Closed Bug 645464 Opened 13 years ago Closed 13 years ago

js::ClassMethodIsNative is so wrong


(Core :: JavaScript Engine, defect)

Not set





(Reporter: Waldo, Assigned: Waldo)




(Whiteboard: fixed-in-tracemonkey)


(1 file)

It probes for the specified function directly in the object, and if it doesn't find the property *or* the property doesn't contain that function, it probes the prototype.  It should only keep trying to optimize by probing the prototype if the property doesn't exist.

I'm aghast that I never managed to find this writing any of the stepwise tests I've written that probed for proper implementation of ToString or ToNumber.  At least this test found it for us so we know to fix it:
yikes, good catch
Attached patch Patch and testsSplinter Review
Note in particular the hasDefaultGetter->hasDefaultGetterOrIsMethod change, and note that this depends on the patch for bug 640503 in order for properties on String objects to not have str_getProperty as their getter op.
Attachment #522746 - Flags: review?(jorendorff)
Comment on attachment 522746 [details] [diff] [review]
Patch and tests

I seem to be doing a great job getting reviews in bug 660438, bug 646129, and this bug in exactly the opposite order of a dependency topsort of them.  Let's get this one done so I can actually land any of them, mmkay?  :-)
Attachment #522746 - Flags: review?(jorendorff) → review?(luke)
Comment on attachment 522746 [details] [diff] [review]
Patch and tests

Review of attachment 522746 [details] [diff] [review]:

Wow, good find!

::: js/src/jsfun.h
@@ +225,1 @@
>      }


::: js/src/jsobj.cpp
@@ +5872,3 @@
>  {
>      const Shape *shape = obj->nativeLookup(methodid);
> +    if (!shape || !shape->hasDefaultGetterOrIsMethod() || !obj->containsSlot(shape->slot))

I would feel better if the !hasDefaultGetterOrIsMethod() disjunct was stated in a positive form since for the reader who doesn't know the complete set of cases, its hard to take the set difference.

::: js/src/jsobj.h
@@ +1841,3 @@
>   */
> +extern bool
> +HasDataProperty(JSObject *obj, jsid methodid, js::Value *vp);

Is this method equivalent to:
  [[HasProperty]](methodid) and IsDataDescriptor([[GetProperty]](methodid))
? Could you comment if we are or, if not, why we aren't?

::: js/src/jsobjinlines.h
@@ +1246,5 @@
> +ValueIsNative(const js::Value &v, Native native)
> +{
> +    JSObject *funobj;
> +    return IsFunctionObject(v, &funobj) && funobj->getFunctionPrivate()->maybeNative() == native;
> +}

Almost preempted!  Could you add this as a IsNativeFunction() overload in jsfun.h below the other two?
Attachment #522746 - Flags: review?(luke) → review+
Whiteboard: fixed-in-tracemonkey
Target Milestone: mozilla5 → mozilla7
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.