js::ClassMethodIsNative is so wrong

RESOLVED FIXED in mozilla7



8 years ago
8 years ago


(Reporter: Waldo, Assigned: Waldo)



Firefox Tracking Flags

(Not tracked)


(Whiteboard: fixed-in-tracemonkey, URL)


(1 attachment)



8 years ago
It probes for the specified function directly in the object, and if it doesn't find the property *or* the property doesn't contain that function, it probes the prototype.  It should only keep trying to optimize by probing the prototype if the property doesn't exist.

I'm aghast that I never managed to find this writing any of the stepwise tests I've written that probed for proper implementation of ToString or ToNumber.  At least this test found it for us so we know to fix it:

yikes, good catch

Comment 2

8 years ago
Created attachment 522746 [details] [diff] [review]
Patch and tests

Note in particular the hasDefaultGetter->hasDefaultGetterOrIsMethod change, and note that this depends on the patch for bug 640503 in order for properties on String objects to not have str_getProperty as their getter op.
Attachment #522746 - Flags: review?(jorendorff)

Comment 3

8 years ago
Comment on attachment 522746 [details] [diff] [review]
Patch and tests

I seem to be doing a great job getting reviews in bug 660438, bug 646129, and this bug in exactly the opposite order of a dependency topsort of them.  Let's get this one done so I can actually land any of them, mmkay?  :-)
Attachment #522746 - Flags: review?(jorendorff) → review?(luke)
Comment on attachment 522746 [details] [diff] [review]
Patch and tests

Review of attachment 522746 [details] [diff] [review]:

Wow, good find!

::: js/src/jsfun.h
@@ +225,1 @@
>      }


::: js/src/jsobj.cpp
@@ +5872,3 @@
>  {
>      const Shape *shape = obj->nativeLookup(methodid);
> +    if (!shape || !shape->hasDefaultGetterOrIsMethod() || !obj->containsSlot(shape->slot))

I would feel better if the !hasDefaultGetterOrIsMethod() disjunct was stated in a positive form since for the reader who doesn't know the complete set of cases, its hard to take the set difference.

::: js/src/jsobj.h
@@ +1841,3 @@
>   */
> +extern bool
> +HasDataProperty(JSObject *obj, jsid methodid, js::Value *vp);

Is this method equivalent to:
  [[HasProperty]](methodid) and IsDataDescriptor([[GetProperty]](methodid))
? Could you comment if we are or, if not, why we aren't?

::: js/src/jsobjinlines.h
@@ +1246,5 @@
> +ValueIsNative(const js::Value &v, Native native)
> +{
> +    JSObject *funobj;
> +    return IsFunctionObject(v, &funobj) && funobj->getFunctionPrivate()->maybeNative() == native;
> +}

Almost preempted!  Could you add this as a IsNativeFunction() overload in jsfun.h below the other two?
Attachment #522746 - Flags: review?(luke) → review+

Comment 5

8 years ago
Whiteboard: fixed-in-tracemonkey
Target Milestone: mozilla5 → mozilla7
Last Resolved: 8 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.