Diff
Modified: trunk/Source/_javascript_Core/API/JSObjectRef.cpp (197645 => 197646)
--- trunk/Source/_javascript_Core/API/JSObjectRef.cpp 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/API/JSObjectRef.cpp 2016-03-06 23:12:08 UTC (rev 197646)
@@ -267,8 +267,8 @@
ExecState* exec = toJS(ctx);
JSLockHolder locker(exec);
- JSObject* jsObject = toJS(object);
- return toRef(exec, jsObject->getPrototypeDirect());
+ JSObject* jsObject = toJS(object);
+ return toRef(exec, jsObject->prototype());
}
void JSObjectSetPrototype(JSContextRef ctx, JSObjectRef object, JSValueRef value)
Modified: trunk/Source/_javascript_Core/ChangeLog (197645 => 197646)
--- trunk/Source/_javascript_Core/ChangeLog 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/ChangeLog 2016-03-06 23:12:08 UTC (rev 197646)
@@ -1,3 +1,18 @@
+2016-03-06 Commit Queue <commit-qu...@webkit.org>
+
+ Unreviewed, rolling out r197645.
+ https://bugs.webkit.org/show_bug.cgi?id=155097
+
+ "Doesn't build properly when building entire webkit"
+ (Requested by saamyjoon on #webkit).
+
+ Reverted changeset:
+
+ "[[GetPrototypeOf]] should be a fully virtual method in the
+ method table"
+ https://bugs.webkit.org/show_bug.cgi?id=155002
+ http://trac.webkit.org/changeset/197645
+
2016-03-06 Saam barati <sbar...@apple.com>
[[GetPrototypeOf]] should be a fully virtual method in the method table
Modified: trunk/Source/_javascript_Core/dfg/DFGOperations.cpp (197645 => 197646)
--- trunk/Source/_javascript_Core/dfg/DFGOperations.cpp 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/dfg/DFGOperations.cpp 2016-03-06 23:12:08 UTC (rev 197646)
@@ -1392,15 +1392,6 @@
return tryConvertToInt52(value);
}
-size_t JIT_OPERATION operationDefaultHasInstance(ExecState* exec, JSCell* value, JSCell* proto) // Returns jsBoolean(True|False) on 64-bit.
-{
- VM* vm = &exec->vm();
- NativeCallFrameTracer tracer(vm, exec);
- if (JSObject::defaultHasInstance(exec, value, proto))
- return 1;
- return 0;
-}
-
void JIT_OPERATION operationProcessTypeProfilerLogDFG(ExecState* exec)
{
exec->vm().typeProfilerLog()->processLogEntries(ASCIILiteral("Log Full, called from inside DFG."));
Modified: trunk/Source/_javascript_Core/dfg/DFGOperations.h (197645 => 197646)
--- trunk/Source/_javascript_Core/dfg/DFGOperations.h 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/dfg/DFGOperations.h 2016-03-06 23:12:08 UTC (rev 197646)
@@ -155,8 +155,6 @@
int64_t JIT_OPERATION operationConvertBoxedDoubleToInt52(EncodedJSValue);
int64_t JIT_OPERATION operationConvertDoubleToInt52(double);
-size_t JIT_OPERATION operationDefaultHasInstance(ExecState*, JSCell* value, JSCell* proto);
-
void JIT_OPERATION operationProcessTypeProfilerLogDFG(ExecState*) WTF_INTERNAL;
void JIT_OPERATION debugOperationPrintSpeculationFailure(ExecState*, void*, void*) WTF_INTERNAL;
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (197645 => 197646)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2016-03-06 23:12:08 UTC (rev 197646)
@@ -2740,8 +2740,6 @@
// Walk up the prototype chain of the value (in scratchReg), comparing to prototypeReg.
MacroAssembler::Label loop(&m_jit);
- MacroAssembler::Jump performDefaultHasInstance = m_jit.branch8(MacroAssembler::Equal,
- MacroAssembler::Address(scratchReg, JSCell::typeInfoTypeOffset()), TrustedImm32(ProxyObjectType));
m_jit.emitLoadStructure(scratchReg, scratchReg, scratch2Reg);
m_jit.loadPtr(MacroAssembler::Address(scratchReg, Structure::prototypeOffset() + CellPayloadOffset), scratchReg);
MacroAssembler::Jump isInstance = m_jit.branchPtr(MacroAssembler::Equal, scratchReg, prototypeReg);
@@ -2757,18 +2755,7 @@
#else
m_jit.move(MacroAssembler::TrustedImm32(0), scratchReg);
#endif
- MacroAssembler::JumpList doneJumps;
- doneJumps.append(m_jit.jump());
-
- performDefaultHasInstance.link(&m_jit);
- silentSpillAllRegisters(scratchReg);
- callOperation(operationDefaultHasInstance, scratchReg, valueReg, prototypeReg);
- silentFillAllRegisters(scratchReg);
- m_jit.exceptionCheck();
-#if USE(JSVALUE64)
- m_jit.or32(TrustedImm32(ValueFalse), scratchReg);
-#endif
- doneJumps.append(m_jit.jump());
+ MacroAssembler::Jump putResult = m_jit.jump();
isInstance.link(&m_jit);
#if USE(JSVALUE64)
@@ -2777,7 +2764,7 @@
m_jit.move(MacroAssembler::TrustedImm32(1), scratchReg);
#endif
- doneJumps.link(&m_jit);
+ putResult.link(&m_jit);
}
void SpeculativeJIT::compileCheckTypeInfoFlags(Node* node)
Modified: trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp (197645 => 197646)
--- trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2016-03-06 23:12:08 UTC (rev 197646)
@@ -5947,8 +5947,6 @@
LBasicBlock loop = FTL_NEW_BLOCK(m_out, ("InstanceOf loop"));
LBasicBlock notYetInstance = FTL_NEW_BLOCK(m_out, ("InstanceOf not yet instance"));
LBasicBlock continuation = FTL_NEW_BLOCK(m_out, ("InstanceOf continuation"));
- LBasicBlock loadPrototypeDirect = FTL_NEW_BLOCK(m_out, ("Instanceof defaultPrototypeFunction"));
- LBasicBlock defaultHasInstanceSlow = FTL_NEW_BLOCK(m_out, ("Instanceof defaultPrototypeFunction"));
LValue condition;
if (m_node->child1().useKind() == UntypedUse)
@@ -5966,14 +5964,8 @@
ValueFromBlock originalValue = m_out.anchor(cell);
m_out.jump(loop);
- m_out.appendTo(loop, loadPrototypeDirect);
+ m_out.appendTo(loop, notYetInstance);
LValue value = m_out.phi(m_out.int64, originalValue);
- LValue type = m_out.load8ZeroExt32(value, m_heaps.JSCell_typeInfoType);
- m_out.branch(
- m_out.notEqual(type, m_out.constInt32(ProxyObjectType)),
- usually(loadPrototypeDirect), rarely(defaultHasInstanceSlow));
-
- m_out.appendTo(loadPrototypeDirect, notYetInstance);
LValue structure = loadStructure(value);
LValue currentPrototype = m_out.load64(structure, m_heaps.Structure_prototype);
ValueFromBlock isInstanceResult = m_out.anchor(m_out.booleanTrue);
@@ -5981,22 +5973,14 @@
m_out.equal(currentPrototype, prototype),
unsure(continuation), unsure(notYetInstance));
- m_out.appendTo(notYetInstance, defaultHasInstanceSlow);
+ m_out.appendTo(notYetInstance, continuation);
ValueFromBlock notInstanceResult = m_out.anchor(m_out.booleanFalse);
m_out.addIncomingToPhi(value, m_out.anchor(currentPrototype));
m_out.branch(isCell(currentPrototype), unsure(loop), unsure(continuation));
-
- m_out.appendTo(defaultHasInstanceSlow, continuation);
- // We can use the value that we're looping with because we
- // can just continue off from wherever we bailed from the
- // loop.
- ValueFromBlock defaultHasInstanceResult = m_out.anchor(
- vmCall(m_out.boolean, m_out.operation(operationDefaultHasInstance), m_callFrame, value, prototype));
- m_out.jump(continuation);
m_out.appendTo(continuation, lastNext);
setBoolean(
- m_out.phi(m_out.boolean, notCellResult, isInstanceResult, notInstanceResult, defaultHasInstanceResult));
+ m_out.phi(m_out.boolean, notCellResult, isInstanceResult, notInstanceResult));
}
void compileInstanceOfCustom()
Modified: trunk/Source/_javascript_Core/jit/JITOpcodes.cpp (197645 => 197646)
--- trunk/Source/_javascript_Core/jit/JITOpcodes.cpp 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/jit/JITOpcodes.cpp 2016-03-06 23:12:08 UTC (rev 197646)
@@ -153,8 +153,6 @@
move(TrustedImm64(JSValue::encode(jsBoolean(true))), regT0);
Label loop(this);
- addSlowCase(branch8(Equal, Address(regT2, JSCell::typeInfoTypeOffset()), TrustedImm32(ProxyObjectType)));
-
// Load the prototype of the object in regT2. If this is equal to regT1 - WIN!
// Otherwise, check if we've hit null - if we have then drop out of the loop, if not go again.
emitLoadStructure(regT2, regT2, regT3);
@@ -859,7 +857,6 @@
linkSlowCaseIfNotJSCell(iter, value);
linkSlowCaseIfNotJSCell(iter, proto);
linkSlowCase(iter);
- linkSlowCase(iter);
emitGetVirtualRegister(value, regT0);
emitGetVirtualRegister(proto, regT1);
callOperation(operationInstanceOf, dst, regT0, regT1);
Modified: trunk/Source/_javascript_Core/jit/JITOpcodes32_64.cpp (197645 => 197646)
--- trunk/Source/_javascript_Core/jit/JITOpcodes32_64.cpp 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/jit/JITOpcodes32_64.cpp 2016-03-06 23:12:08 UTC (rev 197646)
@@ -233,8 +233,6 @@
move(TrustedImm32(1), regT0);
Label loop(this);
- addSlowCase(branch8(Equal, Address(regT2, JSCell::typeInfoTypeOffset()), TrustedImm32(ProxyObjectType)));
-
// Load the prototype of the cell in regT2. If this is equal to regT1 - WIN!
// Otherwise, check if we've hit null - if we have then drop out of the loop, if not go again.
loadPtr(Address(regT2, JSCell::structureIDOffset()), regT2);
@@ -265,7 +263,6 @@
linkSlowCaseIfNotJSCell(iter, value);
linkSlowCaseIfNotJSCell(iter, proto);
linkSlowCase(iter);
- linkSlowCase(iter);
emitLoad(value, regT1, regT0);
emitLoad(proto, regT3, regT2);
Modified: trunk/Source/_javascript_Core/jit/JITOperations.cpp (197645 => 197646)
--- trunk/Source/_javascript_Core/jit/JITOperations.cpp 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/jit/JITOperations.cpp 2016-03-06 23:12:08 UTC (rev 197646)
@@ -1779,6 +1779,8 @@
JSValue value = JSValue::decode(encodedValue);
JSValue proto = JSValue::decode(encodedProto);
+ ASSERT(!value.isObject() || !proto.isObject());
+
bool result = JSObject::defaultHasInstance(exec, value, proto);
return JSValue::encode(jsBoolean(result));
}
Modified: trunk/Source/_javascript_Core/jit/JITOperations.h (197645 => 197646)
--- trunk/Source/_javascript_Core/jit/JITOperations.h 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/jit/JITOperations.h 2016-03-06 23:12:08 UTC (rev 197646)
@@ -196,7 +196,6 @@
typedef int32_t JIT_OPERATION (*Z_JITOperation_D)(double);
typedef int32_t JIT_OPERATION (*Z_JITOperation_E)(ExecState*);
typedef int32_t JIT_OPERATION (*Z_JITOperation_EC)(ExecState*, JSCell*);
-typedef int32_t JIT_OPERATION (*Z_JITOperation_ECC)(ExecState*, JSCell*, JSCell*);
typedef int32_t JIT_OPERATION (*Z_JITOperation_EGC)(ExecState*, JSGlobalObject*, JSCell*);
typedef int32_t JIT_OPERATION (*Z_JITOperation_ESJss)(ExecState*, size_t, JSString*);
typedef int32_t JIT_OPERATION (*Z_JITOperation_EJ)(ExecState*, EncodedJSValue);
Modified: trunk/Source/_javascript_Core/jsc.cpp (197645 => 197646)
--- trunk/Source/_javascript_Core/jsc.cpp 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/jsc.cpp 2016-03-06 23:12:08 UTC (rev 197646)
@@ -1228,7 +1228,7 @@
if (!target.isObject())
return JSValue::encode(jsUndefined());
JSObject* jsTarget = asObject(target.asCell());
- Structure* structure = JSProxy::createStructure(exec->vm(), exec->lexicalGlobalObject(), jsTarget->getPrototypeDirect());
+ Structure* structure = JSProxy::createStructure(exec->vm(), exec->lexicalGlobalObject(), jsTarget->prototype());
JSProxy* proxy = JSProxy::create(exec->vm(), structure, jsTarget);
return JSValue::encode(proxy);
}
Modified: trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp (197645 => 197646)
--- trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp 2016-03-06 23:12:08 UTC (rev 197646)
@@ -526,6 +526,7 @@
LLINT_BEGIN();
JSValue value = LLINT_OP_C(2).jsValue();
JSValue proto = LLINT_OP_C(3).jsValue();
+ ASSERT(!value.isObject() || !proto.isObject());
LLINT_RETURN(jsBoolean(JSObject::defaultHasInstance(exec, value, proto)));
}
Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter.asm (197645 => 197646)
--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter.asm 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter.asm 2016-03-06 23:12:08 UTC (rev 197646)
@@ -1706,12 +1706,7 @@
callSlowPath(_slow_path_copy_rest)
dispatch(4)
-_llint_op_instanceof:
- traceExecution()
- callSlowPath(_llint_slow_path_instanceof)
- dispatch(4)
-
# Lastly, make sure that we can link even though we don't support all opcodes.
# These opcodes should never arise when using LLInt or either JIT. We assert
# as much.
Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm (197645 => 197646)
--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm 2016-03-06 23:12:08 UTC (rev 197646)
@@ -1206,6 +1206,34 @@
storei 1, PayloadOffset[cfr, t3, 8]
dispatch(4)
+_llint_op_instanceof:
+ traceExecution()
+ # Actually do the work.
+ loadi 12[PC], t0
+ loadi 4[PC], t3
+ loadConstantOrVariablePayload(t0, CellTag, t1, .opInstanceofSlow)
+ bbb JSCell::m_type[t1], ObjectType, .opInstanceofSlow
+ loadi 8[PC], t0
+ loadConstantOrVariablePayload(t0, CellTag, t2, .opInstanceofSlow)
+
+ # Register state: t1 = prototype, t2 = value
+ move 1, t0
+.opInstanceofLoop:
+ loadp JSCell::m_structureID[t2], t2
+ loadi Structure::m_prototype + PayloadOffset[t2], t2
+ bpeq t2, t1, .opInstanceofDone
+ btinz t2, .opInstanceofLoop
+
+ move 0, t0
+.opInstanceofDone:
+ storei BooleanTag, TagOffset[cfr, t3, 8]
+ storei t0, PayloadOffset[cfr, t3, 8]
+ dispatch(4)
+
+.opInstanceofSlow:
+ callSlowPath(_llint_slow_path_instanceof)
+ dispatch(4)
+
_llint_op_instanceof_custom:
traceExecution()
callSlowPath(_llint_slow_path_instanceof_custom)
Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm (197645 => 197646)
--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm 2016-03-06 23:12:08 UTC (rev 197646)
@@ -1093,6 +1093,34 @@
dispatch(4)
+_llint_op_instanceof:
+ traceExecution()
+ # Actually do the work.
+ loadisFromInstruction(3, t0)
+ loadConstantOrVariableCell(t0, t1, .opInstanceofSlow)
+ bbb JSCell::m_type[t1], ObjectType, .opInstanceofSlow
+ loadisFromInstruction(2, t0)
+ loadConstantOrVariableCell(t0, t2, .opInstanceofSlow)
+
+ # Register state: t1 = prototype, t2 = value
+ move 1, t0
+.opInstanceofLoop:
+ loadStructureAndClobberFirstArg(t2, t3)
+ loadq Structure::m_prototype[t3], t2
+ bqeq t2, t1, .opInstanceofDone
+ btqz t2, tagMask, .opInstanceofLoop
+
+ move 0, t0
+.opInstanceofDone:
+ orq ValueFalse, t0
+ loadisFromInstruction(1, t3)
+ storeq t0, [cfr, t3, 8]
+ dispatch(4)
+
+.opInstanceofSlow:
+ callSlowPath(_llint_slow_path_instanceof)
+ dispatch(4)
+
_llint_op_instanceof_custom:
traceExecution()
callSlowPath(_llint_slow_path_instanceof_custom)
Modified: trunk/Source/_javascript_Core/runtime/ArrayPrototype.cpp (197645 => 197646)
--- trunk/Source/_javascript_Core/runtime/ArrayPrototype.cpp 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/runtime/ArrayPrototype.cpp 2016-03-06 23:12:08 UTC (rev 197646)
@@ -184,7 +184,7 @@
// Fast path in the normal case where the user has not set an own constructor and the Array.prototype.constructor is normal.
// We need prototype check for subclasses of Array, which are Array objects but have a different prototype by default.
if (LIKELY(!thisObject->hasCustomProperties()
- && thisObject->globalObject()->arrayPrototype() == thisObject->getPrototypeDirect()
+ && thisObject->globalObject()->arrayPrototype() == thisObject->prototype()
&& !thisObject->globalObject()->arrayPrototype()->didChangeConstructorOrSpeciesProperties()))
return std::make_pair(SpeciesConstructResult::FastPath, nullptr);
Modified: trunk/Source/_javascript_Core/runtime/ClassInfo.h (197645 => 197646)
--- trunk/Source/_javascript_Core/runtime/ClassInfo.h 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/runtime/ClassInfo.h 2016-03-06 23:12:08 UTC (rev 197646)
@@ -112,9 +112,6 @@
typedef bool (*SetPrototypeFunctionPtr)(JSObject*, ExecState*, JSValue, bool shouldThrowIfCantSet);
SetPrototypeFunctionPtr setPrototype;
- typedef JSValue (*GetPrototypeFunctionPtr)(JSObject*, ExecState*);
- GetPrototypeFunctionPtr getPrototype;
-
typedef void (*DumpToStreamFunctionPtr)(const JSCell*, PrintStream&);
DumpToStreamFunctionPtr dumpToStream;
@@ -169,7 +166,6 @@
&ClassName::preventExtensions, \
&ClassName::isExtensible, \
&ClassName::setPrototype, \
- &ClassName::getPrototype, \
&ClassName::dumpToStream, \
&ClassName::estimatedSize \
}, \
Modified: trunk/Source/_javascript_Core/runtime/FunctionPrototype.cpp (197645 => 197646)
--- trunk/Source/_javascript_Core/runtime/FunctionPrototype.cpp 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/runtime/FunctionPrototype.cpp 2016-03-06 23:12:08 UTC (rev 197646)
@@ -168,7 +168,7 @@
}
JSString* name = target.get(exec, exec->propertyNames().name).toString(exec);
- return JSValue::encode(JSBoundFunction::create(vm, exec, globalObject, targetObject, exec->argument(0), boundArgs, length, name->value(exec)));
+ return JSValue::encode(JSBoundFunction::create(vm, globalObject, targetObject, exec->argument(0), boundArgs, length, name->value(exec)));
}
} // namespace JSC
Modified: trunk/Source/_javascript_Core/runtime/IntlCollatorPrototype.cpp (197645 => 197646)
--- trunk/Source/_javascript_Core/runtime/IntlCollatorPrototype.cpp 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/runtime/IntlCollatorPrototype.cpp 2016-03-06 23:12:08 UTC (rev 197646)
@@ -129,9 +129,7 @@
return JSValue::encode(throwOutOfMemoryError(state));
// c. Let bc be BoundFunctionCreate(F, «this value»).
- boundCompare = JSBoundFunction::create(vm, state, globalObject, targetObject, collator, boundArgs, 2, ASCIILiteral("compare"));
- if (vm.exception())
- return JSValue::encode(JSValue());
+ boundCompare = JSBoundFunction::create(vm, globalObject, targetObject, collator, boundArgs, 2, ASCIILiteral("compare"));
// d. Set collator.[[boundCompare]] to bc.
collator->setBoundCompare(vm, boundCompare);
}
Modified: trunk/Source/_javascript_Core/runtime/IntlDateTimeFormatPrototype.cpp (197645 => 197646)
--- trunk/Source/_javascript_Core/runtime/IntlDateTimeFormatPrototype.cpp 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/runtime/IntlDateTimeFormatPrototype.cpp 2016-03-06 23:12:08 UTC (rev 197646)
@@ -134,9 +134,7 @@
return JSValue::encode(throwOutOfMemoryError(state));
// c. Let bf be BoundFunctionCreate(F, «this value»).
- boundFormat = JSBoundFunction::create(vm, state, globalObject, targetObject, dtf, boundArgs, 1, ASCIILiteral("format"));
- if (vm.exception())
- return JSValue::encode(JSValue());
+ boundFormat = JSBoundFunction::create(vm, globalObject, targetObject, dtf, boundArgs, 1, ASCIILiteral("format"));
// d. Set dtf.[[boundFormat]] to bf.
dtf->setBoundFormat(vm, boundFormat);
}
Modified: trunk/Source/_javascript_Core/runtime/IntlNumberFormatPrototype.cpp (197645 => 197646)
--- trunk/Source/_javascript_Core/runtime/IntlNumberFormatPrototype.cpp 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/runtime/IntlNumberFormatPrototype.cpp 2016-03-06 23:12:08 UTC (rev 197646)
@@ -122,9 +122,7 @@
return JSValue::encode(throwOutOfMemoryError(state));
// c. Let bf be BoundFunctionCreate(F, «this value»).
- boundFormat = JSBoundFunction::create(vm, state, globalObject, targetObject, nf, boundArgs, 1, ASCIILiteral("format"));
- if (vm.exception())
- return JSValue::encode(JSValue());
+ boundFormat = JSBoundFunction::create(vm, globalObject, targetObject, nf, boundArgs, 1, ASCIILiteral("format"));
// d. Set nf.[[boundFormat]] to bf.
nf->setBoundFormat(vm, boundFormat);
}
Modified: trunk/Source/_javascript_Core/runtime/JSBoundFunction.cpp (197645 => 197646)
--- trunk/Source/_javascript_Core/runtime/JSBoundFunction.cpp 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/runtime/JSBoundFunction.cpp 2016-03-06 23:12:08 UTC (rev 197646)
@@ -87,11 +87,9 @@
return JSValue::encode(jsBoolean(boundObject->targetFunction()->hasInstance(exec, value)));
}
-inline Structure* getBoundFunctionStructure(VM& vm, ExecState* exec, JSGlobalObject* globalObject, JSObject* targetFunction)
+inline Structure* getBoundFunctionStructure(VM& vm, JSGlobalObject* globalObject, JSObject* targetFunction)
{
- JSValue prototype = targetFunction->getPrototype(vm, exec);
- if (UNLIKELY(vm.exception()))
- return nullptr;
+ JSValue prototype = targetFunction->structure(vm)->storedPrototype();
JSFunction* targetJSFunction = jsDynamicCast<JSFunction*>(targetFunction);
// We only cache the structure of the bound function if the bindee is a JSFunction since there
@@ -119,15 +117,13 @@
return result;
}
-JSBoundFunction* JSBoundFunction::create(VM& vm, ExecState* exec, JSGlobalObject* globalObject, JSObject* targetFunction, JSValue boundThis, JSValue boundArgs, int length, const String& name)
+JSBoundFunction* JSBoundFunction::create(VM& vm, JSGlobalObject* globalObject, JSObject* targetFunction, JSValue boundThis, JSValue boundArgs, int length, const String& name)
{
ConstructData constructData;
ConstructType constructType = JSC::getConstructData(targetFunction, constructData);
bool canConstruct = constructType != ConstructType::None;
NativeExecutable* executable = vm.getHostFunction(boundFunctionCall, canConstruct ? boundFunctionConstruct : callHostFunctionAsConstructor, ASCIILiteral("Function.prototype.bind result"));
- Structure* structure = getBoundFunctionStructure(vm, exec, globalObject, targetFunction);
- if (UNLIKELY(vm.exception()))
- return nullptr;
+ Structure* structure = getBoundFunctionStructure(vm, globalObject, targetFunction);
JSBoundFunction* function = new (NotNull, allocateCell<JSBoundFunction>(vm.heap)) JSBoundFunction(vm, globalObject, structure, targetFunction, boundThis, boundArgs);
function->finishCreation(vm, executable, length, makeString("bound ", name));
Modified: trunk/Source/_javascript_Core/runtime/JSBoundFunction.h (197645 => 197646)
--- trunk/Source/_javascript_Core/runtime/JSBoundFunction.h 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/runtime/JSBoundFunction.h 2016-03-06 23:12:08 UTC (rev 197646)
@@ -40,7 +40,7 @@
typedef JSFunction Base;
const static unsigned StructureFlags = ~ImplementsDefaultHasInstance & Base::StructureFlags;
- static JSBoundFunction* create(VM&, ExecState*, JSGlobalObject*, JSObject* targetFunction, JSValue boundThis, JSValue boundArgs, int, const String&);
+ static JSBoundFunction* create(VM&, JSGlobalObject*, JSObject* targetFunction, JSValue boundThis, JSValue boundArgs, int, const String&);
static bool customHasInstance(JSObject*, ExecState*, JSValue);
Modified: trunk/Source/_javascript_Core/runtime/JSCJSValue.cpp (197645 => 197646)
--- trunk/Source/_javascript_Core/runtime/JSCJSValue.cpp 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/runtime/JSCJSValue.cpp 2016-03-06 23:12:08 UTC (rev 197646)
@@ -143,7 +143,7 @@
JSValue prototype;
if (propertyName != exec->propertyNames().underscoreProto) {
for (; !obj->structure()->hasReadOnlyOrGetterSetterPropertiesExcludingProto(); obj = asObject(prototype)) {
- prototype = obj->getPrototypeDirect();
+ prototype = obj->prototype();
if (prototype.isNull()) {
if (slot.isStrictMode())
throwTypeError(exec, StrictModeReadonlyPropertyWriteError);
@@ -178,9 +178,7 @@
break;
}
- prototype = obj->getPrototype(vm, exec);
- if (vm.exception())
- return;
+ prototype = obj->prototype();
if (prototype.isNull())
break;
}
Modified: trunk/Source/_javascript_Core/runtime/JSCell.cpp (197645 => 197646)
--- trunk/Source/_javascript_Core/runtime/JSCell.cpp 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/runtime/JSCell.cpp 2016-03-06 23:12:08 UTC (rev 197646)
@@ -285,9 +285,4 @@
RELEASE_ASSERT_NOT_REACHED();
}
-JSValue JSCell::getPrototype(JSObject*, ExecState*)
-{
- RELEASE_ASSERT_NOT_REACHED();
-}
-
} // namespace JSC
Modified: trunk/Source/_javascript_Core/runtime/JSCell.h (197645 => 197646)
--- trunk/Source/_javascript_Core/runtime/JSCell.h 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/runtime/JSCell.h 2016-03-06 23:12:08 UTC (rev 197646)
@@ -209,7 +209,6 @@
static NO_RETURN_DUE_TO_CRASH bool preventExtensions(JSObject*, ExecState*);
static NO_RETURN_DUE_TO_CRASH bool isExtensible(JSObject*, ExecState*);
static NO_RETURN_DUE_TO_CRASH bool setPrototype(JSObject*, ExecState*, JSValue, bool);
- static NO_RETURN_DUE_TO_CRASH JSValue getPrototype(JSObject*, ExecState*);
static String className(const JSObject*);
JS_EXPORT_PRIVATE static bool customHasInstance(JSObject*, ExecState*, JSValue);
Modified: trunk/Source/_javascript_Core/runtime/JSGlobalObject.cpp (197645 => 197646)
--- trunk/Source/_javascript_Core/runtime/JSGlobalObject.cpp 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/runtime/JSGlobalObject.cpp 2016-03-06 23:12:08 UTC (rev 197646)
@@ -613,7 +613,7 @@
putDirectWithoutTransition(vm, Identifier::fromString(exec, "$vm"), dollarVM, DontEnum);
}
- resetPrototype(vm, getPrototypeDirect());
+ resetPrototype(vm, prototype());
}
bool JSGlobalObject::hasLegacyProfiler() const
@@ -669,8 +669,8 @@
static inline JSObject* lastInPrototypeChain(JSObject* object)
{
JSObject* o = object;
- while (o->getPrototypeDirect().isObject())
- o = asObject(o->getPrototypeDirect());
+ while (o->prototype().isObject())
+ o = asObject(o->prototype());
return o;
}
@@ -726,7 +726,7 @@
break;
}
- JSValue prototypeValue = current->getPrototypeDirect();
+ JSValue prototypeValue = current->prototype();
if (prototypeValue.isNull())
break;
current = asObject(prototypeValue);
@@ -785,20 +785,20 @@
bool JSGlobalObject::objectPrototypeIsSane()
{
return !hasIndexedProperties(m_objectPrototype->indexingType())
- && m_objectPrototype->getPrototypeDirect().isNull();
+ && m_objectPrototype->prototype().isNull();
}
bool JSGlobalObject::arrayPrototypeChainIsSane()
{
return !hasIndexedProperties(m_arrayPrototype->indexingType())
- && m_arrayPrototype->getPrototypeDirect() == m_objectPrototype.get()
+ && m_arrayPrototype->prototype() == m_objectPrototype.get()
&& objectPrototypeIsSane();
}
bool JSGlobalObject::stringPrototypeChainIsSane()
{
return !hasIndexedProperties(m_stringPrototype->indexingType())
- && m_stringPrototype->getPrototypeDirect() == m_objectPrototype.get()
+ && m_stringPrototype->prototype() == m_objectPrototype.get()
&& objectPrototypeIsSane();
}
Modified: trunk/Source/_javascript_Core/runtime/JSGlobalObject.h (197645 => 197646)
--- trunk/Source/_javascript_Core/runtime/JSGlobalObject.h 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/runtime/JSGlobalObject.h 2016-03-06 23:12:08 UTC (rev 197646)
@@ -379,7 +379,7 @@
structure()->setGlobalObject(vm, this);
m_runtimeFlags = m_globalObjectMethodTable->_javascript_RuntimeFlags(this);
init(vm);
- setGlobalThis(vm, JSProxy::create(vm, JSProxy::createStructure(vm, this, getPrototypeDirect(), PureForwardingProxyType), this));
+ setGlobalThis(vm, JSProxy::create(vm, JSProxy::createStructure(vm, this, prototype(), PureForwardingProxyType), this));
}
void finishCreation(VM& vm, JSObject* thisValue)
Modified: trunk/Source/_javascript_Core/runtime/JSGlobalObjectFunctions.cpp (197645 => 197646)
--- trunk/Source/_javascript_Core/runtime/JSGlobalObjectFunctions.cpp 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/runtime/JSGlobalObjectFunctions.cpp 2016-03-06 23:12:08 UTC (rev 197646)
@@ -784,9 +784,8 @@
class GlobalFuncProtoGetterFunctor {
public:
- GlobalFuncProtoGetterFunctor(ExecState* exec, JSObject* thisObject)
- : m_exec(exec)
- , m_hasSkippedFirstFrame(false)
+ GlobalFuncProtoGetterFunctor(JSObject* thisObject)
+ : m_hasSkippedFirstFrame(false)
, m_thisObject(thisObject)
, m_result(JSValue::encode(jsUndefined()))
{
@@ -802,13 +801,12 @@
}
if (m_thisObject->allowsAccessFrom(visitor->callFrame()))
- m_result = JSValue::encode(m_thisObject->getPrototype(m_exec->vm(), m_exec));
+ m_result = JSValue::encode(m_thisObject->prototype());
return StackVisitor::Done;
}
private:
- ExecState* m_exec;
bool m_hasSkippedFirstFrame;
JSObject* m_thisObject;
EncodedJSValue m_result;
@@ -824,10 +822,7 @@
if (!thisObject)
return JSValue::encode(exec->thisValue().synthesizePrototype(exec));
- GlobalFuncProtoGetterFunctor functor(exec, thisObject);
- // This can throw but it's just unneeded extra work to check for it. The return
- // value from this function is only used as the return value from a host call.
- // Therefore, the return value is only used if there wasn't an exception.
+ GlobalFuncProtoGetterFunctor functor(thisObject);
exec->iterate(functor);
return functor.result();
}
Modified: trunk/Source/_javascript_Core/runtime/JSLexicalEnvironment.cpp (197645 => 197646)
--- trunk/Source/_javascript_Core/runtime/JSLexicalEnvironment.cpp 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/runtime/JSLexicalEnvironment.cpp 2016-03-06 23:12:08 UTC (rev 197646)
@@ -76,7 +76,7 @@
// We don't call through to JSObject because there's no way to give a
// lexical environment object getter properties or a prototype.
ASSERT(!thisObject->hasGetterSetterProperties());
- ASSERT(thisObject->getPrototypeDirect().isNull());
+ ASSERT(thisObject->prototype().isNull());
return false;
}
Modified: trunk/Source/_javascript_Core/runtime/JSObject.cpp (197645 => 197646)
--- trunk/Source/_javascript_Core/runtime/JSObject.cpp 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/runtime/JSObject.cpp 2016-03-06 23:12:08 UTC (rev 197646)
@@ -272,7 +272,7 @@
{
String prototypeFunctionName;
ExecState* exec = object->globalObject()->globalExec();
- PropertySlot slot(object->getPrototypeDirect(), PropertySlot::InternalMethodType::VMInquiry);
+ PropertySlot slot(object->structure()->storedPrototype(), PropertySlot::InternalMethodType::VMInquiry);
PropertyName constructor(exec->propertyNames().constructor);
if (object->getPropertySlot(exec, constructor, slot)) {
if (slot.isValue()) {
@@ -430,14 +430,11 @@
}
}
if (obj->type() == ProxyObjectType && propertyName != vm.propertyNames->underscoreProto) {
- // FIXME: We shouldn't unconditionally perform [[Set]] here.
- // We need to do more because this is observable behavior.
- // https://bugs.webkit.org/show_bug.cgi?id=155012
ProxyObject* proxy = jsCast<ProxyObject*>(obj);
proxy->ProxyObject::put(proxy, exec, propertyName, value, slot);
return;
}
- JSValue prototype = obj->getPrototypeDirect();
+ JSValue prototype = obj->prototype();
if (prototype.isNull())
break;
obj = asObject(prototype);
@@ -1204,7 +1201,7 @@
{
ASSERT(methodTable(vm)->toThis(this, exec, NotStrictMode) == this);
- if (this->getPrototypeDirect() == prototype)
+ if (this->prototype() == prototype)
return true;
bool isExtensible = this->isExtensible(exec);
@@ -1218,16 +1215,13 @@
}
JSValue nextPrototype = prototype;
- MethodTable::GetPrototypeFunctionPtr defaultGetPrototype = JSObject::getPrototype;
while (nextPrototype && nextPrototype.isObject()) {
if (nextPrototype == this) {
if (shouldThrowIfCantSet)
vm.throwException(exec, createError(exec, ASCIILiteral("cyclic __proto__ value")));
return false;
}
- if (UNLIKELY(asObject(nextPrototype)->methodTable(vm)->getPrototype != defaultGetPrototype))
- break; // We're done. Set the prototype.
- nextPrototype = asObject(nextPrototype)->getPrototypeDirect();
+ nextPrototype = asObject(nextPrototype)->prototype();
}
setPrototypeDirect(vm, prototype);
return true;
@@ -1238,11 +1232,6 @@
return object->setPrototypeWithCycleCheck(exec->vm(), exec, prototype, shouldThrowIfCantSet);
}
-JSValue JSObject::getPrototype(JSObject* object, ExecState*)
-{
- return object->getPrototypeDirect();
-}
-
bool JSObject::setPrototype(VM& vm, ExecState* exec, JSValue prototype, bool shouldThrowIfCantSet)
{
return methodTable(vm)->setPrototype(this, exec, prototype, shouldThrowIfCantSet);
@@ -1583,19 +1572,12 @@
return false;
}
- VM& vm = exec->vm();
JSObject* object = asObject(value);
- while (true) {
- JSValue objectValue = object->getPrototype(vm, exec);
- if (UNLIKELY(vm.exception()))
- return false;
- if (!objectValue.isObject())
- return false;
- object = asObject(objectValue);
+ while ((object = object->prototype().getObject())) {
if (proto == object)
return true;
}
- ASSERT_NOT_REACHED();
+ return false;
}
EncodedJSValue JSC_HOST_CALL objectPrivateFuncInstanceOf(ExecState* exec)
@@ -1608,29 +1590,24 @@
void JSObject::getPropertyNames(JSObject* object, ExecState* exec, PropertyNameArray& propertyNames, EnumerationMode mode)
{
- VM& vm = exec->vm();
- object->methodTable(vm)->getOwnPropertyNames(object, exec, propertyNames, mode);
- if (UNLIKELY(vm.exception()))
+ object->methodTable(exec->vm())->getOwnPropertyNames(object, exec, propertyNames, mode);
+ if (UNLIKELY(exec->hadException()))
return;
- JSValue nextProto = object->getPrototype(vm, exec);
- if (UNLIKELY(vm.exception()))
+ if (object->prototype().isNull())
return;
- if (nextProto.isNull())
- return;
- JSObject* prototype = asObject(nextProto);
+ VM& vm = exec->vm();
+ JSObject* prototype = asObject(object->prototype());
while(1) {
if (prototype->structure(vm)->typeInfo().overridesGetPropertyNames()) {
prototype->methodTable(vm)->getPropertyNames(prototype, exec, propertyNames, mode);
break;
}
prototype->methodTable(vm)->getOwnPropertyNames(prototype, exec, propertyNames, mode);
- if (UNLIKELY(vm.exception()))
+ if (UNLIKELY(exec->hadException()))
return;
- nextProto = prototype->getPrototype(vm, exec);
- if (UNLIKELY(vm.exception()))
- return;
+ JSValue nextProto = prototype->prototype();
if (nextProto.isNull())
break;
prototype = asObject(nextProto);
@@ -2050,7 +2027,7 @@
return true;
}
- JSValue prototypeValue = current->getPrototypeDirect();
+ JSValue prototypeValue = current->prototype();
if (prototypeValue.isNull())
return false;
@@ -2060,7 +2037,7 @@
bool JSObject::attemptToInterceptPutByIndexOnHole(ExecState* exec, unsigned i, JSValue value, bool shouldThrow)
{
- JSValue prototypeValue = getPrototypeDirect();
+ JSValue prototypeValue = prototype();
if (prototypeValue.isNull())
return false;
@@ -3052,16 +3029,13 @@
{
VM& vm = exec->vm();
object->methodTable(vm)->getOwnPropertyNames(object, exec, propertyNames, EnumerationMode(mode, JSObjectPropertiesMode::Exclude));
- if (UNLIKELY(vm.exception()))
+ if (UNLIKELY(exec->hadException()))
return;
- JSValue nextProto = object->getPrototype(vm, exec);
- if (UNLIKELY(vm.exception()))
+ if (object->prototype().isNull())
return;
- if (nextProto.isNull())
- return;
- JSObject* prototype = asObject(nextProto);
+ JSObject* prototype = asObject(object->prototype());
while (true) {
if (prototype->structure(vm)->typeInfo().overridesGetPropertyNames()) {
prototype->methodTable(vm)->getPropertyNames(prototype, exec, propertyNames, mode);
@@ -3070,9 +3044,7 @@
prototype->methodTable(vm)->getOwnPropertyNames(prototype, exec, propertyNames, mode);
if (UNLIKELY(exec->hadException()))
return;
- nextProto = prototype->getPrototype(vm, exec);
- if (UNLIKELY(vm.exception()))
- return;
+ JSValue nextProto = prototype->prototype();
if (nextProto.isNull())
break;
prototype = asObject(nextProto);
Modified: trunk/Source/_javascript_Core/runtime/JSObject.h (197645 => 197646)
--- trunk/Source/_javascript_Core/runtime/JSObject.h 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/runtime/JSObject.h 2016-03-06 23:12:08 UTC (rev 197646)
@@ -103,19 +103,7 @@
JS_EXPORT_PRIVATE static String className(const JSObject*);
JS_EXPORT_PRIVATE static String calculatedClassName(JSObject*);
- // This is the fully virtual [[GetPrototypeOf]] internal function defined
- // in the ECMAScript 6 specification. Use this when doing a [[GetPrototypeOf]]
- // operation as dictated in the specification.
- JSValue getPrototype(VM&, ExecState*);
- JS_EXPORT_PRIVATE static JSValue getPrototype(JSObject*, ExecState*);
- // This gets the prototype directly off of the structure. This does not do
- // dynamic dispatch on the getPrototype method table method. It is not valid
- // to use this when performing a [[GetPrototypeOf]] operation in the specification.
- // It is valid to use though when you know that you want to directly get it
- // without consulting the method table. This is akin to getting the [[Prototype]]
- // internal field directly as described in the specification.
- JSValue getPrototypeDirect() const;
-
+ JSValue prototype() const;
// This sets the prototype without checking for cycles and without
// doing dynamic dispatch on [[SetPrototypeOf]] operation in the specification.
// It is not valid to use this when performing a [[SetPrototypeOf]] operation in
@@ -771,7 +759,7 @@
{
Base::finishCreation(vm);
ASSERT(inherits(info()));
- ASSERT(getPrototypeDirect().isNull() || Heap::heap(this) == Heap::heap(getPrototypeDirect()));
+ ASSERT(prototype().isNull() || Heap::heap(this) == Heap::heap(prototype()));
ASSERT(structure()->isObject());
ASSERT(classInfo());
}
@@ -1136,20 +1124,11 @@
vm.heap.ascribeOwner(this, butterfly);
}
-inline JSValue JSObject::getPrototypeDirect() const
+inline JSValue JSObject::prototype() const
{
return structure()->storedPrototype();
}
-inline JSValue JSObject::getPrototype(VM& vm, ExecState* exec)
-{
- auto getPrototypeMethod = methodTable(vm)->getPrototype;
- MethodTable::GetPrototypeFunctionPtr defaultGetPrototype = JSObject::getPrototype;
- if (LIKELY(getPrototypeMethod == defaultGetPrototype))
- return getPrototypeDirect();
- return getPrototypeMethod(this, exec);
-}
-
// It is safe to call this method with a PropertyName that is actually an index,
// but if so will always return false (doesn't search index storage).
ALWAYS_INLINE bool JSObject::getOwnNonIndexPropertySlot(VM& vm, Structure& structure, PropertyName propertyName, PropertySlot& slot)
@@ -1225,7 +1204,6 @@
// parsing the int again.
return object->getNonIndexPropertySlot(exec, propertyName, slot);
}
- ASSERT(object->type() != ProxyObjectType);
Structure& structure = *structureIDTable.get(object->structureID());
if (object->getOwnNonIndexPropertySlot(vm, structure, propertyName, slot))
return true;
@@ -1245,21 +1223,11 @@
VM& vm = exec->vm();
auto& structureIDTable = vm.heap.structureIDTable();
JSObject* object = this;
- MethodTable::GetPrototypeFunctionPtr defaultGetPrototype = JSObject::getPrototype;
while (true) {
Structure& structure = *structureIDTable.get(object->structureID());
if (structure.classInfo()->methodTable.getOwnPropertySlotByIndex(object, exec, propertyName, slot))
return true;
- if (UNLIKELY(vm.exception()))
- return false;
- JSValue prototype;
- if (LIKELY(structure.classInfo()->methodTable.getPrototype == defaultGetPrototype || slot.internalMethodType() == PropertySlot::InternalMethodType::VMInquiry))
- prototype = structure.storedPrototype();
- else {
- prototype = object->getPrototype(vm, exec);
- if (vm.exception())
- return false;
- }
+ JSValue prototype = structure.storedPrototype();
if (!prototype.isObject())
return false;
object = asObject(prototype);
@@ -1274,26 +1242,14 @@
VM& vm = exec->vm();
auto& structureIDTable = vm.heap.structureIDTable();
JSObject* object = this;
- MethodTable::GetPrototypeFunctionPtr defaultGetPrototype = JSObject::getPrototype;
while (true) {
Structure& structure = *structureIDTable.get(object->structureID());
if (LIKELY(!TypeInfo::overridesGetOwnPropertySlot(object->inlineTypeFlags()))) {
if (object->getOwnNonIndexPropertySlot(vm, structure, propertyName, slot))
return true;
- } else {
- if (structure.classInfo()->methodTable.getOwnPropertySlot(object, exec, propertyName, slot))
- return true;
- if (UNLIKELY(vm.exception()))
- return false;
- }
- JSValue prototype;
- if (LIKELY(structure.classInfo()->methodTable.getPrototype == defaultGetPrototype || slot.internalMethodType() == PropertySlot::InternalMethodType::VMInquiry))
- prototype = structure.storedPrototype();
- else {
- prototype = object->getPrototype(vm, exec);
- if (vm.exception())
- return false;
- }
+ } else if (structure.classInfo()->methodTable.getOwnPropertySlot(object, exec, propertyName, slot))
+ return true;
+ JSValue prototype = structure.storedPrototype();
if (!prototype.isObject())
return false;
object = asObject(prototype);
Modified: trunk/Source/_javascript_Core/runtime/JSObjectInlines.h (197645 => 197646)
--- trunk/Source/_javascript_Core/runtime/JSObjectInlines.h 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/runtime/JSObjectInlines.h 2016-03-06 23:12:08 UTC (rev 197646)
@@ -42,7 +42,7 @@
if (obj->structure(vm)->hasReadOnlyOrGetterSetterPropertiesExcludingProto() || obj->type() == ProxyObjectType)
return false;
- prototype = obj->getPrototypeDirect();
+ prototype = obj->prototype();
if (prototype.isNull())
return true;
Modified: trunk/Source/_javascript_Core/runtime/JSProxy.cpp (197645 => 197646)
--- trunk/Source/_javascript_Core/runtime/JSProxy.cpp 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/runtime/JSProxy.cpp 2016-03-06 23:12:08 UTC (rev 197646)
@@ -47,7 +47,7 @@
{
ASSERT_ARG(globalObject, globalObject);
m_target.set(vm, this, globalObject);
- setPrototypeDirect(vm, globalObject->getPrototypeDirect());
+ setPrototypeDirect(vm, globalObject->prototype());
PrototypeMap& prototypeMap = vm.prototypeMap;
if (!prototypeMap.isPrototype(this))
Modified: trunk/Source/_javascript_Core/runtime/JSTypedArrayViewConstructor.cpp (197645 => 197646)
--- trunk/Source/_javascript_Core/runtime/JSTypedArrayViewConstructor.cpp 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/runtime/JSTypedArrayViewConstructor.cpp 2016-03-06 23:12:08 UTC (rev 197646)
@@ -77,7 +77,7 @@
if (object->methodTable()->getConstructData(object, data) == ConstructType::None)
return JSValue::encode(throwTypeError(exec, "new.target passed to TypedArray is not a valid constructor."));
- for (; !value.isNull(); value = jsCast<JSObject*>(value)->getPrototypeDirect()) {
+ for (; !value.isNull(); value = jsCast<JSObject*>(value)->prototype()) {
if (jsDynamicCast<JSTypedArrayViewConstructor*>(value))
return JSValue::encode(throwTypeError(exec, "Unable to find TypedArray constructor that inherits from TypedArray."));
if (jsDynamicCast<JSGenericTypedArrayViewConstructor<JSInt8Array>*>(value))
Modified: trunk/Source/_javascript_Core/runtime/ObjectConstructor.cpp (197645 => 197646)
--- trunk/Source/_javascript_Core/runtime/ObjectConstructor.cpp 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/runtime/ObjectConstructor.cpp 2016-03-06 23:12:08 UTC (rev 197646)
@@ -150,9 +150,8 @@
class ObjectConstructorGetPrototypeOfFunctor {
public:
- ObjectConstructorGetPrototypeOfFunctor(ExecState* exec, JSObject* object)
- : m_exec(exec)
- , m_hasSkippedFirstFrame(false)
+ ObjectConstructorGetPrototypeOfFunctor(JSObject* object)
+ : m_hasSkippedFirstFrame(false)
, m_object(object)
, m_result(jsUndefined())
{
@@ -168,12 +167,11 @@
}
if (m_object->allowsAccessFrom(visitor->callFrame()))
- m_result = m_object->getPrototype(m_exec->vm(), m_exec);
+ m_result = m_object->prototype();
return StackVisitor::Done;
}
private:
- ExecState* m_exec;
bool m_hasSkippedFirstFrame;
JSObject* m_object;
JSValue m_result;
@@ -181,10 +179,7 @@
JSValue objectConstructorGetPrototypeOf(ExecState* exec, JSObject* object)
{
- ObjectConstructorGetPrototypeOfFunctor functor(exec, object);
- // This can throw but it's just unneeded extra work to check for it. The return
- // value from this function is only used as the return value from a host call.
- // Therefore, the return value is only used if there wasn't an exception.
+ ObjectConstructorGetPrototypeOfFunctor functor(object);
exec->iterate(functor);
return functor.result();
}
Modified: trunk/Source/_javascript_Core/runtime/ObjectPrototype.cpp (197645 => 197646)
--- trunk/Source/_javascript_Core/runtime/ObjectPrototype.cpp 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/runtime/ObjectPrototype.cpp 2016-03-06 23:12:08 UTC (rev 197646)
@@ -101,19 +101,14 @@
if (!exec->argument(0).isObject())
return JSValue::encode(jsBoolean(false));
- VM& vm = exec->vm();
- JSValue v = asObject(exec->argument(0))->getPrototype(vm, exec);
- if (UNLIKELY(vm.exception()))
- return JSValue::encode(JSValue());
+ JSValue v = asObject(exec->argument(0))->prototype();
while (true) {
if (!v.isObject())
return JSValue::encode(jsBoolean(false));
if (v == thisObj)
return JSValue::encode(jsBoolean(true));
- v = asObject(v)->getPrototype(vm, exec);
- if (UNLIKELY(vm.exception()))
- return JSValue::encode(JSValue());
+ v = asObject(v)->prototype();
}
}
Modified: trunk/Source/_javascript_Core/runtime/ProxyObject.cpp (197645 => 197646)
--- trunk/Source/_javascript_Core/runtime/ProxyObject.cpp 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/runtime/ProxyObject.cpp 2016-03-06 23:12:08 UTC (rev 197646)
@@ -90,10 +90,11 @@
// FIXME: make it so that custom getters take both the |this| value and the slotBase (property holder).
// https://bugs.webkit.org/show_bug.cgi?id=154320
while (true) {
- if (LIKELY(proxyObjectAsObject->type() == ProxyObjectType))
+ if (LIKELY(proxyObjectAsObject->inherits(ProxyObject::info())))
break;
- JSValue prototype = proxyObjectAsObject->getPrototypeDirect();
+ Structure& structure = *vm.heap.structureIDTable().get(proxyObjectAsObject->structureID());
+ JSValue prototype = structure.storedPrototype();
RELEASE_ASSERT(prototype.isObject());
proxyObjectAsObject = asObject(prototype);
}
@@ -1005,9 +1006,7 @@
if (targetIsExtensible)
return true;
- JSValue targetPrototype = target->getPrototype(vm, exec);
- if (vm.exception())
- return false;
+ JSValue targetPrototype = target->prototype();
if (!sameValue(exec, prototype, targetPrototype)) {
throwVMTypeError(exec, ASCIILiteral("Proxy 'setPrototypeOf' trap returned true when its target is non-extensible and the new prototype value is not the same as the current prototype value. It should have returned false."));
return false;
Modified: trunk/Source/_javascript_Core/runtime/StructureInlines.h (197645 => 197646)
--- trunk/Source/_javascript_Core/runtime/StructureInlines.h 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/runtime/StructureInlines.h 2016-03-06 23:12:08 UTC (rev 197646)
@@ -210,7 +210,7 @@
if (asObject(prototype)->structure() != cachedStructure->get())
return false;
++cachedStructure;
- prototype = asObject(prototype)->getPrototypeDirect();
+ prototype = asObject(prototype)->prototype();
}
return prototype.isNull() && !*cachedStructure;
}
Modified: trunk/Source/_javascript_Core/tests/stress/proxy-has-property.js (197645 => 197646)
--- trunk/Source/_javascript_Core/tests/stress/proxy-has-property.js 2016-03-06 23:05:45 UTC (rev 197645)
+++ trunk/Source/_javascript_Core/tests/stress/proxy-has-property.js 2016-03-06 23:12:08 UTC (rev 197646)
@@ -367,79 +367,3 @@
assert(threw);
}
}
-
-{
- let e1 = null;
- let e2 = null;
- let t1 = {};
- let called1 = false;
- let h1 = {
- has: function(theTarget, propName) {
- called1 = true;
- e1 = new Error;
- throw e1;
- return false;
- }
- };
- let p1 = new Proxy(t1, h1);
-
- let t2 = {};
- t2.__proto__ = p1;
- let h2 = {
- has: function(theTarget, propName) {
- e2 = new Error;
- throw e2;
- return false;
- }
- };
- let p2 = new Proxy(t2, h2);
- for (let i = 0; i < 500; i++) {
- let threw = false;
- try {
- 10 in p2;
- } catch(e) {
- assert(e === e2);
- threw = true;
- }
- assert(threw);
- assert(!called1);
- }
-}
-
-{
- let e1 = null;
- let e2 = null;
- let t1 = {};
- let called1 = false;
- let h1 = {
- has: function(theTarget, propName) {
- called1 = true;
- e1 = new Error;
- throw e1;
- return false;
- }
- };
- let p1 = new Proxy(t1, h1);
-
- let t2 = {};
- t2.__proto__ = p1;
- let h2 = {
- has: function(theTarget, propName) {
- e2 = new Error;
- throw e2;
- return false;
- }
- };
- let p2 = new Proxy(t2, h2);
- for (let i = 0; i < 500; i++) {
- let threw = false;
- try {
- "foo" in p2;
- } catch(e) {
- assert(e === e2);
- threw = true;
- }
- assert(threw);
- assert(!called1);
- }
-}
