[webkit-changes] [292009] trunk/Source/JavaScriptCore

[mark . lam]

Title: [292009] trunk/Source/_javascript_Core

Revision

292009

Author

mark....@apple.com

Date

2022-03-28 16:48:31 -0700 (Mon, 28 Mar 2022)

Log Message

The lazy symbolObjectStructure should be realized before we allocate a SymbolObject.
https://bugs.webkit.org/show_bug.cgi?id=238474
<rdar://problem/90918765>

Reviewed by Yusuke Suzuki and Saam Barati.

We should not be allocating the symbolObjectStructure while in the middle of
initializing a SymbolObject.

* runtime/Symbol.cpp:
(JSC::Symbol::toObject const):
(JSC::SymbolObject::create): Deleted.
* runtime/SymbolObject.h:

Modified Paths

• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/runtime/Symbol.cpp
• trunk/Source/_javascript_Core/runtime/SymbolObject.h

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (292008 => 292009)

--- trunk/Source/_javascript_Core/ChangeLog	2022-03-28 23:31:02 UTC (rev 292008)
+++ trunk/Source/_javascript_Core/ChangeLog	2022-03-28 23:48:31 UTC (rev 292009)
@@ -1,3 +1,19 @@
+2022-03-28  Mark Lam  <mark....@apple.com>
+
+        The lazy symbolObjectStructure should be realized before we allocate a SymbolObject.
+        https://bugs.webkit.org/show_bug.cgi?id=238474
+        <rdar://problem/90918765>
+
+        Reviewed by Yusuke Suzuki and Saam Barati.
+
+        We should not be allocating the symbolObjectStructure while in the middle of
+        initializing a SymbolObject.
+
+        * runtime/Symbol.cpp:
+        (JSC::Symbol::toObject const):
+        (JSC::SymbolObject::create): Deleted.
+        * runtime/SymbolObject.h:
+
 2022-03-28  Chris Dumez  <cdu...@apple.com>
 
         Unreviewed, address post-landing review comment from Darin after r291972.

Modified: trunk/Source/_javascript_Core/runtime/Symbol.cpp (292008 => 292009)

--- trunk/Source/_javascript_Core/runtime/Symbol.cpp	2022-03-28 23:31:02 UTC (rev 292008)
+++ trunk/Source/_javascript_Core/runtime/Symbol.cpp	2022-03-28 23:48:31 UTC (rev 292009)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012-2021 Apple Inc. All rights reserved.
+ * Copyright (C) 2012-2022 Apple Inc. All rights reserved.
  * Copyright (C) 2015-2016 Yusuke Suzuki <utatane....@gmail.com>.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -60,13 +60,6 @@
     vm.symbolImplToSymbolMap.set(&m_privateName.uid(), this);
 }
 
-inline SymbolObject* SymbolObject::create(VM& vm, JSGlobalObject* globalObject, Symbol* symbol)
-{
-    SymbolObject* object = new (NotNull, allocateCell<SymbolObject>(vm)) SymbolObject(vm, globalObject->symbolObjectStructure());
-    object->finishCreation(vm, symbol);
-    return object;
-}
-
 JSValue Symbol::toPrimitive(JSGlobalObject*, PreferredPrimitiveType) const
 {
     return const_cast<Symbol*>(this);
@@ -74,7 +67,7 @@
 
 JSObject* Symbol::toObject(JSGlobalObject* globalObject) const
 {
-    return SymbolObject::create(globalObject->vm(), globalObject, const_cast<Symbol*>(this));
+    return SymbolObject::create(globalObject->vm(), globalObject->symbolObjectStructure(), const_cast<Symbol*>(this));
 }
 
 double Symbol::toNumber(JSGlobalObject* globalObject) const

Modified: trunk/Source/_javascript_Core/runtime/SymbolObject.h (292008 => 292009)

--- trunk/Source/_javascript_Core/runtime/SymbolObject.h	2022-03-28 23:31:02 UTC (rev 292008)
+++ trunk/Source/_javascript_Core/runtime/SymbolObject.h	2022-03-28 23:48:31 UTC (rev 292009)
@@ -49,7 +49,6 @@
         object->finishCreation(vm, symbol);
         return object;
     }
-    static SymbolObject* create(VM&, JSGlobalObject*, Symbol*);
 
     DECLARE_EXPORT_INFO;
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes