Title: [281207] branches/safari-612.1.27.0-branch
- Revision
- 281207
- Author
- [email protected]
- Date
- 2021-08-18 12:51:29 -0700 (Wed, 18 Aug 2021)
Log Message
Cherry-pick r280463. rdar://problem/82088775
definePropertyOnReceiver should check if receiver canPerformFastPutInline
https://bugs.webkit.org/show_bug.cgi?id=227963
<rdar://80259710>
Reviewed by Alexey Shvayka.
JSTests:
* stress/reflect-set-custom-value.js: Added.
Source/_javascript_Core:
definePropertyOnReceiver has a fast path if the slot is not opaque and the receiver doesn't
have a custom defineOwnProperty implementation, in which case it calls putInlineFast (and
transitively putDirectInternal<PutModePut>). The issue is that putDirectInternal does not
handle customValues correctly: it just overwrites the property without changing the attributes.
To fix that, we should first check if the property might be a custom value, and if that's the case
we now call `definePropertyOnReceiverSlow`, which has been updated to handle custom values correctly.
I also added assertions to putInlineFastReplacingStaticPropertyIfNeeded and putDirectInternal
to make sure we don't accidentally overwrite custom values in the future.
* runtime/JSObject.cpp:
(JSC::definePropertyOnReceiverSlow):
(JSC::JSObject::definePropertyOnReceiver):
(JSC::JSObject::putInlineFastReplacingStaticPropertyIfNeeded):
* runtime/JSObjectInlines.h:
(JSC::JSObject::putDirectInternal):
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@280463 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: branches/safari-612.1.27.0-branch/JSTests/ChangeLog (281206 => 281207)
--- branches/safari-612.1.27.0-branch/JSTests/ChangeLog 2021-08-18 19:13:37 UTC (rev 281206)
+++ branches/safari-612.1.27.0-branch/JSTests/ChangeLog 2021-08-18 19:51:29 UTC (rev 281207)
@@ -1,3 +1,47 @@
+2021-08-18 Russell Epstein <[email protected]>
+
+ Cherry-pick r280463. rdar://problem/82088775
+
+ definePropertyOnReceiver should check if receiver canPerformFastPutInline
+ https://bugs.webkit.org/show_bug.cgi?id=227963
+ <rdar://80259710>
+
+ Reviewed by Alexey Shvayka.
+
+ JSTests:
+
+ * stress/reflect-set-custom-value.js: Added.
+
+ Source/_javascript_Core:
+
+ definePropertyOnReceiver has a fast path if the slot is not opaque and the receiver doesn't
+ have a custom defineOwnProperty implementation, in which case it calls putInlineFast (and
+ transitively putDirectInternal<PutModePut>). The issue is that putDirectInternal does not
+ handle customValues correctly: it just overwrites the property without changing the attributes.
+ To fix that, we should first check if the property might be a custom value, and if that's the case
+ we now call `definePropertyOnReceiverSlow`, which has been updated to handle custom values correctly.
+ I also added assertions to putInlineFastReplacingStaticPropertyIfNeeded and putDirectInternal
+ to make sure we don't accidentally overwrite custom values in the future.
+
+ * runtime/JSObject.cpp:
+ (JSC::definePropertyOnReceiverSlow):
+ (JSC::JSObject::definePropertyOnReceiver):
+ (JSC::JSObject::putInlineFastReplacingStaticPropertyIfNeeded):
+ * runtime/JSObjectInlines.h:
+ (JSC::JSObject::putDirectInternal):
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@280463 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-07-29 Tadeu Zagallo <[email protected]>
+
+ definePropertyOnReceiver should check if receiver canPerformFastPutInline
+ https://bugs.webkit.org/show_bug.cgi?id=227963
+ <rdar://80259710>
+
+ Reviewed by Alexey Shvayka.
+
+ * stress/reflect-set-custom-value.js: Added.
+
2021-08-02 Yusuke Suzuki <[email protected]>
[JSC] Yarr BoyerMoore search should support character-class
Modified: branches/safari-612.1.27.0-branch/JSTests/stress/reflect-set-custom-value.js (281206 => 281207)
--- branches/safari-612.1.27.0-branch/JSTests/stress/reflect-set-custom-value.js 2021-08-18 19:13:37 UTC (rev 281206)
+++ branches/safari-612.1.27.0-branch/JSTests/stress/reflect-set-custom-value.js 2021-08-18 19:51:29 UTC (rev 281207)
@@ -1,14 +1,3 @@
-{
- // reified
- const testGetterSetter = $vm.createCustomTestGetterSetter();
- Reflect.set({}, 'customValue', 'foo', testGetterSetter);
- testGetterSetter.customValue = 42;
-}
-
-{
- // non-reified
- let tester = $vm.createStaticCustomValue();
- Reflect.set({}, "testStaticValueSetFlag", 'foo', tester);
- if (!tester.testStaticValueSetterCalled)
- throw new Error('Custom value overriden');
-}
+const testGetterSetter = $vm.createCustomTestGetterSetter();
+Reflect.set({}, 'customValue', 'foo', testGetterSetter);
+testGetterSetter.customValue = 42;
Modified: branches/safari-612.1.27.0-branch/Source/_javascript_Core/ChangeLog (281206 => 281207)
--- branches/safari-612.1.27.0-branch/Source/_javascript_Core/ChangeLog 2021-08-18 19:13:37 UTC (rev 281206)
+++ branches/safari-612.1.27.0-branch/Source/_javascript_Core/ChangeLog 2021-08-18 19:51:29 UTC (rev 281207)
@@ -1,5 +1,63 @@
2021-08-18 Russell Epstein <[email protected]>
+ Cherry-pick r280463. rdar://problem/82088775
+
+ definePropertyOnReceiver should check if receiver canPerformFastPutInline
+ https://bugs.webkit.org/show_bug.cgi?id=227963
+ <rdar://80259710>
+
+ Reviewed by Alexey Shvayka.
+
+ JSTests:
+
+ * stress/reflect-set-custom-value.js: Added.
+
+ Source/_javascript_Core:
+
+ definePropertyOnReceiver has a fast path if the slot is not opaque and the receiver doesn't
+ have a custom defineOwnProperty implementation, in which case it calls putInlineFast (and
+ transitively putDirectInternal<PutModePut>). The issue is that putDirectInternal does not
+ handle customValues correctly: it just overwrites the property without changing the attributes.
+ To fix that, we should first check if the property might be a custom value, and if that's the case
+ we now call `definePropertyOnReceiverSlow`, which has been updated to handle custom values correctly.
+ I also added assertions to putInlineFastReplacingStaticPropertyIfNeeded and putDirectInternal
+ to make sure we don't accidentally overwrite custom values in the future.
+
+ * runtime/JSObject.cpp:
+ (JSC::definePropertyOnReceiverSlow):
+ (JSC::JSObject::definePropertyOnReceiver):
+ (JSC::JSObject::putInlineFastReplacingStaticPropertyIfNeeded):
+ * runtime/JSObjectInlines.h:
+ (JSC::JSObject::putDirectInternal):
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@280463 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-07-29 Tadeu Zagallo <[email protected]>
+
+ definePropertyOnReceiver should check if receiver canPerformFastPutInline
+ https://bugs.webkit.org/show_bug.cgi?id=227963
+ <rdar://80259710>
+
+ Reviewed by Alexey Shvayka.
+
+ definePropertyOnReceiver has a fast path if the slot is not opaque and the receiver doesn't
+ have a custom defineOwnProperty implementation, in which case it calls putInlineFast (and
+ transitively putDirectInternal<PutModePut>). The issue is that putDirectInternal does not
+ handle customValues correctly: it just overwrites the property without changing the attributes.
+ To fix that, we should first check if the property might be a custom value, and if that's the case
+ we now call `definePropertyOnReceiverSlow`, which has been updated to handle custom values correctly.
+ I also added assertions to putInlineFastReplacingStaticPropertyIfNeeded and putDirectInternal
+ to make sure we don't accidentally overwrite custom values in the future.
+
+ * runtime/JSObject.cpp:
+ (JSC::definePropertyOnReceiverSlow):
+ (JSC::JSObject::definePropertyOnReceiver):
+ (JSC::JSObject::putInlineFastReplacingStaticPropertyIfNeeded):
+ * runtime/JSObjectInlines.h:
+ (JSC::JSObject::putDirectInternal):
+
+2021-08-18 Russell Epstein <[email protected]>
+
Cherry-pick r281178. rdar://problem/82083485
Add an option for canonicalizePrePostIncrements
Modified: branches/safari-612.1.27.0-branch/Source/_javascript_Core/runtime/JSObject.cpp (281206 => 281207)
--- branches/safari-612.1.27.0-branch/Source/_javascript_Core/runtime/JSObject.cpp 2021-08-18 19:13:37 UTC (rev 281206)
+++ branches/safari-612.1.27.0-branch/Source/_javascript_Core/runtime/JSObject.cpp 2021-08-18 19:51:29 UTC (rev 281207)
@@ -942,7 +942,8 @@
RELEASE_AND_RETURN(scope, customSetter(structure->globalObject(), JSValue::encode(this), JSValue::encode(value), propertyName));
}
// Avoid PutModePut because it fails for non-extensible structures.
- putDirect(vm, propertyName, value, attributesForStructure(entry->value->attributes()) & ~PropertyAttribute::CustomValue, slot);
+ ASSERT(!(entry->value->attributes() & PropertyAttribute::CustomValue));
+ putDirect(vm, propertyName, value, attributesForStructure(entry->value->attributes()), slot);
return true;
}
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
