[webkit-changes] [95205] trunk/Source/JavaScriptCore

[barraclough]

Title: [95205] trunk/Source/_javascript_Core

Revision

95205

Author

barraclo...@apple.com

Date

2011-09-15 11:47:20 -0700 (Thu, 15 Sep 2011)

Log Message

devirtualize preventExtensions
https://bugs.webkit.org/show_bug.cgi?id=68176

Reviewed by Oliver Hunt.

This is virtual due to problems in JSFunction putting the prototype
property, but we can fix this problem a different way, just setting
the checkReadOnly flag to false in the put.

* runtime/JSFunction.cpp:
(JSC::JSFunction::getOwnPropertySlot):
* runtime/JSFunction.h:
* runtime/JSObject.h:

Modified Paths

• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/runtime/JSFunction.cpp
• trunk/Source/_javascript_Core/runtime/JSFunction.h
• trunk/Source/_javascript_Core/runtime/JSObject.h

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (95204 => 95205)

--- trunk/Source/_javascript_Core/ChangeLog	2011-09-15 18:40:04 UTC (rev 95204)
+++ trunk/Source/_javascript_Core/ChangeLog	2011-09-15 18:47:20 UTC (rev 95205)
@@ -1,3 +1,19 @@
+2011-09-15  Gavin Barraclough  <barraclo...@apple.com>
+
+        devirtualize preventExtensions
+        https://bugs.webkit.org/show_bug.cgi?id=68176
+
+        Reviewed by Oliver Hunt.
+
+        This is virtual due to problems in JSFunction putting the prototype
+        property, but we can fix this problem a different way, just setting
+        the checkReadOnly flag to false in the put.
+
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::getOwnPropertySlot):
+        * runtime/JSFunction.h:
+        * runtime/JSObject.h:
+
 2011-09-15  Geoffrey Garen  <gga...@apple.com>
 
         Value chaining for JSValue32_64 bitops.

Modified: trunk/Source/_javascript_Core/runtime/JSFunction.cpp (95204 => 95205)

--- trunk/Source/_javascript_Core/runtime/JSFunction.cpp	2011-09-15 18:40:04 UTC (rev 95204)
+++ trunk/Source/_javascript_Core/runtime/JSFunction.cpp	2011-09-15 18:47:20 UTC (rev 95205)
@@ -175,26 +175,6 @@
     return jsNumber(thisObj->jsExecutable()->parameterCount());
 }
 
-static inline WriteBarrierBase<Unknown>* createPrototypeProperty(JSGlobalData& globalData, JSGlobalObject* globalObject, JSFunction* function)
-{
-    ASSERT(!function->isHostFunction());
-
-    ExecState* exec = globalObject->globalExec();
-    if (WriteBarrierBase<Unknown>* location = function->getDirectLocation(globalData, exec->propertyNames().prototype))
-        return location;
-    JSObject* prototype = constructEmptyObject(exec, globalObject->emptyObjectStructure());
-    prototype->putDirect(globalData, exec->propertyNames().constructor, function, DontEnum);
-    function->putDirect(globalData, exec->propertyNames().prototype, prototype, DontDelete | DontEnum);
-    return function->getDirectLocation(exec->globalData(), exec->propertyNames().prototype);
-}
-
-void JSFunction::preventExtensions(JSGlobalData& globalData)
-{
-    if (!isHostFunction())
-        createPrototypeProperty(globalData, scope()->globalObject.get(), this);
-    JSObject::preventExtensions(globalData);
-}
-
 bool JSFunction::getOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
 {
     if (isHostFunction())
@@ -203,8 +183,13 @@
     if (propertyName == exec->propertyNames().prototype) {
         WriteBarrierBase<Unknown>* location = getDirectLocation(exec->globalData(), propertyName);
 
-        if (!location)
-            location = createPrototypeProperty(exec->globalData(), scope()->globalObject.get(), this);
+        if (!location) {
+            JSObject* prototype = constructEmptyObject(exec, globalObject()->emptyObjectStructure());
+            prototype->putDirect(exec->globalData(), exec->propertyNames().constructor, this, DontEnum);
+            PutPropertySlot slot;
+            putDirect(exec->globalData(), exec->propertyNames().prototype, prototype, DontDelete | DontEnum, false, slot);
+            location = getDirectLocation(exec->globalData(), exec->propertyNames().prototype);
+        }
 
         slot.setValue(this, location->get(), offsetForLocation(location));
     }

Modified: trunk/Source/_javascript_Core/runtime/JSFunction.h (95204 => 95205)

--- trunk/Source/_javascript_Core/runtime/JSFunction.h	2011-09-15 18:40:04 UTC (rev 95204)
+++ trunk/Source/_javascript_Core/runtime/JSFunction.h	2011-09-15 18:47:20 UTC (rev 95205)
@@ -148,7 +148,6 @@
 
         bool isHostFunctionNonInline() const;
 
-        virtual void preventExtensions(JSGlobalData&);
         virtual bool getOwnPropertySlot(ExecState*, const Identifier&, PropertySlot&);
         virtual bool getOwnPropertyDescriptor(ExecState*, const Identifier&, PropertyDescriptor&);
         virtual void getOwnPropertyNames(ExecState*, PropertyNameArray&, EnumerationMode mode = ExcludeDontEnumProperties);

Modified: trunk/Source/_javascript_Core/runtime/JSObject.h (95204 => 95205)

--- trunk/Source/_javascript_Core/runtime/JSObject.h	2011-09-15 18:40:04 UTC (rev 95204)
+++ trunk/Source/_javascript_Core/runtime/JSObject.h	2011-09-15 18:47:20 UTC (rev 95205)
@@ -211,7 +211,7 @@
 
         void seal(JSGlobalData&);
         void freeze(JSGlobalData&);
-        virtual void preventExtensions(JSGlobalData&);
+        void preventExtensions(JSGlobalData&);
         bool isSealed(JSGlobalData& globalData) { return m_structure->isSealed(globalData); }
         bool isFrozen(JSGlobalData& globalData) { return m_structure->isFrozen(globalData); }
         bool isExtensible() { return m_structure->isExtensible(); }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes