Closed
Bug 1471841
Opened 6 years ago
Closed 6 years ago
Move WouldDefinePastNonwritableLength into NativeObject.cpp
Categories
(Core :: JavaScript Engine, enhancement)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla63
Tracking | Status | |
---|---|---|
firefox63 | --- | fixed |
People
(Reporter: anba, Assigned: anba)
Details
Attachments
(1 file, 1 obsolete file)
8.05 KB,
patch
|
anba
:
review+
|
Details | Diff | Splinter Review |
WouldDefinePastNonwritableLength is only used within NativeObject.cpp, so moving it there should helper the compiler potentially inlining it.
Assignee | ||
Comment 1•6 years ago
|
||
Moves WouldDefinePastNonwritableLength into NativeObject. I've also removed the type check from WouldDefinePastNonwritableLength, because all callers except for SetDenseOrTypedArrayElement already call it with ArrayObjects. Also SetDenseOrTypedArrayElement doesn't really seem to need the WouldDefinePastNonwritableLength check, because an existing dense array element can't have an index greater-or-equals than the array's length, can it? And I've changed the fail-soft error for typed arrays in SetDenseOrTypedArrayElement from JSMSG_BAD_INDEX to JSMSG_TYPED_ARRAY_DETACHED and added a comment (and an assertion) explaining when the out-of-bounds write access can actually happen. And finally the patch also removes an unused parameter from SetExistingProperty. Phew, that was a bit more than simply moving WouldDefinePastNonwritableLength into NativeObject.cpp. :-)
Attachment #8988454 -
Flags: review?(jdemooij)
Comment 2•6 years ago
|
||
Comment on attachment 8988454 [details] [diff] [review] bug1471841.patch Review of attachment 8988454 [details] [diff] [review]: ----------------------------------------------------------------- Very nice. ::: js/src/vm/NativeObject.cpp @@ +2657,5 @@ > TypedArrayObject::setElement(obj->as<TypedArrayObject>(), index, d); > return result.succeed(); > } > > + // An existing typed array element is now out-of-bounds implies the s/implies/implying/ ? @@ +2666,4 @@ > } > > + MOZ_ASSERT_IF(obj->is<ArrayObject>(), > + !WouldDefinePastNonwritableLength(&obj->as<ArrayObject>(), index)); Yes this is fine, we could even MOZ_ASSERT(obj->containsDenseElement(index)) I think? If we're just setting an existing element the non-writable length stuff is irrelevant anyway.
Attachment #8988454 -
Flags: review?(jdemooij) → review+
Assignee | ||
Comment 3•6 years ago
|
||
Updated patch to use |NativeObject::containsDenseElement(...)| per review comments and slightly reworded one comment. Carrying r+.
Attachment #8988454 -
Attachment is obsolete: true
Attachment #8988593 -
Flags: review+
Assignee | ||
Comment 4•6 years ago
|
||
Try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=49c631ff0b3550ec9d8b8036a922c50f647e8d88
Keywords: checkin-needed
Pushed by nbeleuzu@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/ffa64e3aff88 Move WouldDefinePastNonwritableLength into NativeObject.cpp. r=jandem
Keywords: checkin-needed
Comment 6•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/ffa64e3aff88
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
status-firefox63:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
You need to log in
before you can comment on or make changes to this bug.
Description
•