[webkit-changes] [160735] branches/safari-537.74-branch/Source/JavaScriptCore

[matthew_hanson]

Title: [160735] branches/safari-537.74-branch/Source/_javascript_Core

Revision

160735

Author

matthew_han...@apple.com

Date

2013-12-17 16:20:38 -0800 (Tue, 17 Dec 2013)

Log Message

Merge the patch attached to <rdar://problem/15684269>

Modified Paths

• branches/safari-537.74-branch/Source/_javascript_Core/ChangeLog
• branches/safari-537.74-branch/Source/_javascript_Core/runtime/JSScope.cpp

Diff

Modified: branches/safari-537.74-branch/Source/_javascript_Core/ChangeLog (160734 => 160735)

--- branches/safari-537.74-branch/Source/_javascript_Core/ChangeLog	2013-12-18 00:16:31 UTC (rev 160734)
+++ branches/safari-537.74-branch/Source/_javascript_Core/ChangeLog	2013-12-18 00:20:38 UTC (rev 160735)
@@ -1,3 +1,19 @@
+2013-12-17  Matthew Hanson  <matthew_han...@apple.com>
+
+        Merge the patch attached to <rdar://problem/15684269>
+
+    2013-10-07  Oliver Hunt  <oli...@apple.com>
+
+            PutGlobalProperty doesn't kill specialised values
+
+            Reviewed by Geoff Garen.
+
+            When we're generating instructions to change a global property
+            we just pre-emptively despecialise it.
+
+            * runtime/JSScope.cpp:
+            (JSC::JSScope::resolveContainingScopeInternal):
+
 2013-12-11  Matthew Hanson  <matthew_han...@apple.com>
 
         Merge r154513

Modified: branches/safari-537.74-branch/Source/_javascript_Core/runtime/JSScope.cpp (160734 => 160735)

--- branches/safari-537.74-branch/Source/_javascript_Core/runtime/JSScope.cpp	2013-12-18 00:16:31 UTC (rev 160734)
+++ branches/safari-537.74-branch/Source/_javascript_Core/runtime/JSScope.cpp	2013-12-18 00:20:38 UTC (rev 160735)
@@ -301,6 +301,14 @@
                             operations->append(ResolveOperation::checkForDynamicEntriesBeforeGlobalScope());
 
                         if (putToBaseOperation) {
+                            unsigned currentAttributes;
+                            JSCell* currentSpecificFunction;
+                            PropertyOffset offset = globalObject->structure()->get(callFrame->vm(), identifier, currentAttributes, currentSpecificFunction);
+                            ASSERT_UNUSED(offset, offset != invalidOffset);
+                            ASSERT_UNUSED(offset, offset == slot.cachedOffset());
+                            // We just assume that we are clobbering the global specialisation
+                            if (currentSpecificFunction)
+                                globalObject->setStructure(callFrame->vm(), Structure::despecifyFunctionTransition(callFrame->vm(), globalObject->structure(), identifier));
                             putToBaseOperation->m_isDynamic = requiresDynamicChecks;
                             putToBaseOperation->m_kind = PutToBaseOperation::GlobalPropertyPut;
                             putToBaseOperation->m_structure.set(callFrame->vm(), callFrame->codeBlock()->ownerExecutable(), globalObject->structure());

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes