Modified: trunk/Source/_javascript_Core/ChangeLog (202032 => 202033)
--- trunk/Source/_javascript_Core/ChangeLog 2016-06-14 06:36:30 UTC (rev 202032)
+++ trunk/Source/_javascript_Core/ChangeLog 2016-06-14 06:57:15 UTC (rev 202033)
@@ -1,5 +1,24 @@
2016-06-13 Gavin & Ellie Barraclough <[email protected]>
+ setUpStaticFunctionSlot does not handle Builtin|Accessor properties
+ https://bugs.webkit.org/show_bug.cgi?id=158637
+
+ Reviewed by Geoff Garen.
+
+ setUpStaticFunctionSlot contains a duplicate copy of the body of the function reifyStaticProperty
+ - however it is missing handling for Accessor type under Builtin functions.
+ Fix the bug by de-duplicating - setUpStaticFunctionSlot should just call reifyStaticProperty.
+
+ * runtime/Lookup.cpp:
+ (JSC::setUpStaticFunctionSlot):
+ - should just call reifyStaticProperty.
+ * runtime/Lookup.h:
+ (JSC::lookupPut):
+ (JSC::reifyStaticProperty):
+ - changed reifyStaticProperty to take PropertyName.
+
+2016-06-13 Gavin & Ellie Barraclough <[email protected]>
+
JSBoundSlotBaseFunction no longer binds slot base
https://bugs.webkit.org/show_bug.cgi?id=157978
Modified: trunk/Source/_javascript_Core/runtime/Lookup.cpp (202032 => 202033)
--- trunk/Source/_javascript_Core/runtime/Lookup.cpp 2016-06-14 06:36:30 UTC (rev 202032)
+++ trunk/Source/_javascript_Core/runtime/Lookup.cpp 2016-06-14 06:57:15 UTC (rev 202033)
@@ -56,30 +56,7 @@
if (thisObject->staticPropertiesReified())
return false;
- if (entry->attributes() & Builtin)
- thisObject->putDirectBuiltinFunction(vm, thisObject->globalObject(), propertyName, entry->builtinGenerator()(vm), attributesForStructure(entry->attributes()));
- else if (entry->attributes() & Function) {
- thisObject->putDirectNativeFunction(
- vm, thisObject->globalObject(), propertyName, entry->functionLength(),
- entry->function(), entry->intrinsic(), attributesForStructure(entry->attributes()));
- } else if (isAccessor)
- reifyStaticAccessor(vm, *entry, *thisObject, propertyName);
- else if (entry->attributes() & CellProperty) {
- LazyCellProperty* property = bitwise_cast<LazyCellProperty*>(
- bitwise_cast<char*>(thisObject) + entry->lazyCellPropertyOffset());
- JSCell* result = property->get(thisObject);
- thisObject->putDirect(vm, propertyName, result, attributesForStructure(entry->attributes()));
- } else if (entry->attributes() & ClassStructure) {
- LazyClassStructure* structure = bitwise_cast<LazyClassStructure*>(
- bitwise_cast<char*>(thisObject) + entry->lazyClassStructureOffset());
- structure->get(jsCast<JSGlobalObject*>(thisObject));
- } else if (entry->attributes() & PropertyCallback) {
- JSValue result = entry->lazyPropertyCallback()(vm, thisObject);
- thisObject->putDirect(vm, propertyName, result, attributesForStructure(entry->attributes()));
- } else {
- dataLog("Static hashtable entry for ", propertyName, " has weird attributes: ", entry->attributes(), "\n");
- RELEASE_ASSERT_NOT_REACHED();
- }
+ reifyStaticProperty(vm, propertyName, *entry, *thisObject);
offset = thisObject->getDirectOffset(vm, propertyName, attributes);
if (!isValidOffset(offset)) {
Modified: trunk/Source/_javascript_Core/runtime/Lookup.h (202032 => 202033)
--- trunk/Source/_javascript_Core/runtime/Lookup.h 2016-06-14 06:36:30 UTC (rev 202032)
+++ trunk/Source/_javascript_Core/runtime/Lookup.h 2016-06-14 06:57:15 UTC (rev 202033)
@@ -289,7 +289,7 @@
return true;
}
-inline void reifyStaticProperty(VM& vm, const Identifier& propertyName, const HashTableValue& value, JSObject& thisObj)
+inline void reifyStaticProperty(VM& vm, const PropertyName& propertyName, const HashTableValue& value, JSObject& thisObj)
{
if (value.attributes() & Builtin) {
if (value.attributes() & Accessor)
