Closed
Bug 604523
Opened 14 years ago
Closed 14 years ago
JSON.stringify(empty array from another scope) -> {}
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| blocking2.0 | --- | beta7+ |
People
(Reporter: Mardak, Assigned: gal)
References
Details
(Keywords: regression, Whiteboard: [compartments], fixed-in-tracemonkey)
Attachments
(2 files, 1 obsolete file)
function startup() {
AddonManager.getAddonsByIDs([], function(a) {
_("uneval", uneval(a));
_("constructor", a.constructor);
_("constructor == Array", a.constructor == Array);
_("constructor == Array + ''", a.constructor == Array + '');
_("json", JSON.stringify(a));
});
}
results in..
[]
function Array() { [native code] }
false
true
{}
For non-empty arrays, it'll end up stringifying as {"0": "val", ...}
|
Reporter | |
Comment 1•14 years ago
|
||
Fail minefield 20101014 http://hg.mozilla.org/mozilla-central/rev/ad0a0be8be74 Pass minefield 20101013 http://hg.mozilla.org/mozilla-central/rev/178f26e21cfc
|
|
Reporter | |
Comment 2•14 years ago
|
||
This doesn't seem to affect code crossing iframes, so it might be only chrome code importing another script that returns an array. I suppose one workaround is to manually copy the array into a local array and hope there aren't nested arrays.
blocking2.0: --- → ?
|
||
Updated•14 years ago
|
Blocks: compartments
|
|
Reporter | |
Comment 3•14 years ago
|
||
This might be hitting ctypes used from restartless addons as well assuming the same issue of arrays looking like objects:
ctypes.StructType("foo", [..])
"Error: second argument must be an array"
http://mxr.mozilla.org/mozilla-central/source/js/src/ctypes/CTypes.cpp#3990|
|
Reporter | |
Comment 4•14 years ago
|
||
Perhaps this is related to how the bootstrap code is run? Is the loading code based on other code that might be affected by the compartments change? http://mxr.mozilla.org/mozilla-central/source/toolkit/mozapps/extensions/XPIProvider.jsm#4130 They're created with.. createInstance(Ci.nsIPrincipal) Components.utils.Sandbox(principal) mozIJSSubScriptLoader.loadSubScript
|
||
Updated•14 years ago
|
blocking2.0: ? → beta7+
|
||
Updated•14 years ago
|
Assignee: general → mrbkap
|
|
||
Updated•14 years ago
|
Assignee: mrbkap → gal
|
Assignee | |
Comment 5•14 years ago
|
||
|
|
Assignee | |
Comment 6•14 years ago
|
||
Attachment #484574 -
Attachment is obsolete: true
Attachment #484587 -
Flags: review?(mrbkap)
|
|
Assignee | |
Updated•14 years ago
|
Attachment #484587 -
Flags: review?(vladimir)
|
|
Assignee | |
Updated•14 years ago
|
Attachment #484587 -
Flags: review?(dvander)
|
|
Assignee | |
Comment 7•14 years ago
|
||
dvander: change to the method jit vlad: typed arrays now accept everything with a length property
|
|
Assignee | |
Comment 8•14 years ago
|
||
(vlad, we could also use GetLengthProperty unconditionally, and if there is no length property, its treated like an array of length 0, what do you think?)
Comment on attachment 484587 [details] [diff] [review] patch r=me on methodjit part
Attachment #484587 -
Flags: review?(dvander) → review+
|
|
||
Updated•14 years ago
|
Attachment #484587 -
Flags: review?(mrbkap) → review+
|
|
Reporter | |
Comment 10•14 years ago
|
||
content/base/src/nsContentUtils.cpp:5857: error: 'struct js::ClassExtension' has no member named 'wrappedObject' http://mxr.mozilla.org/mozilla-central/source/content/base/src/nsContentUtils.cpp#5856
Comment on attachment 484587 [details] [diff] [review] patch Not sure about the lack of length property meaning 0... do other APIs behave like that?
Attachment #484587 -
Flags: review?(vladimir) → review+
|
|
Assignee | |
Comment 12•14 years ago
|
||
vlad: other array functions behave like that, so if you are ok with it I would duplicate that behavior
|
|
Assignee | |
Comment 13•14 years ago
|
||
http://hg.mozilla.org/tracemonkey/rev/438afef93fd5
Whiteboard: [compartments], fixed-in-tracemonkey
|
|
Assignee | |
Comment 14•14 years ago
|
||
Pushed with the behavior Array.prototype.* have. Will follow-up with a fix if vlad wants something else. This blocks b7 so I want to get it landed.
|
|
Assignee | |
Comment 15•14 years ago
|
||
Backed out due to suspected orange.
Whiteboard: [compartments], fixed-in-tracemonkey → [compartments]
|
||
Comment 16•14 years ago
|
||
Gal will fix test and land asap.
|
|
Assignee | |
Comment 17•14 years ago
|
||
http://hg.mozilla.org/tracemonkey/rev/ab80a372cfe1
Whiteboard: [compartments] → [compartments], fixed-in-tracemonkey
|
|
Assignee | |
Comment 18•14 years ago
|
||
Follow-up, removing a bogus assert. http://hg.mozilla.org/tracemonkey/rev/6d88ce7787ad
|
|
||
Comment 19•14 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/139dcd10518f
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
|
|
||
Comment 20•14 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/eaf6f9566f2e (is the follow-up)
You need to log in
before you can comment on or make changes to this bug.
Description
•