Closed
Bug 1227555
Opened 9 years ago
Closed 9 years ago
JSObject::is() reports incorrect results for ProxyObject subclasses
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla45
Tracking | Status | |
---|---|---|
firefox45 | --- | fixed |
People
(Reporter: jonco, Assigned: jonco)
Details
Attachments
(1 file)
9.90 KB,
patch
|
shu
:
review+
|
Details | Diff | Splinter Review |
For any ProxyObject subclasses Foo and Bar, fooInstance->is<Bar>() will return true. This is because ProxyObject subclasses don't declare a class_ member, so the inherited ProxyObject::class_ is used instead. I guess this is part of a wider problem for JSObject subclasses that don't declare their own class, but it's more obvious for ProxyObject subclasses because none of them declare class_ and they should all be considered different.
Assignee | ||
Comment 1•9 years ago
|
||
Here's a patch which does the following: 1) Remove ProxyObject::class_. This breaks any use of JSObject::is() for ProxyObject and derived classes. 2) Add a specialisation of is() for ProxyObject that does not apply to derived classes. 3) Adds js::IsDerivedProxyObject() which tests both the class and the handler. 4) Adds specialisations of is() for ModuleNamespaceObject and DebugScopeObject using the above. Hopefully this is tidier and less error-prone.
Attachment #8691408 -
Flags: review?(shu)
Comment 2•9 years ago
|
||
Comment on attachment 8691408 [details] [diff] [review] bug1227555-proxy-object-is Review of attachment 8691408 [details] [diff] [review]: ----------------------------------------------------------------- This is a fine change. ::: js/src/vm/ProxyObject.h @@ +105,5 @@ > void nuke(const BaseProxyHandler* handler); > > + // There is no class_ member to force specialization of JSObject::is<T>(). > + // The implementation in JSObject is incorrect for proxies since it doesn't > + // take account of the handler type. Small nit: perhaps just rename class_? Like klass_ or something? I don't see reason to put it outside of the ProxyObject class entirely. (And keep this comment, of course).
Attachment #8691408 -
Flags: review?(shu) → review+
Comment 4•9 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/b61c35cebe4f
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox45:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla45
You need to log in
before you can comment on or make changes to this bug.
Description
•