Comment on attachment 287730[details]
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=287730&action=review> Source/JavaScriptCore/runtime/JSObject.cpp:1382
> + // if (UNLIKELY(asObject(nextPrototype)->methodTable(vm)->getPrototype != JSObject::getPrototype))
I am proposing to comment this out for now. There are a lot of places in the code base where we iterate over the prototype chain and do not handle cycles. Allowing for cycles would be a significant amount of work.
Created attachment 287737[details]
Archive of layout-test-results from ews101 for mac-yosemite
The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: ews101 Port: mac-yosemite Platform: Mac OS X 10.10.5
Created attachment 287739[details]
Archive of layout-test-results from ews106 for mac-yosemite-wk2
The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews.
Bot: ews106 Port: mac-yosemite-wk2 Platform: Mac OS X 10.10.5
Created attachment 287740[details]
Archive of layout-test-results from ews114 for mac-yosemite
The attached test failures were seen while running run-webkit-tests on the mac-debug-ews.
Bot: ews114 Port: mac-yosemite Platform: Mac OS X 10.10.5
Created attachment 287745[details]
Archive of layout-test-results from ews122 for ios-simulator-elcapitan-wk2
The attached test failures were seen while running run-webkit-tests on the ios-sim-ews.
Bot: ews122 Port: ios-simulator-elcapitan-wk2 Platform: Mac OS X 10.11.5
Comment on attachment 287773[details]
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=287773&action=review> Source/JavaScriptCore/runtime/JSObject.cpp:1384
> + // if (UNLIKELY(asObject(nextPrototype)->methodTable(vm)->getPrototype != JSObject::getPrototype))
> + // break; // We're done. Set the prototype.
I don't think this is how we land changes in JSC. We don't turn things off to allow for other features to be added in WebCore. I think the onus is on your patch to ensure that anything new you're adding is safe.
Comment on attachment 287773[details]
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=287773&action=review>> Source/JavaScriptCore/runtime/JSObject.cpp:1384
>> + // break; // We're done. Set the prototype.
>
> I don't think this is how we land changes in JSC. We don't turn things off to allow for other features to be added in WebCore. I think the onus is on your patch to ensure that anything new you're adding is safe.
Behavior decision notwithstanding, we definitely don't want to land a paragraph of commented-out code.
(In reply to comment #25)
> Comment on attachment 287773[details]
> Patch
>
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=287773&action=review
>
> > Source/JavaScriptCore/runtime/JSObject.cpp:1384
> > + // if (UNLIKELY(asObject(nextPrototype)->methodTable(vm)->getPrototype != JSObject::getPrototype))
> > + // break; // We're done. Set the prototype.
>
> I don't think this is how we land changes in JSC. We don't turn things off
> to allow for other features to be added in WebCore. I think the onus is on
> your patch to ensure that anything new you're adding is safe.
Updating the code base to properly deal with cycles is not a trivial task and there are performance implications :/
Comment on attachment 287773[details]
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=287773&action=review>>>> Source/JavaScriptCore/runtime/JSObject.cpp:1384
>>>> + // break; // We're done. Set the prototype.
>>>
>>> I don't think this is how we land changes in JSC. We don't turn things off to allow for other features to be added in WebCore. I think the onus is on your patch to ensure that anything new you're adding is safe.
>>
>> Behavior decision notwithstanding, we definitely don't want to land a paragraph of commented-out code.
>
> Updating the code base to properly deal with cycles is not a trivial task and there are performance implications :/
I understand. Maybe this is the correct decision. However, I think we need to have a deeper discussion about this to fully realize all the implications.
Attachment 287815[details] did not pass style-queue:
ERROR: Source/JavaScriptCore/ChangeLog:1: ChangeLog entry has no bug number [changelog/bugnumber] [5]
Total errors found: 1 in 2 files
If any of these errors are false positives, please file a bug against check-webkit-style.
Created attachment 288157[details]
Archive of layout-test-results from ews102 for mac-yosemite
The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: ews102 Port: mac-yosemite Platform: Mac OS X 10.10.5
Created attachment 288159[details]
Archive of layout-test-results from ews105 for mac-yosemite-wk2
The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews.
Bot: ews105 Port: mac-yosemite-wk2 Platform: Mac OS X 10.10.5
Created attachment 288160[details]
Archive of layout-test-results from ews115 for mac-yosemite
The attached test failures were seen while running run-webkit-tests on the mac-debug-ews.
Bot: ews115 Port: mac-yosemite Platform: Mac OS X 10.10.5
Created attachment 288161[details]
Archive of layout-test-results from ews123 for ios-simulator-elcapitan-wk2
The attached test failures were seen while running run-webkit-tests on the ios-sim-ews.
Bot: ews123 Port: ios-simulator-elcapitan-wk2 Platform: Mac OS X 10.11.5
(In reply to comment #49)
> Comment on attachment 288176[details]
> Patch
>
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=288176&action=review
>
> > Source/JavaScriptCore/runtime/JSObject.cpp:1313
> > + // FIXME: The specification says we should do this but this allows for cycles and our
> > + // code base currently does not deal properly with such cycles.
> > + // https://bugs.webkit.org/show_bug.cgi?id=161534
>
> Any word from the folks who work on the html spec on this?
Domenic, an HTML spec editor, already commented on the bug you filed against EcmaScript.
Comment on attachment 288176[details]
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=288176&action=review>>>> Source/JavaScriptCore/runtime/JSObject.cpp:1313
>>>> + // https://bugs.webkit.org/show_bug.cgi?id=161534
>>>
>>> Any word from the folks who work on the html spec on this?
>>
>> Domenic, an HTML spec editor, already commented on the bug you filed against EcmaScript.
>
> That said, I filed https://github.com/whatwg/html/issues/1760 to track the issue on HTML side as well.
If you'd prefer, we could do something like:
if (UNLIKELY(nextPrototype->type() == ProxyObjectType))
break; // We're done. Set the prototype.
to maintain the previous behavior. Only ProxyObject in JSC has a custom [[GetPrototypeOf]] it seems.
What do you think?
Comment on attachment 288321[details]
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=288321&action=review
r=me
> Source/WebCore/bindings/js/JSDOMWindowCustom.cpp:365
> + throwTypeError(exec, scope, ASCIILiteral("Cannot set prototype of this object"));
Nit: instead of "this object" maybe it's worth having a more detailed error message?
> Source/WebCore/bindings/js/JSLocationCustom.cpp:145
> + throwTypeError(exec, scope, ASCIILiteral("Cannot set prototype of this object"));
ditto
2016-08-31 14:07 PDT, Chris Dumez
2016-09-01 21:21 PDT, Chris Dumez
2016-09-01 22:13 PDT, Chris Dumez
2016-09-01 23:14 PDT, Build Bot
2016-09-01 23:20 PDT, Build Bot
2016-09-01 23:23 PDT, Build Bot
2016-09-01 23:55 PDT, Build Bot
2016-09-02 08:51 PDT, Chris Dumez
2016-09-02 10:34 PDT, Chris Dumez
2016-09-02 14:15 PDT, Chris Dumez
2016-09-02 14:25 PDT, Chris Dumez
2016-09-07 08:54 PDT, Chris Dumez
2016-09-07 09:34 PDT, Chris Dumez
2016-09-07 10:40 PDT, Build Bot
2016-09-07 10:46 PDT, Build Bot
2016-09-07 10:50 PDT, Build Bot
2016-09-07 10:55 PDT, Build Bot
2016-09-07 11:54 PDT, Chris Dumez
2016-09-07 13:17 PDT, Chris Dumez
2016-09-08 14:30 PDT, Chris Dumez
2016-09-08 14:40 PDT, Chris Dumez
2016-09-08 14:43 PDT, Chris Dumez