RESOLVED FIXED 154195
Bound functions should use the prototype of the function being bound 
https://bugs.webkit.org/show_bug.cgi?id=154195
Summary Bound functions should use the prototype of the function being bound
Keith Miller
Reported 2016-02-12 13:52:20 PST
Bound functions should use the prototype of the function being bound
Attachments
Patch (10.26 KB, patch)
2016-02-12 14:14 PST, Keith Miller 		no flags
DetailsFormatted DiffDiff
Patch (10.28 KB, patch)
2016-02-12 14:38 PST, Keith Miller 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews115 for mac-yosemite (772.33 KB, application/zip)
2016-02-12 15:41 PST, Build Bot 		no flags
Details
Patch (10.32 KB, patch)
2016-02-16 15:56 PST, Keith Miller 		no flags
DetailsFormatted DiffDiff
Patch for landing (10.32 KB, patch)
2016-02-16 16:27 PST, Keith Miller 		no flags
DetailsFormatted DiffDiff
Patch for landing (10.31 KB, patch)
2016-02-22 13:05 PST, Keith Miller 		no flags
DetailsFormatted DiffDiff
Show Obsolete (5) View All Add attachment proposed patch, testcase, etc.
Keith Miller
Comment 1 2016-02-12 14:14:25 PST
Created attachment 271223 [details] Patch
Keith Miller
Comment 2 2016-02-12 14:24:10 PST
I went with bind function's global object because I talked to Mark Miller and tc39 and he said that at some point it was likely that global objects would become visible. When they do, most likely, the expected global object for bound functions would be the bind function's global object.
Keith Miller
Comment 3 2016-02-12 14:38:48 PST
Created attachment 271228 [details] Patch
Build Bot
Comment 4 2016-02-12 15:41:26 PST
Comment on attachment 271228 [details] Patch Attachment 271228 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/821776 Number of test failures exceeded the failure limit.
Build Bot
Comment 5 2016-02-12 15:41:28 PST
Created attachment 271237 [details] Archive of layout-test-results from ews115 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews115 Port: mac-yosemite Platform: Mac OS X 10.10.5
Keith Miller
Comment 6 2016-02-16 15:56:16 PST
Created attachment 271501 [details] Patch
Keith Miller
Comment 7 2016-02-16 16:27:36 PST
Created attachment 271508 [details] Patch for landing
Keith Miller
Comment 8 2016-02-16 16:28:58 PST
Whoops ran land-safely in the wrong repo set back to review
Geoffrey Garen
Comment 9 2016-02-17 16:43:49 PST
Comment on attachment 271508 [details] Patch for landing View in context: https://bugs.webkit.org/attachment.cgi?id=271508&action=review > Source/JavaScriptCore/runtime/JSBoundFunction.cpp:102 > + && result->globalObject() == globalObject) { Why do we need this global object check? I can see that it might sometimes be false, but why would it be wrong to use the cached bound function structure in this case? I think you need tests for these two cases. > Source/JavaScriptCore/runtime/JSBoundFunction.cpp:109 > + result = globalObject->boundFunctionStructure(); This control flow is hard to follow. I would change it to an early return: if (!targetJSFunction) return globalObject->boundFunctionStructure(); This cuts down on indentation and removes some control flow below.
Geoffrey Garen
Comment 10 2016-02-19 14:20:26 PST
Comment on attachment 271508 [details] Patch for landing View in context: https://bugs.webkit.org/attachment.cgi?id=271508&action=review Let's do this for readability: inline Structure* getBoundFunctionStructure(VM& vm, JSGlobalObject* globalObject, JSObject* targetFunction) { JSObject* prototype = targetFunction->structure(vm)->storedPrototypeObject(); JSFunction* targetJSFunction = jsDynamicCast<JSFunction*>(targetFunction); if (targetJSFunction) { Structure* structure = targetJSFunction->rareData(vm)->getBoundFunctionStructure(); if (structure && structure->storedPrototype() == prototype && structure->globalObject() == globalObject) return structure; } Structure* result = globalObject->boundFunctionStructure(); if (prototype && prototype->globalObject() == globalObject) { result = vm.prototypeMap.emptyStructureForPrototypeFromBaseStructure(prototype, result); RELEASE_ASSERT_WITH_SECURTIY_IMPLICATIONS(structure->storedPrototypeObject()->globalObject() == globalObject); } else result = Structure::create(vm, globalObject, prototype, result->typeInfo(), result->classInfo()); if (targetJSFunction) targetJSFunction->rareData(vm)->setBoundFunctionStructure(vm, result); return result; } >> Source/JavaScriptCore/runtime/JSBoundFunction.cpp:102 >> + && result->globalObject() == globalObject) { > > Why do we need this global object check? I can see that it might sometimes be false, but why would it be wrong to use the cached bound function structure in this case? > > I think you need tests for these two cases. Let's not do this. The crazy here is beyond the global object question. >> Source/JavaScriptCore/runtime/JSBoundFunction.cpp:109 >> + result = globalObject->boundFunctionStructure(); > > This control flow is hard to follow. I would change it to an early return: > > if (!targetJSFunction) > return globalObject->boundFunctionStructure(); > > This cuts down on indentation and removes some control flow below. This can't be early return because prototype might be null.
Keith Miller
Comment 11 2016-02-22 13:05:27 PST
Created attachment 271945 [details] Patch for landing
WebKit Commit Bot
Comment 12 2016-02-22 14:07:12 PST
Comment on attachment 271945 [details] Patch for landing Clearing flags on attachment: 271945 Committed r196956: <http://trac.webkit.org/changeset/196956>
WebKit Commit Bot
Comment 13 2016-02-22 14:07:16 PST
All reviewed patches have been landed. Closing bug.
Alexey Shvayka
Comment 14 2020-04-03 10:48:39 PDT
*** Bug 145605 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.