23771 2009-02-05 14:08:01 -0800 REGRESSION (r36016): JSObjectHasProperty freezes on global class without kJSClassAttributeNoAutomaticPrototype 2009-03-19 17:04:38 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) All All RESOLVED FIXED HasReduction, InRadar, Regression P2 Normal --- 1 laurent.calburtin zwarich ggaren oliver oldest_to_newest 108506 0 laurent.calburtin 2009-02-05 14:08:01 -0800 JSObjectHasProperty is stuck in an infinite loop with following code: static JSValueRef fn(JSContextRef ctx, JSObjectRef function, JSObjectRef thisObject, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception) { return 0; } static JSStaticFunction globalObject_staticFunctions[] = { { "fn", fn, kJSPropertyAttributeNone }, { 0, 0, 0 } }; static void freeze() { JSClassDefinition globalObjectClassDefinition = kJSClassDefinitionEmpty; globalObjectClassDefinition.staticFunctions = globalObject_staticFunctions; JSClassRef globalObjectClass = JSClassCreate( &globalObjectClassDefinition); JSGlobalContextRef context = JSGlobalContextCreateInGroup(NULL, globalObjectClass); JSStringRef propName = JSStringCreateWithUTF8CString("name"); JSObjectHasProperty( context, JSContextGetGlobalObject(context), propName); } Adding the attribute kJSClassAttributeNoAutomaticPrototype to the global class definition solves the problem. Note that JSObjectSetProperty is also stuck without the attribute because it internally calls the same code as JSObjectHasProperty. Also note that JSObjectHasProperty from MacOSX10.5 webkit framework doesn't get stuck. 108520 1 ggaren 2009-02-05 14:50:51 -0800 <rdar://problem/6561016> 109091 2 oliver 2009-02-09 23:16:19 -0800 For some reason the global object's prototype gets itself as its prototype :-/ 114289 3 zwarich 2009-03-19 00:58:25 -0700 I'll take this bug. 114300 4 zwarich 2009-03-19 04:09:35 -0700 This regressed with r36016, the first inline caching patch: http://trac.webkit.org/changeset/36016 114402 5 28769 zwarich 2009-03-19 16:26:32 -0700 Created attachment 28769 Proposed patch Here's a fix. I'll add a test to testapi for this. 114409 6 28769 ggaren 2009-03-19 16:48:02 -0700 Comment on attachment 28769 Proposed patch r=me 114413 7 zwarich 2009-03-19 17:04:38 -0700 Landed in r41846 with a test added to testapi. 28769 2009-03-19 16:26:32 -0700 2009-03-19 16:48:02 -0700 Proposed patch prototype.diff text/plain 697 zwarich SW5kZXg6IHJ1bnRpbWUvSlNHbG9iYWxPYmplY3QuY3BwCj09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIHJ1bnRpbWUv SlNHbG9iYWxPYmplY3QuY3BwCShyZXZpc2lvbiA0MTgyNykKKysrIHJ1bnRpbWUvSlNHbG9iYWxP YmplY3QuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC0zNDEsNyArMzQxLDExIEBAIHZvaWQgSlNHbG9i YWxPYmplY3Q6OnJlc2V0KEpTVmFsdWVQdHIgcHIKIHZvaWQgSlNHbG9iYWxPYmplY3Q6OnJlc2V0 UHJvdG90eXBlKEpTVmFsdWVQdHIgcHJvdG90eXBlKQogewogICAgIHNldFByb3RvdHlwZShwcm90 b3R5cGUpOwotICAgIGxhc3RJblByb3RvdHlwZUNoYWluKHRoaXMpLT5zZXRQcm90b3R5cGUoZCgp LT5vYmplY3RQcm90b3R5cGUpOworCisgICAgSlNPYmplY3QqIG9sZExhc3RJblByb3RvdHlwZUNo YWluID0gbGFzdEluUHJvdG90eXBlQ2hhaW4odGhpcyk7CisgICAgSlNPYmplY3QqIG9iamVjdFBy b3RvdHlwZSA9IGQoKS0+b2JqZWN0UHJvdG90eXBlOworICAgIGlmIChvbGRMYXN0SW5Qcm90b3R5 cGVDaGFpbiAhPSBvYmplY3RQcm90b3R5cGUpCisgICAgICAgIG9sZExhc3RJblByb3RvdHlwZUNo YWluLT5zZXRQcm90b3R5cGUob2JqZWN0UHJvdG90eXBlKTsKIH0KIAogdm9pZCBKU0dsb2JhbE9i amVjdDo6bWFyaygpCg==