Bug 40613

Summary: The JSObjectSetProperty doesn't overwrite property flags.
Product: WebKit Reporter: Jędrzej Nowacki <jedrzej.nowacki>
Component: JavaScriptCoreAssignee: Jędrzej Nowacki <jedrzej.nowacki>
Status: RESOLVED WONTFIX    
Severity: Normal CC: barraclough, cmarcelo, ggaren, jedrzej.nowacki, kent.hansen, oliver
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Bug Depends on:    
Bug Blocks: 40903    
Attachments:
Description Flags
Fix v1 oliver: review-, oliver: commit-queue-

Jędrzej Nowacki
Reported 2010-06-15 00:00:38 PDT
It seems that the JSObjectSetProperty can't overwrite property flag. It simply ignores attributes argument while replacing property.
Attachments
Fix v1 (3.03 KB, patch)
2010-06-15 00:04 PDT, Jędrzej Nowacki 		oliver: review-
oliver: commit-queue-
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Jędrzej Nowacki
Comment 1 2010-06-15 00:04:48 PDT
Created attachment 58759 [details] Fix v1
Oliver Hunt
Comment 2 2010-06-21 17:55:20 PDT
Comment on attachment 58759 [details] Fix v1 This has bad behaviour in a number of ways -- the unconditional use of delete if the property exists will destroy the PIC and so hurt performance for cases where the attributes are not being changed. Additionally you get weird behaviour if have: proto = {prop: "foo"} o = Object.create(proto); and do: JSObjectSetProperty(o, "prop", ..., ...); you will delete "prop" from proto, and then add "prop" to o. Clearly this is less than ideal. :-( --Oliver
Kent Hansen
Comment 3 2010-06-22 01:39:31 PDT
(In reply to comment #2) > (From update of attachment 58759 [details]) > This has bad behaviour in a number of ways -- the unconditional use of delete if the property exists will destroy the PIC and so hurt performance for cases where the attributes are not being changed. > > Additionally you get weird behaviour if have: > > proto = {prop: "foo"} > o = Object.create(proto); > > and do: > JSObjectSetProperty(o, "prop", ..., ...); > > you will delete "prop" from proto, and then add "prop" to o. Clearly this is less than ideal. The hasProperty() call seems weird. Just because the object has some property in the prototype chain, the attributes you specify will be ignored when you create a property of the same name on your object? Would calling hasOwnProperty() be sufficient? Better, by calling getOwnPropertyDescriptor() one can get the attributes, and only delete the property if they differ. Oh, looks like JSObject::defineOwnProperty() already has such logic. ;) Still seems like a work-around, though. How about fixing JSObject::putWithAttributes() so it takes care of updating the attributes of an existing entry in case the property already exists (just like it takes care of updating the value)? Then unconditionally call putWithAttributes() from JSObjectSetProperty() when attributes != 0. (Which means there's no way to remove all attributes without recreating the property; oh well.)
Gavin Barraclough
Comment 4 2012-03-12 15:58:40 PDT
Sigh - the problem here is that it's not really clear what JSObjectSetProperty should be doing. Does it correspond to the spec's [[Put]] functionality? [[DefineOwnProperty]]? - or a mix of the two? Given the interface we have, if the property already exists on the object being put to, it probably does make sense to make this call defineOwnProperty so the attributes are updated accordingly.
Gavin Barraclough
Comment 5 2012-09-26 12:42:46 PDT
I don't think we're going to change this interface right now. The API behaviour is if ([[HasProperty]]) [[Put]] else [[DefineOwnProperty]] It might be nice to separate put & defineOwnProperty traps in the API, but JSObjectSetProperty's behaviour isn't going to change now.
Note You need to log in before you can comment on or make changes to this bug.