Closed Bug 203084 Opened 22 years ago Closed 22 years ago

Host properties getting lost on "simple" host classes

Categories

(Core :: JavaScript Engine, defect, P1)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Windows 2000
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla1.4beta

People

(Reporter: scole, Assigned: brendan)

References

Details

(Keywords: js1.5)

Attachments

(2 files, 2 obsolete files)

Patch to JS shell to demonstrate problem
3.57 KB, patch
Details | Diff | Splinter Review
restore API compatibility
1.82 KB, patch
rogerl
: review+
shaver
: superreview+
asa
: approval1.4b+
Details | Diff | Splinter Review
Something has changed recently in the tip of the Spidermonkey source, and now class-specific properties are getting somehow "lost". When I make a JSClass that has only one property, with a property-specific getter and setter pair, the property itself gets overridden the first time it's set. In other words: a generic class: static JSClass BusyIcon_Class = { "BusyIcon", 0, JS_PropertyStub, JS_PropertyStub, JS_PropertyStub, JS_PropertyStub, JS_EnumerateStub, JS_ResolveStub, JS_ConvertStub, JS_FinalizeStub, JSCLASS_NO_OPTIONAL_MEMBERS }; And one simple property: static JSPropertySpec BusyIcon_Properties[] = { { "x", ID_BusyIcon_x, JSPROP_ENUMERATE, BusyIcon_GetXPos, BusyIcon_SetXPos }, { 0 } }; When something gets this 'x' property, everything works fine. But when someone sets the 'x' property, things are turned off. After instrumenting the add and get callbacks, it looks like a new property is being created ('x') and stored in the object, NOT using the tinyid. This new property is then just a standard JS prop and doesn't cause the getter/setter callbacks to be used anymore. I'll attach a diff to js.c at the end of this message that allows the test to be compiled. A simple script log looks like (my getters and setters are instrumented): js> busyIcon JS: Adding new BusyIcon object to 002F8B40 (as "busyIcon"). [object BusyIcon] js> busyIcon.x JS: BusyIcon_GetXPos --> 0 0 js> busyIcon.x = 3; 3 js> busyIcon.x 3 js> Notice that the getter is called the first time, but not the second time. The setter is never called. There is a workaround: Setting JSPROP_SHARED on the properties makes everything work just fine. And it's arguably the right thing to do even if this bug is fixed. Still. What's going on here shouldn't happen, I think. --Steve Cole
Patches js.c so that the problem can be tested in JS shell. --scole
A regression from the fix for bug 90596. I wasn't sure when patching that bug how to preserve API compatibility, so I opted for a narrow interpretation: only if the proto-prop has a short-id (tinyid) *and* the class default getter and setter, do we propagate SPROP_HAS_SHORTID and sprop->shortid. But that's too narrow, because the API allows per-tinyid-bearing-properties to have their own non-default getters and setters. Patch in a minute, but I won't be around for more than an hour, then I'm off for 7 days. Someone else will have to test, r= and check in. /be
Assignee: rogerl → brendan
Flags: blocking1.4b?
Keywords: js1.5
Severity: normal → critical
Status: NEW → ASSIGNED
Priority: -- → P1
Target Milestone: --- → mozilla1.4beta
Attached patch proposed fix (obsolete) — Splinter Review
Attached patch fix the comment, too (obsolete) — Splinter Review
Attachment #121449 - Attachment is obsolete: true
Comment on attachment 121450 [details] [diff] [review] fix the comment, too Two reviews are better than one, but one's enough to get this patch in for 1.4b, with Asa's a=. I'm off, see you in a week. /be
Attachment #121450 - Flags: superreview?(shaver)
Attachment #121450 - Flags: review?(rogerl)
Unfortunately, this doesn't seem to fix the problem. I get the same results as before. --scole
not gonna block for this.
Flags: blocking1.4b? → blocking1.4b-
Ok, this fixes scole's testcase for me. It clearly restores in the SPROP_HAS_SHORTID case what the old code did in all cases of non-shared property shadowing: copy the proto-property's getter and setter as well as its shortid and SPROP_HAS_SHORTID flag. /be
Attachment #121450 - Attachment is obsolete: true
Attachment #122264 - Flags: superreview?(shaver)
Attachment #122264 - Flags: review?(rogerl)
Attachment #121450 - Flags: superreview?(shaver)
Attachment #121450 - Flags: review?(rogerl)
Patch works, restores needed API compatibility. This needs to be fixed in 1.4 final if not in beta. /be
Flags: blocking1.4b- → blocking1.4b?
Comment on attachment 122264 [details] [diff] [review] restore API compatibility OK, yeah. sr=shaver.
Attachment #122264 - Flags: superreview?(shaver) → superreview+
Attachment #122264 - Flags: review?(rogerl) → review+
Comment on attachment 122264 [details] [diff] [review] restore API compatibility Confirmed. This patch fixes my testcase. Thanks, Brendan! --scole
Comment on attachment 122264 [details] [diff] [review] restore API compatibility Looking to get this in to avoid regressing a milestone release. /be
Attachment #122264 - Flags: approval1.4b?
Comment on attachment 122264 [details] [diff] [review] restore API compatibility a=asa (on behalf of drivers) for checkin to 1.4b.
Attachment #122264 - Flags: approval1.4b? → approval1.4b+
Fixed, thanks to everyone. /be
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Marking Verified FIXED based on Steve's Comment #11. From my point of view, the fix passes the JS testsuite on WinNT, Linux, and Mac OSX, in both the debug and optimized JS shell -
Status: RESOLVED → VERIFIED
Further verification of the fix. Here's what I'm seeing when I try Steve's testcase (after applying his patch to js.c in Comment #1): js> busyIcon JS: Adding new BusyIcon object to 002FB340 (as "busyIcon"). [object BusyIcon] js> busyIcon.x JS: BusyIcon_GetXPos --> 0 0 js> busyIcon.x = 3; JS: BusyIcon_SetXPos(3) 3 js> busyIcon.x JS: BusyIcon_GetXPos --> 3 3
Flags: blocking1.4b?
Flags: testcase-
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: