Closed
Bug 366292
Opened 18 years ago
Closed 18 years ago
__defineSetter__("x", ...) changes x's value to the string "__lookupSetter__"
Categories
(Core :: JavaScript Engine, defect, P1)
Core
JavaScript Engine
Tracking
()
VERIFIED
FIXED
mozilla1.9alpha1
People
(Reporter: jruderman, Assigned: brendan)
References
Details
(Keywords: testcase, verified1.8.0.10, verified1.8.1.2)
Attachments
(3 files)
|
1.85 KB,
patch
|
mrbkap
:
review+
dveditz
:
approval1.8.1.2+
dveditz
:
approval1.8.0.10+
|
Details | Diff | Splinter Review |
|
1.79 KB,
patch
|
mrbkap
:
review+
dveditz
:
approval1.8.1.2+
|
Details | Diff | Splinter Review |
|
3.04 KB,
patch
|
mrbkap
:
review+
dveditz
:
approval1.8.0.10+
|
Details | Diff | Splinter Review |
js> this.__defineSetter__("x", function(){}); x;
__lookupSetter__
|
||
Comment 1•18 years ago
|
||
When I try this, I see:
js> this.__defineSetter__("x", function(){}); x;
Assertion failure: (sprop)->slot != SPROP_INVALID_SLOT, at jsinterp.c:4245
The assertion (and related code) isn't accounting for JSPROP_SHARED properties.
|
Assignee | |
Comment 2•18 years ago
|
||
A regression from the patch for bug 365851. Igor, feel free to review too. /be
|
|
Assignee | |
Updated•18 years ago
|
OS: Mac OS X → All
Priority: -- → P1
Hardware: Macintosh → All
Target Milestone: --- → mozilla1.9alpha
|
|
||
Updated•18 years ago
|
Attachment #250879 -
Flags: review?(mrbkap) → review+
|
|
||
Comment 3•18 years ago
|
||
Does NATIVE_SET need similar treatment?
|
|
Assignee | |
Comment 4•18 years ago
|
||
(In reply to comment #3) > Does NATIVE_SET need similar treatment? No, because there's nowhere for the value to go with a stub setter and no slot. Note how SPROP_SET raises an error if you try to set a property that has only a getter. Some time ago (ECMA Ed. 3 time, but getters and setters didn't make it into that spec), the thinking apparently was that it's better to have an error than a black hole. See rev 3.9 of jsscope.h (no bug for this change). Note how the reverse case, the one this bug ran into, works: you can get undefined from a property that has only a setter. This is being spec'ed for ES4, so shout now if it seems wrong. /be
|
|
Assignee | |
Comment 5•18 years ago
|
||
Fixed on trunk: js/src/jsinterp.c rev 3.319 /be
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
|
||
Comment 7•18 years ago
|
||
/cvsroot/mozilla/js/tests/js1_5/Regress/regress-366292.js,v <-- regress-366292.js initial revision: 1.1
Flags: in-testsuite+
|
||
Updated•18 years ago
|
Blocks: js-propcache
|
|
||
Comment 8•18 years ago
|
||
Needed on branches as a prerequisite to fix bug 367501?
Flags: blocking1.8.1.2?
Flags: blocking1.8.0.10?
|
|
Assignee | |
Comment 9•18 years ago
|
||
Comment on attachment 250879 [details] [diff] [review] fix Sorry I missed this -- it must go into the branches. /be
Attachment #250879 -
Flags: approval1.8.1.2?
Attachment #250879 -
Flags: approval1.8.0.10?
|
|
||
Updated•18 years ago
|
Flags: blocking1.8.1.2?
Flags: blocking1.8.1.2+
Flags: blocking1.8.0.10?
Flags: blocking1.8.0.10+
|
|
||
Comment 10•18 years ago
|
||
Comment on attachment 250879 [details] [diff] [review] fix approved for 1.8/1.8.0 branches, a=dveditz for drivers
Attachment #250879 -
Flags: approval1.8.1.2?
Attachment #250879 -
Flags: approval1.8.1.2+
Attachment #250879 -
Flags: approval1.8.0.10?
Attachment #250879 -
Flags: approval1.8.0.10+
|
|
Assignee | |
Comment 11•18 years ago
|
||
Comment on attachment 250879 [details] [diff] [review] fix Patch applies (cleanly to 1.8 branch; for 1.8.0 branch with fuzz of 10, I didn't try to minimize that parameter) to both branches. /be
|
||
Comment 12•18 years ago
|
||
Besides NATIVE_GET, NATIVE_SET needs to be fixed on branches. On trunk, NATIVE_SET seems to be no longer used. http://lxr.mozilla.org/mozilla/search?string=NATIVE_SET
|
|
Assignee | |
Comment 13•18 years ago
|
||
Argh, thanks moz_bug_r_a4. I'm on it. /be
|
|
Assignee | |
Comment 14•18 years ago
|
||
I'm half-inclined to just check this in, but want mrbkap to stamp (moz_bug_r_a4 please feel free to test and review too). /be
Attachment #252116 -
Flags: review?(mrbkap)
Attachment #252116 -
Flags: approval1.8.1.2?
Attachment #252116 -
Flags: approval1.8.0.10?
|
|
Assignee | |
Updated•18 years ago
|
Attachment #252116 -
Attachment description: followup fix for 1.8* branches → followup fix for 1.8 branch
Attachment #252116 -
Flags: approval1.8.0.10?
|
|
Assignee | |
Comment 15•18 years ago
|
||
Attachment #252118 -
Flags: review?(mrbkap)
|
|
||
Updated•18 years ago
|
Attachment #252116 -
Flags: review?(mrbkap) → review+
|
|
||
Updated•18 years ago
|
Attachment #252118 -
Flags: review?(mrbkap) → review+
|
|
Assignee | |
Updated•18 years ago
|
Attachment #252118 -
Flags: approval1.8.0.10?
|
|
||
Comment 16•18 years ago
|
||
Comment on attachment 252116 [details] [diff] [review] followup fix for 1.8 branch a=dveditz for 1.8 branch
Attachment #252116 -
Flags: approval1.8.1.2? → approval1.8.1.2+
|
|
||
Comment 17•18 years ago
|
||
Comment on attachment 252118 [details] [diff] [review] followup fix for the 1.8.0 branch a=dveditz for 1.8.0 branch
Attachment #252118 -
Flags: approval1.8.0.10? → approval1.8.0.10+
|
|
Assignee | |
Comment 18•18 years ago
|
||
Fixed: 1.8: js/src/jsinterp.c 3.181.2.82 1.8.0: js/src/jsinterp.c 3.181.2.17.2.27 /be
Keywords: fixed1.8.0.10,
fixed1.8.1.2
|
|
||
Comment 19•18 years ago
|
||
verified fixed 1.8.0, 1.8.1, 1.9.0 2007-01-23 win/mac*/linux
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•