Diff
Modified: trunk/Source/_javascript_Core/API/JSCallbackObject.h (99263 => 99264)
--- trunk/Source/_javascript_Core/API/JSCallbackObject.h 2011-11-04 04:53:36 UTC (rev 99263)
+++ trunk/Source/_javascript_Core/API/JSCallbackObject.h 2011-11-04 07:35:18 UTC (rev 99264)
@@ -185,7 +185,7 @@
static bool deleteProperty(JSCell*, ExecState*, const Identifier&);
static bool deletePropertyByIndex(JSCell*, ExecState*, unsigned);
- static bool hasInstance(JSObject*, ExecState*, JSValue, JSValue proto);
+ virtual bool hasInstance(ExecState* exec, JSValue value, JSValue proto);
static void getOwnPropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode);
Modified: trunk/Source/_javascript_Core/API/JSCallbackObjectFunctions.h (99263 => 99264)
--- trunk/Source/_javascript_Core/API/JSCallbackObjectFunctions.h 2011-11-04 04:53:36 UTC (rev 99263)
+++ trunk/Source/_javascript_Core/API/JSCallbackObjectFunctions.h 2011-11-04 07:35:18 UTC (rev 99264)
@@ -355,13 +355,12 @@
}
template <class Parent>
-bool JSCallbackObject<Parent>::hasInstance(JSObject* object, ExecState* exec, JSValue value, JSValue)
+bool JSCallbackObject<Parent>::hasInstance(ExecState* exec, JSValue value, JSValue)
{
- JSCallbackObject* thisObject = static_cast<JSCallbackObject*>(object);
JSContextRef execRef = toRef(exec);
- JSObjectRef thisRef = toRef(thisObject);
+ JSObjectRef thisRef = toRef(this);
- for (JSClassRef jsClass = thisObject->classRef(); jsClass; jsClass = jsClass->parentClass) {
+ for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass) {
if (JSObjectHasInstanceCallback hasInstance = jsClass->hasInstance) {
JSValueRef valueRef = toRef(exec, value);
JSValueRef exception = 0;
Modified: trunk/Source/_javascript_Core/API/JSValueRef.cpp (99263 => 99264)
--- trunk/Source/_javascript_Core/API/JSValueRef.cpp 2011-11-04 04:53:36 UTC (rev 99263)
+++ trunk/Source/_javascript_Core/API/JSValueRef.cpp 2011-11-04 07:35:18 UTC (rev 99264)
@@ -175,7 +175,7 @@
JSObject* jsConstructor = toJS(constructor);
if (!jsConstructor->structure()->typeInfo().implementsHasInstance())
return false;
- bool result = jsConstructor->methodTable()->hasInstance(jsConstructor, exec, jsValue, jsConstructor->get(exec, exec->propertyNames().prototype)); // false if an exception is thrown
+ bool result = jsConstructor->hasInstance(exec, jsValue, jsConstructor->get(exec, exec->propertyNames().prototype)); // false if an exception is thrown
if (exec->hadException()) {
if (exception)
*exception = toRef(exec, exec->exception());
Modified: trunk/Source/_javascript_Core/ChangeLog (99263 => 99264)
--- trunk/Source/_javascript_Core/ChangeLog 2011-11-04 04:53:36 UTC (rev 99263)
+++ trunk/Source/_javascript_Core/ChangeLog 2011-11-04 07:35:18 UTC (rev 99264)
@@ -1,3 +1,31 @@
+2011-11-04 Csaba Osztrogonác <[email protected]>
+
+ De-virtualize JSObject::hasInstance
+ https://bugs.webkit.org/show_bug.cgi?id=71430
+
+ Unreviewed rolling out r99238, because it made a test crash on all platform.
+
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::hasInstance):
+ * API/JSValueRef.cpp:
+ (JSValueIsInstanceOfConstructor):
+ * _javascript_Core.exp:
+ * _javascript_Core.vcproj/_javascript_Core/_javascript_Core.def:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/ClassInfo.h:
+ * runtime/JSBoundFunction.cpp:
+ (JSC::JSBoundFunction::hasInstance):
+ * runtime/JSBoundFunction.h:
+ * runtime/JSCell.cpp:
+ * runtime/JSCell.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::hasInstance):
+ * runtime/JSObject.h:
+
2011-11-03 Mark Hahnenberg <[email protected]>
De-virtualize JSObject::getPropertyNames
Modified: trunk/Source/_javascript_Core/_javascript_Core.exp (99263 => 99264)
--- trunk/Source/_javascript_Core/_javascript_Core.exp 2011-11-04 04:53:36 UTC (rev 99263)
+++ trunk/Source/_javascript_Core/_javascript_Core.exp 2011-11-04 07:35:18 UTC (rev 99264)
@@ -303,7 +303,7 @@
__ZN3JSC8Debugger6detachEPNS_14JSGlobalObjectE
__ZN3JSC8DebuggerD2Ev
__ZN3JSC8JSObject10putByIndexEPNS_6JSCellEPNS_9ExecStateEjNS_7JSValueE
-__ZN3JSC8JSObject11hasInstanceEPS0_PNS_9ExecStateENS_7JSValueES4_
+__ZN3JSC8JSObject11hasInstanceEPNS_9ExecStateENS_7JSValueES3_
__ZN3JSC8JSObject12defineGetterEPS0_PNS_9ExecStateERKNS_10IdentifierES1_j
__ZN3JSC8JSObject12defaultValueEPKS0_PNS_9ExecStateENS_22PreferredPrimitiveTypeE
__ZN3JSC8JSObject12defineSetterEPS0_PNS_9ExecStateERKNS_10IdentifierES1_j
Modified: trunk/Source/_javascript_Core/_javascript_Core.vcproj/_javascript_Core/_javascript_Core.def (99263 => 99264)
--- trunk/Source/_javascript_Core/_javascript_Core.vcproj/_javascript_Core/_javascript_Core.def 2011-11-04 04:53:36 UTC (rev 99263)
+++ trunk/Source/_javascript_Core/_javascript_Core.vcproj/_javascript_Core/_javascript_Core.def 2011-11-04 07:35:18 UTC (rev 99264)
@@ -211,7 +211,7 @@
?globalExec@JSGlobalObject@JSC@@QAEPAVExecState@2@XZ
?globalObjectCount@Heap@JSC@@QAEIXZ
?grow@HandleHeap@JSC@@AAEXXZ
- ?hasInstance@JSObject@JSC@@SA_NPAV12@PAVExecState@2@VJSValue@2@2@Z
+ ?hasInstance@JSObject@JSC@@UAE_NPAVExecState@2@VJSValue@2@1@Z
?hasProperty@JSObject@JSC@@QBE_NPAVExecState@2@ABVIdentifier@2@@Z
?hasProperty@JSObject@JSC@@QBE_NPAVExecState@2@I@Z
?heap@Heap@JSC@@SAPAV12@VJSValue@2@@Z
Modified: trunk/Source/_javascript_Core/interpreter/Interpreter.cpp (99263 => 99264)
--- trunk/Source/_javascript_Core/interpreter/Interpreter.cpp 2011-11-04 04:53:36 UTC (rev 99263)
+++ trunk/Source/_javascript_Core/interpreter/Interpreter.cpp 2011-11-04 07:35:18 UTC (rev 99264)
@@ -2354,7 +2354,7 @@
ASSERT(!isInvalidParamForInstanceOf(callFrame, baseVal, exceptionValue));
- bool result = asObject(baseVal)->methodTable()->hasInstance(asObject(baseVal), callFrame, callFrame->r(value).jsValue(), callFrame->r(baseProto).jsValue());
+ bool result = asObject(baseVal)->hasInstance(callFrame, callFrame->r(value).jsValue(), callFrame->r(baseProto).jsValue());
CHECK_FOR_EXCEPTION();
callFrame->uncheckedR(dst) = jsBoolean(result);
Modified: trunk/Source/_javascript_Core/jit/JITStubs.cpp (99263 => 99264)
--- trunk/Source/_javascript_Core/jit/JITStubs.cpp 2011-11-04 04:53:36 UTC (rev 99263)
+++ trunk/Source/_javascript_Core/jit/JITStubs.cpp 2011-11-04 07:35:18 UTC (rev 99264)
@@ -2092,7 +2092,7 @@
if (!typeInfo.overridesHasInstance() && !value.isObject())
return JSValue::encode(jsBoolean(false));
- JSValue result = jsBoolean(asObject(baseVal)->methodTable()->hasInstance(asObject(baseVal), callFrame, value, proto));
+ JSValue result = jsBoolean(asObject(baseVal)->hasInstance(callFrame, value, proto));
CHECK_FOR_EXCEPTION_AT_END();
return JSValue::encode(result);
Modified: trunk/Source/_javascript_Core/runtime/ClassInfo.h (99263 => 99264)
--- trunk/Source/_javascript_Core/runtime/ClassInfo.h 2011-11-04 04:53:36 UTC (rev 99263)
+++ trunk/Source/_javascript_Core/runtime/ClassInfo.h 2011-11-04 07:35:18 UTC (rev 99264)
@@ -80,9 +80,6 @@
typedef UString (*ClassNameFunctionPtr)(const JSObject*);
ClassNameFunctionPtr className;
-
- typedef bool (*HasInstanceFunctionPtr)(JSObject*, ExecState*, JSValue, JSValue);
- HasInstanceFunctionPtr hasInstance;
};
#define CREATE_MEMBER_CHECKER(member) \
@@ -121,7 +118,6 @@
&ClassName::getOwnPropertyNames, \
&ClassName::getPropertyNames, \
&ClassName::className, \
- &ClassName::hasInstance, \
}, \
sizeof(ClassName)
Modified: trunk/Source/_javascript_Core/runtime/JSBoundFunction.cpp (99263 => 99264)
--- trunk/Source/_javascript_Core/runtime/JSBoundFunction.cpp 2011-11-04 04:53:36 UTC (rev 99263)
+++ trunk/Source/_javascript_Core/runtime/JSBoundFunction.cpp 2011-11-04 07:35:18 UTC (rev 99264)
@@ -87,14 +87,13 @@
return function;
}
-bool JSBoundFunction::hasInstance(JSObject* object, ExecState* exec, JSValue value, JSValue)
+bool JSBoundFunction::hasInstance(ExecState* exec, JSValue value, JSValue)
{
- JSBoundFunction* thisObject = static_cast<JSBoundFunction*>(object);
// FIXME: our instanceof implementation will have already (incorrectly) performed
// a [[Get]] of .prototype from the bound function object, which is incorrect!
// https://bugs.webkit.org/show_bug.cgi?id=68656
- JSValue proto = thisObject->m_targetFunction->get(exec, exec->propertyNames().prototype);
- return thisObject->m_targetFunction->methodTable()->hasInstance(thisObject, exec, value, proto);
+ JSValue proto = m_targetFunction->get(exec, exec->propertyNames().prototype);
+ return m_targetFunction->hasInstance(exec, value, proto);
}
JSBoundFunction::JSBoundFunction(ExecState* exec, JSGlobalObject* globalObject, Structure* structure, JSObject* targetFunction, JSValue boundThis, JSValue boundArgs)
Modified: trunk/Source/_javascript_Core/runtime/JSBoundFunction.h (99263 => 99264)
--- trunk/Source/_javascript_Core/runtime/JSBoundFunction.h 2011-11-04 04:53:36 UTC (rev 99263)
+++ trunk/Source/_javascript_Core/runtime/JSBoundFunction.h 2011-11-04 07:35:18 UTC (rev 99264)
@@ -39,7 +39,7 @@
static JSBoundFunction* create(ExecState*, JSGlobalObject*, JSObject* targetFunction, JSValue boundThis, JSValue boundArgs, int, const Identifier&);
- static bool hasInstance(JSObject*, ExecState*, JSValue, JSValue proto);
+ virtual bool hasInstance(ExecState*, JSValue value, JSValue proto);
JSObject* targetFunction() { return m_targetFunction.get(); }
JSValue boundThis() { return m_boundThis.get(); }
Modified: trunk/Source/_javascript_Core/runtime/JSCell.cpp (99263 => 99264)
--- trunk/Source/_javascript_Core/runtime/JSCell.cpp 2011-11-04 04:53:36 UTC (rev 99263)
+++ trunk/Source/_javascript_Core/runtime/JSCell.cpp 2011-11-04 07:35:18 UTC (rev 99264)
@@ -185,12 +185,6 @@
return UString();
}
-bool JSCell::hasInstance(JSObject*, ExecState*, JSValue, JSValue)
-{
- ASSERT_NOT_REACHED();
- return false;
-}
-
void JSCell::getPropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode)
{
ASSERT_NOT_REACHED();
Modified: trunk/Source/_javascript_Core/runtime/JSCell.h (99263 => 99264)
--- trunk/Source/_javascript_Core/runtime/JSCell.h 2011-11-04 04:53:36 UTC (rev 99263)
+++ trunk/Source/_javascript_Core/runtime/JSCell.h 2011-11-04 07:35:18 UTC (rev 99264)
@@ -146,7 +146,6 @@
static NO_RETURN_DUE_TO_ASSERT void getOwnPropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode);
static NO_RETURN_DUE_TO_ASSERT void getPropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode);
static UString className(const JSObject*);
- static bool hasInstance(JSObject*, ExecState*, JSValue, JSValue prototypeProperty);
private:
WriteBarrier<Structure> m_structure;
Modified: trunk/Source/_javascript_Core/runtime/JSObject.cpp (99263 => 99264)
--- trunk/Source/_javascript_Core/runtime/JSObject.cpp 2011-11-04 04:53:36 UTC (rev 99263)
+++ trunk/Source/_javascript_Core/runtime/JSObject.cpp 2011-11-04 07:35:18 UTC (rev 99264)
@@ -456,7 +456,7 @@
return descriptor.setter();
}
-bool JSObject::hasInstance(JSObject*, ExecState* exec, JSValue value, JSValue proto)
+bool JSObject::hasInstance(ExecState* exec, JSValue value, JSValue proto)
{
if (!value.isObject())
return false;
Modified: trunk/Source/_javascript_Core/runtime/JSObject.h (99263 => 99264)
--- trunk/Source/_javascript_Core/runtime/JSObject.h 2011-11-04 04:53:36 UTC (rev 99263)
+++ trunk/Source/_javascript_Core/runtime/JSObject.h 2011-11-04 07:35:18 UTC (rev 99264)
@@ -124,7 +124,7 @@
static JSValue defaultValue(const JSObject*, ExecState*, PreferredPrimitiveType);
- static bool hasInstance(JSObject*, ExecState*, JSValue, JSValue prototypeProperty);
+ virtual bool hasInstance(ExecState*, JSValue, JSValue prototypeProperty);
static void getOwnPropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode);
static void getPropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode);
