = std::make_unique<TypeProfiler>();
- this->m_typeProfilerLog = std::make_unique<TypeProfilerLog>();
+ this->m_typeProfilerLog = std::make_unique<TypeProfilerLog>(*this);
};
return enableProfilerWithRespectToCount(m_typeProfilerEnabledCount, enableTypeProfiler);
Modified: trunk/Source/_javascript_Core/tools/JSDollarVM.cpp (231838 => 231839)
--- trunk/Source/_javascript_Core/tools/JSDollarVM.cpp 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/_javascript_Core/tools/JSDollarVM.cpp 2018-05-16 07:05:27 UTC (rev 231839)
@@ -1614,7 +1614,7 @@
vm.typeProfilerLog()->processLogEntries(ASCIILiteral("jsc Testing API: functionFindTypeForExpression"));
JSValue functionValue = exec->argument(0);
- RELEASE_ASSERT(functionValue.isFunction());
+ RELEASE_ASSERT(functionValue.isFunction(vm));
FunctionExecutable* executable = (jsDynamicCast<JSFunction*>(vm, functionValue.asCell()->getObject()))->jsExecutable();
RELEASE_ASSERT(exec->argument(1).isString());
@@ -1633,7 +1633,7 @@
vm.typeProfilerLog()->processLogEntries(ASCIILiteral("jsc Testing API: functionReturnTypeFor"));
JSValue functionValue = exec->argument(0);
- RELEASE_ASSERT(functionValue.isFunction());
+ RELEASE_ASSERT(functionValue.isFunction(vm));
FunctionExecutable* executable = (jsDynamicCast<JSFunction*>(vm, functionValue.asCell()->getObject()))->jsExecutable();
unsigned offset = executable->typeProfilingStartOffset();
@@ -1655,7 +1655,7 @@
RELEASE_ASSERT(vm.controlFlowProfiler());
JSValue functionValue = exec->argument(0);
- RELEASE_ASSERT(functionValue.isFunction());
+ RELEASE_ASSERT(functionValue.isFunction(vm));
FunctionExecutable* executable = (jsDynamicCast<JSFunction*>(vm, functionValue.asCell()->getObject()))->jsExecutable();
RELEASE_ASSERT(exec->argument(1).isString());
@@ -1674,7 +1674,7 @@
RELEASE_ASSERT(vm.controlFlowProfiler());
JSValue functionValue = exec->argument(0);
- RELEASE_ASSERT(functionValue.isFunction());
+ RELEASE_ASSERT(functionValue.isFunction(vm));
FunctionExecutable* executable = (jsDynamicCast<JSFunction*>(vm, functionValue.asCell()->getObject()))->jsExecutable();
RELEASE_ASSERT(exec->argument(1).isString());
Modified: trunk/Source/_javascript_Core/wasm/js/JSWebAssemblyHelpers.h (231838 => 231839)
--- trunk/Source/_javascript_Core/wasm/js/JSWebAssemblyHelpers.h 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/_javascript_Core/wasm/js/JSWebAssemblyHelpers.h 2018-05-16 07:05:27 UTC (rev 231839)
@@ -65,13 +65,13 @@
JSArrayBufferView* arrayBufferView = value.getObject() ? jsDynamicCast<JSArrayBufferView*>(vm, value.getObject()) : nullptr;
if (!(arrayBuffer || arrayBufferView)) {
throwException(exec, throwScope, createTypeError(exec,
- ASCIILiteral("first argument must be an ArrayBufferView or an ArrayBuffer"), defaultSourceAppender, runtimeTypeForValue(value)));
+ ASCIILiteral("first argument must be an ArrayBufferView or an ArrayBuffer"), defaultSourceAppender, runtimeTypeForValue(vm, value)));
return { nullptr, 0 };
}
if (arrayBufferView ? arrayBufferView->isNeutered() : arrayBuffer->impl()->isNeutered()) {
throwException(exec, throwScope, createTypeError(exec,
- ASCIILiteral("underlying TypedArray has been detatched from the ArrayBuffer"), defaultSourceAppender, runtimeTypeForValue(value)));
+ ASCIILiteral("underlying TypedArray has been detatched from the ArrayBuffer"), defaultSourceAppender, runtimeTypeForValue(vm, value)));
return { nullptr, 0 };
}
Modified: trunk/Source/_javascript_Core/wasm/js/JSWebAssemblyInstance.cpp (231838 => 231839)
--- trunk/Source/_javascript_Core/wasm/js/JSWebAssemblyInstance.cpp 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/_javascript_Core/wasm/js/JSWebAssemblyInstance.cpp 2018-05-16 07:05:27 UTC (rev 231839)
@@ -218,7 +218,7 @@
RETURN_IF_EXCEPTION(throwScope, nullptr);
// 2. If Type(o) is not Object, throw a TypeError.
if (!importModuleValue.isObject())
- return exception(createTypeError(exec, importFailMessage(import, "import", "must be an object"), defaultSourceAppender, runtimeTypeForValue(importModuleValue)));
+ return exception(createTypeError(exec, importFailMessage(import, "import", "must be an object"), defaultSourceAppender, runtimeTypeForValue(vm, importModuleValue)));
// 3. Let v be the value of performing Get(o, i.item_name)
JSObject* object = jsCast<JSObject*>(importModuleValue);
Modified: trunk/Source/_javascript_Core/wasm/js/WebAssemblyFunction.cpp (231838 => 231839)
--- trunk/Source/_javascript_Core/wasm/js/WebAssemblyFunction.cpp 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/_javascript_Core/wasm/js/WebAssemblyFunction.cpp 2018-05-16 07:05:27 UTC (rev 231839)
@@ -55,7 +55,7 @@
auto scope = DECLARE_THROW_SCOPE(vm);
WebAssemblyFunction* wasmFunction = jsDynamicCast<WebAssemblyFunction*>(vm, exec->jsCallee());
if (!wasmFunction)
- return JSValue::encode(throwException(exec, scope, createTypeError(exec, "expected a WebAssembly function", defaultSourceAppender, runtimeTypeForValue(exec->jsCallee()))));
+ return JSValue::encode(throwException(exec, scope, createTypeError(exec, "expected a WebAssembly function", defaultSourceAppender, runtimeTypeForValue(vm, exec->jsCallee()))));
Wasm::SignatureIndex signatureIndex = wasmFunction->signatureIndex();
const Wasm::Signature& signature = Wasm::SignatureInformation::get(signatureIndex);
Modified: trunk/Source/_javascript_Core/wasm/js/WebAssemblyInstanceConstructor.cpp (231838 => 231839)
--- trunk/Source/_javascript_Core/wasm/js/WebAssemblyInstanceConstructor.cpp 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/_javascript_Core/wasm/js/WebAssemblyInstanceConstructor.cpp 2018-05-16 07:05:27 UTC (rev 231839)
@@ -66,13 +66,13 @@
// If moduleObject is not a WebAssembly.Module instance, a TypeError is thrown.
JSWebAssemblyModule* module = jsDynamicCast<JSWebAssemblyModule*>(vm, exec->argument(0));
if (!module)
- return JSValue::encode(throwException(exec, scope, createTypeError(exec, ASCIILiteral("first argument to WebAssembly.Instance must be a WebAssembly.Module"), defaultSourceAppender, runtimeTypeForValue(exec->argument(0)))));
+ return JSValue::encode(throwException(exec, scope, createTypeError(exec, ASCIILiteral("first argument to WebAssembly.Instance must be a WebAssembly.Module"), defaultSourceAppender, runtimeTypeForValue(vm, exec->argument(0)))));
// If the importObject parameter is not undefined and Type(importObject) is not Object, a TypeError is thrown.
JSValue importArgument = exec->argument(1);
JSObject* importObject = importArgument.getObject();
if (!importArgument.isUndefined() && !importObject)
- return JSValue::encode(throwException(exec, scope, createTypeError(exec, ASCIILiteral("second argument to WebAssembly.Instance must be undefined or an Object"), defaultSourceAppender, runtimeTypeForValue(importArgument))));
+ return JSValue::encode(throwException(exec, scope, createTypeError(exec, ASCIILiteral("second argument to WebAssembly.Instance must be undefined or an Object"), defaultSourceAppender, runtimeTypeForValue(vm, importArgument))));
Structure* instanceStructure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), exec->lexicalGlobalObject()->WebAssemblyInstanceStructure());
RETURN_IF_EXCEPTION(scope, { });
Modified: trunk/Source/_javascript_Core/wasm/js/WebAssemblyModuleRecord.cpp (231838 => 231839)
--- trunk/Source/_javascript_Core/wasm/js/WebAssemblyModuleRecord.cpp 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/_javascript_Core/wasm/js/WebAssemblyModuleRecord.cpp 2018-05-16 07:05:27 UTC (rev 231839)
@@ -136,7 +136,7 @@
RETURN_IF_EXCEPTION(scope, void());
// 2. If Type(o) is not Object, throw a TypeError.
if (!importModuleValue.isObject())
- return exception(createTypeError(exec, importFailMessage(import, "import", "must be an object"), defaultSourceAppender, runtimeTypeForValue(importModuleValue)));
+ return exception(createTypeError(exec, importFailMessage(import, "import", "must be an object"), defaultSourceAppender, runtimeTypeForValue(vm, importModuleValue)));
// 3. Let v be the value of performing Get(o, i.item_name)
JSObject* object = jsCast<JSObject*>(importModuleValue);
@@ -189,7 +189,7 @@
case Wasm::ExternalKind::Function: {
// 4. If i is a function import:
// i. If IsCallable(v) is false, throw a WebAssembly.LinkError.
- if (!value.isFunction())
+ if (!value.isFunction(vm))
return exception(createJSWebAssemblyLinkError(exec, vm, importFailMessage(import, "import function", "must be callable")));
Wasm::Instance* calleeInstance = nullptr;
Modified: trunk/Source/_javascript_Core/wasm/js/WebAssemblyPrototype.cpp (231838 => 231839)
--- trunk/Source/_javascript_Core/wasm/js/WebAssemblyPrototype.cpp 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/_javascript_Core/wasm/js/WebAssemblyPrototype.cpp 2018-05-16 07:05:27 UTC (rev 231839)
@@ -271,7 +271,7 @@
JSObject* importObject = importArgument.getObject();
if (UNLIKELY(!importArgument.isUndefined() && !importObject)) {
promise->reject(exec, createTypeError(exec,
- ASCIILiteral("second argument to WebAssembly.instantiate must be undefined or an Object"), defaultSourceAppender, runtimeTypeForValue(importArgument)));
+ ASCIILiteral("second argument to WebAssembly.instantiate must be undefined or an Object"), defaultSourceAppender, runtimeTypeForValue(vm, importArgument)));
CLEAR_AND_RETURN_IF_EXCEPTION(catchScope, JSValue::encode(promise->promise()));
} else {
JSValue firstArgument = exec->argument(0);
@@ -340,7 +340,7 @@
JSObject* importObject = importArgument.getObject();
if (UNLIKELY(!importArgument.isUndefined() && !importObject)) {
promise->reject(exec, createTypeError(exec,
- ASCIILiteral("second argument to WebAssembly.instantiateStreaming must be undefined or an Object"), defaultSourceAppender, runtimeTypeForValue(importArgument)));
+ ASCIILiteral("second argument to WebAssembly.instantiateStreaming must be undefined or an Object"), defaultSourceAppender, runtimeTypeForValue(vm, importArgument)));
CLEAR_AND_RETURN_IF_EXCEPTION(catchScope, JSValue::encode(promise->promise()));
} else {
if (globalObject->globalObjectMethodTable()->instantiateStreaming) {
Modified: trunk/Source/_javascript_Core/wasm/js/WebAssemblyWrapperFunction.cpp (231838 => 231839)
--- trunk/Source/_javascript_Core/wasm/js/WebAssemblyWrapperFunction.cpp 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/_javascript_Core/wasm/js/WebAssemblyWrapperFunction.cpp 2018-05-16 07:05:27 UTC (rev 231839)
@@ -72,7 +72,7 @@
void WebAssemblyWrapperFunction::finishCreation(VM& vm, NativeExecutable* executable, unsigned length, const String& name, JSObject* function, JSWebAssemblyInstance* instance)
{
Base::finishCreation(vm, executable, length, name, instance);
- RELEASE_ASSERT(JSValue(function).isFunction());
+ RELEASE_ASSERT(JSValue(function).isFunction(vm));
m_function.set(vm, this, function);
}
Modified: trunk/Source/WebCore/ChangeLog (231838 => 231839)
--- trunk/Source/WebCore/ChangeLog 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/WebCore/ChangeLog 2018-05-16 07:05:27 UTC (rev 231839)
@@ -1,3 +1,40 @@
+2018-05-15 Yusuke Suzuki <utatane....@gmail.com>
+
+ [JSC] Check TypeInfo first before calling getCallData when we would like to check whether given object is a function
+ https://bugs.webkit.org/show_bug.cgi?id=185601
+
+ Reviewed by Saam Barati.
+
+ No behavior change.
+
+ * Modules/plugins/QuickTimePluginReplacement.mm:
+ (WebCore::QuickTimePluginReplacement::ensureReplacementScriptInjected):
+ * bindings/js/JSCustomElementRegistryCustom.cpp:
+ (WebCore::getCustomElementCallback):
+ * bindings/js/JSDOMConstructorBase.h:
+ * bindings/js/JSDOMConvertCallbacks.h:
+ (WebCore::Converter<IDLCallbackFunction<T>>::convert):
+ * bindings/js/JSDOMPromise.cpp:
+ (WebCore::DOMPromise::whenSettled):
+ * bindings/js/ReadableStream.cpp:
+ (WebCore::ReadableStream::pipeTo):
+ (WebCore::ReadableStream::tee):
+ * bindings/js/ReadableStreamDefaultController.cpp:
+ (WebCore::ReadableStreamDefaultController::invoke):
+ * bindings/scripts/CodeGeneratorJS.pm:
+ (GenerateHeader):
+ (GenerateOverloadDispatcher):
+ * bindings/scripts/test/JS/JSTestObj.h:
+ * bindings/scripts/test/JS/JSTestPluginInterface.h:
+ * bridge/objc/objc_runtime.h:
+ * bridge/runtime_method.h:
+ * bridge/runtime_object.h:
+ * html/HTMLMediaElement.cpp:
+ (WebCore::HTMLMediaElement::ensureMediaControlsInjectedScript):
+ * testing/Internals.cpp:
+ (WebCore::Internals::parserMetaData):
+ (WebCore::Internals::cloneArrayBuffer):
+
2018-05-15 Matt Baker <mattba...@apple.com>
Web Inspector: element details hanger in inspector overlay should have better placement logic
Modified: trunk/Source/WebCore/Modules/plugins/QuickTimePluginReplacement.mm (231838 => 231839)
--- trunk/Source/WebCore/Modules/plugins/QuickTimePluginReplacement.mm 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/WebCore/Modules/plugins/QuickTimePluginReplacement.mm 2018-05-16 07:05:27 UTC (rev 231839)
@@ -159,7 +159,7 @@
JSC::ExecState* exec = globalObject->globalExec();
JSC::JSValue replacementFunction = globalObject->get(exec, JSC::Identifier::fromString(exec, "createPluginReplacement"));
- if (replacementFunction.isFunction())
+ if (replacementFunction.isFunction(vm))
return true;
scriptController.evaluateInWorld(ScriptSourceCode(quickTimePluginReplacementScript()), world);
Modified: trunk/Source/WebCore/bindings/js/JSCustomElementRegistryCustom.cpp (231838 => 231839)
--- trunk/Source/WebCore/bindings/js/JSCustomElementRegistryCustom.cpp 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/WebCore/bindings/js/JSCustomElementRegistryCustom.cpp 2018-05-16 07:05:27 UTC (rev 231839)
@@ -49,7 +49,7 @@
RETURN_IF_EXCEPTION(scope, nullptr);
if (callback.isUndefined())
return nullptr;
- if (!callback.isFunction()) {
+ if (!callback.isFunction(vm)) {
throwTypeError(&state, scope, ASCIILiteral("A custom element callback must be a function"));
return nullptr;
}
Modified: trunk/Source/WebCore/bindings/js/JSDOMConstructorBase.h (231838 => 231839)
--- trunk/Source/WebCore/bindings/js/JSDOMConstructorBase.h 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/WebCore/bindings/js/JSDOMConstructorBase.h 2018-05-16 07:05:27 UTC (rev 231839)
@@ -28,7 +28,7 @@
public:
using Base = JSDOMObject;
- static const unsigned StructureFlags = Base::StructureFlags | JSC::ImplementsHasInstance | JSC::ImplementsDefaultHasInstance | JSC::TypeOfShouldCallGetCallData;
+ static const unsigned StructureFlags = Base::StructureFlags | JSC::ImplementsHasInstance | JSC::ImplementsDefaultHasInstance | JSC::OverridesGetCallData;
static JSC::Structure* createStructure(JSC::VM&, JSC::JSGlobalObject*, JSC::JSValue);
protected:
Modified: trunk/Source/WebCore/bindings/js/JSDOMConvertCallbacks.h (231838 => 231839)
--- trunk/Source/WebCore/bindings/js/JSDOMConvertCallbacks.h 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/WebCore/bindings/js/JSDOMConvertCallbacks.h 2018-05-16 07:05:27 UTC (rev 231839)
@@ -40,7 +40,7 @@
JSC::VM& vm = state.vm();
auto scope = DECLARE_THROW_SCOPE(vm);
- if (!value.isFunction()) {
+ if (!value.isFunction(vm)) {
exceptionThrower(state, scope);
return nullptr;
}
Modified: trunk/Source/WebCore/bindings/js/JSDOMPromise.cpp (231838 => 231839)
--- trunk/Source/WebCore/bindings/js/JSDOMPromise.cpp 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/WebCore/bindings/js/JSDOMPromise.cpp 2018-05-16 07:05:27 UTC (rev 231839)
@@ -64,7 +64,7 @@
const JSC::Identifier& privateName = vm.propertyNames->builtinNames().thenPrivateName();
auto* promise = this->promise();
auto thenFunction = promise->get(&state, privateName);
- ASSERT(thenFunction.isFunction());
+ ASSERT(thenFunction.isFunction(vm));
JSC::MarkedArgumentBuffer arguments;
arguments.append(handler);
Modified: trunk/Source/WebCore/bindings/js/ReadableStream.cpp (231838 => 231839)
--- trunk/Source/WebCore/bindings/js/ReadableStream.cpp 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/WebCore/bindings/js/ReadableStream.cpp 2018-05-16 07:05:27 UTC (rev 231839)
@@ -79,7 +79,7 @@
const Identifier& privateName = clientData->builtinFunctions().readableStreamInternalsBuiltins().readableStreamPipeToPrivateName();
auto readableStreamPipeTo = m_globalObject->get(&state, privateName);
- ASSERT(readableStreamPipeTo.isFunction());
+ ASSERT(readableStreamPipeTo.isFunction(state.vm()));
MarkedArgumentBuffer arguments;
arguments.append(readableStream());
@@ -95,7 +95,7 @@
const Identifier& privateName = clientData->builtinFunctions().readableStreamInternalsBuiltins().readableStreamTeePrivateName();
auto readableStreamTee = m_globalObject->get(&state, privateName);
- ASSERT(readableStreamTee.isFunction());
+ ASSERT(readableStreamTee.isFunction(state.vm()));
MarkedArgumentBuffer arguments;
arguments.append(readableStream());
Modified: trunk/Source/WebCore/bindings/js/ReadableStreamDefaultController.cpp (231838 => 231839)
--- trunk/Source/WebCore/bindings/js/ReadableStreamDefaultController.cpp 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/WebCore/bindings/js/ReadableStreamDefaultController.cpp 2018-05-16 07:05:27 UTC (rev 231839)
@@ -57,7 +57,7 @@
auto function = object.get(&state, JSC::Identifier::fromString(&state, propertyName));
RETURN_IF_EXCEPTION(scope, JSC::JSValue());
- if (!function.isFunction()) {
+ if (!function.isFunction(vm)) {
if (!function.isUndefined())
throwTypeError(&state, scope, ASCIILiteral("ReadableStream trying to call a property that is not callable"));
return JSC::jsUndefined();
Modified: trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm (231838 => 231839)
--- trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2018-05-16 07:05:27 UTC (rev 231839)
@@ -2634,7 +2634,7 @@
if (InstanceOverridesGetCallData($interface)) {
push(@headerContent, " static JSC::CallType getCallData(JSC::JSCell*, JSC::CallData&);\n\n");
$headerIncludes{"<_javascript_Core/CallData.h>"} = 1;
- $structureFlags{"JSC::TypeOfShouldCallGetCallData"} = 1;
+ $structureFlags{"JSC::OverridesGetCallData"} = 1;
}
if ($interface->extendedAttributes->{CustomGetPrototype}) {
@@ -3419,7 +3419,7 @@
&$generateOverloadCallIfNecessary($overload, "distinguishingArg.isObject() && asObject(distinguishingArg)->type() == ErrorInstanceType");
$overload = GetOverloadThatMatches($S, $d, \&$isObjectOrCallbackFunctionParameter);
- &$generateOverloadCallIfNecessary($overload, "distinguishingArg.isFunction()");
+ &$generateOverloadCallIfNecessary($overload, "distinguishingArg.isFunction(vm)");
# FIXME: Avoid invoking GetMethod(object, Symbol.iterator) again in convert<IDLSequence<T>>(...).
$overload = GetOverloadThatMatches($S, $d, \&$isSequenceOrFrozenArrayParameter);
Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestObj.h (231838 => 231839)
--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestObj.h 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestObj.h 2018-05-16 07:05:27 UTC (rev 231839)
@@ -75,7 +75,7 @@
static JSC::JSValue testStaticCustomPromiseFunction(JSC::ExecState&, Ref<DeferredPromise>&&);
JSC::JSValue testCustomReturnsOwnPromiseFunction(JSC::ExecState&);
public:
- static const unsigned StructureFlags = JSC::HasStaticPropertyTable | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames | JSC::TypeOfShouldCallGetCallData | Base::StructureFlags;
+ static const unsigned StructureFlags = JSC::HasStaticPropertyTable | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetCallData | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames | Base::StructureFlags;
protected:
JSTestObj(JSC::Structure*, JSDOMGlobalObject&, Ref<TestObj>&&);
Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestPluginInterface.h (231838 => 231839)
--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestPluginInterface.h 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestPluginInterface.h 2018-05-16 07:05:27 UTC (rev 231839)
@@ -57,7 +57,7 @@
static JSC::JSValue getConstructor(JSC::VM&, const JSC::JSGlobalObject*);
public:
- static const unsigned StructureFlags = JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetOwnPropertySlot | JSC::TypeOfShouldCallGetCallData | Base::StructureFlags;
+ static const unsigned StructureFlags = JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetCallData | JSC::OverridesGetOwnPropertySlot | Base::StructureFlags;
protected:
JSTestPluginInterface(JSC::Structure*, JSDOMGlobalObject&, Ref<TestPluginInterface>&&);
Modified: trunk/Source/WebCore/bridge/objc/objc_runtime.h (231838 => 231839)
--- trunk/Source/WebCore/bridge/objc/objc_runtime.h 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/WebCore/bridge/objc/objc_runtime.h 2018-05-16 07:05:27 UTC (rev 231839)
@@ -93,7 +93,7 @@
class ObjcFallbackObjectImp : public JSDestructibleObject {
public:
typedef JSDestructibleObject Base;
- static const unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | TypeOfShouldCallGetCallData;
+ static const unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetCallData;
static ObjcFallbackObjectImp* create(ExecState* exec, JSGlobalObject* globalObject, ObjcInstance* instance, const String& propertyName)
{
Modified: trunk/Source/WebCore/bridge/runtime_method.h (231838 => 231839)
--- trunk/Source/WebCore/bridge/runtime_method.h 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/WebCore/bridge/runtime_method.h 2018-05-16 07:05:27 UTC (rev 231839)
@@ -35,7 +35,7 @@
class WEBCORE_EXPORT RuntimeMethod : public InternalFunction {
public:
typedef InternalFunction Base;
- static const unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | TypeOfShouldCallGetCallData;
+ static const unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetCallData;
template<typename CellType>
static IsoSubspace* subspaceFor(VM& vm)
Modified: trunk/Source/WebCore/bridge/runtime_object.h (231838 => 231839)
--- trunk/Source/WebCore/bridge/runtime_object.h 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/WebCore/bridge/runtime_object.h 2018-05-16 07:05:27 UTC (rev 231839)
@@ -35,7 +35,7 @@
class WEBCORE_EXPORT RuntimeObject : public JSDestructibleObject {
public:
typedef JSDestructibleObject Base;
- static const unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetPropertyNames | TypeOfShouldCallGetCallData;
+ static const unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetPropertyNames | OverridesGetCallData;
static RuntimeObject* create(VM& vm, Structure* structure, RefPtr<Instance>&& instance)
{
Modified: trunk/Source/WebCore/html/HTMLMediaElement.cpp (231838 => 231839)
--- trunk/Source/WebCore/html/HTMLMediaElement.cpp 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/WebCore/html/HTMLMediaElement.cpp 2018-05-16 07:05:27 UTC (rev 231839)
@@ -7090,7 +7090,7 @@
JSC::ExecState* exec = globalObject->globalExec();
JSC::JSValue functionValue = globalObject->get(exec, JSC::Identifier::fromString(exec, "createControls"));
- if (functionValue.isFunction())
+ if (functionValue.isFunction(vm))
return true;
#ifndef NDEBUG
Modified: trunk/Source/WebCore/testing/Internals.cpp (231838 => 231839)
--- trunk/Source/WebCore/testing/Internals.cpp 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/WebCore/testing/Internals.cpp 2018-05-16 07:05:27 UTC (rev 231839)
@@ -2050,7 +2050,7 @@
exec->iterate(iter);
CodeBlock* codeBlock = iter.codeBlock();
executable = codeBlock->ownerScriptExecutable();
- } else if (code.isFunction()) {
+ } else if (code.isFunction(vm)) {
JSFunction* funcObj = JSC::jsCast<JSFunction*>(code.toObject(exec));
executable = funcObj->jsExecutable();
} else
@@ -4026,7 +4026,7 @@
PropertySlot propertySlot(value, PropertySlot::InternalMethodType::Get);
globalObject->methodTable(vm)->getOwnPropertySlot(globalObject, &state, privateName, propertySlot);
value = propertySlot.getValue(&state, privateName);
- ASSERT(value.isFunction());
+ ASSERT(value.isFunction(vm));
JSObject* function = value.getObject();
CallData callData;
Modified: trunk/Source/WebKit/ChangeLog (231838 => 231839)
--- trunk/Source/WebKit/ChangeLog 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/WebKit/ChangeLog 2018-05-16 07:05:27 UTC (rev 231839)
@@ -1,3 +1,12 @@
+2018-05-15 Yusuke Suzuki <utatane....@gmail.com>
+
+ [JSC] Check TypeInfo first before calling getCallData when we would like to check whether given object is a function
+ https://bugs.webkit.org/show_bug.cgi?id=185601
+
+ Reviewed by Saam Barati.
+
+ * WebProcess/Plugins/Netscape/JSNPObject.h:
+
2018-05-15 Sihui Liu <sihui_...@apple.com>
StorageManager::deleteLocalStorageOriginsModifiedSince: database files get deleted before database connections close
Modified: trunk/Source/WebKit/WebProcess/Plugins/Netscape/JSNPObject.h (231838 => 231839)
--- trunk/Source/WebKit/WebProcess/Plugins/Netscape/JSNPObject.h 2018-05-16 05:30:09 UTC (rev 231838)
+++ trunk/Source/WebKit/WebProcess/Plugins/Netscape/JSNPObject.h 2018-05-16 07:05:27 UTC (rev 231839)
@@ -44,7 +44,7 @@
class JSNPObject final : public JSC::JSDestructibleObject {
public:
typedef JSC::JSDestructibleObject Base;
- static const unsigned StructureFlags = Base::StructureFlags | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames | JSC::TypeOfShouldCallGetCallData;
+ static const unsigned StructureFlags = Base::StructureFlags | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames | JSC::OverridesGetCallData;
template<typename CellType>
static JSC::IsoSubspace* subspaceFor(JSC::VM& vm)
