Bug 53578

Created attachment 80893 [details]
Patch

Comment on attachment 80893 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=80893&action=review

> Source/WebCore/bindings/v8/custom/V8DOMStringMapCustom.cpp:54
> +    if (map->contains(nameString))

I am complete ignoramus of WebCore::DOMStringMap internals, but is there a contract what DOMStringMap::item should return if there is no binding for the name?  If it returns empty string (WebCore::String::isEmpty()), it might be more efficient to look the result up and check for string emptiness.  Feel free to ignore if you think it's premature optimization.

> Source/WebCore/bindings/v8/custom/V8DOMStringMapCustom.cpp:88
>      INC_STATS("DOM.DOMStringMap.NamedPropertySetter");

Shouldn't NamedPropertyDelete be updated as well?

> Source/WebCore/bindings/v8/custom/V8DOMStringMapCustom.cpp:91
> +        return notHandledByInterceptor();

I suspect (but not 100% sure) it doesn't do the right thing: I would expect that in your test case you would get real JS property 'foobarbaz' on JS wrapper itself, and this update won't be stored in the instance of WebCore::DOMStringMap.  Can we extend layout test to check if it's indeed the case?

If I am right, I think you should use v8::Object::HasRealNamedProperty instead of both GetRealNamedPropertyInPrototypeChain and HasRealNamedCallback.

(In reply to comment #2)

Thank you for the comments.  Now I believe the current JSC behavior is also incorrect.
I'll try to correct it, then will update the V8 behavior.

Created attachment 110090 [details]
Patch 2

Comment on attachment 110090 [details]
Patch 2

Attachment 110090 [details] did not pass chromium-ews (chromium-xvfb):
Output: http://queues.webkit.org/results/10012107

New failing tests:
fast/dom/dataset.html
fast/dom/dataset-xhtml.xhtml

Created attachment 110100 [details]
Patch 3

Comment on attachment 110100 [details]
Patch 3

Attachment 110100 [details] did not pass chromium-ews (chromium-xvfb):
Output: http://queues.webkit.org/results/9995163

New failing tests:
fast/dom/dataset.html
fast/dom/dataset-xhtml.xhtml

(In reply to comment #7)
> New failing tests:
> fast/dom/dataset.html
> fast/dom/dataset-xhtml.xhtml

Hmm, why they fail? They passed on my Mac.

Created attachment 110481 [details]
Patch 4

Fix namedPropertySetter behavior.

Would anyone review this please?

Comment on attachment 110481 [details]
Patch 4

Great!  I'm glad to see this code go.

Comment on attachment 110481 [details]
Patch 4

Thank you for reviewing.

Comment on attachment 110481 [details]
Patch 4

Rejecting attachment 110481 [details] from commit-queue.

Failed to run "['/mnt/git/webkit-commit-queue/Tools/Scripts/webkit-patch', '--status-host=queues.webkit.org', '-..." exit_code: 2

Last 500 characters of output:
ucceeded at 1 with fuzz 3.
patching file LayoutTests/platform/chromium/test_expectations.txt
Hunk #1 FAILED at 3762.
1 out of 1 hunk FAILED -- saving rejects to file LayoutTests/platform/chromium/test_expectations.txt.rej
patching file Source/WebCore/ChangeLog
Hunk #1 succeeded at 1 with fuzz 3.
patching file Source/WebCore/bindings/v8/custom/V8DOMStringMapCustom.cpp

Failed to run "[u'/mnt/git/webkit-commit-queue/Tools/Scripts/svn-apply', u'--reviewer', u'Adam Barth', u'--force']" exit_code: 1

Full output: http://queues.webkit.org/results/10485236

Created attachment 115102 [details]
Patch for landing

Comment on attachment 115102 [details]
Patch for landing

Clearing flags on attachment: 115102

Committed r100247: <http://trac.webkit.org/changeset/100247>

All reviewed patches have been landed.  Closing bug.