webkitgtk-2.4.11webkitgtk-2.4.11

author: Lorry Tar Creator <lorry-tar-importer@lorry> 2016-04-10 09:28:39 +0000
committer: Lorry Tar Creator <lorry-tar-importer@lorry> 2016-04-10 09:28:39 +0000
commit: 32761a6cee1d0dee366b885b7b9c777e67885688 (patch)
tree: d6bec92bebfb216f4126356e55518842c2f476a1 /Source/JavaScriptCore/runtime/Operations.h
parent: a4e969f4965059196ca948db781e52f7cfebf19e (diff)
download: WebKitGtk-tarball-32761a6cee1d0dee366b885b7b9c777e67885688.tar.gz
1 files changed, 76 insertions, 12 deletions
diff --git a/Source/JavaScriptCore/runtime/Operations.h b/Source/JavaScriptCore/runtime/Operations.h
index 057f59471..cee00ebf4 100644
--- a/Source/JavaScriptCore/runtime/Operations.h
+++ b/Source/JavaScriptCore/runtime/Operations.h
@@ -1,6 +1,6 @@
 /*
  *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
- *  Copyright (C) 2002, 2005, 2006, 2007, 2008, 2009, 2013, 2014 Apple Inc. All rights reserved.
+ *  Copyright (C) 2002, 2005, 2006, 2007, 2008, 2009, 2013 Apple Inc. All rights reserved.
  *
  *  This library is free software; you can redistribute it and/or
  *  modify it under the terms of the GNU Library General Public
@@ -22,16 +22,23 @@
 #ifndef Operations_h
 #define Operations_h
 
-#include "CallFrame.h"
 #include "ExceptionHelpers.h"
-#include "JSCJSValue.h"
+#include "GCIncomingRefCountedInlines.h"
+#include "Interpreter.h"
+#include "JSArrayBufferViewInlines.h"
+#include "JSCJSValueInlines.h"
+#include "JSFunctionInlines.h"
+#include "JSProxy.h"
+#include "JSString.h"
+#include "SlotVisitorInlines.h"
+#include "StructureInlines.h"
 
 namespace JSC {
 
 NEVER_INLINE JSValue jsAddSlowCase(CallFrame*, JSValue, JSValue);
 JSValue jsTypeStringForValue(CallFrame*, JSValue);
 JSValue jsTypeStringForValue(VM&, JSGlobalObject*, JSValue);
-bool jsIsObjectTypeOrNull(CallFrame*, JSValue);
+bool jsIsObjectType(CallFrame*, JSValue);
 bool jsIsFunctionType(JSValue);
 
 ALWAYS_INLINE JSValue jsString(ExecState* exec, JSString* s1, JSString* s2)
@@ -194,28 +201,85 @@ ALWAYS_INLINE JSValue jsAdd(CallFrame* callFrame, JSValue v1, JSValue v2)
 
 #define InvalidPrototypeChain (std::numeric_limits<size_t>::max())
 
-inline size_t normalizePrototypeChain(CallFrame* callFrame, Structure* structure)
+inline size_t normalizePrototypeChainForChainAccess(CallFrame* callFrame, JSValue base, JSValue slotBase, const Identifier& propertyName, PropertyOffset& slotOffset)
+{
+    JSCell* cell = base.asCell();
+    size_t count = 0;
+        
+    while (!slotBase || slotBase != cell) {
+        if (cell->isProxy())
+            return InvalidPrototypeChain;
+
+        const TypeInfo& typeInfo = cell->structure()->typeInfo();
+        if (typeInfo.hasImpureGetOwnPropertySlot() && !typeInfo.newImpurePropertyFiresWatchpoints())
+            return InvalidPrototypeChain;
+            
+        JSValue v = cell->structure()->prototypeForLookup(callFrame);
+
+        // If we didn't find slotBase in base's prototype chain, then base
+        // must be a proxy for another object.
+
+        if (v.isNull()) {
+            if (!slotBase)
+                return count;
+            return InvalidPrototypeChain;
+        }
+
+        cell = v.asCell();
+
+        // Since we're accessing a prototype in a loop, it's a good bet that it
+        // should not be treated as a dictionary.
+        if (cell->structure()->isDictionary()) {
+            asObject(cell)->flattenDictionaryObject(callFrame->vm());
+            if (slotBase == cell)
+                slotOffset = cell->structure()->get(callFrame->vm(), propertyName); 
+        }
+            
+        ++count;
+    }
+        
+    return count;
+}
+
+inline size_t normalizePrototypeChain(CallFrame* callFrame, JSCell* base)
 {
-    VM& vm = callFrame->vm();
     size_t count = 0;
     while (1) {
-        if (structure->isProxy())
+        if (base->isProxy())
             return InvalidPrototypeChain;
-        JSValue v = structure->prototypeForLookup(callFrame);
+            
+        JSValue v = base->structure()->prototypeForLookup(callFrame);
         if (v.isNull())
             return count;
 
-        JSCell* base = v.asCell();
-        structure = base->structure(vm);
+        base = v.asCell();
+
         // Since we're accessing a prototype in a loop, it's a good bet that it
         // should not be treated as a dictionary.
-        if (structure->isDictionary())
-            structure->flattenDictionaryStructure(vm, asObject(base));
+        if (base->structure()->isDictionary())
+            asObject(base)->flattenDictionaryObject(callFrame->vm());
 
         ++count;
     }
 }
 
+inline bool isPrototypeChainNormalized(JSGlobalObject* globalObject, Structure* structure)
+{
+    for (;;) {
+        if (structure->typeInfo().type() == ProxyType)
+            return false;
+            
+        JSValue v = structure->prototypeForLookup(globalObject);
+        if (v.isNull())
+            return true;
+            
+        structure = v.asCell()->structure();
+            
+        if (structure->isDictionary())
+            return false;
+    }
+}
+
 } // namespace JSC
 
 #endif // Operations_h
author	Lorry Tar Creator <lorry-tar-importer@lorry>	2016-04-10 09:28:39 +0000
committer	Lorry Tar Creator <lorry-tar-importer@lorry>	2016-04-10 09:28:39 +0000
commit	32761a6cee1d0dee366b885b7b9c777e67885688 (patch)
tree	d6bec92bebfb216f4126356e55518842c2f476a1 /Source/JavaScriptCore/runtime/Operations.h
parent	a4e969f4965059196ca948db781e52f7cfebf19e (diff)
download	WebKitGtk-tarball-32761a6cee1d0dee366b885b7b9c777e67885688.tar.gz