[JSC] Different @@species getter for each constructor #24705
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sosukesuzuki
force-pushed
the
fix-267039
branch
from
96e01b9 to
9c99737
Compare
Collaborator
|
EWS run on previous version of this PR (hash 9c99737) Details |
Ahmad-S792
added
the
JavaScriptCore
kmiller68
requested changes
Feb 19, 2024
Contributor
kmiller68
left a comment
kmiller68
left a comment
There was a problem hiding this comment.
Thanks for the patch! I have one comment.
Comment on lines
179
to
182
Contributor
There was a problem hiding this comment.
I think we don't need these saved on the global object as we don't watchpoint them so we should save a little memory. Can you construct these in the respective finishCreation instead?
Contributor
Author
There was a problem hiding this comment.
Thank you for your review! Like this?
void RegExpConstructor::finishCreation(VM& vm, RegExpPrototype* regExpPrototype)
{
Base::finishCreation(vm, 2, vm.propertyNames->RegExp.string(), PropertyAdditionMode::WithoutStructureTransition);
ASSERT(inherits(info()));
putDirectWithoutTransition(vm, vm.propertyNames->prototype, regExpPrototype, PropertyAttribute::DontEnum | PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly);
- putDirectNonIndexAccessorWithoutTransition(vm, vm.propertyNames->speciesSymbol, globalObject->regExpSpeciesGetterSetter(), PropertyAttribute::Accessor | PropertyAttribute::ReadOnly | PropertyAttribute::DontEnum);
+ GetterSetter* speciesGetterSetter = GetterSetter::create(vm, globalObject, JSFunction::create(vm, globalObject, 0, "get [Symbol.species]"_s, globalFuncSpeciesGetter, ImplementationVisibility::Public, SpeciesGetterIntrinsic), nullptr);
+ putDirectNonIndexAccessorWithoutTransition(vm, vm.propertyNames->speciesSymbol, speciesGetterSetter, PropertyAttribute::Accessor | PropertyAttribute::ReadOnly | PropertyAttribute::DontEnum)
;
Contributor
Author
There was a problem hiding this comment.
We need to pass an instance of speciesGetterSetter as an argument to tryInstallSpeciesWatchpoint. If we create them in finishCreation, how can we get that instance from the global object side?
Contributor
There was a problem hiding this comment.
That code looks right.
Just for the ones that aren't passed to tryInstallSpeciesWatchpoint, namely for RegExp, Map, Set, and Promise.
Contributor
Author
There was a problem hiding this comment.
Thank you! Updated
Contributor
|
From the commit message:
change -> changes |
Contributor
sosukesuzuki
force-pushed
the
fix-267039
branch
from
9c99737 to
9149ee9
Compare
Collaborator
|
EWS run on previous version of this PR (hash 9149ee9) Details |
sosukesuzuki
force-pushed
the
fix-267039
branch
from
9149ee9 to
08b3b82
Compare
Collaborator
|
EWS run on previous version of this PR (hash 08b3b82) Details |
🧪 mac-wk2-stress
kmiller68
requested changes
Feb 20, 2024
Contributor
kmiller68
left a comment
kmiller68
left a comment
There was a problem hiding this comment.
One minor change otherwise LGTM.
Contributor
There was a problem hiding this comment.
Should be: inline GetterSetter* arrayBufferSpeciesGetterSetter(ArrayBufferSharingMode) const;
sosukesuzuki
force-pushed
the
fix-267039
branch
from
08b3b82 to
06a33af
Compare
Collaborator
|
EWS run on current version of this PR (hash 06a33af) Details |
Contributor
|
Ping me if you when you're ready for me to commit queue this. |
Contributor
Author
|
@kmiller68 Thank you for letting me know. I'm ready on my end, but we might need to wait for the CI to complete? This is my first PR to WebKit so I'm not familiar with the process yet. |
kmiller68
added
the
safe-merge-queue
Contributor
|
No worries. |
webkit-ews-buildbot
added
merge-queue
Collaborator
|
Safe-Merge-Queue: Build #12748. |
https://bugs.webkit.org/show_bug.cgi?id=267039 Reviewed by Keith Miller. In JavaScriptCore, `Object.getOwnPropertyDescriptor(Array, Symbol.species).get === Object.getOwnPropertyDescriptor(RegExp, Symbol.species).get` evaluates to true. This patch changes the @@species getters of each constructor to be different objects, so that the result of this expression becomes false. Remove the global `m_speciesGetterSetter` and create `m_arraySpeciesGetterSetter` and `m_regExpSpeciesGetterSetter` and ... for each constructor. Instead of passing the `GetterSetter*` type values as arguments to the create function of each constructor, refer to them from the `globalObject`. https://tc39.es/ecma262/#sec-get-regexp-@@species https://tc39.es/ecma262/#sec-get-array-@@species https://tc39.es/ecma262/#sec-get-%typedarray%-@@species https://tc39.es/ecma262/#sec-get-map-@@species https://tc39.es/ecma262/#sec-get-set-@@species https://tc39.es/ecma262/#sec-get-arraybuffer-@@species https://tc39.es/ecma262/#sec-sharedarraybuffer-@@species https://tc39.es/ecma262/#sec-get-promise-@@species * JSTests/stress/species-equivalence-typedarray.js: Added. (shouldBe): (readTypedArraySymbolSpeciesGetter): (runTest): * JSTests/stress/species-equivalence.js: Added. (shouldNotBe): (readSymbolSpeciesGetter): (runTest): * Source/JavaScriptCore/runtime/ArrayConstructor.cpp: (JSC::ArrayConstructor::finishCreation): * Source/JavaScriptCore/runtime/ArrayConstructor.h: * Source/JavaScriptCore/runtime/BigIntConstructor.h: * Source/JavaScriptCore/runtime/BooleanConstructor.cpp: (JSC::BooleanConstructor::create): * Source/JavaScriptCore/runtime/BooleanConstructor.h: * Source/JavaScriptCore/runtime/DateConstructor.h: * Source/JavaScriptCore/runtime/ErrorConstructor.h: * Source/JavaScriptCore/runtime/FinalizationRegistryConstructor.h: * Source/JavaScriptCore/runtime/JSArrayBufferConstructor.cpp: (JSC::JSGenericArrayBufferConstructor<sharingMode>::finishCreation): * Source/JavaScriptCore/runtime/JSArrayBufferConstructor.h: * Source/JavaScriptCore/runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::init): (JSC::JSGlobalObject::visitChildrenImpl): (JSC::JSGlobalObject::tryInstallSpeciesWatchpoint): (JSC::JSGlobalObject::installArraySpeciesWatchpoint): (JSC::JSGlobalObject::tryInstallArrayBufferSpeciesWatchpoint): (JSC::JSGlobalObject::tryInstallTypedArraySpeciesWatchpoint): (JSC::JSGlobalObject::installTypedArrayConstructorSpeciesWatchpoint): * Source/JavaScriptCore/runtime/JSGlobalObject.h: (JSC::JSGlobalObject::arraySpeciesGetterSetter const): (JSC::JSGlobalObject::typedArraySpeciesGetterSetter const): (JSC::JSGlobalObject::speciesGetterSetter const): Deleted. * Source/JavaScriptCore/runtime/JSGlobalObjectInlines.h: (JSC::JSGlobalObject::arrayBufferSpeciesGetterSetter const): * Source/JavaScriptCore/runtime/JSInternalPromiseConstructor.cpp: (JSC::JSInternalPromiseConstructor::create): * Source/JavaScriptCore/runtime/JSInternalPromiseConstructor.h: * Source/JavaScriptCore/runtime/JSPromiseConstructor.cpp: (JSC::JSPromiseConstructor::create): (JSC::JSPromiseConstructor::finishCreation): * Source/JavaScriptCore/runtime/JSPromiseConstructor.h: * Source/JavaScriptCore/runtime/JSTypedArrayViewConstructor.cpp: (JSC::JSTypedArrayViewConstructor::finishCreation): * Source/JavaScriptCore/runtime/JSTypedArrayViewConstructor.h: * Source/JavaScriptCore/runtime/MapConstructor.cpp: (JSC::MapConstructor::finishCreation): * Source/JavaScriptCore/runtime/MapConstructor.h: * Source/JavaScriptCore/runtime/NumberConstructor.cpp: (JSC::NumberConstructor::create): * Source/JavaScriptCore/runtime/NumberConstructor.h: * Source/JavaScriptCore/runtime/RegExpConstructor.cpp: (JSC::RegExpConstructor::finishCreation): * Source/JavaScriptCore/runtime/RegExpConstructor.h: * Source/JavaScriptCore/runtime/SetConstructor.cpp: (JSC::SetConstructor::finishCreation): * Source/JavaScriptCore/runtime/SetConstructor.h: * Source/JavaScriptCore/runtime/ShadowRealmConstructor.h: * Source/JavaScriptCore/runtime/StringConstructor.cpp: (JSC::StringConstructor::create): * Source/JavaScriptCore/runtime/StringConstructor.h: * Source/JavaScriptCore/runtime/SymbolConstructor.h: * Source/JavaScriptCore/runtime/WeakMapConstructor.h: * Source/JavaScriptCore/runtime/WeakObjectRefConstructor.h: * Source/JavaScriptCore/runtime/WeakSetConstructor.h: Canonical link: https://commits.webkit.org/275064@main
webkit-commit-queue
force-pushed
the
fix-267039
branch
from
06a33af to
d91d519
Compare
Collaborator
|
Committed 275064@main (d91d519): https://commits.webkit.org/275064@main Reviewed commits have been landed. Closing PR #24705 and removing active labels. |
webkit-commit-queue
removed
the
merge-queue
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
d91d519
06a33af