Closed
Bug 780542
Opened 11 years ago
Closed 11 years ago
constructor functions return undefined in web console
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
VERIFIED
FIXED
mozilla17
People
(Reporter: watilin, Assigned: bzbarsky)
References
Details
(Keywords: regression, testcase)
Attachments
(2 files, 1 obsolete file)
|
237 bytes,
text/html
|
Details | |
|
4.12 KB,
patch
|
ejpbruel
:
review+
lsblakk
:
approval-mozilla-aurora+
lsblakk
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
User Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/17.0 Firefox/17.0
Build ID: 20120805030518
Steps to reproduce:
(On Nightly 17.0a1 with a fresh profile)
On a page containing this script :
function F() { this.x = 1; }
I opened the web console and typed "new F()".
Actual results:
the console returned "undefined".
Expected results:
It should have returned "({x:1})".
However, when I type "new window.F()" I get the right result. This bug seems related to https://bugzilla.mozilla.org/show_bug.cgi?id=752404 although the latter have been resolved.
In the latest Nightly, if I type your instructions in the web console, I see:
--
[10:43:51.175] function F() { this.x = 1; }
[10:43:51.180] undefined
--
[10:43:56.231] new F()
[10:43:56.251] ({x:1})
Of course it works when the constructor has been declared into the console.
I figured out it also works when the constructor is used inside another function declared into the page :
function createF() { return new F(); }
When typing "createF()" in the console, I get the correct "({x:1})". It seems that the "new" operator has trouble to work wih the global context.This page contains the declaration of functions "F" and "createF" to be used in the Web Console.
Attachment #649576 -
Attachment mime type: text/plain → text/html
I followed your testcase and I found this regression range: mozilla-central: good=2012-07-14 bad=2012-07-15 changelog: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=0602e44ac248&tochange=57abb5f70e01 Suspected bug to confirm: Boris Zbarsky — Bug 771429. Instead of using bound functions for the functions we get off the sandbox proto, use a function proxy. That allows property gets on the functions to get through. r=bholley
Status: UNCONFIRMED → NEW
Component: Untriaged → Developer Tools: Console
Ever confirmed: true
Keywords: regression,
testcase
|
Assignee | |
Comment 5•11 years ago
|
||
This is totally a JS engine bug; I assumed that proxy construction actually worked correctly, but it very much doesn't.
Assignee: nobody → bzbarsky
Blocks: 771429
Component: Developer Tools: Console → JavaScript Engine
Product: Firefox → Core
|
|
Assignee | |
Comment 6•11 years ago
|
||
Attachment #649704 -
Flags: review?(ejpbruel)
|
|
Assignee | |
Comment 7•11 years ago
|
||
Requesting tracking for the regression.
status-firefox14:
--- → affected
status-firefox15:
--- → affected
status-firefox16:
--- → affected
status-firefox17:
--- → affected
tracking-firefox15:
--- → ?
tracking-firefox16:
--- → ?
tracking-firefox17:
--- → ?
|
|
Assignee | |
Updated•11 years ago
|
Whiteboard: [need review]
|
||
Updated•11 years ago
|
|
|
Assignee | |
Comment 8•11 years ago
|
||
Attachment #650145 -
Flags: review?(ejpbruel)
|
|
Assignee | |
Updated•11 years ago
|
Attachment #649704 -
Attachment is obsolete: true
Attachment #649704 -
Flags: review?(ejpbruel)
|
||
Comment 9•11 years ago
|
||
Comment on attachment 650145 [details] [diff] [review] Make construction via a function proxy with an object in the constructor slot actually construct instead of just calling. Review of attachment 650145 [details] [diff] [review]: ----------------------------------------------------------------- Looking good :-)
Attachment #650145 -
Flags: review?(ejpbruel) → review+
|
|
Assignee | |
Comment 10•11 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/a047c51aafd0 Eddy, how do you feel about taking this on branches? Seems like we need to do this if we want to fix the web console behavior there....
Flags: in-testsuite+
Whiteboard: [need review]
Target Milestone: --- → mozilla17
|
|
Assignee | |
Comment 11•11 years ago
|
||
Comment on attachment 650145 [details] [diff] [review] Make construction via a function proxy with an object in the constructor slot actually construct instead of just calling. [Approval Request Comment] Bug caused by (feature/regressing bug #): Bug 771429 User impact if declined: Calling non-DOM constructors in the web console doesn't work right. Testing completed (on m-c, etc.): Passes attached automated tests. Risk to taking this patch (and alternatives if risky): I don't know. Eddy is a better source for this. String or UUID changes made by this patch: None.
Attachment #650145 -
Flags: approval-mozilla-beta?
Attachment #650145 -
Flags: approval-mozilla-aurora?
|
||
Comment 12•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/a047c51aafd0
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
|
||
Updated•11 years ago
|
|
|
Assignee | |
Comment 13•11 years ago
|
||
For what it's worth, Eddy thinks risk is low. As far as alternatives if we decide this is too risky, I see several: 1) Ship with this problem. 2) Back out bug 771429 and ship with its problem instead of this one. 3) Back out bug 771429 and fix it in some other way. I'm not quite sure how, and it would almost certainly be riskier than this patch. 4) Change the function proxy code so consumers can pick between the old and new behavior and only opt in sandboxes to the new behavior for now. This is probably doable if really needed. I think.
|
|
||
Comment 14•11 years ago
|
||
Comment on attachment 650145 [details] [diff] [review] Make construction via a function proxy with an object in the constructor slot actually construct instead of just calling. I think we're ok to not do a backout and to take this on branches.
Attachment #650145 -
Flags: approval-mozilla-beta?
Attachment #650145 -
Flags: approval-mozilla-beta+
Attachment #650145 -
Flags: approval-mozilla-aurora?
Attachment #650145 -
Flags: approval-mozilla-aurora+
|
||
Comment 15•11 years ago
|
||
This was pushed to aurora: https://hg.mozilla.org/releases/mozilla-aurora/rev/4cbf6aa4f022 and then backed out for making aurora orange. https://hg.mozilla.org/releases/mozilla-aurora/rev/c2d5393d005c
|
|
||
Comment 16•11 years ago
|
||
Similarly landed on beta: https://hg.mozilla.org/releases/mozilla-beta/rev/ad7dd2476dfe and then backed out: https://hg.mozilla.org/releases/mozilla-beta/rev/aa331c131a65
|
|
||
Comment 17•11 years ago
|
||
Only partially landed on aurora: https://hg.mozilla.org/releases/mozilla-aurora/rev/9211b0e0edad and hence backed out: https://hg.mozilla.org/releases/mozilla-aurora/rev/9211b0e0edad
|
|
||
Comment 18•11 years ago
|
||
Pushed to aurora: https://hg.mozilla.org/releases/mozilla-aurora/rev/52956b3e7be2 Hopefully wont be backed out this time
Whiteboard: status-firefox15
|
|
||
Comment 19•11 years ago
|
||
And again to beta: https://hg.mozilla.org/releases/mozilla-beta/rev/bc0a3117d9b4
|
|
||
Updated•11 years ago
|
|
|
Assignee | |
Comment 21•11 years ago
|
||
For what it's worth, it looks like the first thing that got pushed was the old, obsolete, patch. The one that didn't have approvals...
|
||
Comment 22•11 years ago
|
||
Able to see the issue on FF 15b4. Verified fixed on FF 15b5 on Win XP and Win 7 using the STR in comment 0 and the testcase. Removing verifyme for now. Please add again if you can think of any edge cases related to this that should be tested.
|
|
||
Updated•11 years ago
|
QA Contact: paul.silaghi
|
|
||
Comment 23•11 years ago
|
||
Verified fixed on: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0b4 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/17.0 Firefox/17.0 17.0a2 (2012-09-24)
Status: RESOLVED → VERIFIED
Keywords: verifyme
You need to log in
before you can comment on or make changes to this bug.
Description
•