Created attachment 276591 [details] Patch

BTW, this is why Array.isArray is introduced despite there is `instanceof Array`.

Comment on attachment 276591 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=276591&action=review I noticed other similar usage of instanceof elsewhere. For example, "instanceof @Number" in toLocaleString. Does that have a similar problem. In WebCore I see "instanceof @Array" in one part, "instanceof Array" in another part, and "instanceof Function" . Do any of those have similar problems? When is it appropriate to use "Array" instead of "@Array"? I would like to understand more about correct ways to write JavaScript implementations both in the JavaScript engine and the DOM implementation. > Source/JavaScriptCore/jsc.cpp:1783 > + return JSValue::encode(GlobalObject::create(exec->vm(), GlobalObject::createStructure(exec->vm(), jsNull()), Vector<String>())); Since exec->vm() does a number of memory accesses, I often wonder whether we should put it in a local variable in cases like this. Not important in the JSC tool I suppose, but important as an idiom elsewhere in WebKit.

(In reply to comment #3) > Comment on attachment 276591 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=276591&action=review > > I noticed other similar usage of instanceof elsewhere. For example, > "instanceof @Number" in toLocaleString. Does that have a similar problem. Yup. That's wrong and they also should be fixed. For `instanceof @Number` case, we should add @thisNumberValue abstract operation, similar to @thisTimeValue for Date. I've opened the issue for that. https://bugs.webkit.org/show_bug.cgi?id=156680 > In WebCore I see "instanceof @Array" in one part, "instanceof Array" in > another part, and "instanceof Function" . Do any of those have similar > problems? When is it appropriate to use "Array" instead of "@Array"? I would > like to understand more about correct ways to write JavaScript > implementations both in the JavaScript engine and the DOM implementation. I think `instanceof @Array` in fetch/FetchHeader.js is a problem. Since it is internal builtin JS, we should take care such edge cases. But I'm not sure mediacontrols should consider these cases. Mediacontrols are used to construct media UI, and it seems that the code is written as usual user-level JS code; it does not use builtins and it directly uses usual APIs (It means that user can replace the called APIs). And for the WebRTC's addIceCandidate() case, I think `candidate instanceof @RTCIceCandidate` is ok; this is because addIceCandidate() does not have any step-by-step spec. The rough implementation for now seems acceptable. > > > Source/JavaScriptCore/jsc.cpp:1783 > > + return JSValue::encode(GlobalObject::create(exec->vm(), GlobalObject::createStructure(exec->vm(), jsNull()), Vector<String>())); > > Since exec->vm() does a number of memory accesses, I often wonder whether we > should put it in a local variable in cases like this. Not important in the > JSC tool I suppose, but important as an idiom elsewhere in WebKit. Thanks, fixed.

Committed r199647: <http://trac.webkit.org/changeset/199647>