Bug 30372

Summary: Make typeinfo flags default to false
Product: WebKit Reporter: Oliver Hunt <oliver>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: ossy
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: OS X 10.5   
Attachments:
Description Flags
Reverse the meaning of HasDefaultGetPropertySlot
none
HasDefaultMark to OverridesMarkChildren
none
HasDefaultGetPropertyNames -> OverridesGetPropertyNames
barraclough: review+
Move OverridesMarkChildren flag from DatePrototype to its parent class oliver: review+

Description Oliver Hunt 2009-10-14 20:06:16 PDT 
It's difficult to ensure correct semantics for typeinfo flags in the dom bindings, as we can't easily propagate the typeinfo flags.  To make it easier to propagate we want to make flags be specifically for the exceptional cases.
Comment 1 Oliver Hunt 2009-10-14 20:11:40 PDT 
Created attachment 41202 [details]
Reverse the meaning of HasDefaultGetPropertySlot
Comment 2 Geoffrey Garen 2009-10-14 20:16:26 PDT 
Comment on attachment 41202 [details]
Reverse the meaning of HasDefaultGetPropertySlot

r=me w/ChangeLog
Comment 3 Oliver Hunt 2009-10-15 11:28:37 PDT 
Created attachment 41237 [details]
HasDefaultMark to OverridesMarkChildren
Comment 4 Darin Adler 2009-10-15 12:34:44 PDT 
Comment on attachment 41237 [details]
HasDefaultMark to OverridesMarkChildren

> -        return Structure::create(prototype, TypeInfo(ObjectType));
> +        return Structure::create(prototype, TypeInfo(ObjectType,  JSC::OverridesGetOwnPropertySlot | JSC::HasNonDefaultMark));

Extra space here, and "JSC::" is not needed.

I guess the assertion we have will catch if we got this wrong anywhere at runtime. Please be sure to run all the regression tests before landing since that will be caught at runtime, not compile time.

r=me
Comment 5 Oliver Hunt 2009-10-15 12:57:18 PDT 
Landed default mark patch in r49649
Comment 6 Oliver Hunt 2009-10-16 11:58:47 PDT 
Created attachment 41304 [details]
HasDefaultGetPropertyNames -> OverridesGetPropertyNames
Comment 7 Oliver Hunt 2009-10-16 14:54:47 PDT 
Landed r 49694
Comment 8 Gabor Loki 2009-10-20 02:26:26 PDT 
Created attachment 41491 [details]
Move OverridesMarkChildren flag from DatePrototype to its parent class

The following simple JS fails on ARM JIT (JSValue32):
---
[new Date()]
gc()
---

It looks like JSWrapperObject::markChildren was called for DateInstance in JSArray, but the m_internalValue was already on anonymous slots.

The attached patch fixes this issue by moving OverridesMarkChildren flag from DatePrototype to DateInstance.

BTW, is there any delivered class which should still use JSWrapperObject::markChildren?
Comment 9 Csaba Osztrogonác 2009-10-20 02:43:53 PDT 
(In reply to comment #8)
> Created an attachment (id=41491) [details]

Sending        JavaScriptCore/ChangeLog
Sending        JavaScriptCore/runtime/DateInstance.h
Sending        JavaScriptCore/runtime/DatePrototype.h
Transmitting file data ...
Committed revision 49845.