WebKit Bugzilla
Attachment 368983 Details for
Bug 196315
: Structure::create should call didBecomePrototype()
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
patch196315 (text/plain), 5.51 KB, created by
Robin Morisset
on 2019-05-03 14:01:42 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Robin Morisset
Created:
2019-05-03 14:01:42 PDT
Size:
5.51 KB
patch
obsolete
>diff --git a/JSTests/ChangeLog b/JSTests/ChangeLog >index 37b413a12d5..45451595b83 100644 >--- a/JSTests/ChangeLog >+++ b/JSTests/ChangeLog >@@ -1,3 +1,12 @@ >+2019-04-26 Robin Morisset <rmorisset@apple.com> >+ >+ All prototypes should call didBecomePrototype() >+ https://bugs.webkit.org/show_bug.cgi?id=196315 >+ >+ Reviewed by Saam Barati. >+ >+ * stress/function-prototype-indexed-accessor.js: Added. >+ > 2019-05-02 Michael Saboff <msaboff@apple.com> > > Unreviewed rollout of r244862. >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index bde32b8c253..1a197ca957a 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,82 @@ >+2019-05-03 Robin Morisset <rmorisset@apple.com> >+ >+ All prototypes should call didBecomePrototype() >+ https://bugs.webkit.org/show_bug.cgi?id=196315 >+ >+ Reviewed by Saam Barati. >+ >+ Otherwise we won't remember to run haveABadTime() when someone adds to them an indexed accessor. >+ >+ I added a check used in both Structure::finishCreation() and Structure::changePrototypeTransition to make sure we don't >+ create structures with invalid prototypes. >+ It found a lot of objects that are used as prototypes in JSGlobalObject and yet were missing didBecomePrototype() in their finishCreation(). >+ Somewhat surprisingly, some of them have names like FunctionConstructor and not only FooPrototype. >+ >+ * runtime/BigIntPrototype.cpp: >+ (JSC::BigIntPrototype::finishCreation): >+ * runtime/BooleanPrototype.cpp: >+ (JSC::BooleanPrototype::finishCreation): >+ * runtime/DatePrototype.cpp: >+ (JSC::DatePrototype::finishCreation): >+ * runtime/ErrorConstructor.cpp: >+ (JSC::ErrorConstructor::finishCreation): >+ * runtime/ErrorPrototype.cpp: >+ (JSC::ErrorPrototype::finishCreation): >+ * runtime/FunctionConstructor.cpp: >+ (JSC::FunctionConstructor::finishCreation): >+ * runtime/FunctionPrototype.cpp: >+ (JSC::FunctionPrototype::finishCreation): >+ * runtime/IntlCollatorPrototype.cpp: >+ (JSC::IntlCollatorPrototype::finishCreation): >+ * runtime/IntlDateTimeFormatPrototype.cpp: >+ (JSC::IntlDateTimeFormatPrototype::finishCreation): >+ * runtime/IntlNumberFormatPrototype.cpp: >+ (JSC::IntlNumberFormatPrototype::finishCreation): >+ * runtime/IntlPluralRulesPrototype.cpp: >+ (JSC::IntlPluralRulesPrototype::finishCreation): >+ * runtime/JSArrayBufferPrototype.cpp: >+ (JSC::JSArrayBufferPrototype::finishCreation): >+ * runtime/JSDataViewPrototype.cpp: >+ (JSC::JSDataViewPrototype::finishCreation): >+ * runtime/JSGenericTypedArrayViewPrototypeInlines.h: >+ (JSC::JSGenericTypedArrayViewPrototype<ViewClass>::finishCreation): >+ * runtime/JSGlobalObject.cpp: >+ (JSC::createConsoleProperty): >+ * runtime/JSPromisePrototype.cpp: >+ (JSC::JSPromisePrototype::finishCreation): >+ * runtime/JSTypedArrayViewConstructor.cpp: >+ (JSC::JSTypedArrayViewConstructor::finishCreation): >+ * runtime/JSTypedArrayViewPrototype.cpp: >+ (JSC::JSTypedArrayViewPrototype::finishCreation): >+ * runtime/NumberPrototype.cpp: >+ (JSC::NumberPrototype::finishCreation): >+ * runtime/RegExpPrototype.cpp: >+ (JSC::RegExpPrototype::finishCreation): >+ * runtime/StringPrototype.cpp: >+ (JSC::StringPrototype::finishCreation): >+ * runtime/Structure.cpp: >+ (JSC::Structure::isValidPrototype): >+ (JSC::Structure::changePrototypeTransition): >+ * runtime/Structure.h: >+ * runtime/SymbolPrototype.cpp: >+ (JSC::SymbolPrototype::finishCreation): >+ * wasm/js/WebAssemblyCompileErrorPrototype.cpp: >+ (JSC::WebAssemblyCompileErrorPrototype::finishCreation): >+ * wasm/js/WebAssemblyInstancePrototype.cpp: >+ (JSC::WebAssemblyInstancePrototype::finishCreation): >+ * wasm/js/WebAssemblyLinkErrorPrototype.cpp: >+ (JSC::WebAssemblyLinkErrorPrototype::finishCreation): >+ * wasm/js/WebAssemblyMemoryPrototype.cpp: >+ (JSC::WebAssemblyMemoryPrototype::finishCreation): >+ * wasm/js/WebAssemblyModulePrototype.cpp: >+ (JSC::WebAssemblyModulePrototype::finishCreation): >+ * wasm/js/WebAssemblyPrototype.cpp: >+ (JSC::WebAssemblyPrototype::finishCreation): >+ * wasm/js/WebAssemblyRuntimeErrorPrototype.cpp: >+ (JSC::WebAssemblyRuntimeErrorPrototype::finishCreation): >+ * wasm/js/WebAssemblyTablePrototype.cpp: >+ (JSC::WebAssemblyTablePrototype::finishCreation): >+ > 2019-05-03 Devin Rousso <drousso@apple.com> > > Web Inspector: Record actions performed on WebGL2RenderingContext >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index 23acb3ef595..9125995082e 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,18 @@ >+2019-05-03 Robin Morisset <rmorisset@apple.com> >+ >+ All prototypes should call didBecomePrototype() >+ https://bugs.webkit.org/show_bug.cgi?id=196315 >+ >+ Reviewed by Saam Barati. >+ >+ It was found by existing tests, with the new assert in JSC::Structure >+ >+ * bindings/js/JSWindowProxy.cpp: >+ (WebCore::JSWindowProxy::setWindow): >+ * bindings/scripts/CodeGeneratorJS.pm: >+ (GeneratePrototypeDeclaration): >+ (GenerateConstructorHelperMethods): >+ > 2019-05-03 Devin Rousso <drousso@apple.com> > > Web Inspector: Record actions performed on WebGL2RenderingContext
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=368983">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 196315
:
366101
|
366108
|
366136
|
366853
|
366861
|
367056
|
367057
|
367061
|
367081
|
367089
|
367097
|
367140
|
367363
|
367369
|
367423
|
368352
|
368983
|
369025
|
369414
|
369598
|
369622
|
369640
|
372674
|
372675
|
372851