Closed
Bug 309389
Opened 20 years ago
Closed 13 years ago
Incompatible API change on JS_NewObject
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: celsoaguiar, Unassigned)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6
For that 'if' test we fail, here are the values we're seeing in the app object
creation case (w/o my fix, of course):
proto -> 1
(map = proto->map)->ops == ops -> 1
(protoclasp = OBJ_GET_CLASS(cx, proto)) == clasp -> 0
(protoclasp is 'Object', clasp is 'App')
!((protoclasp->flags ^ clasp->flags) &
(JSCLASS_HAS_PRIVATE | (JSCLASS_RESERVED_SLOTS_MASK <<
JSCLASS_RESERVED_SLOTS_SHIFT))) -> 0
This is a problem. If the static reserved slots structure of Object and App
don't match, it's possible that a prototype (Object) method that uses reserved
slots could be called on an App instance, with disastrous results.
Typically you want to delegate to a prototype of the same class as the instance,
but of course you don't have to, and the API used to support what you did
without requiring you to pass an explicit parent param.
Can you file a bug with the information in this message in it? It's very
helpful. We should think this through carefully in the bug, and try to restore
lost compatibility. Thanks,
/be
protoclasp->reserveSlots == clasp->reserveSlots -> 1
if (proto &&
(map = proto->map)->ops == ops &&
((protoclasp = OBJ_GET_CLASS(cx, proto)) == clasp ||
(!((protoclasp->flags ^ clasp->flags) &
(JSCLASS_HAS_PRIVATE |
(JSCLASS_RESERVED_SLOTS_MASK << JSCLASS_RESERVED_SLOTS_SHIFT))) &&
protoclasp->reserveSlots == clasp->reserveSlots)))
Celso
/be
Reproducible: Always
Steps to Reproduce:
1. Call JS_NewObject, don't provide a parent, make sure protoclasp != clasp
2. Further calls to children methods of your object will not find Function's
methods (apply, call, toString)
Actual Results:
Further calls to children methods of your object will not find Function's
methods (apply, call, toString)
Expected Results:
Be able to see those functions
|
||
Comment 1•20 years ago
|
||
This is real. Compatibility is hard.
/be
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
|
||
Comment 2•20 years ago
|
||
> 1. Call JS_NewObject, don't provide a parent, make sure protoclasp != clasp
You need more: the classes must differ in whether there's a private slot, or the
number of reserved slots, or the reserveSlots function pointer.
/be
|
||
Updated•20 years ago
|
Flags: testcase-
|
|
||
Updated•20 years ago
|
Flags: blocking1.9a1?
|
||
Updated•19 years ago
|
Flags: blocking1.9a1? → blocking1.9-
|
|
||
Updated•13 years ago
|
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•