[webkit-changes] [WebKit/WebKit] ecb799: [JSC] Shouldn't use the fast path of copying index...

Thu, 28 Sep 2023 00:22:55 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: ecb799021d899bd16a98c35ef40279b4f8ee3596
      
https://github.com/WebKit/WebKit/commit/ecb799021d899bd16a98c35ef40279b4f8ee3596
  Author: Yijia Huang <[email protected]>
  Date:   2023-09-28 (Thu, 28 Sep 2023)

  Changed paths:
    A JSTests/stress/object-assign-with-indexed-getter-setter-properties.js
    M Source/JavaScriptCore/runtime/JSObject.cpp
    M Source/JavaScriptCore/runtime/JSObject.h
    M Source/JavaScriptCore/runtime/JSObjectInlines.h
    M Source/JavaScriptCore/runtime/ObjectConstructor.cpp
    M Source/JavaScriptCore/runtime/ObjectConstructorInlines.h
    M Source/JavaScriptCore/runtime/SparseArrayValueMap.cpp
    M Source/JavaScriptCore/runtime/SparseArrayValueMap.h

  Log Message:
  -----------
  [JSC] Shouldn't use the fast path of copying indexed properties if saw 
indexed GetterSetter properties
https://bugs.webkit.org/show_bug.cgi?id=262228
rdar://115790723

Reviewed by Yusuke Suzuki.

Previously, we introduced a fast path for `Object.assign` by copying
indexed properties directly (https://commits.webkit.org/267797@main).
This is wrong since indexed properties may contain getter or setter
properties which have side effects. So, we should avoid to use the
fast path of copying indexed properties when saw any indexed getter
or setter property.

* Source/JavaScriptCore/runtime/JSObject.cpp:
(JSC::putIndexedDescriptor):
* Source/JavaScriptCore/runtime/JSObject.h:
(JSC::JSObject::canHaveExistingOwnIndexedGetterSetterProperties):
* Source/JavaScriptCore/runtime/JSObjectInlines.h:
(JSC::JSObject::forEachOwnIndexedProperty):
(JSC::JSObject::forEachIndexedProperty): Deleted.
* Source/JavaScriptCore/runtime/ObjectConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/runtime/ObjectConstructorInlines.h:
(JSC::objectAssignIndexedPropertiesFast):
(JSC::objectAssignFast):
* Source/JavaScriptCore/runtime/SparseArrayValueMap.cpp:
(JSC::SparseArrayEntry::get const):
* Source/JavaScriptCore/runtime/SparseArrayValueMap.h:
(JSC::SparseArrayEntry::SparseArrayEntry):
(JSC::SparseArrayEntry::attributes const):
(JSC::SparseArrayEntry::forceSet):
(JSC::SparseArrayEntry::asValue):

Canonical link: https://commits.webkit.org/268567@main


_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to