Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (233084 => 233085)
--- trunk/Source/_javascript_Core/ChangeLog 2018-06-22 17:06:43 UTC (rev 233084)
+++ trunk/Source/_javascript_Core/ChangeLog 2018-06-22 18:26:36 UTC (rev 233085)
@@ -1,3 +1,58 @@
+2018-06-22 Keith Miller <[email protected]>
+
+ We should call visitChildren on Base not the exact typename
+ https://bugs.webkit.org/show_bug.cgi?id=186928
+
+ Reviewed by Mark Lam.
+
+ A lot of places were not properly calling visitChildren on their
+ superclass. For most of them it didn't matter because they had
+ immortal structures. If code changed in the future this might
+ break things however.
+
+ Also, block off more of the MethodTable for GetterSetter objects.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitChildren):
+ * bytecode/ExecutableToCodeBlockEdge.cpp:
+ (JSC::ExecutableToCodeBlockEdge::visitChildren):
+ * debugger/DebuggerScope.cpp:
+ (JSC::DebuggerScope::visitChildren):
+ * runtime/EvalExecutable.cpp:
+ (JSC::EvalExecutable::visitChildren):
+ * runtime/FunctionExecutable.cpp:
+ (JSC::FunctionExecutable::visitChildren):
+ * runtime/FunctionRareData.cpp:
+ (JSC::FunctionRareData::visitChildren):
+ * runtime/GenericArgumentsInlines.h:
+ (JSC::GenericArguments<Type>::visitChildren):
+ * runtime/GetterSetter.cpp:
+ (JSC::GetterSetter::visitChildren):
+ * runtime/GetterSetter.h:
+ * runtime/InferredType.cpp:
+ (JSC::InferredType::visitChildren):
+ * runtime/InferredTypeTable.cpp:
+ (JSC::InferredTypeTable::visitChildren):
+ * runtime/InferredValue.cpp:
+ (JSC::InferredValue::visitChildren):
+ * runtime/JSArrayBufferView.cpp:
+ (JSC::JSArrayBufferView::visitChildren):
+ * runtime/JSGenericTypedArrayViewInlines.h:
+ (JSC::JSGenericTypedArrayView<Adaptor>::visitChildren):
+ * runtime/ModuleProgramExecutable.cpp:
+ (JSC::ModuleProgramExecutable::visitChildren):
+ * runtime/ProgramExecutable.cpp:
+ (JSC::ProgramExecutable::visitChildren):
+ * runtime/ScopedArguments.cpp:
+ (JSC::ScopedArguments::visitChildren):
+ * runtime/ScopedArguments.h:
+ * runtime/Structure.cpp:
+ (JSC::Structure::visitChildren):
+ * runtime/StructureRareData.cpp:
+ (JSC::StructureRareData::visitChildren):
+ * runtime/SymbolTable.cpp:
+ (JSC::SymbolTable::visitChildren):
+
2018-06-20 Darin Adler <[email protected]>
[Cocoa] Use the isDirectory: variants of NSURL methods more to eliminate unnecessary file system activity
Modified: trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp (233084 => 233085)
--- trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp 2018-06-22 17:06:43 UTC (rev 233084)
+++ trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp 2018-06-22 18:26:36 UTC (rev 233085)
@@ -1012,7 +1012,7 @@
{
CodeBlock* thisObject = jsCast<CodeBlock*>(cell);
ASSERT_GC_OBJECT_INHERITS(thisObject, info());
- JSCell::visitChildren(thisObject, visitor);
+ Base::visitChildren(cell, visitor);
visitor.append(thisObject->m_ownerEdge);
thisObject->visitChildren(visitor);
}
Modified: trunk/Source/_javascript_Core/bytecode/ExecutableToCodeBlockEdge.cpp (233084 => 233085)
--- trunk/Source/_javascript_Core/bytecode/ExecutableToCodeBlockEdge.cpp 2018-06-22 17:06:43 UTC (rev 233084)
+++ trunk/Source/_javascript_Core/bytecode/ExecutableToCodeBlockEdge.cpp 2018-06-22 18:26:36 UTC (rev 233085)
@@ -48,6 +48,8 @@
{
VM& vm = visitor.vm();
ExecutableToCodeBlockEdge* edge = jsCast<ExecutableToCodeBlockEdge*>(cell);
+ Base::visitChildren(cell, visitor);
+
CodeBlock* codeBlock = edge->m_codeBlock.get();
// It's possible for someone to hold a pointer to the edge after the edge has cleared its weak
Modified: trunk/Source/_javascript_Core/debugger/DebuggerScope.cpp (233084 => 233085)
--- trunk/Source/_javascript_Core/debugger/DebuggerScope.cpp 2018-06-22 17:06:43 UTC (rev 233084)
+++ trunk/Source/_javascript_Core/debugger/DebuggerScope.cpp 2018-06-22 18:26:36 UTC (rev 233085)
@@ -60,7 +60,8 @@
{
DebuggerScope* thisObject = jsCast<DebuggerScope*>(cell);
ASSERT_GC_OBJECT_INHERITS(thisObject, info());
- JSObject::visitChildren(thisObject, visitor);
+ Base::visitChildren(cell, visitor);
+
visitor.append(thisObject->m_scope);
visitor.append(thisObject->m_next);
}
Modified: trunk/Source/_javascript_Core/runtime/EvalExecutable.cpp (233084 => 233085)
--- trunk/Source/_javascript_Core/runtime/EvalExecutable.cpp 2018-06-22 17:06:43 UTC (rev 233084)
+++ trunk/Source/_javascript_Core/runtime/EvalExecutable.cpp 2018-06-22 18:26:36 UTC (rev 233085)
@@ -48,7 +48,7 @@
{
EvalExecutable* thisObject = jsCast<EvalExecutable*>(cell);
ASSERT_GC_OBJECT_INHERITS(thisObject, info());
- ScriptExecutable::visitChildren(thisObject, visitor);
+ Base::visitChildren(thisObject, visitor);
visitor.append(thisObject->m_unlinkedEvalCodeBlock);
visitor.append(thisObject->m_evalCodeBlock);
}
Modified: trunk/Source/_javascript_Core/runtime/FunctionExecutable.cpp (233084 => 233085)
--- trunk/Source/_javascript_Core/runtime/FunctionExecutable.cpp 2018-06-22 17:06:43 UTC (rev 233084)
+++ trunk/Source/_javascript_Core/runtime/FunctionExecutable.cpp 2018-06-22 18:26:36 UTC (rev 233085)
@@ -84,7 +84,7 @@
{
FunctionExecutable* thisObject = jsCast<FunctionExecutable*>(cell);
ASSERT_GC_OBJECT_INHERITS(thisObject, info());
- ScriptExecutable::visitChildren(thisObject, visitor);
+ Base::visitChildren(thisObject, visitor);
visitor.append(thisObject->m_codeBlockForCall);
visitor.append(thisObject->m_codeBlockForConstruct);
visitor.append(thisObject->m_unlinkedExecutable);
Modified: trunk/Source/_javascript_Core/runtime/FunctionRareData.cpp (233084 => 233085)
--- trunk/Source/_javascript_Core/runtime/FunctionRareData.cpp 2018-06-22 17:06:43 UTC (rev 233084)
+++ trunk/Source/_javascript_Core/runtime/FunctionRareData.cpp 2018-06-22 18:26:36 UTC (rev 233085)
@@ -54,6 +54,7 @@
void FunctionRareData::visitChildren(JSCell* cell, SlotVisitor& visitor)
{
FunctionRareData* rareData = jsCast<FunctionRareData*>(cell);
+ Base::visitChildren(cell, visitor);
rareData->m_objectAllocationProfile.visitAggregate(visitor);
rareData->m_internalFunctionAllocationProfile.visitAggregate(visitor);
Modified: trunk/Source/_javascript_Core/runtime/GenericArgumentsInlines.h (233084 => 233085)
--- trunk/Source/_javascript_Core/runtime/GenericArgumentsInlines.h 2018-06-22 17:06:43 UTC (rev 233084)
+++ trunk/Source/_javascript_Core/runtime/GenericArgumentsInlines.h 2018-06-22 18:26:36 UTC (rev 233085)
@@ -35,6 +35,7 @@
{
Type* thisObject = static_cast<Type*>(thisCell);
ASSERT_GC_OBJECT_INHERITS(thisObject, info());
+ Base::visitChildren(thisCell, visitor);
if (thisObject->m_modifiedArgumentsDescriptor)
visitor.markAuxiliary(thisObject->m_modifiedArgumentsDescriptor.get());
Modified: trunk/Source/_javascript_Core/runtime/GetterSetter.cpp (233084 => 233085)
--- trunk/Source/_javascript_Core/runtime/GetterSetter.cpp 2018-06-22 17:06:43 UTC (rev 233084)
+++ trunk/Source/_javascript_Core/runtime/GetterSetter.cpp 2018-06-22 18:26:36 UTC (rev 233085)
@@ -39,7 +39,7 @@
{
GetterSetter* thisObject = jsCast<GetterSetter*>(cell);
ASSERT_GC_OBJECT_INHERITS(thisObject, info());
- JSCell::visitChildren(thisObject, visitor);
+ Base::visitChildren(thisObject, visitor);
visitor.append(thisObject->m_getter);
visitor.append(thisObject->m_setter);
Modified: trunk/Source/_javascript_Core/runtime/GetterSetter.h (233084 => 233085)
--- trunk/Source/_javascript_Core/runtime/GetterSetter.h 2018-06-22 17:06:43 UTC (rev 233084)
+++ trunk/Source/_javascript_Core/runtime/GetterSetter.h 2018-06-22 18:26:36 UTC (rev 233085)
@@ -118,6 +118,8 @@
static bool getOwnPropertySlot(JSObject*, ExecState*, PropertyName, PropertySlot&) { RELEASE_ASSERT_NOT_REACHED(); return false; }
static bool put(JSCell*, ExecState*, PropertyName, JSValue, PutPropertySlot&) { RELEASE_ASSERT_NOT_REACHED(); return false; }
+ static bool putByIndex(JSCell*, ExecState*, unsigned, JSValue, bool) { RELEASE_ASSERT_NOT_REACHED(); return false; }
+ static bool setPrototype(JSObject*, ExecState*, JSValue, bool) { RELEASE_ASSERT_NOT_REACHED(); return false; }
static bool defineOwnProperty(JSObject*, ExecState*, PropertyName, const PropertyDescriptor&, bool) { RELEASE_ASSERT_NOT_REACHED(); return false; }
static bool deleteProperty(JSCell*, ExecState*, PropertyName) { RELEASE_ASSERT_NOT_REACHED(); return false; }
Modified: trunk/Source/_javascript_Core/runtime/InferredType.cpp (233084 => 233085)
--- trunk/Source/_javascript_Core/runtime/InferredType.cpp 2018-06-22 17:06:43 UTC (rev 233084)
+++ trunk/Source/_javascript_Core/runtime/InferredType.cpp 2018-06-22 18:26:36 UTC (rev 233085)
@@ -86,6 +86,7 @@
void InferredType::visitChildren(JSCell* cell, SlotVisitor& visitor)
{
InferredType* inferredType = jsCast<InferredType*>(cell);
+ Base::visitChildren(cell, visitor);
if (inferredType->m_structure)
visitor.vm().inferredTypesWithFinalizers.add(inferredType);
}
Modified: trunk/Source/_javascript_Core/runtime/InferredTypeTable.cpp (233084 => 233085)
--- trunk/Source/_javascript_Core/runtime/InferredTypeTable.cpp 2018-06-22 17:06:43 UTC (rev 233084)
+++ trunk/Source/_javascript_Core/runtime/InferredTypeTable.cpp 2018-06-22 18:26:36 UTC (rev 233085)
@@ -53,6 +53,7 @@
void InferredTypeTable::visitChildren(JSCell* cell, SlotVisitor& visitor)
{
InferredTypeTable* inferredTypeTable = jsCast<InferredTypeTable*>(cell);
+ Base::visitChildren(cell, visitor);
ConcurrentJSLocker locker(inferredTypeTable->m_lock);
Modified: trunk/Source/_javascript_Core/runtime/InferredValue.cpp (233084 => 233085)
--- trunk/Source/_javascript_Core/runtime/InferredValue.cpp 2018-06-22 17:06:43 UTC (rev 233084)
+++ trunk/Source/_javascript_Core/runtime/InferredValue.cpp 2018-06-22 18:26:36 UTC (rev 233085)
@@ -54,7 +54,8 @@
void InferredValue::visitChildren(JSCell* cell, SlotVisitor& visitor)
{
InferredValue* inferredValue = jsCast<InferredValue*>(cell);
-
+ Base::visitChildren(cell, visitor);
+
JSValue value = inferredValue->m_value.get();
if (!value)
return;
Modified: trunk/Source/_javascript_Core/runtime/JSArrayBufferView.cpp (233084 => 233085)
--- trunk/Source/_javascript_Core/runtime/JSArrayBufferView.cpp 2018-06-22 17:06:43 UTC (rev 233084)
+++ trunk/Source/_javascript_Core/runtime/JSArrayBufferView.cpp 2018-06-22 18:26:36 UTC (rev 233085)
@@ -159,6 +159,7 @@
void JSArrayBufferView::visitChildren(JSCell* cell, SlotVisitor& visitor)
{
JSArrayBufferView* thisObject = jsCast<JSArrayBufferView*>(cell);
+ Base::visitChildren(cell, visitor);
if (thisObject->hasArrayBuffer()) {
WTF::loadLoadFence();
@@ -166,8 +167,6 @@
RELEASE_ASSERT(buffer);
visitor.addOpaqueRoot(buffer);
}
-
- Base::visitChildren(thisObject, visitor);
}
bool JSArrayBufferView::put(
Modified: trunk/Source/_javascript_Core/runtime/JSGenericTypedArrayViewInlines.h (233084 => 233085)
--- trunk/Source/_javascript_Core/runtime/JSGenericTypedArrayViewInlines.h 2018-06-22 17:06:43 UTC (rev 233084)
+++ trunk/Source/_javascript_Core/runtime/JSGenericTypedArrayViewInlines.h 2018-06-22 18:26:36 UTC (rev 233085)
@@ -514,7 +514,8 @@
void JSGenericTypedArrayView<Adaptor>::visitChildren(JSCell* cell, SlotVisitor& visitor)
{
JSGenericTypedArrayView* thisObject = jsCast<JSGenericTypedArrayView*>(cell);
-
+ Base::visitChildren(thisObject, visitor);
+
TypedArrayMode mode;
void* vector;
size_t byteSize;
@@ -545,8 +546,6 @@
RELEASE_ASSERT_NOT_REACHED();
break;
}
-
- Base::visitChildren(thisObject, visitor);
}
template<typename Adaptor>
Modified: trunk/Source/_javascript_Core/runtime/ModuleProgramExecutable.cpp (233084 => 233085)
--- trunk/Source/_javascript_Core/runtime/ModuleProgramExecutable.cpp 2018-06-22 17:06:43 UTC (rev 233084)
+++ trunk/Source/_javascript_Core/runtime/ModuleProgramExecutable.cpp 2018-06-22 18:26:36 UTC (rev 233085)
@@ -90,7 +90,7 @@
{
ModuleProgramExecutable* thisObject = jsCast<ModuleProgramExecutable*>(cell);
ASSERT_GC_OBJECT_INHERITS(thisObject, info());
- ScriptExecutable::visitChildren(thisObject, visitor);
+ Base::visitChildren(thisObject, visitor);
visitor.append(thisObject->m_unlinkedModuleProgramCodeBlock);
visitor.append(thisObject->m_moduleEnvironmentSymbolTable);
visitor.append(thisObject->m_moduleProgramCodeBlock);
Modified: trunk/Source/_javascript_Core/runtime/ProgramExecutable.cpp (233084 => 233085)
--- trunk/Source/_javascript_Core/runtime/ProgramExecutable.cpp 2018-06-22 17:06:43 UTC (rev 233084)
+++ trunk/Source/_javascript_Core/runtime/ProgramExecutable.cpp 2018-06-22 18:26:36 UTC (rev 233085)
@@ -207,7 +207,7 @@
{
ProgramExecutable* thisObject = jsCast<ProgramExecutable*>(cell);
ASSERT_GC_OBJECT_INHERITS(thisObject, info());
- ScriptExecutable::visitChildren(thisObject, visitor);
+ Base::visitChildren(thisObject, visitor);
visitor.append(thisObject->m_unlinkedProgramCodeBlock);
visitor.append(thisObject->m_programCodeBlock);
}
Modified: trunk/Source/_javascript_Core/runtime/ScopedArguments.cpp (233084 => 233085)
--- trunk/Source/_javascript_Core/runtime/ScopedArguments.cpp 2018-06-22 17:06:43 UTC (rev 233084)
+++ trunk/Source/_javascript_Core/runtime/ScopedArguments.cpp 2018-06-22 18:26:36 UTC (rev 233085)
@@ -120,8 +120,6 @@
visitor.appendValues(
thisObject->overflowStorage(), thisObject->storageHeader().totalLength - thisObject->m_table->length());
}
-
- GenericArguments<ScopedArguments>::visitChildren(cell, visitor);
}
Structure* ScopedArguments::createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
Modified: trunk/Source/_javascript_Core/runtime/ScopedArguments.h (233084 => 233085)
--- trunk/Source/_javascript_Core/runtime/ScopedArguments.h 2018-06-22 17:06:43 UTC (rev 233084)
+++ trunk/Source/_javascript_Core/runtime/ScopedArguments.h 2018-06-22 18:26:36 UTC (rev 233085)
@@ -40,6 +40,7 @@
private:
ScopedArguments(VM&, Structure*, WriteBarrier<Unknown>* storage);
void finishCreation(VM&, JSFunction* callee, ScopedArgumentsTable*, JSLexicalEnvironment*);
+ using Base = GenericArguments<ScopedArguments>;
public:
template<typename CellType>
Modified: trunk/Source/_javascript_Core/runtime/Structure.cpp (233084 => 233085)
--- trunk/Source/_javascript_Core/runtime/Structure.cpp 2018-06-22 17:06:43 UTC (rev 233084)
+++ trunk/Source/_javascript_Core/runtime/Structure.cpp 2018-06-22 18:26:36 UTC (rev 233085)
@@ -1078,7 +1078,7 @@
Structure* thisObject = jsCast<Structure*>(cell);
ASSERT_GC_OBJECT_INHERITS(thisObject, info());
- JSCell::visitChildren(thisObject, visitor);
+ Base::visitChildren(thisObject, visitor);
ConcurrentJSLocker locker(thisObject->m_lock);
Modified: trunk/Source/_javascript_Core/runtime/StructureRareData.cpp (233084 => 233085)
--- trunk/Source/_javascript_Core/runtime/StructureRareData.cpp 2018-06-22 17:06:43 UTC (rev 233084)
+++ trunk/Source/_javascript_Core/runtime/StructureRareData.cpp 2018-06-22 18:26:36 UTC (rev 233085)
@@ -66,7 +66,7 @@
StructureRareData* thisObject = jsCast<StructureRareData*>(cell);
ASSERT_GC_OBJECT_INHERITS(thisObject, info());
- JSCell::visitChildren(thisObject, visitor);
+ Base::visitChildren(thisObject, visitor);
visitor.append(thisObject->m_previous);
visitor.append(thisObject->m_objectToStringValue);
visitor.append(thisObject->m_cachedPropertyNameEnumerator);
Modified: trunk/Source/_javascript_Core/runtime/SymbolTable.cpp (233084 => 233085)
--- trunk/Source/_javascript_Core/runtime/SymbolTable.cpp 2018-06-22 17:06:43 UTC (rev 233084)
+++ trunk/Source/_javascript_Core/runtime/SymbolTable.cpp 2018-06-22 18:26:36 UTC (rev 233085)
@@ -101,7 +101,8 @@
void SymbolTable::visitChildren(JSCell* thisCell, SlotVisitor& visitor)
{
SymbolTable* thisSymbolTable = jsCast<SymbolTable*>(thisCell);
-
+ Base::visitChildren(thisSymbolTable, visitor);
+
visitor.append(thisSymbolTable->m_arguments);
visitor.append(thisSymbolTable->m_singletonScope);
