Commit d4c07a32 authored by barraclough@apple.com's avatar barraclough@apple.com

Remove no-arguments constructor to PropertySlot

https://bugs.webkit.org/show_bug.cgi?id=119460

Reviewed by Geoff Garen.

This constructor was unsafe if getValue is subsequently called,
and the property is a getter. Simplest to just remove it.

* runtime/Arguments.cpp:
(JSC::Arguments::defineOwnProperty):
* runtime/JSActivation.cpp:
(JSC::JSActivation::getOwnPropertyDescriptor):
* runtime/JSFunction.cpp:
(JSC::JSFunction::getOwnPropertyDescriptor):
(JSC::JSFunction::getOwnNonIndexPropertyNames):
(JSC::JSFunction::put):
(JSC::JSFunction::defineOwnProperty):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::defineOwnProperty):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::hasOwnPropertyForWrite):
* runtime/JSNameScope.cpp:
(JSC::JSNameScope::put):
* runtime/JSONObject.cpp:
(JSC::Stringifier::Holder::appendNextProperty):
(JSC::Walker::walk):
* runtime/JSObject.cpp:
(JSC::JSObject::hasProperty):
(JSC::JSObject::hasOwnProperty):
(JSC::JSObject::reifyStaticFunctionsForDelete):
* runtime/Lookup.h:
(JSC::getStaticPropertyDescriptor):
(JSC::getStaticFunctionDescriptor):
(JSC::getStaticValueDescriptor):
* runtime/ObjectConstructor.cpp:
(JSC::defineProperties):
* runtime/PropertySlot.h:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153673 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent b702d7d9
2013-08-02 Gavin Barraclough <barraclough@apple.com>
Remove no-arguments constructor to PropertySlot
https://bugs.webkit.org/show_bug.cgi?id=119460
Reviewed by Geoff Garen.
This constructor was unsafe if getValue is subsequently called,
and the property is a getter. Simplest to just remove it.
* runtime/Arguments.cpp:
(JSC::Arguments::defineOwnProperty):
* runtime/JSActivation.cpp:
(JSC::JSActivation::getOwnPropertyDescriptor):
* runtime/JSFunction.cpp:
(JSC::JSFunction::getOwnPropertyDescriptor):
(JSC::JSFunction::getOwnNonIndexPropertyNames):
(JSC::JSFunction::put):
(JSC::JSFunction::defineOwnProperty):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::defineOwnProperty):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::hasOwnPropertyForWrite):
* runtime/JSNameScope.cpp:
(JSC::JSNameScope::put):
* runtime/JSONObject.cpp:
(JSC::Stringifier::Holder::appendNextProperty):
(JSC::Walker::walk):
* runtime/JSObject.cpp:
(JSC::JSObject::hasProperty):
(JSC::JSObject::hasOwnProperty):
(JSC::JSObject::reifyStaticFunctionsForDelete):
* runtime/Lookup.h:
(JSC::getStaticPropertyDescriptor):
(JSC::getStaticFunctionDescriptor):
(JSC::getStaticValueDescriptor):
* runtime/ObjectConstructor.cpp:
(JSC::defineProperties):
* runtime/PropertySlot.h:
2013-08-02 Mark Hahnenberg <mhahnenberg@apple.com>
DFG validation can cause assertion failures due to dumping
......
......@@ -287,7 +287,7 @@ bool Arguments::defineOwnProperty(JSObject* object, ExecState* exec, PropertyNam
if (i < thisObject->m_numArguments) {
RELEASE_ASSERT(i < PropertyName::NotAnIndex);
// If the property is not yet present on the object, and is not yet marked as deleted, then add it now.
PropertySlot slot;
PropertySlot slot(thisObject);
if (!thisObject->isDeletedArgument(i) && !JSObject::getOwnPropertySlot(thisObject, exec, propertyName, slot)) {
JSValue value = thisObject->tryGetArgument(i);
ASSERT(value);
......
......@@ -184,7 +184,7 @@ bool JSActivation::getOwnPropertyDescriptor(JSObject* object, ExecState* exec, P
if (propertyName == exec->propertyNames().arguments) {
// Defend against the inspector asking for the arguments object after it has been optimized out.
if (!thisObject->isTornOff()) {
PropertySlot slot;
PropertySlot slot(thisObject);
JSActivation::getOwnPropertySlot(thisObject, exec, propertyName, slot);
descriptor.setDescriptor(slot.getValue(exec, propertyName), DontEnum);
return true;
......
......@@ -308,7 +308,7 @@ bool JSFunction::getOwnPropertyDescriptor(JSObject* object, ExecState* exec, Pro
return Base::getOwnPropertyDescriptor(thisObject, exec, propertyName, descriptor);
if (propertyName == exec->propertyNames().prototype) {
PropertySlot slot;
PropertySlot slot(thisObject);
thisObject->methodTable()->getOwnPropertySlot(thisObject, exec, propertyName, slot);
return Base::getOwnPropertyDescriptor(thisObject, exec, propertyName, descriptor);
}
......@@ -359,7 +359,7 @@ void JSFunction::getOwnNonIndexPropertyNames(JSObject* object, ExecState* exec,
JSFunction* thisObject = jsCast<JSFunction*>(object);
if (!thisObject->isHostFunction() && (mode == IncludeDontEnumProperties)) {
// Make sure prototype has been reified.
PropertySlot slot;
PropertySlot slot(thisObject);
thisObject->methodTable()->getOwnPropertySlot(thisObject, exec, exec->propertyNames().prototype, slot);
propertyNames.add(exec->propertyNames().arguments);
......@@ -380,7 +380,7 @@ void JSFunction::put(JSCell* cell, ExecState* exec, PropertyName propertyName, J
if (propertyName == exec->propertyNames().prototype) {
// Make sure prototype has been reified, such that it can only be overwritten
// following the rules set out in ECMA-262 8.12.9.
PropertySlot slot;
PropertySlot slot(thisObject);
thisObject->methodTable()->getOwnPropertySlot(thisObject, exec, propertyName, slot);
thisObject->m_allocationProfile.clear();
thisObject->m_allocationProfileWatchpoint.notifyWrite();
......@@ -427,7 +427,7 @@ bool JSFunction::defineOwnProperty(JSObject* object, ExecState* exec, PropertyNa
if (propertyName == exec->propertyNames().prototype) {
// Make sure prototype has been reified, such that it can only be overwritten
// following the rules set out in ECMA-262 8.12.9.
PropertySlot slot;
PropertySlot slot(thisObject);
thisObject->methodTable()->getOwnPropertySlot(thisObject, exec, propertyName, slot);
thisObject->m_allocationProfile.clear();
thisObject->m_allocationProfileWatchpoint.notifyWrite();
......
......@@ -178,7 +178,7 @@ void JSGlobalObject::putDirectVirtual(JSObject* object, ExecState* exec, Propert
bool JSGlobalObject::defineOwnProperty(JSObject* object, ExecState* exec, PropertyName propertyName, PropertyDescriptor& descriptor, bool shouldThrow)
{
JSGlobalObject* thisObject = jsCast<JSGlobalObject*>(object);
PropertySlot slot;
PropertySlot slot(thisObject);
// silently ignore attempts to add accessors aliasing vars.
if (descriptor.isAccessorDescriptor() && symbolTableGet(thisObject, propertyName, slot))
return false;
......
......@@ -459,7 +459,7 @@ inline JSGlobalObject* asGlobalObject(JSValue value)
inline bool JSGlobalObject::hasOwnPropertyForWrite(ExecState* exec, PropertyName propertyName)
{
PropertySlot slot;
PropertySlot slot(this);
if (Base::getOwnPropertySlot(this, exec, propertyName, slot))
return true;
bool slotIsWriteable;
......
......@@ -61,7 +61,7 @@ void JSNameScope::put(JSCell* cell, ExecState* exec, PropertyName propertyName,
// (a) is unlikely, and (b) is an error.
// Also with a single entry the symbol table lookup should simply be
// a pointer compare.
PropertySlot slot;
PropertySlot slot(thisObject);
bool isWritable = true;
symbolTableGet(thisObject, propertyName, slot, isWritable);
if (!isWritable) {
......
......@@ -515,11 +515,12 @@ bool Stringifier::Holder::appendNextProperty(Stringifier& stringifier, StringBui
value = asArray(m_object.get())->getIndexQuickly(index);
else {
PropertySlot slot(m_object.get());
if (!m_object->methodTable()->getOwnPropertySlotByIndex(m_object.get(), exec, index, slot))
slot.setUndefined();
if (exec->hadException())
return false;
value = slot.getValue(exec, index);
if (m_object->methodTable()->getOwnPropertySlotByIndex(m_object.get(), exec, index, slot)) {
value = slot.getValue(exec, index);
if (exec->hadException())
return false;
} else
value = jsUndefined();
}
// Append the separator string.
......@@ -670,7 +671,7 @@ NEVER_INLINE JSValue Walker::walk(JSValue unfiltered)
if (isJSArray(array) && array->canGetIndexQuickly(index))
inValue = array->getIndexQuickly(index);
else {
PropertySlot slot;
PropertySlot slot(array);
if (array->methodTable()->getOwnPropertySlotByIndex(array, m_exec, index, slot))
inValue = slot.getValue(m_exec, index);
else
......@@ -722,7 +723,7 @@ NEVER_INLINE JSValue Walker::walk(JSValue unfiltered)
propertyStack.removeLast();
break;
}
PropertySlot slot;
PropertySlot slot(object);
if (object->methodTable()->getOwnPropertySlot(object, m_exec, properties[index], slot))
inValue = slot.getValue(m_exec, properties[index]);
else
......
......@@ -1203,13 +1203,13 @@ void JSObject::putDirectAccessor(ExecState* exec, PropertyName propertyName, JSV
bool JSObject::hasProperty(ExecState* exec, PropertyName propertyName) const
{
PropertySlot slot;
PropertySlot slot(this);
return const_cast<JSObject*>(this)->getPropertySlot(exec, propertyName, slot);
}
bool JSObject::hasProperty(ExecState* exec, unsigned propertyName) const
{
PropertySlot slot;
PropertySlot slot(this);
return const_cast<JSObject*>(this)->getPropertySlot(exec, propertyName, slot);
}
......@@ -1248,7 +1248,7 @@ bool JSObject::deleteProperty(JSCell* cell, ExecState* exec, PropertyName proper
bool JSObject::hasOwnProperty(ExecState* exec, PropertyName propertyName) const
{
PropertySlot slot;
PropertySlot slot(this);
return const_cast<JSObject*>(this)->methodTable()->getOwnPropertySlot(const_cast<JSObject*>(this), exec, propertyName, slot);
}
......@@ -1589,7 +1589,7 @@ void JSObject::reifyStaticFunctionsForDelete(ExecState* exec)
const HashTable* hashTable = info->propHashTable(globalObject()->globalExec());
if (!hashTable)
continue;
PropertySlot slot;
PropertySlot slot(this);
for (HashTable::ConstIterator iter = hashTable->begin(vm); iter != hashTable->end(vm); ++iter) {
if (iter->attributes() & Function)
setUpStaticFunctionSlot(globalObject()->globalExec(), *iter, this, Identifier(&vm, iter->key()), slot);
......
......@@ -263,7 +263,7 @@ namespace JSC {
if (!entry) // not found, forward to parent
return ParentImp::getOwnPropertyDescriptor(thisObj, exec, propertyName, descriptor);
PropertySlot slot;
PropertySlot slot(thisObj);
if (entry->attributes() & Function) {
bool present = setUpStaticFunctionSlot(exec, entry, thisObj, propertyName, slot);
if (present)
......@@ -309,7 +309,7 @@ namespace JSC {
if (!entry)
return false;
PropertySlot slot;
PropertySlot slot(thisObj);
bool present = setUpStaticFunctionSlot(exec, entry, thisObj, propertyName, slot);
if (present)
descriptor.setDescriptor(slot.getValue(exec, propertyName), entry->attributes());
......@@ -347,7 +347,7 @@ namespace JSC {
return ParentImp::getOwnPropertyDescriptor(thisObj, exec, propertyName, descriptor);
ASSERT(!(entry->attributes() & Function));
PropertySlot slot;
PropertySlot slot(thisObj);
slot.setCustom(thisObj, entry->propertyGetter());
descriptor.setDescriptor(slot.getValue(exec, propertyName), entry->attributes());
return true;
......
......@@ -315,7 +315,6 @@ static JSValue defineProperties(ExecState* exec, JSObject* object, JSObject* pro
Vector<PropertyDescriptor> descriptors;
MarkedArgumentBuffer markBuffer;
for (size_t i = 0; i < numProperties; i++) {
PropertySlot slot;
JSValue prop = properties->get(exec, propertyNames[i]);
if (exec->hadException())
return jsNull();
......
......@@ -43,12 +43,6 @@ class PropertySlot {
};
public:
PropertySlot()
: m_propertyType(TypeUnset)
, m_offset(invalidOffset)
{
}
explicit PropertySlot(const JSValue thisValue)
: m_propertyType(TypeUnset)
, m_offset(invalidOffset)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment