Modified: trunk/Source/_javascript_Core/dfg/DFGOperations.cpp (208912 => 208913)
--- trunk/Source/_javascript_Core/dfg/DFGOperations.cpp 2016-11-19 01:40:14 UTC (rev 208912)
+++ trunk/Source/_javascript_Core/dfg/DFGOperations.cpp 2016-11-19 01:46:01 UTC (rev 208913)
@@ -110,6 +110,7 @@
if (LIKELY(property.isUInt32())) {
// Despite its name, JSValue::isUInt32 will return true only for positive boxed int32_t; all those values are valid array indices.
ASSERT(isIndex(property.asUInt32()));
+ scope.release();
putByVal<strict, direct>(exec, baseValue, property.asUInt32(), value);
return;
}
@@ -118,6 +119,7 @@
double propertyAsDouble = property.asDouble();
uint32_t propertyAsUInt32 = static_cast<uint32_t>(propertyAsDouble);
if (propertyAsDouble == propertyAsUInt32 && isIndex(propertyAsUInt32)) {
+ scope.release();
putByVal<strict, direct>(exec, baseValue, propertyAsUInt32, value);
return;
}
@@ -130,12 +132,16 @@
PutPropertySlot slot(baseValue, strict);
if (direct) {
RELEASE_ASSERT(baseValue.isObject());
- if (Optional<uint32_t> index = parseIndex(propertyName))
+ if (Optional<uint32_t> index = parseIndex(propertyName)) {
+ scope.release();
asObject(baseValue)->putDirectIndex(exec, index.value(), value, 0, strict ? PutDirectIndexShouldThrow : PutDirectIndexShouldNotThrow);
- else
- asObject(baseValue)->putDirect(*vm, propertyName, value, slot);
- } else
- baseValue.put(exec, propertyName, value, slot);
+ return;
+ }
+ asObject(baseValue)->putDirect(*vm, propertyName, value, slot);
+ return;
+ }
+ scope.release();
+ baseValue.put(exec, propertyName, value, slot);
}
template<typename ViewClass>
@@ -152,7 +158,8 @@
if (vector)
return bitwise_cast<char*>(ViewClass::createWithFastVector(exec, structure, size, vector));
-
+
+ scope.release();
return bitwise_cast<char*>(ViewClass::create(exec, structure, size));
}
@@ -189,8 +196,11 @@
VM& vm = exec->vm();
NativeCallFrameTracer tracer(&vm, exec);
auto scope = DECLARE_THROW_SCOPE(vm);
- if (constructor->type() == JSFunctionType)
- return constructEmptyObject(exec, jsCast<JSFunction*>(constructor)->rareData(exec, inlineCapacity)->objectAllocationProfile()->structure());
+ if (constructor->type() == JSFunctionType) {
+ auto rareData = jsCast<JSFunction*>(constructor)->rareData(exec, inlineCapacity);
+ RETURN_IF_EXCEPTION(scope, nullptr);
+ return constructEmptyObject(exec, rareData->objectAllocationProfile()->structure());
+ }
JSValue proto = constructor->get(exec, exec->propertyNames().prototype);
RETURN_IF_EXCEPTION(scope, nullptr);
@@ -223,6 +233,7 @@
int32_t a = op1.toInt32(exec);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
+ scope.release();
int32_t b = op2.toInt32(exec);
return JSValue::encode(jsNumber(a & b));
}
@@ -238,6 +249,7 @@
int32_t a = op1.toInt32(exec);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
+ scope.release();
int32_t b = op2.toInt32(exec);
return JSValue::encode(jsNumber(a | b));
}
@@ -253,6 +265,7 @@
int32_t a = op1.toInt32(exec);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
+ scope.release();
int32_t b = op2.toInt32(exec);
return JSValue::encode(jsNumber(a ^ b));
}
@@ -268,6 +281,7 @@
int32_t a = op1.toInt32(exec);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
+ scope.release();
uint32_t b = op2.toUInt32(exec);
return JSValue::encode(jsNumber(a << (b & 0x1f)));
}
@@ -283,6 +297,7 @@
int32_t a = op1.toInt32(exec);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
+ scope.release();
uint32_t b = op2.toUInt32(exec);
return JSValue::encode(jsNumber(a >> (b & 0x1f)));
}
@@ -298,6 +313,7 @@
uint32_t a = op1.toUInt32(exec);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
+ scope.release();
uint32_t b = op2.toUInt32(exec);
return JSValue::encode(jsNumber(static_cast<int32_t>(a >> (b & 0x1f))));
}
@@ -329,6 +345,7 @@
double a = op1.toNumber(exec);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
+ scope.release();
double b = op2.toNumber(exec);
return JSValue::encode(jsNumber(a / b));
}
@@ -506,13 +523,17 @@
if (LIKELY(baseValue.isCell())) {
JSCell* base = baseValue.asCell();
- if (property.isUInt32())
+ if (property.isUInt32()) {
+ scope.release();
return getByVal(exec, base, property.asUInt32());
- else if (property.isDouble()) {
+ }
+ if (property.isDouble()) {
double propertyAsDouble = property.asDouble();
uint32_t propertyAsUInt32 = static_cast<uint32_t>(propertyAsDouble);
- if (propertyAsUInt32 == propertyAsDouble && isIndex(propertyAsUInt32))
+ if (propertyAsUInt32 == propertyAsDouble && isIndex(propertyAsUInt32)) {
+ scope.release();
return getByVal(exec, base, propertyAsUInt32);
+ }
} else if (property.isString()) {
Structure& structure = *base->structure(vm);
if (JSCell::canUseFastGetOwnProperty(structure)) {
@@ -528,6 +549,7 @@
RETURN_IF_EXCEPTION(scope, encodedJSValue());
auto propertyName = property.toPropertyKey(exec);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
+ scope.release();
return JSValue::encode(baseValue.get(exec, propertyName));
}
@@ -954,6 +976,7 @@
if (isJSString(baseValue) && asString(baseValue)->canGetIndex(i))
return JSValue::encode(asString(baseValue)->getIndex(exec, i));
+ scope.release();
return JSValue::encode(baseValue.get(exec, i, slot));
}
@@ -962,6 +985,7 @@
auto property = subscript.toPropertyKey(exec);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
+ scope.release();
return JSValue::encode(baseValue.get(exec, property, slot));
}
@@ -989,6 +1013,7 @@
Identifier property = JSValue::decode(encodedSubscript).toPropertyKey(exec);
RETURN_IF_EXCEPTION(scope, void());
+ scope.release();
putWithThis<true>(exec, encodedBase, encodedThis, encodedValue, property);
}
@@ -1000,6 +1025,7 @@
Identifier property = JSValue::decode(encodedSubscript).toPropertyKey(exec);
RETURN_IF_EXCEPTION(scope, void());
+ scope.release();
putWithThis<false>(exec, encodedBase, encodedThis, encodedValue, property);
}
@@ -1021,6 +1047,7 @@
Identifier propertyName = JSValue::decode(encodedProperty).toPropertyKey(exec);
RETURN_IF_EXCEPTION(scope, void());
+ scope.release();
defineDataProperty(exec, vm, base, propertyName, JSValue::decode(encodedValue), attributes);
}
@@ -1032,6 +1059,7 @@
Identifier propertyName = property->toIdentifier(exec);
RETURN_IF_EXCEPTION(scope, void());
+ scope.release();
defineDataProperty(exec, vm, base, propertyName, JSValue::decode(encodedValue), attributes);
}
@@ -1943,6 +1971,7 @@
if (isJSArray(iterable) && globalObject->isArrayIteratorProtocolFastAndNonObservable()) {
JSArray* array = jsCast<JSArray*>(iterable);
+ throwScope.release();
return JSFixedArray::createFromArray(exec, vm, array);
}
@@ -1963,6 +1992,7 @@
array = jsCast<JSArray*>(arrayResult);
}
+ throwScope.release();
return JSFixedArray::createFromArray(exec, vm, array);
}
@@ -2040,6 +2070,7 @@
auto throwScope = DECLARE_THROW_SCOPE(vm);
Identifier ident = Identifier::fromUid(exec, impl);
+ throwScope.release();
return JSValue::encode(scope->getPropertySlot(exec, ident, [&] (bool found, PropertySlot& slot) -> JSValue {
if (!found) {
GetPutInfo getPutInfo(getPutInfoBits);
@@ -2071,6 +2102,7 @@
const Identifier& ident = Identifier::fromUid(exec, impl);
GetPutInfo getPutInfo(getPutInfoBits);
bool hasProperty = scope->hasProperty(exec, ident);
+ RETURN_IF_EXCEPTION(throwScope, void());
if (hasProperty
&& scope->isGlobalLexicalEnvironment()
&& !isInitialization(getPutInfo.initializationMode())) {
@@ -2095,6 +2127,7 @@
else
strictMode = exec->codeBlock()->isStrictMode();
PutPropertySlot slot(scope, strictMode, PutPropertySlot::UnknownContext, isInitialization(getPutInfo.initializationMode()));
+ throwScope.release();
scope->methodTable()->put(scope, exec, ident, JSValue::decode(value), slot);
}
