Bug 87963

Summary: Need special-case toJS(IDBAny) for IDBCursorWithValue
Product: WebKit Reporter: Charles Wei <charles.wei>
Component: JavaScriptCoreAssignee: Charles Wei <charles.wei>
Status: RESOLVED FIXED    
Severity: Normal CC: ggaren, jorlow, jrogers, jsbell, oliver, PeterHWang, rwlbuis, sam, staikos, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 45110    
Attachments:
Description Flags
Patch none

Description Charles Wei 2012-05-31 05:40:24 PDT 
For JSC binding for JavaScript IDL files,   say, Base and Derived where Derived derives from Base,  the JSC binding generator generates native to JS binding toJS(native object) for the base interface but not the derived interface.   So "JSValue toJS(A*)" will be generated but not" JSValue toJS(B*)".

with IndexedDB support, IDBAny is the wildcard interface that can be many things, like IDBRequest, IDBIndex, IDBCursor, IDBCursorWithValue.    toJS(IDBAny*) generates corresponding JSValue according to the real data it holds.

    case IDBAny::IDBCursorType:
        return toJS(exec, globalObject, idbAny->idbCursor());
    case IDBAny::IDBCursorWithValueType:
        return toJS(exec, globalObject, idbAny->idbCursorWithValue());

Actually generates both to IDBCursor objects,  because there's no toJS(exec, globalObject, IDBCursorWithValue*) generated by the code generator because IDBCursorWithValue interface is derived from IDBCursor interface.

So when the IDBCursor  JSObject is generated for IDBCursorWithValue,   it can't access the attributes (the value) hold by the actual IDBCursorWithValue object.
Comment 1 Charles Wei 2012-05-31 17:59:22 PDT 
Created attachment 145183 [details]
Patch
Comment 2 WebKit Review Bot 2012-06-05 22:37:44 PDT 
Comment on attachment 145183 [details]
Patch

Clearing flags on attachment: 145183

Committed r119561: <http://trac.webkit.org/changeset/119561>
Comment 3 WebKit Review Bot 2012-06-05 22:37:49 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 4 Darin Adler 2014-04-24 16:45:33 PDT 
Moving all JavaScriptGlue bugs to JavaScriptCore. The JavaScriptGlue framework itself is long gone. And most of the more recent bugs put in this component were put there by people who thought this was for some other aspect of “JavaScript glue” and have nothing to do with the actual original reason for the existence of this component, which was an OS-X-only framework named JavaScriptGlue.