[webkit-changes] [97342] trunk/Source/JavaScriptCore

[fpizlo]

Title: [97342] trunk/Source/_javascript_Core

Revision

97342

Author

fpi...@apple.com

Date

2011-10-12 22:01:36 -0700 (Wed, 12 Oct 2011)

Log Message

If an Arguments object is being used to copy the arguments, then
make this explicit
https://bugs.webkit.org/show_bug.cgi?id=69995

Reviewed by Sam Weinig.

* interpreter/Interpreter.cpp:
(JSC::Interpreter::retrieveArguments):
* runtime/Arguments.h:
(JSC::Arguments::createAndCopyRegisters):
(JSC::Arguments::finishCreationButDontCopyRegisters):
(JSC::Arguments::finishCreation):
(JSC::Arguments::finishCreationAndCopyRegisters):

Modified Paths

• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/interpreter/Interpreter.cpp
• trunk/Source/_javascript_Core/runtime/Arguments.h

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (97341 => 97342)

--- trunk/Source/_javascript_Core/ChangeLog	2011-10-13 04:09:44 UTC (rev 97341)
+++ trunk/Source/_javascript_Core/ChangeLog	2011-10-13 05:01:36 UTC (rev 97342)
@@ -1,5 +1,21 @@
 2011-10-12  Filip Pizlo  <fpi...@apple.com>
 
+        If an Arguments object is being used to copy the arguments, then
+        make this explicit
+        https://bugs.webkit.org/show_bug.cgi?id=69995
+
+        Reviewed by Sam Weinig.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::retrieveArguments):
+        * runtime/Arguments.h:
+        (JSC::Arguments::createAndCopyRegisters):
+        (JSC::Arguments::finishCreationButDontCopyRegisters):
+        (JSC::Arguments::finishCreation):
+        (JSC::Arguments::finishCreationAndCopyRegisters):
+
+2011-10-12  Filip Pizlo  <fpi...@apple.com>
+
         DFG CFA does not filter structures aggressively enough.
         https://bugs.webkit.org/show_bug.cgi?id=69989
 

Modified: trunk/Source/_javascript_Core/interpreter/Interpreter.cpp (97341 => 97342)

--- trunk/Source/_javascript_Core/interpreter/Interpreter.cpp	2011-10-13 04:09:44 UTC (rev 97341)
+++ trunk/Source/_javascript_Core/interpreter/Interpreter.cpp	2011-10-13 05:01:36 UTC (rev 97342)
@@ -5138,9 +5138,7 @@
         return arguments;
     }
 
-    Arguments* arguments = Arguments::create(functionCallFrame->globalData(), functionCallFrame);
-    arguments->copyRegisters(functionCallFrame->globalData());
-    return arguments;
+    return Arguments::createAndCopyRegisters(functionCallFrame->globalData(), functionCallFrame);
 }
 
 JSValue Interpreter::retrieveCaller(CallFrame* callFrame, JSFunction* function) const

Modified: trunk/Source/_javascript_Core/runtime/Arguments.h (97341 => 97342)

--- trunk/Source/_javascript_Core/runtime/Arguments.h	2011-10-13 04:09:44 UTC (rev 97341)
+++ trunk/Source/_javascript_Core/runtime/Arguments.h	2011-10-13 05:01:36 UTC (rev 97342)
@@ -68,6 +68,13 @@
             return arguments;
         }
         
+        static Arguments* createAndCopyRegisters(JSGlobalData& globalData, CallFrame* callFrame)
+        {
+            Arguments* arguments = new (allocateCell<Arguments>(globalData.heap)) Arguments(callFrame);
+            arguments->finishCreationAndCopyRegisters(callFrame);
+            return arguments;
+        }
+        
         static Arguments* createNoParameters(JSGlobalData& globalData, CallFrame* callFrame)
         {
             Arguments* arguments = new (allocateCell<Arguments>(globalData.heap)) Arguments(callFrame, NoParameters);
@@ -119,7 +126,9 @@
     protected:
         static const unsigned StructureFlags = OverridesGetOwnPropertySlot | OverridesVisitChildren | OverridesGetPropertyNames | JSObject::StructureFlags;
 
+        void finishCreationButDontCopyRegisters(CallFrame*);
         void finishCreation(CallFrame*);
+        void finishCreationAndCopyRegisters(CallFrame*);
         void finishCreation(CallFrame*, NoParametersType);
 
     private:
@@ -182,7 +191,7 @@
     {
     }
     
-    inline void Arguments::finishCreation(CallFrame* callFrame)
+    inline void Arguments::finishCreationButDontCopyRegisters(CallFrame* callFrame)
     {
         Base::finishCreation(callFrame->globalData());
         ASSERT(inherits(&s_info));
@@ -219,10 +228,21 @@
         d->overrodeCallee = false;
         d->overrodeCaller = false;
         d->isStrictMode = callFrame->codeBlock()->isStrictMode();
+    }
+
+    inline void Arguments::finishCreation(CallFrame* callFrame)
+    {
+        finishCreationButDontCopyRegisters(callFrame);
         if (d->isStrictMode)
             copyRegisters(callFrame->globalData());
     }
 
+    inline void Arguments::finishCreationAndCopyRegisters(CallFrame* callFrame)
+    {
+        finishCreationButDontCopyRegisters(callFrame);
+        copyRegisters(callFrame->globalData());
+    }
+
     inline void Arguments::finishCreation(CallFrame* callFrame, NoParametersType)
     {
         Base::finishCreation(callFrame->globalData());

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes