26593 2009-06-21 16:31:50 -0700 Enumeration of prototypes with more than 64 properties cache not invalidated 2009-06-25 06:30:56 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) All All RESOLVED FIXED http://labs.calyptus.eu/WebKitPrototypeCache/ InRadar P1 Major --- 1 sebastian webkit-unassigned jankassens john.david.dalton oliver sam oldest_to_newest 127261 0 sebastian 2009-06-21 16:31:50 -0700 If object B inherits from prototype A and prototype A has more than 64 properties, it seems that the enumeration of properties of object B is cached. However, if more properties are added to the prototype the cache is not invalidated. So if an additional property is added to the prototype between enumerations, the new property is not enumerated over. The linked example clearly illustrates this issue. 127263 1 31625 sebastian 2009-06-21 17:03:37 -0700 Created attachment 31625 Test case 127277 2 sam 2009-06-21 21:49:14 -0700 <rdar://problem/6992822> 127795 3 oliver 2009-06-23 19:48:32 -0700 Committing to http://svn.webkit.org/repository/webkit/trunk ... M JavaScriptCore/ChangeLog M JavaScriptCore/interpreter/Interpreter.cpp M JavaScriptCore/jit/JITStubs.cpp M JavaScriptCore/runtime/Structure.cpp M JavaScriptCore/runtime/StructureChain.cpp M JavaScriptCore/runtime/StructureChain.h M LayoutTests/ChangeLog A LayoutTests/fast/js/dictionary-no-cache.html A LayoutTests/fast/js/resources/dictionary-no-cache.js Committed r45039 Please verify in the next nightly :D 128015 4 john.david.dalton 2009-06-24 15:17:47 -0700 In the attachment I noticed that performing something like test2._x = 1; delete test2._x; before the for-in loop seems to fix the issue. 128179 5 jankassens 2009-06-25 06:30:56 -0700 Sebastian's test case works now here (nighly). 31625 2009-06-21 17:03:37 -0700 2009-06-21 17:03:37 -0700 Test case testcase.html text/html 673 sebastian PCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBYSFRNTCAxLjAgU3RyaWN0Ly9FTiIg Imh0dHA6Ly93d3cudzMub3JnL1RSL3hodG1sMS9EVEQveGh0bWwxLXN0cmljdC5kdGQiPgo8aHRt bD4KPGhlYWQ+Cjx0aXRsZT5XZWJLaXQgUHJvdG90eXBlIENhY2hlIEJ1ZzwvdGl0bGU+CjwvaGVh ZD4KCjxib2R5Pgo8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCI+Cgp2YXIgVGVzdCA9IGZ1 bmN0aW9uKCl7fTsKCnZhciBtZXRob2RDb3VudCA9IDY1OwoKZm9yICh2YXIgaSA9IDA7IGkgPCBt ZXRob2RDb3VudDsgaSsrKXsKCVRlc3QucHJvdG90eXBlWydteU1ldGhvZCcgKyBpXSA9IGZ1bmN0 aW9uKCl7fTsKfQoKdmFyIHRlc3QxID0gbmV3IFRlc3QoKTsKCmZvciAodmFyIGsgaW4gdGVzdDEp OwoKVGVzdC5wcm90b3R5cGUubXlBZGRpdGlvbmFsTWV0aG9kID0gZnVuY3Rpb24oKXt9OwoKdmFy IHRlc3QyID0gbmV3IFRlc3QoKTsKCnZhciBmb3VuZCA9IGZhbHNlOwpmb3IgKHZhciBrIGluIHRl c3QyKXsKCWlmIChrID09ICdteUFkZGl0aW9uYWxNZXRob2QnKSBmb3VuZCA9IHRydWU7Cn0KCmRv Y3VtZW50LndyaXRlKCdteUFkZGl0aW9uYWxNZXRob2Q6ICcgKyBmb3VuZC50b1N0cmluZygpICsg IiBleHBlY3RlZCB0cnVlIik7Cgo8L3NjcmlwdD4KPC9ib2R5Pgo8L2h0bWw+Cg==