Diff
Modified: trunk/JSTests/ChangeLog (262826 => 262827)
--- trunk/JSTests/ChangeLog 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/JSTests/ChangeLog 2020-06-10 00:21:56 UTC (rev 262827)
@@ -1,3 +1,13 @@
+2020-06-09 Mark Lam <[email protected]>
+
+ Disambiguate the OverridesGetPropertyNames structure flag
+ https://bugs.webkit.org/show_bug.cgi?id=212909
+ <rdar://problem/63823557>
+
+ Reviewed by Saam Barati.
+
+ * stress/unexpected-stack-overflow-below-JSObject-getPropertyNames.js: Added.
+
2020-06-08 Ross Kirsling <[email protected]>
[Intl] Update tests to support ICU 67
Added: trunk/JSTests/stress/unexpected-stack-overflow-below-JSObject-getPropertyNames.js (0 => 262827)
--- trunk/JSTests/stress/unexpected-stack-overflow-below-JSObject-getPropertyNames.js (rev 0)
+++ trunk/JSTests/stress/unexpected-stack-overflow-below-JSObject-getPropertyNames.js 2020-06-10 00:21:56 UTC (rev 262827)
@@ -0,0 +1,31 @@
+//@ requireOptions("--exceptionStackTraceLimit=0", "--defaultErrorStackTraceLimit=0")
+
+let arr0 = [];
+var afterFirstCatch = false;
+
+function foo(arg0) {
+ var exception;
+ let arr1 = [];
+ arg0.__proto__ = arr1;
+ try {
+ foo(arr1);
+ } catch (e) {
+ // This afterFirstCatch tracking is just to facilitate being able to end this
+ // test quickly without having to run the for-in loop below on the entire return
+ // path.
+ if (afterFirstCatch)
+ throw e;
+ afterFirstCatch = true;
+ exception = e;
+ }
+ for (let q in arr0) { }
+ if (afterFirstCatch)
+ throw exception; // We're done with the test. Let's end this quickly.
+}
+
+try {
+ foo(arr0);
+} catch (e) {
+ if (e != "RangeError: Maximum call stack size exceeded.")
+ throw e;
+}
Modified: trunk/Source/_javascript_Core/API/JSAPIValueWrapper.h (262826 => 262827)
--- trunk/Source/_javascript_Core/API/JSAPIValueWrapper.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/_javascript_Core/API/JSAPIValueWrapper.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -1,7 +1,7 @@
/*
* Copyright (C) 1999-2001 Harri Porten ([email protected])
* Copyright (C) 2001 Peter Kelly ([email protected])
- * Copyright (C) 2003-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2003-2020 Apple Inc. All rights reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
@@ -33,8 +33,14 @@
friend JSValue jsAPIValueWrapper(JSGlobalObject*, JSValue);
public:
using Base = JSCell;
- static constexpr unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal;
+ // OverridesAnyFormOfGetPropertyNames (which used to be OverridesGetPropertyNames) was here
+ // since ancient times back when we pessimistically choose to apply this flag. I think we
+ // can remove it, but we should do more testing before we do so.
+ // Ref: http://trac.webkit.org/changeset/49694/webkit#file9
+ // FIXME: https://bugs.webkit.org/show_bug.cgi?id=212954
+ static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesAnyFormOfGetPropertyNames | StructureIsImmortal;
+
template<typename CellType, SubspaceAccess mode>
static IsoSubspace* subspaceFor(VM& vm)
{
@@ -45,7 +51,7 @@
static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
{
- return Structure::create(vm, globalObject, prototype, TypeInfo(APIValueWrapperType, OverridesGetPropertyNames), info());
+ return Structure::create(vm, globalObject, prototype, TypeInfo(APIValueWrapperType, StructureFlags), info());
}
DECLARE_EXPORT_INFO;
Modified: trunk/Source/_javascript_Core/API/JSCallbackObject.h (262826 => 262827)
--- trunk/Source/_javascript_Core/API/JSCallbackObject.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/_javascript_Core/API/JSCallbackObject.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2006-2020 Apple Inc. All rights reserved.
* Copyright (C) 2007 Eric Seidel <[email protected]>
*
* Redistribution and use in source and binary forms, with or without
@@ -125,7 +125,7 @@
class JSCallbackObject final : public Parent {
public:
using Base = Parent;
- static constexpr unsigned StructureFlags = Base::StructureFlags | ProhibitsPropertyCaching | OverridesGetOwnPropertySlot | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | ImplementsHasInstance | OverridesGetPropertyNames | OverridesGetCallData;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | ProhibitsPropertyCaching | OverridesGetOwnPropertySlot | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | ImplementsHasInstance | OverridesAnyFormOfGetPropertyNames | OverridesGetCallData;
static_assert(!(StructureFlags & ImplementsDefaultHasInstance), "using customHasInstance");
~JSCallbackObject();
Modified: trunk/Source/_javascript_Core/ChangeLog (262826 => 262827)
--- trunk/Source/_javascript_Core/ChangeLog 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/_javascript_Core/ChangeLog 2020-06-10 00:21:56 UTC (rev 262827)
@@ -1,3 +1,179 @@
+2020-06-09 Mark Lam <[email protected]>
+
+ Disambiguate the OverridesGetPropertyNames structure flag
+ https://bugs.webkit.org/show_bug.cgi?id=212909
+ <rdar://problem/63823557>
+
+ Reviewed by Saam Barati.
+
+ Previously, the OverridesGetPropertyNames structure flag could mean 2 different
+ things:
+ 1. the getPropertyNames() method is overridden, or
+ 2. any of the forms of getPropertyName() is overridden:
+ getPropertyName, getOwnPropertyNames, getOwnNonIndexPropertyNames
+
+ Some parts of the code expects one definition while other parts expect the other.
+ This patch disambiguates between the 2 by introducing OverridesAnyFormOfGetPropertyNames
+ for definition (2). OverridesGetPropertyNames now only means definition (1).
+
+ Note: we could have implemented overridesGetPropertyNames() by doing a comparison
+ of the getPropertyNames pointer in the MethodTable. This is a little slower than
+ checking a TypeInfo flag, but probably doesn't matter a lot in the code paths
+ where overridesGetPropertyNames() is called. However, we have bits in TypeInfo
+ left. So, we'll might as well use it.
+
+ This ambiguity resulted in JSObject::getPropertyNames() recursing infinitely
+ when it didn't think it could recurse. This is demonstrated in
+ JSTests/stress/unexpected-stack-overflow-below-JSObject-getPropertyNames.js as
+ follows:
+
+ 1. The test case invokes JSObject::getPropertyNames on a JSArray.
+
+ 2. In the while loop at the bottom of JSObject::getPropertynames(), we check
+ `if (prototype->structure(vm)->typeInfo().overridesGetPropertyNames()) {`.
+
+ 3. The test overrides proto as follows:
+ `arg0.__proto__ = arr1` where both arg0 and arr1 are JArrays.
+
+ 4. In the old code, JSArray sets OverridesGetPropertyNames but does not override
+ getPropertyNames(). It actually meant to set OverridesAnyFormOfGetPropertyNames
+ (after we disambiguated it) because JSArray overrides getOwnNonIndexPropertyNames().
+
+ 5. When we get to the check at (2), we ask if the prototype overridesGetPropertyNames().
+ Since JSArray sets OverridesGetPropertyNames, the answer is yes / true.
+
+ JSObject::getPropertynames() then proceeds to invoke
+ `prototype->methodTable(vm)->getPropertyNames(prototype, globalObject, propertyNames, mode);`
+
+ But because JSArray does not actually overrides getPropertyNames(), we're
+ actually invoking JSObject::getPropertyNames() here. Viola! Infinite loop.
+
+ With this patch, JSArray is disambiguated to set OverridesAnyFormOfGetPropertyNames
+ instead of OverridesGetPropertyNames, and this infinite loop no longer exists.
+
+ This patch also made the following changes:
+
+ 1. Templatized TypeInfo::isSetOnFlags1() and TypeInfo::isSetOnFlags2() so that
+ we can used static_asserts instead of a debug ASSERT to verify the integrity of
+ the flag we're checking against.
+
+ 2. Added a Structure::validateFlags() called from the Structure constructor.
+ validateFlags() will verify the following:
+ a. OverridesGetOwnPropertySlot must be set in the flags if getOwnPropertySlot
+ is overridden in the MethodTable.
+ b. InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero must be set in
+ the flags if getOwnPropertySlotByIndex is overridden in the MethodTable.
+ c. HasPutPropertySecurityCheck must be set in the flags if doPutPropertySecurityCheck
+ is overridden in the MethodTable.
+ d. OverridesGetPropertyNames must be set in the flags if getPropertyNames
+ is overridden in the MethodTable.
+ e. OverridesAnyFormOfGetPropertyNames must be set in the flags if any of
+ getPropertyNames, getOwnPropertyNames, or getOwnNonIndexPropertyNames are
+ overridden in the MethodTable.
+
+ An alternate solution would be to automatically set these flags if we detect
+ their corresponding methods are overridden. However, this alternate solution
+ requires this laundry list to be checked every time a structure is constructed.
+ The current implementation of having the required flags already pre-determined
+ as a constant is more efficient in terms of performance and code space.
+
+ Also, it only takes one instantiation of the structure to verify that the flags
+ are valid. Since we only write JSCell / JSObject classes when we need them
+ and we always write tests to exercise new code (especially such classes), we're
+ guaranteed the flags validation will be exercised.
+
+ 3. Made JSObject::getOwnPropertySlot() and JSObject::doPutPropertySecurityCheck()
+ not inlined when ASSERT_ENABLED. This is needed in order for Structure::validateFlags()
+ to do its checks using function pointer comparisons. Otherwise, the inline
+ functions can result in multiple instantiations of these functions. For
+ example, WebCore can get its own copy of JSObject::getOwnPropertySlot() and
+ the comparisons will think the function is overridden even when it's not.
+
+ 4. Structure::validateFlags() found the following problems which are now fixed:
+
+ GetterSetter was not using its StructureFlags. As a result, it was missing the
+ OverridesGetOwnPropertySlot flag.
+
+ JSDataView did not define its StructureFlags. It was missing the
+ OverridesGetOwnPropertySlot and OverridesAnyFormOfGetPropertyNames flags.
+
+ 5. Changed a TypeInfo constructor to not have a default argument for the flags value.
+ Also grepped for all uses of this constructor to make sure that it is passed
+ the StructureFlags field. This exercise found the following issue:
+
+ JSAPIValueWrapper was not using its StructureFlags when creating its structure.
+ Previously, it was just ignoring the StructureIsImmortal flag in StructureFlags.
+
+ 6. Hardened the assertions for hasReadOnlyOrGetterSetterPropertiesExcludingProto()
+ and hasGetterSetterProperties() in the Structure constructor.
+
+ Previously, if the flag is set, it verifies that the ClassInfo has the
+ appropriate data expected by the flag. However, it does not assert the reverse
+ i.e. that if the ClassInfo data exists, then the flag must also be set.
+ The new assertions now checks both.
+
+ Moved the overridesGetCallData() assertion into Structure::validateFlags()
+ because it concerns the OverridesGetCallData flag. This assertion has also
+ ben hardened.
+
+ * API/JSAPIValueWrapper.h:
+ * API/JSCallbackObject.h:
+ * debugger/DebuggerScope.h:
+ * inspector/JSInjectedScriptHostPrototype.h:
+ * inspector/JSJavaScriptCallFramePrototype.h:
+ * runtime/ClonedArguments.h:
+ * runtime/ErrorInstance.h:
+ * runtime/GenericArguments.h:
+ * runtime/GetterSetter.h:
+ * runtime/JSArray.h:
+ * runtime/JSDataView.h:
+ * runtime/JSFunction.h:
+ * runtime/JSGenericTypedArrayView.h:
+ * runtime/JSGlobalObject.h:
+ * runtime/JSLexicalEnvironment.h:
+ * runtime/JSModuleEnvironment.h:
+ * runtime/JSModuleNamespaceObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::doPutPropertySecurityCheck):
+ (JSC::JSObject::getOwnPropertySlot):
+ * runtime/JSObject.h:
+ (JSC::JSObject::getOwnPropertySlotImpl):
+ (JSC::JSObject::getOwnPropertySlot):
+ * runtime/JSProxy.h:
+ * runtime/JSString.h:
+ * runtime/JSSymbolTableObject.h:
+ * runtime/JSTypeInfo.h:
+ (JSC::TypeInfo::TypeInfo):
+ (JSC::TypeInfo::masqueradesAsUndefined const):
+ (JSC::TypeInfo::implementsHasInstance const):
+ (JSC::TypeInfo::implementsDefaultHasInstance const):
+ (JSC::TypeInfo::overridesGetCallData const):
+ (JSC::TypeInfo::overridesToThis const):
+ (JSC::TypeInfo::structureIsImmortal const):
+ (JSC::TypeInfo::overridesGetPropertyNames const):
+ (JSC::TypeInfo::overridesAnyFormOfGetPropertyNames const):
+ (JSC::TypeInfo::prohibitsPropertyCaching const):
+ (JSC::TypeInfo::getOwnPropertySlotIsImpure const):
+ (JSC::TypeInfo::getOwnPropertySlotIsImpureForPropertyAbsence const):
+ (JSC::TypeInfo::hasPutPropertySecurityCheck const):
+ (JSC::TypeInfo::newImpurePropertyFiresWatchpoints const):
+ (JSC::TypeInfo::isImmutablePrototypeExoticObject const):
+ (JSC::TypeInfo::interceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero const):
+ (JSC::TypeInfo::isSetOnFlags1 const):
+ (JSC::TypeInfo::isSetOnFlags2 const):
+ * runtime/ObjectConstructor.cpp:
+ (JSC::objectConstructorAssign):
+ * runtime/ProxyObject.h:
+ * runtime/RegExpObject.h:
+ * runtime/StringObject.h:
+ * runtime/Structure.cpp:
+ (JSC::Structure::validateFlags):
+ (JSC::Structure::Structure):
+ * runtime/Structure.h:
+ * runtime/StructureInlines.h:
+ (JSC::Structure::canCacheOwnKeys const):
+ * tools/JSDollarVM.cpp:
+
2020-06-09 Jonathan Bedard <[email protected]>
_javascript_Core: Support tvOS and watchOS builds with the public SDK
Modified: trunk/Source/_javascript_Core/debugger/DebuggerScope.h (262826 => 262827)
--- trunk/Source/_javascript_Core/debugger/DebuggerScope.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/_javascript_Core/debugger/DebuggerScope.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2008-2020 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -36,7 +36,7 @@
class DebuggerScope final : public JSNonFinalObject {
public:
using Base = JSNonFinalObject;
- static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetPropertyNames;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesAnyFormOfGetPropertyNames;
template<typename CellType, SubspaceAccess mode>
static IsoSubspace* subspaceFor(VM& vm)
Modified: trunk/Source/_javascript_Core/inspector/JSInjectedScriptHostPrototype.h (262826 => 262827)
--- trunk/Source/_javascript_Core/inspector/JSInjectedScriptHostPrototype.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/_javascript_Core/inspector/JSInjectedScriptHostPrototype.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -32,6 +32,8 @@
class JSInjectedScriptHostPrototype final : public JSC::JSNonFinalObject {
public:
using Base = JSC::JSNonFinalObject;
+ // Do we really need OverridesGetOwnPropertySlot?
+ // FIXME: https://bugs.webkit.org/show_bug.cgi?id=212956
static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::OverridesGetOwnPropertySlot;
template<typename CellType, JSC::SubspaceAccess>
Modified: trunk/Source/_javascript_Core/inspector/JSJavaScriptCallFramePrototype.h (262826 => 262827)
--- trunk/Source/_javascript_Core/inspector/JSJavaScriptCallFramePrototype.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/_javascript_Core/inspector/JSJavaScriptCallFramePrototype.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -32,6 +32,8 @@
class JSJavaScriptCallFramePrototype final : public JSC::JSNonFinalObject {
public:
using Base = JSC::JSNonFinalObject;
+ // Do we really need OverridesGetOwnPropertySlot?
+ // FIXME: https://bugs.webkit.org/show_bug.cgi?id=212956
static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::OverridesGetOwnPropertySlot;
template<typename CellType, JSC::SubspaceAccess>
Modified: trunk/Source/_javascript_Core/runtime/ClonedArguments.h (262826 => 262827)
--- trunk/Source/_javascript_Core/runtime/ClonedArguments.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/_javascript_Core/runtime/ClonedArguments.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2015-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2015-2020 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -40,7 +40,7 @@
class ClonedArguments final : public JSNonFinalObject {
public:
using Base = JSNonFinalObject;
- static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetPropertyNames;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesAnyFormOfGetPropertyNames;
template<typename CellType, SubspaceAccess mode>
static IsoSubspace* subspaceFor(VM& vm)
Modified: trunk/Source/_javascript_Core/runtime/ErrorInstance.h (262826 => 262827)
--- trunk/Source/_javascript_Core/runtime/ErrorInstance.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/_javascript_Core/runtime/ErrorInstance.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -1,6 +1,6 @@
/*
* Copyright (C) 1999-2000 Harri Porten ([email protected])
- * Copyright (C) 2008-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2008-2020 Apple Inc. All rights reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -29,7 +29,7 @@
class ErrorInstance : public JSNonFinalObject {
public:
using Base = JSNonFinalObject;
- static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetPropertyNames;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesAnyFormOfGetPropertyNames;
static constexpr bool needsDestruction = true;
static void destroy(JSCell* cell)
Modified: trunk/Source/_javascript_Core/runtime/GenericArguments.h (262826 => 262827)
--- trunk/Source/_javascript_Core/runtime/GenericArguments.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/_javascript_Core/runtime/GenericArguments.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2015-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2015-2020 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -36,7 +36,7 @@
class GenericArguments : public JSNonFinalObject {
public:
typedef JSNonFinalObject Base;
- static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | OverridesGetPropertyNames;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | OverridesAnyFormOfGetPropertyNames;
protected:
GenericArguments(VM& vm, Structure* structure)
Modified: trunk/Source/_javascript_Core/runtime/GetterSetter.h (262826 => 262827)
--- trunk/Source/_javascript_Core/runtime/GetterSetter.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/_javascript_Core/runtime/GetterSetter.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -107,7 +107,7 @@
static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
{
- return Structure::create(vm, globalObject, prototype, TypeInfo(GetterSetterType), info());
+ return Structure::create(vm, globalObject, prototype, TypeInfo(GetterSetterType, StructureFlags), info());
}
static ptrdiff_t offsetOfGetter()
Modified: trunk/Source/_javascript_Core/runtime/JSArray.h (262826 => 262827)
--- trunk/Source/_javascript_Core/runtime/JSArray.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/_javascript_Core/runtime/JSArray.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -1,6 +1,6 @@
/*
* Copyright (C) 1999-2000 Harri Porten ([email protected])
- * Copyright (C) 2003-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2003-2020 Apple Inc. All rights reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -40,7 +40,7 @@
public:
typedef JSNonFinalObject Base;
- static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetPropertyNames;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesAnyFormOfGetPropertyNames;
static size_t allocationSize(Checked<size_t> inlineCapacity)
{
Modified: trunk/Source/_javascript_Core/runtime/JSDataView.h (262826 => 262827)
--- trunk/Source/_javascript_Core/runtime/JSDataView.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/_javascript_Core/runtime/JSDataView.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -33,6 +33,8 @@
class JSDataView final : public JSArrayBufferView {
public:
using Base = JSArrayBufferView;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesAnyFormOfGetPropertyNames;
+
static constexpr unsigned elementSize = 1;
template<typename CellType, SubspaceAccess mode>
Modified: trunk/Source/_javascript_Core/runtime/JSFunction.h (262826 => 262827)
--- trunk/Source/_javascript_Core/runtime/JSFunction.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/_javascript_Core/runtime/JSFunction.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -1,6 +1,6 @@
/*
* Copyright (C) 1999-2000 Harri Porten ([email protected])
- * Copyright (C) 2003-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2003-2020 Apple Inc. All rights reserved.
* Copyright (C) 2007 Cameron Zwarich ([email protected])
* Copyright (C) 2007 Maks Orlovich
*
@@ -70,7 +70,7 @@
}
typedef JSCallee Base;
- static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetPropertyNames | OverridesGetCallData;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesAnyFormOfGetPropertyNames | OverridesGetCallData;
static size_t allocationSize(Checked<size_t> inlineCapacity)
{
Modified: trunk/Source/_javascript_Core/runtime/JSGenericTypedArrayView.h (262826 => 262827)
--- trunk/Source/_javascript_Core/runtime/JSGenericTypedArrayView.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/_javascript_Core/runtime/JSGenericTypedArrayView.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2020 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -96,7 +96,7 @@
using Base = JSArrayBufferView;
typedef typename Adaptor::Type ElementType;
- static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetPropertyNames | OverridesGetOwnPropertySlot | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesAnyFormOfGetPropertyNames | OverridesGetOwnPropertySlot | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero;
static constexpr unsigned elementSize = sizeof(typename Adaptor::Type);
Modified: trunk/Source/_javascript_Core/runtime/JSGlobalObject.h (262826 => 262827)
--- trunk/Source/_javascript_Core/runtime/JSGlobalObject.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/_javascript_Core/runtime/JSGlobalObject.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2007 Eric Seidel <[email protected]>
- * Copyright (C) 2007-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2007-2020 Apple Inc. All rights reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
@@ -531,7 +531,9 @@
public:
using Base = JSSegmentedVariableObject;
- static constexpr unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | OverridesGetOwnPropertySlot | OverridesGetPropertyNames | IsImmutablePrototypeExoticObject;
+ // Do we realy need OverridesAnyFormOfGetPropertyNames here?
+ // FIXME: https://bugs.webkit.org/show_bug.cgi?id=212954
+ static constexpr unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | OverridesGetOwnPropertySlot | OverridesAnyFormOfGetPropertyNames | IsImmutablePrototypeExoticObject;
static constexpr bool needsDestruction = true;
template<typename CellType, SubspaceAccess mode>
Modified: trunk/Source/_javascript_Core/runtime/JSLexicalEnvironment.h (262826 => 262827)
--- trunk/Source/_javascript_Core/runtime/JSLexicalEnvironment.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/_javascript_Core/runtime/JSLexicalEnvironment.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2008-2020 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -48,7 +48,7 @@
}
using Base = JSSymbolTableObject;
- static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetPropertyNames;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesAnyFormOfGetPropertyNames;
WriteBarrierBase<Unknown>* variables()
{
Modified: trunk/Source/_javascript_Core/runtime/JSModuleEnvironment.h (262826 => 262827)
--- trunk/Source/_javascript_Core/runtime/JSModuleEnvironment.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/_javascript_Core/runtime/JSModuleEnvironment.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2015-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2015-2020 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -40,7 +40,7 @@
friend class LLIntOffsetsExtractor;
public:
using Base = JSLexicalEnvironment;
- static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetPropertyNames;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesAnyFormOfGetPropertyNames;
static JSModuleEnvironment* create(VM& vm, JSGlobalObject* globalObject, JSScope* currentScope, SymbolTable* symbolTable, JSValue initialValue, AbstractModuleRecord* moduleRecord)
{
Modified: trunk/Source/_javascript_Core/runtime/JSModuleNamespaceObject.h (262826 => 262827)
--- trunk/Source/_javascript_Core/runtime/JSModuleNamespaceObject.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/_javascript_Core/runtime/JSModuleNamespaceObject.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2015-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2015-2020 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -33,7 +33,7 @@
class JSModuleNamespaceObject final : public JSNonFinalObject {
public:
using Base = JSNonFinalObject;
- static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | OverridesGetPropertyNames | GetOwnPropertySlotIsImpureForPropertyAbsence | IsImmutablePrototypeExoticObject;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | OverridesAnyFormOfGetPropertyNames | GetOwnPropertySlotIsImpureForPropertyAbsence | IsImmutablePrototypeExoticObject;
static constexpr bool needsDestruction = true;
static void destroy(JSCell*);
Modified: trunk/Source/_javascript_Core/runtime/JSObject.cpp (262826 => 262827)
--- trunk/Source/_javascript_Core/runtime/JSObject.cpp 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/_javascript_Core/runtime/JSObject.cpp 2020-06-10 00:21:56 UTC (rev 262827)
@@ -669,6 +669,20 @@
return false;
}
+#if ASSERT_ENABLED
+// These needs to be unique (not inlined) for ASSERT_ENABLED builds to enable
+// Structure::validateFlags() to do checks using function pointer comparisons.
+
+bool JSObject::getOwnPropertySlot(JSObject* object, JSGlobalObject* globalObject, PropertyName propertyName, PropertySlot& slot)
+{
+ return getOwnPropertySlotImpl(object, globalObject, propertyName, slot);
+}
+
+void JSObject::doPutPropertySecurityCheck(JSObject*, JSGlobalObject*, PropertyName, PutPropertySlot&)
+{
+}
+#endif // ASSERT_ENABLED
+
// https://tc39.github.io/ecma262/#sec-ordinaryset
bool ordinarySetSlow(JSGlobalObject* globalObject, JSObject* object, PropertyName propertyName, JSValue value, JSValue receiver, bool shouldThrow)
{
Modified: trunk/Source/_javascript_Core/runtime/JSObject.h (262826 => 262827)
--- trunk/Source/_javascript_Core/runtime/JSObject.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/_javascript_Core/runtime/JSObject.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -92,6 +92,12 @@
class JSFinalObject;
+#if ASSERT_ENABLED
+#define JS_EXPORT_PRIVATE_IF_ASSERT_ENABLED JS_EXPORT_PRIVATE
+#else
+#define JS_EXPORT_PRIVATE_IF_ASSERT_ENABLED
+#endif
+
class JSObject : public JSCell {
friend class BatchedTransitionOptimizer;
friend class JIT;
@@ -170,10 +176,14 @@
template<typename CallbackWhenNoException> typename std::result_of<CallbackWhenNoException(bool, PropertySlot&)>::type getPropertySlot(JSGlobalObject*, PropertyName, CallbackWhenNoException) const;
template<typename CallbackWhenNoException> typename std::result_of<CallbackWhenNoException(bool, PropertySlot&)>::type getPropertySlot(JSGlobalObject*, PropertyName, PropertySlot&, CallbackWhenNoException) const;
- static bool getOwnPropertySlot(JSObject*, JSGlobalObject*, PropertyName, PropertySlot&);
+private:
+ static bool getOwnPropertySlotImpl(JSObject*, JSGlobalObject*, PropertyName, PropertySlot&);
+public:
+ JS_EXPORT_PRIVATE_IF_ASSERT_ENABLED static bool getOwnPropertySlot(JSObject*, JSGlobalObject*, PropertyName, PropertySlot&);
+
JS_EXPORT_PRIVATE static bool getOwnPropertySlotByIndex(JSObject*, JSGlobalObject*, unsigned propertyName, PropertySlot&);
bool getOwnPropertySlotInline(JSGlobalObject*, PropertyName, PropertySlot&);
- static void doPutPropertySecurityCheck(JSObject*, JSGlobalObject*, PropertyName, PutPropertySlot&);
+ JS_EXPORT_PRIVATE_IF_ASSERT_ENABLED static void doPutPropertySecurityCheck(JSObject*, JSGlobalObject*, PropertyName, PutPropertySlot&);
// The key difference between this and getOwnPropertySlot is that getOwnPropertySlot
// currently returns incorrect results for the DOM window (with non-own properties)
@@ -1435,7 +1445,7 @@
// It may seem crazy to inline a function this large, especially a virtual function,
// but it makes a big difference to property lookup that derived classes can inline their
// base class call to this.
-ALWAYS_INLINE bool JSObject::getOwnPropertySlot(JSObject* object, JSGlobalObject* globalObject, PropertyName propertyName, PropertySlot& slot)
+ALWAYS_INLINE bool JSObject::getOwnPropertySlotImpl(JSObject* object, JSGlobalObject* globalObject, PropertyName propertyName, PropertySlot& slot)
{
VM& vm = getVM(globalObject);
Structure* structure = object->structure(vm);
@@ -1446,9 +1456,16 @@
return false;
}
+#if !ASSERT_ENABLED
+ALWAYS_INLINE bool JSObject::getOwnPropertySlot(JSObject* object, JSGlobalObject* globalObject, PropertyName propertyName, PropertySlot& slot)
+{
+ return getOwnPropertySlotImpl(object, globalObject, propertyName, slot);
+}
+
ALWAYS_INLINE void JSObject::doPutPropertySecurityCheck(JSObject*, JSGlobalObject*, PropertyName, PutPropertySlot&)
{
}
+#endif
// It may seem crazy to inline a function this large but it makes a big difference
// since this is function very hot in variable lookup
Modified: trunk/Source/_javascript_Core/runtime/JSProxy.h (262826 => 262827)
--- trunk/Source/_javascript_Core/runtime/JSProxy.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/_javascript_Core/runtime/JSProxy.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2011-2020 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -32,7 +32,7 @@
class JSProxy : public JSNonFinalObject {
public:
using Base = JSNonFinalObject;
- static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetPropertyNames | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetPropertyNames | OverridesAnyFormOfGetPropertyNames | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero;
template<typename CellType, SubspaceAccess>
static IsoSubspace* subspaceFor(VM& vm)
Modified: trunk/Source/_javascript_Core/runtime/JSString.h (262826 => 262827)
--- trunk/Source/_javascript_Core/runtime/JSString.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/_javascript_Core/runtime/JSString.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -89,6 +89,10 @@
friend class SmallStrings;
typedef JSCell Base;
+ // Do we really need OverridesGetOwnPropertySlot?
+ // FIXME: https://bugs.webkit.org/show_bug.cgi?id=212956
+ // Do we really need InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero?
+ // FIXME: https://bugs.webkit.org/show_bug.cgi?id=212958
static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | StructureIsImmortal | OverridesToThis;
static constexpr bool needsDestruction = true;
Modified: trunk/Source/_javascript_Core/runtime/JSSymbolTableObject.h (262826 => 262827)
--- trunk/Source/_javascript_Core/runtime/JSSymbolTableObject.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/_javascript_Core/runtime/JSSymbolTableObject.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2012-2020 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -39,7 +39,7 @@
class JSSymbolTableObject : public JSScope {
public:
using Base = JSScope;
- static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetPropertyNames;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesAnyFormOfGetPropertyNames;
SymbolTable* symbolTable() const { return m_symbolTable.get(); }
Modified: trunk/Source/_javascript_Core/runtime/JSTypeInfo.h (262826 => 262827)
--- trunk/Source/_javascript_Core/runtime/JSTypeInfo.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/_javascript_Core/runtime/JSTypeInfo.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -49,14 +49,20 @@
static constexpr unsigned ImplementsHasInstance = 1 << 8;
static constexpr unsigned OverridesGetPropertyNames = 1 << 9;
-static constexpr unsigned ProhibitsPropertyCaching = 1 << 10;
-static constexpr unsigned GetOwnPropertySlotIsImpure = 1 << 11;
-static constexpr unsigned NewImpurePropertyFiresWatchpoints = 1 << 12;
-static constexpr unsigned IsImmutablePrototypeExoticObject = 1 << 13;
-static constexpr unsigned GetOwnPropertySlotIsImpureForPropertyAbsence = 1 << 14;
-static constexpr unsigned InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero = 1 << 15;
-static constexpr unsigned StructureIsImmortal = 1 << 16;
-static constexpr unsigned HasPutPropertySecurityCheck = 1 << 17;
+// OverridesAnyFormOfGetPropertyNames means that we cannot make assumptions about
+// the cacheability or enumerability of property names, and therefore, we'll need
+// to disable certain optimizations. This flag should be set if one or more of the
+// following Object methods are overridden:
+// getOwnPropertyNames, getOwnNonIndexPropertyNames, getPropertyNames
+static constexpr unsigned OverridesAnyFormOfGetPropertyNames = 1 << 10;
+static constexpr unsigned ProhibitsPropertyCaching = 1 << 11;
+static constexpr unsigned GetOwnPropertySlotIsImpure = 1 << 12;
+static constexpr unsigned NewImpurePropertyFiresWatchpoints = 1 << 13;
+static constexpr unsigned IsImmutablePrototypeExoticObject = 1 << 14;
+static constexpr unsigned GetOwnPropertySlotIsImpureForPropertyAbsence = 1 << 15;
+static constexpr unsigned InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero = 1 << 16;
+static constexpr unsigned StructureIsImmortal = 1 << 17;
+static constexpr unsigned HasPutPropertySecurityCheck = 1 << 18;
class TypeInfo {
public:
@@ -63,7 +69,7 @@
typedef uint8_t InlineTypeFlags;
typedef uint16_t OutOfLineTypeFlags;
- TypeInfo(JSType type, unsigned flags = 0)
+ TypeInfo(JSType type, unsigned flags)
: TypeInfo(type, flags & 0xff, flags >> 8)
{
ASSERT(!(flags >> 24));
@@ -83,24 +89,25 @@
bool isNumberObject() const { return type() == NumberObjectType; }
unsigned flags() const { return (static_cast<unsigned>(m_flags2) << 8) | static_cast<unsigned>(m_flags); }
- bool masqueradesAsUndefined() const { return isSetOnFlags1(MasqueradesAsUndefined); }
- bool implementsHasInstance() const { return isSetOnFlags2(ImplementsHasInstance); }
- bool implementsDefaultHasInstance() const { return isSetOnFlags1(ImplementsDefaultHasInstance); }
- bool overridesGetCallData() const { return isSetOnFlags1(OverridesGetCallData); }
+ bool masqueradesAsUndefined() const { return isSetOnFlags1<MasqueradesAsUndefined>(); }
+ bool implementsHasInstance() const { return isSetOnFlags2<ImplementsHasInstance>(); }
+ bool implementsDefaultHasInstance() const { return isSetOnFlags1<ImplementsDefaultHasInstance>(); }
+ bool overridesGetCallData() const { return isSetOnFlags1<OverridesGetCallData>(); }
bool overridesGetOwnPropertySlot() const { return overridesGetOwnPropertySlot(inlineTypeFlags()); }
static bool overridesGetOwnPropertySlot(InlineTypeFlags flags) { return flags & OverridesGetOwnPropertySlot; }
static bool hasStaticPropertyTable(InlineTypeFlags flags) { return flags & HasStaticPropertyTable; }
static bool perCellBit(InlineTypeFlags flags) { return flags & TypeInfoPerCellBit; }
- bool overridesToThis() const { return isSetOnFlags1(OverridesToThis); }
- bool structureIsImmortal() const { return isSetOnFlags2(StructureIsImmortal); }
- bool overridesGetPropertyNames() const { return isSetOnFlags2(OverridesGetPropertyNames); }
- bool prohibitsPropertyCaching() const { return isSetOnFlags2(ProhibitsPropertyCaching); }
- bool getOwnPropertySlotIsImpure() const { return isSetOnFlags2(GetOwnPropertySlotIsImpure); }
- bool getOwnPropertySlotIsImpureForPropertyAbsence() const { return isSetOnFlags2(GetOwnPropertySlotIsImpureForPropertyAbsence); }
- bool hasPutPropertySecurityCheck() const { return isSetOnFlags2(HasPutPropertySecurityCheck); }
- bool newImpurePropertyFiresWatchpoints() const { return isSetOnFlags2(NewImpurePropertyFiresWatchpoints); }
- bool isImmutablePrototypeExoticObject() const { return isSetOnFlags2(IsImmutablePrototypeExoticObject); }
- bool interceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero() const { return isSetOnFlags2(InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero); }
+ bool overridesToThis() const { return isSetOnFlags1<OverridesToThis>(); }
+ bool structureIsImmortal() const { return isSetOnFlags2<StructureIsImmortal>(); }
+ bool overridesGetPropertyNames() const { return isSetOnFlags2<OverridesGetPropertyNames>(); }
+ bool overridesAnyFormOfGetPropertyNames() const { return isSetOnFlags2<OverridesAnyFormOfGetPropertyNames>(); }
+ bool prohibitsPropertyCaching() const { return isSetOnFlags2<ProhibitsPropertyCaching>(); }
+ bool getOwnPropertySlotIsImpure() const { return isSetOnFlags2<GetOwnPropertySlotIsImpure>(); }
+ bool getOwnPropertySlotIsImpureForPropertyAbsence() const { return isSetOnFlags2<GetOwnPropertySlotIsImpureForPropertyAbsence>(); }
+ bool hasPutPropertySecurityCheck() const { return isSetOnFlags2<HasPutPropertySecurityCheck>(); }
+ bool newImpurePropertyFiresWatchpoints() const { return isSetOnFlags2<NewImpurePropertyFiresWatchpoints>(); }
+ bool isImmutablePrototypeExoticObject() const { return isSetOnFlags2<IsImmutablePrototypeExoticObject>(); }
+ bool interceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero() const { return isSetOnFlags2<InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero>(); }
static bool isArgumentsType(JSType type)
{
@@ -131,9 +138,20 @@
private:
friend class LLIntOffsetsExtractor;
- bool isSetOnFlags1(unsigned flag) const { ASSERT(flag <= (1 << 7)); return m_flags & flag; }
- bool isSetOnFlags2(unsigned flag) const { ASSERT(flag >= (1 << 8)); return m_flags2 & (flag >> 8); }
+ template<unsigned flag>
+ bool isSetOnFlags1() const
+ {
+ static_assert(flag <= (1 << 7));
+ return m_flags & flag;
+ }
+ template<unsigned flag>
+ bool isSetOnFlags2() const
+ {
+ static_assert(flag >= (1 << 8) && flag <= (1 << 24));
+ return m_flags2 & (flag >> 8);
+ }
+
JSType m_type;
uint8_t m_flags;
uint16_t m_flags2;
Modified: trunk/Source/_javascript_Core/runtime/ObjectConstructor.cpp (262826 => 262827)
--- trunk/Source/_javascript_Core/runtime/ObjectConstructor.cpp 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/_javascript_Core/runtime/ObjectConstructor.cpp 2020-06-10 00:21:56 UTC (rev 262827)
@@ -302,7 +302,7 @@
auto canPerformFastPropertyEnumerationForObjectAssign = [] (Structure* structure) {
if (structure->typeInfo().overridesGetOwnPropertySlot())
return false;
- if (structure->typeInfo().overridesGetPropertyNames())
+ if (structure->typeInfo().overridesAnyFormOfGetPropertyNames())
return false;
// FIXME: Indexed properties can be handled.
// https://bugs.webkit.org/show_bug.cgi?id=185358
Modified: trunk/Source/_javascript_Core/runtime/ProxyObject.h (262826 => 262827)
--- trunk/Source/_javascript_Core/runtime/ProxyObject.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/_javascript_Core/runtime/ProxyObject.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -34,7 +34,7 @@
public:
typedef JSNonFinalObject Base;
- static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetCallData | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | OverridesGetPropertyNames | ProhibitsPropertyCaching;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetCallData | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | OverridesGetPropertyNames | OverridesAnyFormOfGetPropertyNames | ProhibitsPropertyCaching;
template<typename CellType, SubspaceAccess mode>
static IsoSubspace* subspaceFor(VM& vm)
Modified: trunk/Source/_javascript_Core/runtime/RegExpObject.h (262826 => 262827)
--- trunk/Source/_javascript_Core/runtime/RegExpObject.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/_javascript_Core/runtime/RegExpObject.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -30,7 +30,7 @@
class RegExpObject final : public JSNonFinalObject {
public:
using Base = JSNonFinalObject;
- static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetPropertyNames;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetPropertyNames | OverridesAnyFormOfGetPropertyNames;
template<typename CellType, SubspaceAccess mode>
static IsoSubspace* subspaceFor(VM& vm)
Modified: trunk/Source/_javascript_Core/runtime/StringObject.h (262826 => 262827)
--- trunk/Source/_javascript_Core/runtime/StringObject.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/_javascript_Core/runtime/StringObject.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -28,7 +28,7 @@
class StringObject : public JSWrapperObject {
public:
using Base = JSWrapperObject;
- static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | OverridesGetPropertyNames;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | OverridesAnyFormOfGetPropertyNames;
template<typename, SubspaceAccess mode>
static IsoSubspace* subspaceFor(VM& vm)
Modified: trunk/Source/_javascript_Core/runtime/Structure.cpp (262826 => 262827)
--- trunk/Source/_javascript_Core/runtime/Structure.cpp 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/_javascript_Core/runtime/Structure.cpp 2020-06-10 00:21:56 UTC (rev 262827)
@@ -162,6 +162,61 @@
#endif
}
+#if ASSERT_ENABLED
+void Structure::validateFlags()
+{
+ const MethodTable& methodTable = m_classInfo->methodTable;
+
+ bool overridesGetCallData = methodTable.getCallData != JSCell::getCallData;
+ RELEASE_ASSERT(overridesGetCallData == typeInfo().overridesGetCallData());
+
+ bool overridesGetOwnPropertySlot =
+ methodTable.getOwnPropertySlot != JSObject::getOwnPropertySlot
+ && methodTable.getOwnPropertySlot != JSCell::getOwnPropertySlot;
+ // We can strengthen this into an equivalence test if there are no classes
+ // that specifies this flag without overriding getOwnPropertySlot.
+ // FIXME: https://bugs.webkit.org/show_bug.cgi?id=212956
+ if (overridesGetOwnPropertySlot)
+ RELEASE_ASSERT(typeInfo().overridesGetOwnPropertySlot());
+
+ bool overridesGetOwnPropertySlotByIndex =
+ methodTable.getOwnPropertySlotByIndex != JSObject::getOwnPropertySlotByIndex
+ && methodTable.getOwnPropertySlotByIndex != JSCell::getOwnPropertySlotByIndex;
+ // We can strengthen this into an equivalence test if there are no classes
+ // that specifies this flag without overriding getOwnPropertySlotByIndex.
+ // FIXME: https://bugs.webkit.org/show_bug.cgi?id=212958
+ if (overridesGetOwnPropertySlotByIndex)
+ RELEASE_ASSERT(typeInfo().interceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero());
+
+ bool overridesPutPropertySecurityCheck =
+ methodTable.doPutPropertySecurityCheck != JSObject::doPutPropertySecurityCheck
+ && methodTable.doPutPropertySecurityCheck != JSCell::doPutPropertySecurityCheck;
+ RELEASE_ASSERT(overridesPutPropertySecurityCheck == typeInfo().hasPutPropertySecurityCheck());
+
+ bool overridesGetPropertyNames =
+ methodTable.getPropertyNames != JSObject::getPropertyNames
+ && methodTable.getPropertyNames != JSCell::getPropertyNames;
+ bool overridesGetOwnPropertyNames =
+ methodTable.getOwnPropertyNames != JSObject::getOwnPropertyNames
+ && methodTable.getOwnPropertyNames != JSCell::getOwnPropertyNames;
+ bool overridesGetOwnNonIndexPropertyNames =
+ methodTable.getOwnNonIndexPropertyNames != JSObject::getOwnNonIndexPropertyNames
+ && methodTable.getOwnNonIndexPropertyNames != JSCell::getOwnNonIndexPropertyNames;
+
+ RELEASE_ASSERT(overridesGetPropertyNames == typeInfo().overridesGetPropertyNames());
+
+ // We can strengthen this into an equivalence test if there are no classes
+ // that specifies this flag without overriding any of the forms of getPropertyNames.
+ // FIXME: https://bugs.webkit.org/show_bug.cgi?id=212954
+ if (overridesGetPropertyNames
+ || overridesGetOwnPropertyNames
+ || overridesGetOwnNonIndexPropertyNames)
+ RELEASE_ASSERT(typeInfo().overridesAnyFormOfGetPropertyNames());
+}
+#else
+inline void Structure::validateFlags() { }
+#endif
+
Structure::Structure(VM& vm, JSGlobalObject* globalObject, JSValue prototype, const TypeInfo& typeInfo, const ClassInfo* classInfo, IndexingType indexingType, unsigned inlineCapacity)
: JSCell(vm, vm.structureStructure.get())
, m_blob(vm.heap.structureIDTable().allocateID(this), indexingType, typeInfo)
@@ -195,9 +250,10 @@
ASSERT(inlineCapacity <= JSFinalObject::maxInlineCapacity());
ASSERT(static_cast<PropertyOffset>(inlineCapacity) < firstOutOfLineOffset);
ASSERT(!hasRareData());
- ASSERT(hasReadOnlyOrGetterSetterPropertiesExcludingProto() || !m_classInfo->hasStaticSetterOrReadonlyProperties());
- ASSERT(hasGetterSetterProperties() || !m_classInfo->hasStaticSetterOrReadonlyProperties());
- ASSERT(!this->typeInfo().overridesGetCallData() || m_classInfo->methodTable.getCallData != &JSCell::getCallData);
+ ASSERT(hasReadOnlyOrGetterSetterPropertiesExcludingProto() == m_classInfo->hasStaticSetterOrReadonlyProperties());
+ ASSERT(hasGetterSetterProperties() == m_classInfo->hasStaticSetterOrReadonlyProperties());
+
+ validateFlags();
}
const ClassInfo Structure::s_info = { "Structure", nullptr, nullptr, nullptr, CREATE_METHOD_TABLE(Structure) };
Modified: trunk/Source/_javascript_Core/runtime/Structure.h (262826 => 262827)
--- trunk/Source/_javascript_Core/runtime/Structure.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/_javascript_Core/runtime/Structure.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -173,6 +173,8 @@
ASSERT(!vm.structureStructure);
}
+ void validateFlags();
+
public:
StructureID id() const { return m_blob.structureID(); }
int32_t objectInitializationBlob() const { return m_blob.blobExcludingStructureID(); }
Modified: trunk/Source/_javascript_Core/runtime/StructureInlines.h (262826 => 262827)
--- trunk/Source/_javascript_Core/runtime/StructureInlines.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/_javascript_Core/runtime/StructureInlines.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -267,7 +267,7 @@
return false;
if (hasIndexedProperties(indexingType()))
return false;
- if (typeInfo().overridesGetPropertyNames())
+ if (typeInfo().overridesAnyFormOfGetPropertyNames())
return false;
return true;
}
Modified: trunk/Source/_javascript_Core/tools/JSDollarVM.cpp (262826 => 262827)
--- trunk/Source/_javascript_Core/tools/JSDollarVM.cpp 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/_javascript_Core/tools/JSDollarVM.cpp 2020-06-10 00:21:56 UTC (rev 262827)
@@ -536,7 +536,7 @@
class RuntimeArray : public JSArray {
public:
typedef JSArray Base;
- static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | OverridesGetPropertyNames;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | OverridesAnyFormOfGetPropertyNames;
IGNORE_WARNINGS_BEGIN("unused-const-variable")
static constexpr bool needsDestruction = false;
Modified: trunk/Source/WebCore/ChangeLog (262826 => 262827)
--- trunk/Source/WebCore/ChangeLog 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/WebCore/ChangeLog 2020-06-10 00:21:56 UTC (rev 262827)
@@ -1,3 +1,49 @@
+2020-06-09 Mark Lam <[email protected]>
+
+ Disambiguate the OverridesGetPropertyNames structure flag
+ https://bugs.webkit.org/show_bug.cgi?id=212909
+ <rdar://problem/63823557>
+
+ Reviewed by Saam Barati.
+
+ 1. JSDOMWindowProperties was not defining its Base. As a result, its
+ StructureFlags was inheriting from JSDOMObject's Base instead of from JSDOMObject
+ as one would expect. This turns out to be harmless because JSDOMObject did not
+ define any StructureFlags. Regardless, this is not fixed so that if JSDOMObject
+ adds any StructureFlags, it will be inherited properly by JSDOMWindowProperties.
+
+ 2. Updated CodeGeneratorJS.pm and rebased the binding test results.
+
+ * bindings/js/JSDOMWindowProperties.h:
+ * bindings/scripts/CodeGeneratorJS.pm:
+ (GenerateHeader):
+ * bindings/scripts/test/JS/JSTestEventTarget.h:
+ * bindings/scripts/test/JS/JSTestIndexedSetterNoIdentifier.h:
+ * bindings/scripts/test/JS/JSTestIndexedSetterThrowingException.h:
+ * bindings/scripts/test/JS/JSTestIndexedSetterWithIdentifier.h:
+ * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterNoIdentifier.h:
+ * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterThrowingException.h:
+ * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterWithIdentifier.h:
+ * bindings/scripts/test/JS/JSTestNamedDeleterNoIdentifier.h:
+ * bindings/scripts/test/JS/JSTestNamedDeleterThrowingException.h:
+ * bindings/scripts/test/JS/JSTestNamedDeleterWithIdentifier.h:
+ * bindings/scripts/test/JS/JSTestNamedDeleterWithIndexedGetter.h:
+ * bindings/scripts/test/JS/JSTestNamedGetterCallWith.h:
+ * bindings/scripts/test/JS/JSTestNamedGetterNoIdentifier.h:
+ * bindings/scripts/test/JS/JSTestNamedGetterWithIdentifier.h:
+ * bindings/scripts/test/JS/JSTestNamedSetterNoIdentifier.h:
+ * bindings/scripts/test/JS/JSTestNamedSetterThrowingException.h:
+ * bindings/scripts/test/JS/JSTestNamedSetterWithIdentifier.h:
+ * bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetter.h:
+ * bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetterAndSetter.h:
+ * bindings/scripts/test/JS/JSTestNamedSetterWithOverrideBuiltins.h:
+ * bindings/scripts/test/JS/JSTestNamedSetterWithUnforgableProperties.h:
+ * bindings/scripts/test/JS/JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltins.h:
+ * bindings/scripts/test/JS/JSTestObj.h:
+ * bindings/scripts/test/JS/JSTestOverrideBuiltins.h:
+ * bridge/runtime_array.h:
+ * bridge/runtime_object.h:
+
2020-06-09 Dean Jackson <[email protected]>
Stop using discriminatory names for WebGL and Plugin blocking
Modified: trunk/Source/WebCore/bindings/js/JSDOMWindowProperties.h (262826 => 262827)
--- trunk/Source/WebCore/bindings/js/JSDOMWindowProperties.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/WebCore/bindings/js/JSDOMWindowProperties.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -32,6 +32,9 @@
class JSDOMWindowProperties final : public JSDOMObject {
public:
+ using Base = JSDOMObject;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetOwnPropertySlot | JSC::IsImmutablePrototypeExoticObject;
+
static constexpr bool needsDestruction = false;
template<typename CellType, JSC::SubspaceAccess>
static JSC::IsoSubspace* subspaceFor(JSC::VM& vm)
@@ -57,8 +60,6 @@
static bool getOwnPropertySlot(JSC::JSObject*, JSC::JSGlobalObject*, JSC::PropertyName, JSC::PropertySlot&);
static bool getOwnPropertySlotByIndex(JSC::JSObject*, JSC::JSGlobalObject*, unsigned propertyName, JSC::PropertySlot&);
- static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetOwnPropertySlot | JSC::IsImmutablePrototypeExoticObject;
-
private:
JSDOMWindowProperties(JSC::Structure* structure, JSC::JSGlobalObject& globalObject)
: JSDOMObject(structure, globalObject)
Modified: trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm (262826 => 262827)
--- trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2020-06-10 00:21:56 UTC (rev 262827)
@@ -2685,7 +2685,7 @@
if (InstanceOverridesGetOwnPropertyNames($interface)) {
push(@headerContent, " static void getOwnPropertyNames(JSC::JSObject*, JSC::JSGlobalObject*, JSC::PropertyNameArray&, JSC::EnumerationMode = JSC::EnumerationMode());\n");
- $structureFlags{"JSC::OverridesGetPropertyNames"} = 1;
+ $structureFlags{"JSC::OverridesAnyFormOfGetPropertyNames"} = 1;
}
if (InstanceOverridesPut($interface)) {
Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestEventTarget.h (262826 => 262827)
--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestEventTarget.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestEventTarget.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -66,7 +66,7 @@
return static_cast<TestEventTarget&>(Base::wrapped());
}
public:
- static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::MasqueradesAsUndefined | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::MasqueradesAsUndefined | JSC::OverridesAnyFormOfGetPropertyNames | JSC::OverridesGetOwnPropertySlot;
protected:
JSTestEventTarget(JSC::Structure*, JSDOMGlobalObject&, Ref<TestEventTarget>&&);
Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestIndexedSetterNoIdentifier.h (262826 => 262827)
--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestIndexedSetterNoIdentifier.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestIndexedSetterNoIdentifier.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -64,7 +64,7 @@
static JSC::IsoSubspace* subspaceForImpl(JSC::VM& vm);
static void analyzeHeap(JSCell*, JSC::HeapAnalyzer&);
public:
- static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesAnyFormOfGetPropertyNames | JSC::OverridesGetOwnPropertySlot;
protected:
JSTestIndexedSetterNoIdentifier(JSC::Structure*, JSDOMGlobalObject&, Ref<TestIndexedSetterNoIdentifier>&&);
Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestIndexedSetterThrowingException.h (262826 => 262827)
--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestIndexedSetterThrowingException.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestIndexedSetterThrowingException.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -64,7 +64,7 @@
static JSC::IsoSubspace* subspaceForImpl(JSC::VM& vm);
static void analyzeHeap(JSCell*, JSC::HeapAnalyzer&);
public:
- static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesAnyFormOfGetPropertyNames | JSC::OverridesGetOwnPropertySlot;
protected:
JSTestIndexedSetterThrowingException(JSC::Structure*, JSDOMGlobalObject&, Ref<TestIndexedSetterThrowingException>&&);
Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestIndexedSetterWithIdentifier.h (262826 => 262827)
--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestIndexedSetterWithIdentifier.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestIndexedSetterWithIdentifier.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -64,7 +64,7 @@
static JSC::IsoSubspace* subspaceForImpl(JSC::VM& vm);
static void analyzeHeap(JSCell*, JSC::HeapAnalyzer&);
public:
- static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesAnyFormOfGetPropertyNames | JSC::OverridesGetOwnPropertySlot;
protected:
JSTestIndexedSetterWithIdentifier(JSC::Structure*, JSDOMGlobalObject&, Ref<TestIndexedSetterWithIdentifier>&&);
Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedAndIndexedSetterNoIdentifier.h (262826 => 262827)
--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedAndIndexedSetterNoIdentifier.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedAndIndexedSetterNoIdentifier.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -64,7 +64,7 @@
static JSC::IsoSubspace* subspaceForImpl(JSC::VM& vm);
static void analyzeHeap(JSCell*, JSC::HeapAnalyzer&);
public:
- static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames | JSC::ProhibitsPropertyCaching;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesAnyFormOfGetPropertyNames | JSC::OverridesGetOwnPropertySlot | JSC::ProhibitsPropertyCaching;
protected:
JSTestNamedAndIndexedSetterNoIdentifier(JSC::Structure*, JSDOMGlobalObject&, Ref<TestNamedAndIndexedSetterNoIdentifier>&&);
Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedAndIndexedSetterThrowingException.h (262826 => 262827)
--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedAndIndexedSetterThrowingException.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedAndIndexedSetterThrowingException.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -64,7 +64,7 @@
static JSC::IsoSubspace* subspaceForImpl(JSC::VM& vm);
static void analyzeHeap(JSCell*, JSC::HeapAnalyzer&);
public:
- static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames | JSC::ProhibitsPropertyCaching;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesAnyFormOfGetPropertyNames | JSC::OverridesGetOwnPropertySlot | JSC::ProhibitsPropertyCaching;
protected:
JSTestNamedAndIndexedSetterThrowingException(JSC::Structure*, JSDOMGlobalObject&, Ref<TestNamedAndIndexedSetterThrowingException>&&);
Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedAndIndexedSetterWithIdentifier.h (262826 => 262827)
--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedAndIndexedSetterWithIdentifier.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedAndIndexedSetterWithIdentifier.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -64,7 +64,7 @@
static JSC::IsoSubspace* subspaceForImpl(JSC::VM& vm);
static void analyzeHeap(JSCell*, JSC::HeapAnalyzer&);
public:
- static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames | JSC::ProhibitsPropertyCaching;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesAnyFormOfGetPropertyNames | JSC::OverridesGetOwnPropertySlot | JSC::ProhibitsPropertyCaching;
protected:
JSTestNamedAndIndexedSetterWithIdentifier(JSC::Structure*, JSDOMGlobalObject&, Ref<TestNamedAndIndexedSetterWithIdentifier>&&);
Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedDeleterNoIdentifier.h (262826 => 262827)
--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedDeleterNoIdentifier.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedDeleterNoIdentifier.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -63,7 +63,7 @@
static JSC::IsoSubspace* subspaceForImpl(JSC::VM& vm);
static void analyzeHeap(JSCell*, JSC::HeapAnalyzer&);
public:
- static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesAnyFormOfGetPropertyNames | JSC::OverridesGetOwnPropertySlot;
protected:
JSTestNamedDeleterNoIdentifier(JSC::Structure*, JSDOMGlobalObject&, Ref<TestNamedDeleterNoIdentifier>&&);
Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedDeleterThrowingException.h (262826 => 262827)
--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedDeleterThrowingException.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedDeleterThrowingException.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -63,7 +63,7 @@
static JSC::IsoSubspace* subspaceForImpl(JSC::VM& vm);
static void analyzeHeap(JSCell*, JSC::HeapAnalyzer&);
public:
- static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesAnyFormOfGetPropertyNames | JSC::OverridesGetOwnPropertySlot;
protected:
JSTestNamedDeleterThrowingException(JSC::Structure*, JSDOMGlobalObject&, Ref<TestNamedDeleterThrowingException>&&);
Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedDeleterWithIdentifier.h (262826 => 262827)
--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedDeleterWithIdentifier.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedDeleterWithIdentifier.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -63,7 +63,7 @@
static JSC::IsoSubspace* subspaceForImpl(JSC::VM& vm);
static void analyzeHeap(JSCell*, JSC::HeapAnalyzer&);
public:
- static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesAnyFormOfGetPropertyNames | JSC::OverridesGetOwnPropertySlot;
protected:
JSTestNamedDeleterWithIdentifier(JSC::Structure*, JSDOMGlobalObject&, Ref<TestNamedDeleterWithIdentifier>&&);
Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedDeleterWithIndexedGetter.h (262826 => 262827)
--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedDeleterWithIndexedGetter.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedDeleterWithIndexedGetter.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -63,7 +63,7 @@
static JSC::IsoSubspace* subspaceForImpl(JSC::VM& vm);
static void analyzeHeap(JSCell*, JSC::HeapAnalyzer&);
public:
- static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesAnyFormOfGetPropertyNames | JSC::OverridesGetOwnPropertySlot;
protected:
JSTestNamedDeleterWithIndexedGetter(JSC::Structure*, JSDOMGlobalObject&, Ref<TestNamedDeleterWithIndexedGetter>&&);
Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedGetterCallWith.h (262826 => 262827)
--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedGetterCallWith.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedGetterCallWith.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -61,7 +61,7 @@
static JSC::IsoSubspace* subspaceForImpl(JSC::VM& vm);
static void analyzeHeap(JSCell*, JSC::HeapAnalyzer&);
public:
- static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesAnyFormOfGetPropertyNames | JSC::OverridesGetOwnPropertySlot;
protected:
JSTestNamedGetterCallWith(JSC::Structure*, JSDOMGlobalObject&, Ref<TestNamedGetterCallWith>&&);
Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedGetterNoIdentifier.h (262826 => 262827)
--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedGetterNoIdentifier.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedGetterNoIdentifier.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -61,7 +61,7 @@
static JSC::IsoSubspace* subspaceForImpl(JSC::VM& vm);
static void analyzeHeap(JSCell*, JSC::HeapAnalyzer&);
public:
- static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesAnyFormOfGetPropertyNames | JSC::OverridesGetOwnPropertySlot;
protected:
JSTestNamedGetterNoIdentifier(JSC::Structure*, JSDOMGlobalObject&, Ref<TestNamedGetterNoIdentifier>&&);
Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedGetterWithIdentifier.h (262826 => 262827)
--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedGetterWithIdentifier.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedGetterWithIdentifier.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -61,7 +61,7 @@
static JSC::IsoSubspace* subspaceForImpl(JSC::VM& vm);
static void analyzeHeap(JSCell*, JSC::HeapAnalyzer&);
public:
- static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesAnyFormOfGetPropertyNames | JSC::OverridesGetOwnPropertySlot;
protected:
JSTestNamedGetterWithIdentifier(JSC::Structure*, JSDOMGlobalObject&, Ref<TestNamedGetterWithIdentifier>&&);
Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterNoIdentifier.h (262826 => 262827)
--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterNoIdentifier.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterNoIdentifier.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -64,7 +64,7 @@
static JSC::IsoSubspace* subspaceForImpl(JSC::VM& vm);
static void analyzeHeap(JSCell*, JSC::HeapAnalyzer&);
public:
- static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames | JSC::ProhibitsPropertyCaching;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesAnyFormOfGetPropertyNames | JSC::OverridesGetOwnPropertySlot | JSC::ProhibitsPropertyCaching;
protected:
JSTestNamedSetterNoIdentifier(JSC::Structure*, JSDOMGlobalObject&, Ref<TestNamedSetterNoIdentifier>&&);
Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterThrowingException.h (262826 => 262827)
--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterThrowingException.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterThrowingException.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -64,7 +64,7 @@
static JSC::IsoSubspace* subspaceForImpl(JSC::VM& vm);
static void analyzeHeap(JSCell*, JSC::HeapAnalyzer&);
public:
- static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames | JSC::ProhibitsPropertyCaching;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesAnyFormOfGetPropertyNames | JSC::OverridesGetOwnPropertySlot | JSC::ProhibitsPropertyCaching;
protected:
JSTestNamedSetterThrowingException(JSC::Structure*, JSDOMGlobalObject&, Ref<TestNamedSetterThrowingException>&&);
Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithIdentifier.h (262826 => 262827)
--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithIdentifier.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithIdentifier.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -64,7 +64,7 @@
static JSC::IsoSubspace* subspaceForImpl(JSC::VM& vm);
static void analyzeHeap(JSCell*, JSC::HeapAnalyzer&);
public:
- static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames | JSC::ProhibitsPropertyCaching;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesAnyFormOfGetPropertyNames | JSC::OverridesGetOwnPropertySlot | JSC::ProhibitsPropertyCaching;
protected:
JSTestNamedSetterWithIdentifier(JSC::Structure*, JSDOMGlobalObject&, Ref<TestNamedSetterWithIdentifier>&&);
Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetter.h (262826 => 262827)
--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetter.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetter.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -64,7 +64,7 @@
static JSC::IsoSubspace* subspaceForImpl(JSC::VM& vm);
static void analyzeHeap(JSCell*, JSC::HeapAnalyzer&);
public:
- static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames | JSC::ProhibitsPropertyCaching;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesAnyFormOfGetPropertyNames | JSC::OverridesGetOwnPropertySlot | JSC::ProhibitsPropertyCaching;
protected:
JSTestNamedSetterWithIndexedGetter(JSC::Structure*, JSDOMGlobalObject&, Ref<TestNamedSetterWithIndexedGetter>&&);
Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetterAndSetter.h (262826 => 262827)
--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetterAndSetter.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetterAndSetter.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -64,7 +64,7 @@
static JSC::IsoSubspace* subspaceForImpl(JSC::VM& vm);
static void analyzeHeap(JSCell*, JSC::HeapAnalyzer&);
public:
- static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames | JSC::ProhibitsPropertyCaching;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesAnyFormOfGetPropertyNames | JSC::OverridesGetOwnPropertySlot | JSC::ProhibitsPropertyCaching;
protected:
JSTestNamedSetterWithIndexedGetterAndSetter(JSC::Structure*, JSDOMGlobalObject&, Ref<TestNamedSetterWithIndexedGetterAndSetter>&&);
Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithOverrideBuiltins.h (262826 => 262827)
--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithOverrideBuiltins.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithOverrideBuiltins.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -64,7 +64,7 @@
static JSC::IsoSubspace* subspaceForImpl(JSC::VM& vm);
static void analyzeHeap(JSCell*, JSC::HeapAnalyzer&);
public:
- static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpure | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames | JSC::ProhibitsPropertyCaching;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpure | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesAnyFormOfGetPropertyNames | JSC::OverridesGetOwnPropertySlot | JSC::ProhibitsPropertyCaching;
protected:
JSTestNamedSetterWithOverrideBuiltins(JSC::Structure*, JSDOMGlobalObject&, Ref<TestNamedSetterWithOverrideBuiltins>&&);
Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithUnforgableProperties.h (262826 => 262827)
--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithUnforgableProperties.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithUnforgableProperties.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -64,7 +64,7 @@
static JSC::IsoSubspace* subspaceForImpl(JSC::VM& vm);
static void analyzeHeap(JSCell*, JSC::HeapAnalyzer&);
public:
- static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::HasStaticPropertyTable | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames | JSC::ProhibitsPropertyCaching;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::HasStaticPropertyTable | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesAnyFormOfGetPropertyNames | JSC::OverridesGetOwnPropertySlot | JSC::ProhibitsPropertyCaching;
protected:
JSTestNamedSetterWithUnforgableProperties(JSC::Structure*, JSDOMGlobalObject&, Ref<TestNamedSetterWithUnforgableProperties>&&);
Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltins.h (262826 => 262827)
--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltins.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltins.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -64,7 +64,7 @@
static JSC::IsoSubspace* subspaceForImpl(JSC::VM& vm);
static void analyzeHeap(JSCell*, JSC::HeapAnalyzer&);
public:
- static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpure | JSC::HasStaticPropertyTable | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames | JSC::ProhibitsPropertyCaching;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpure | JSC::HasStaticPropertyTable | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesAnyFormOfGetPropertyNames | JSC::OverridesGetOwnPropertySlot | JSC::ProhibitsPropertyCaching;
protected:
JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltins(JSC::Structure*, JSDOMGlobalObject&, Ref<TestNamedSetterWithUnforgablePropertiesAndOverrideBuiltins>&&);
Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestObj.h (262826 => 262827)
--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestObj.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestObj.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -86,7 +86,7 @@
static JSC::JSValue testStaticCustomPromiseFunction(JSC::JSGlobalObject&, JSC::CallFrame&, Ref<DeferredPromise>&&);
JSC::JSValue testCustomReturnsOwnPromiseFunction(JSC::JSGlobalObject&, JSC::CallFrame&);
public:
- static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::HasStaticPropertyTable | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetCallData | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::HasStaticPropertyTable | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesAnyFormOfGetPropertyNames | JSC::OverridesGetCallData | JSC::OverridesGetOwnPropertySlot;
protected:
JSTestObj(JSC::Structure*, JSDOMGlobalObject&, Ref<TestObj>&&);
Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestOverrideBuiltins.h (262826 => 262827)
--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestOverrideBuiltins.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestOverrideBuiltins.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -61,7 +61,7 @@
static JSC::IsoSubspace* subspaceForImpl(JSC::VM& vm);
static void analyzeHeap(JSCell*, JSC::HeapAnalyzer&);
public:
- static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpure | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpure | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesAnyFormOfGetPropertyNames | JSC::OverridesGetOwnPropertySlot;
protected:
JSTestOverrideBuiltins(JSC::Structure*, JSDOMGlobalObject&, Ref<TestOverrideBuiltins>&&);
Modified: trunk/Source/WebCore/bridge/runtime_array.h (262826 => 262827)
--- trunk/Source/WebCore/bridge/runtime_array.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/WebCore/bridge/runtime_array.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -35,7 +35,7 @@
class RuntimeArray final : public JSArray {
public:
using Base = JSArray;
- static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | OverridesGetPropertyNames;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | OverridesAnyFormOfGetPropertyNames;
static constexpr bool needsDestruction = true;
template<typename CellType, JSC::SubspaceAccess>
Modified: trunk/Source/WebCore/bridge/runtime_object.h (262826 => 262827)
--- trunk/Source/WebCore/bridge/runtime_object.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/WebCore/bridge/runtime_object.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -35,7 +35,7 @@
class WEBCORE_EXPORT RuntimeObject : public JSNonFinalObject {
public:
using Base = JSNonFinalObject;
- static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetPropertyNames | OverridesGetCallData;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesAnyFormOfGetPropertyNames | OverridesGetCallData;
static constexpr bool needsDestruction = true;
template<typename CellType, JSC::SubspaceAccess>
Modified: trunk/Source/WebKit/ChangeLog (262826 => 262827)
--- trunk/Source/WebKit/ChangeLog 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/WebKit/ChangeLog 2020-06-10 00:21:56 UTC (rev 262827)
@@ -1,3 +1,13 @@
+2020-06-09 Mark Lam <[email protected]>
+
+ Disambiguate the OverridesGetPropertyNames structure flag
+ https://bugs.webkit.org/show_bug.cgi?id=212909
+ <rdar://problem/63823557>
+
+ Reviewed by Saam Barati.
+
+ * WebProcess/Plugins/Netscape/JSNPObject.h:
+
2020-06-09 Dean Jackson <[email protected]>
Stop using discriminatory names for WebGL and Plugin blocking
Modified: trunk/Source/WebKit/WebProcess/Plugins/Netscape/JSNPObject.h (262826 => 262827)
--- trunk/Source/WebKit/WebProcess/Plugins/Netscape/JSNPObject.h 2020-06-10 00:05:48 UTC (rev 262826)
+++ trunk/Source/WebKit/WebProcess/Plugins/Netscape/JSNPObject.h 2020-06-10 00:21:56 UTC (rev 262827)
@@ -44,7 +44,7 @@
class JSNPObject final : public JSC::JSDestructibleObject {
public:
using Base = JSC::JSDestructibleObject;
- static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames | JSC::OverridesGetCallData;
+ static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::OverridesGetOwnPropertySlot | JSC::OverridesAnyFormOfGetPropertyNames | JSC::OverridesGetCallData;
template<typename CellType, JSC::SubspaceAccess>
static JSC::IsoSubspace* subspaceFor(JSC::VM& vm)
