We should call visitChildren on Base not the exact typename
authorkeith_miller@apple.com <keith_miller@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 22 Jun 2018 18:26:36 +0000 (18:26 +0000)
committerkeith_miller@apple.com <keith_miller@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 22 Jun 2018 18:26:36 +0000 (18:26 +0000)
https://bugs.webkit.org/show_bug.cgi?id=186928

Reviewed by Mark Lam.

A lot of places were not properly calling visitChildren on their
superclass. For most of them it didn't matter because they had
immortal structures. If code changed in the future this might
break things however.

Also, block off more of the MethodTable for GetterSetter objects.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::visitChildren):
* bytecode/ExecutableToCodeBlockEdge.cpp:
(JSC::ExecutableToCodeBlockEdge::visitChildren):
* debugger/DebuggerScope.cpp:
(JSC::DebuggerScope::visitChildren):
* runtime/EvalExecutable.cpp:
(JSC::EvalExecutable::visitChildren):
* runtime/FunctionExecutable.cpp:
(JSC::FunctionExecutable::visitChildren):
* runtime/FunctionRareData.cpp:
(JSC::FunctionRareData::visitChildren):
* runtime/GenericArgumentsInlines.h:
(JSC::GenericArguments<Type>::visitChildren):
* runtime/GetterSetter.cpp:
(JSC::GetterSetter::visitChildren):
* runtime/GetterSetter.h:
* runtime/InferredType.cpp:
(JSC::InferredType::visitChildren):
* runtime/InferredTypeTable.cpp:
(JSC::InferredTypeTable::visitChildren):
* runtime/InferredValue.cpp:
(JSC::InferredValue::visitChildren):
* runtime/JSArrayBufferView.cpp:
(JSC::JSArrayBufferView::visitChildren):
* runtime/JSGenericTypedArrayViewInlines.h:
(JSC::JSGenericTypedArrayView<Adaptor>::visitChildren):
* runtime/ModuleProgramExecutable.cpp:
(JSC::ModuleProgramExecutable::visitChildren):
* runtime/ProgramExecutable.cpp:
(JSC::ProgramExecutable::visitChildren):
* runtime/ScopedArguments.cpp:
(JSC::ScopedArguments::visitChildren):
* runtime/ScopedArguments.h:
* runtime/Structure.cpp:
(JSC::Structure::visitChildren):
* runtime/StructureRareData.cpp:
(JSC::StructureRareData::visitChildren):
* runtime/SymbolTable.cpp:
(JSC::SymbolTable::visitChildren):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@233085 268f45cc-cd09-0410-ab3c-d52691b4dbfc

22 files changed:
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/bytecode/CodeBlock.cpp
Source/JavaScriptCore/bytecode/ExecutableToCodeBlockEdge.cpp
Source/JavaScriptCore/debugger/DebuggerScope.cpp
Source/JavaScriptCore/runtime/EvalExecutable.cpp
Source/JavaScriptCore/runtime/FunctionExecutable.cpp
Source/JavaScriptCore/runtime/FunctionRareData.cpp
Source/JavaScriptCore/runtime/GenericArgumentsInlines.h
Source/JavaScriptCore/runtime/GetterSetter.cpp
Source/JavaScriptCore/runtime/GetterSetter.h
Source/JavaScriptCore/runtime/InferredType.cpp
Source/JavaScriptCore/runtime/InferredTypeTable.cpp
Source/JavaScriptCore/runtime/InferredValue.cpp
Source/JavaScriptCore/runtime/JSArrayBufferView.cpp
Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h
Source/JavaScriptCore/runtime/ModuleProgramExecutable.cpp
Source/JavaScriptCore/runtime/ProgramExecutable.cpp
Source/JavaScriptCore/runtime/ScopedArguments.cpp
Source/JavaScriptCore/runtime/ScopedArguments.h
Source/JavaScriptCore/runtime/Structure.cpp
Source/JavaScriptCore/runtime/StructureRareData.cpp
Source/JavaScriptCore/runtime/SymbolTable.cpp

index 260a935..6ac55e2 100644 (file)
@@ -1,3 +1,58 @@
+2018-06-22  Keith Miller  <keith_miller@apple.com>
+
+        We should call visitChildren on Base not the exact typename
+        https://bugs.webkit.org/show_bug.cgi?id=186928
+
+        Reviewed by Mark Lam.
+
+        A lot of places were not properly calling visitChildren on their
+        superclass. For most of them it didn't matter because they had
+        immortal structures. If code changed in the future this might
+        break things however.
+
+        Also, block off more of the MethodTable for GetterSetter objects.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::visitChildren):
+        * bytecode/ExecutableToCodeBlockEdge.cpp:
+        (JSC::ExecutableToCodeBlockEdge::visitChildren):
+        * debugger/DebuggerScope.cpp:
+        (JSC::DebuggerScope::visitChildren):
+        * runtime/EvalExecutable.cpp:
+        (JSC::EvalExecutable::visitChildren):
+        * runtime/FunctionExecutable.cpp:
+        (JSC::FunctionExecutable::visitChildren):
+        * runtime/FunctionRareData.cpp:
+        (JSC::FunctionRareData::visitChildren):
+        * runtime/GenericArgumentsInlines.h:
+        (JSC::GenericArguments<Type>::visitChildren):
+        * runtime/GetterSetter.cpp:
+        (JSC::GetterSetter::visitChildren):
+        * runtime/GetterSetter.h:
+        * runtime/InferredType.cpp:
+        (JSC::InferredType::visitChildren):
+        * runtime/InferredTypeTable.cpp:
+        (JSC::InferredTypeTable::visitChildren):
+        * runtime/InferredValue.cpp:
+        (JSC::InferredValue::visitChildren):
+        * runtime/JSArrayBufferView.cpp:
+        (JSC::JSArrayBufferView::visitChildren):
+        * runtime/JSGenericTypedArrayViewInlines.h:
+        (JSC::JSGenericTypedArrayView<Adaptor>::visitChildren):
+        * runtime/ModuleProgramExecutable.cpp:
+        (JSC::ModuleProgramExecutable::visitChildren):
+        * runtime/ProgramExecutable.cpp:
+        (JSC::ProgramExecutable::visitChildren):
+        * runtime/ScopedArguments.cpp:
+        (JSC::ScopedArguments::visitChildren):
+        * runtime/ScopedArguments.h:
+        * runtime/Structure.cpp:
+        (JSC::Structure::visitChildren):
+        * runtime/StructureRareData.cpp:
+        (JSC::StructureRareData::visitChildren):
+        * runtime/SymbolTable.cpp:
+        (JSC::SymbolTable::visitChildren):
+
 2018-06-20  Darin Adler  <darin@apple.com>
 
         [Cocoa] Use the isDirectory: variants of NSURL methods more to eliminate unnecessary file system activity
index 98ef06f..3be932b 100644 (file)
@@ -1012,7 +1012,7 @@ void CodeBlock::visitChildren(JSCell* cell, SlotVisitor& visitor)
 {
     CodeBlock* thisObject = jsCast<CodeBlock*>(cell);
     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
-    JSCell::visitChildren(thisObject, visitor);
+    Base::visitChildren(cell, visitor);
     visitor.append(thisObject->m_ownerEdge);
     thisObject->visitChildren(visitor);
 }
index 5657e22..81bc9a9 100644 (file)
@@ -48,6 +48,8 @@ void ExecutableToCodeBlockEdge::visitChildren(JSCell* cell, SlotVisitor& visitor
 {
     VM& vm = visitor.vm();
     ExecutableToCodeBlockEdge* edge = jsCast<ExecutableToCodeBlockEdge*>(cell);
+    Base::visitChildren(cell, visitor);
+
     CodeBlock* codeBlock = edge->m_codeBlock.get();
     
     // It's possible for someone to hold a pointer to the edge after the edge has cleared its weak
index 55136ff..d5404b5 100644 (file)
@@ -60,7 +60,8 @@ void DebuggerScope::visitChildren(JSCell* cell, SlotVisitor& visitor)
 {
     DebuggerScope* thisObject = jsCast<DebuggerScope*>(cell);
     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
-    JSObject::visitChildren(thisObject, visitor);
+    Base::visitChildren(cell, visitor);
+
     visitor.append(thisObject->m_scope);
     visitor.append(thisObject->m_next);
 }
index 3386d0e..6ed8ccc 100644 (file)
@@ -48,7 +48,7 @@ void EvalExecutable::visitChildren(JSCell* cell, SlotVisitor& visitor)
 {
     EvalExecutable* thisObject = jsCast<EvalExecutable*>(cell);
     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
-    ScriptExecutable::visitChildren(thisObject, visitor);
+    Base::visitChildren(thisObject, visitor);
     visitor.append(thisObject->m_unlinkedEvalCodeBlock);
     visitor.append(thisObject->m_evalCodeBlock);
 }
index 7196426..d5770d4 100644 (file)
@@ -84,7 +84,7 @@ void FunctionExecutable::visitChildren(JSCell* cell, SlotVisitor& visitor)
 {
     FunctionExecutable* thisObject = jsCast<FunctionExecutable*>(cell);
     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
-    ScriptExecutable::visitChildren(thisObject, visitor);
+    Base::visitChildren(thisObject, visitor);
     visitor.append(thisObject->m_codeBlockForCall);
     visitor.append(thisObject->m_codeBlockForConstruct);
     visitor.append(thisObject->m_unlinkedExecutable);
index cfedf95..dc3cb7d 100644 (file)
@@ -54,6 +54,7 @@ Structure* FunctionRareData::createStructure(VM& vm, JSGlobalObject* globalObjec
 void FunctionRareData::visitChildren(JSCell* cell, SlotVisitor& visitor)
 {
     FunctionRareData* rareData = jsCast<FunctionRareData*>(cell);
+    Base::visitChildren(cell, visitor);
 
     rareData->m_objectAllocationProfile.visitAggregate(visitor);
     rareData->m_internalFunctionAllocationProfile.visitAggregate(visitor);
index 1aa4754..25eba92 100644 (file)
@@ -35,6 +35,7 @@ void GenericArguments<Type>::visitChildren(JSCell* thisCell, SlotVisitor& visito
 {
     Type* thisObject = static_cast<Type*>(thisCell);
     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
+    Base::visitChildren(thisCell, visitor);
     
     if (thisObject->m_modifiedArgumentsDescriptor)
         visitor.markAuxiliary(thisObject->m_modifiedArgumentsDescriptor.get());
index 0415c84..b865777 100644 (file)
@@ -39,7 +39,7 @@ void GetterSetter::visitChildren(JSCell* cell, SlotVisitor& visitor)
 {
     GetterSetter* thisObject = jsCast<GetterSetter*>(cell);
     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
-    JSCell::visitChildren(thisObject, visitor);
+    Base::visitChildren(thisObject, visitor);
 
     visitor.append(thisObject->m_getter);
     visitor.append(thisObject->m_setter);
index 55f7fe1..dc9d113 100644 (file)
@@ -118,6 +118,8 @@ public:
 
     static bool getOwnPropertySlot(JSObject*, ExecState*, PropertyName, PropertySlot&) { RELEASE_ASSERT_NOT_REACHED(); return false; }
     static bool put(JSCell*, ExecState*, PropertyName, JSValue, PutPropertySlot&) { RELEASE_ASSERT_NOT_REACHED(); return false; }
+    static bool putByIndex(JSCell*, ExecState*, unsigned, JSValue, bool) { RELEASE_ASSERT_NOT_REACHED(); return false; }
+    static bool setPrototype(JSObject*, ExecState*, JSValue, bool) { RELEASE_ASSERT_NOT_REACHED(); return false; }
     static bool defineOwnProperty(JSObject*, ExecState*, PropertyName, const PropertyDescriptor&, bool) { RELEASE_ASSERT_NOT_REACHED(); return false; }
     static bool deleteProperty(JSCell*, ExecState*, PropertyName) { RELEASE_ASSERT_NOT_REACHED(); return false; }
 
index aa06db6..c5239d8 100644 (file)
@@ -86,6 +86,7 @@ Structure* InferredType::createStructure(VM& vm, JSGlobalObject* globalObject, J
 void InferredType::visitChildren(JSCell* cell, SlotVisitor& visitor)
 {
     InferredType* inferredType = jsCast<InferredType*>(cell);
+    Base::visitChildren(cell, visitor);
     if (inferredType->m_structure)
         visitor.vm().inferredTypesWithFinalizers.add(inferredType);
 }
index 1fc52b4..47a42e8 100644 (file)
@@ -53,6 +53,7 @@ Structure* InferredTypeTable::createStructure(VM& vm, JSGlobalObject* globalObje
 void InferredTypeTable::visitChildren(JSCell* cell, SlotVisitor& visitor)
 {
     InferredTypeTable* inferredTypeTable = jsCast<InferredTypeTable*>(cell);
+    Base::visitChildren(cell, visitor);
 
     ConcurrentJSLocker locker(inferredTypeTable->m_lock);
     
index 8489039..69de0fb 100644 (file)
@@ -54,7 +54,8 @@ Structure* InferredValue::createStructure(VM& vm, JSGlobalObject* globalObject,
 void InferredValue::visitChildren(JSCell* cell, SlotVisitor& visitor)
 {
     InferredValue* inferredValue = jsCast<InferredValue*>(cell);
-    
+    Base::visitChildren(cell, visitor);
+
     JSValue value = inferredValue->m_value.get();
     if (!value)
         return;
index 730eefd..2dbb452 100644 (file)
@@ -159,6 +159,7 @@ void JSArrayBufferView::finishCreation(VM& vm)
 void JSArrayBufferView::visitChildren(JSCell* cell, SlotVisitor& visitor)
 {
     JSArrayBufferView* thisObject = jsCast<JSArrayBufferView*>(cell);
+    Base::visitChildren(cell, visitor);
 
     if (thisObject->hasArrayBuffer()) {
         WTF::loadLoadFence();
@@ -166,8 +167,6 @@ void JSArrayBufferView::visitChildren(JSCell* cell, SlotVisitor& visitor)
         RELEASE_ASSERT(buffer);
         visitor.addOpaqueRoot(buffer);
     }
-    
-    Base::visitChildren(thisObject, visitor);
 }
 
 bool JSArrayBufferView::put(
index 3e3f36c..775aaf7 100644 (file)
@@ -514,7 +514,8 @@ template<typename Adaptor>
 void JSGenericTypedArrayView<Adaptor>::visitChildren(JSCell* cell, SlotVisitor& visitor)
 {
     JSGenericTypedArrayView* thisObject = jsCast<JSGenericTypedArrayView*>(cell);
-    
+    Base::visitChildren(thisObject, visitor);
+
     TypedArrayMode mode;
     void* vector;
     size_t byteSize;
@@ -545,8 +546,6 @@ void JSGenericTypedArrayView<Adaptor>::visitChildren(JSCell* cell, SlotVisitor&
         RELEASE_ASSERT_NOT_REACHED();
         break;
     }
-    
-    Base::visitChildren(thisObject, visitor);
 }
 
 template<typename Adaptor>
index eaeef8a..25fd954 100644 (file)
@@ -90,7 +90,7 @@ void ModuleProgramExecutable::visitChildren(JSCell* cell, SlotVisitor& visitor)
 {
     ModuleProgramExecutable* thisObject = jsCast<ModuleProgramExecutable*>(cell);
     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
-    ScriptExecutable::visitChildren(thisObject, visitor);
+    Base::visitChildren(thisObject, visitor);
     visitor.append(thisObject->m_unlinkedModuleProgramCodeBlock);
     visitor.append(thisObject->m_moduleEnvironmentSymbolTable);
     visitor.append(thisObject->m_moduleProgramCodeBlock);
index 53a2461..51b68d7 100644 (file)
@@ -207,7 +207,7 @@ void ProgramExecutable::visitChildren(JSCell* cell, SlotVisitor& visitor)
 {
     ProgramExecutable* thisObject = jsCast<ProgramExecutable*>(cell);
     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
-    ScriptExecutable::visitChildren(thisObject, visitor);
+    Base::visitChildren(thisObject, visitor);
     visitor.append(thisObject->m_unlinkedProgramCodeBlock);
     visitor.append(thisObject->m_programCodeBlock);
 }
index d1b8c20..b5749e3 100644 (file)
@@ -120,8 +120,6 @@ void ScopedArguments::visitChildren(JSCell* cell, SlotVisitor& visitor)
         visitor.appendValues(
             thisObject->overflowStorage(), thisObject->storageHeader().totalLength - thisObject->m_table->length());
     }
-
-    GenericArguments<ScopedArguments>::visitChildren(cell, visitor);
 }
 
 Structure* ScopedArguments::createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
index 9362167..b2e80ff 100644 (file)
@@ -40,6 +40,7 @@ class ScopedArguments final : public GenericArguments<ScopedArguments> {
 private:
     ScopedArguments(VM&, Structure*, WriteBarrier<Unknown>* storage);
     void finishCreation(VM&, JSFunction* callee, ScopedArgumentsTable*, JSLexicalEnvironment*);
+    using Base = GenericArguments<ScopedArguments>;
 
 public:
     template<typename CellType>
index 30eeee9..a17b6ac 100644 (file)
@@ -1078,7 +1078,7 @@ void Structure::visitChildren(JSCell* cell, SlotVisitor& visitor)
     Structure* thisObject = jsCast<Structure*>(cell);
     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
 
-    JSCell::visitChildren(thisObject, visitor);
+    Base::visitChildren(thisObject, visitor);
     
     ConcurrentJSLocker locker(thisObject->m_lock);
     
index ae301e2..a0375fb 100644 (file)
@@ -66,7 +66,7 @@ void StructureRareData::visitChildren(JSCell* cell, SlotVisitor& visitor)
     StructureRareData* thisObject = jsCast<StructureRareData*>(cell);
     ASSERT_GC_OBJECT_INHERITS(thisObject, info());
 
-    JSCell::visitChildren(thisObject, visitor);
+    Base::visitChildren(thisObject, visitor);
     visitor.append(thisObject->m_previous);
     visitor.append(thisObject->m_objectToStringValue);
     visitor.append(thisObject->m_cachedPropertyNameEnumerator);
index ced975f..6b95a0e 100644 (file)
@@ -101,7 +101,8 @@ void SymbolTable::finishCreation(VM& vm)
 void SymbolTable::visitChildren(JSCell* thisCell, SlotVisitor& visitor)
 {
     SymbolTable* thisSymbolTable = jsCast<SymbolTable*>(thisCell);
-    
+    Base::visitChildren(thisSymbolTable, visitor);
+
     visitor.append(thisSymbolTable->m_arguments);
     visitor.append(thisSymbolTable->m_singletonScope);