RESOLVED FIXED 161455
Align proto getter / setter behavior with other browsers 
https://bugs.webkit.org/show_bug.cgi?id=161455
Summary Align proto getter / setter behavior with other browsers
Attachments
Patch (9.73 KB, patch)
2016-08-31 14:07 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (53.56 KB, patch)
2016-09-01 21:21 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (51.99 KB, patch)
2016-09-01 22:13 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews101 for mac-yosemite (871.01 KB, application/zip)
2016-09-01 23:14 PDT, Build Bot 		no flags
Details
Archive of layout-test-results from ews106 for mac-yosemite-wk2 (917.45 KB, application/zip)
2016-09-01 23:20 PDT, Build Bot 		no flags
Details
Archive of layout-test-results from ews114 for mac-yosemite (1.51 MB, application/zip)
2016-09-01 23:23 PDT, Build Bot 		no flags
Details
Archive of layout-test-results from ews122 for ios-simulator-elcapitan-wk2 (4.24 MB, application/zip)
2016-09-01 23:55 PDT, Build Bot 		no flags
Details
Patch (59.70 KB, patch)
2016-09-02 08:51 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (59.83 KB, patch)
2016-09-02 10:34 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Follow-up fix (1.66 KB, patch)
2016-09-02 14:15 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Follow-up fix (1.66 KB, patch)
2016-09-02 14:25 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (60.42 KB, patch)
2016-09-07 08:54 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (56.35 KB, patch)
2016-09-07 09:34 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews102 for mac-yosemite (1.07 MB, application/zip)
2016-09-07 10:40 PDT, Build Bot 		no flags
Details
Archive of layout-test-results from ews105 for mac-yosemite-wk2 (1.02 MB, application/zip)
2016-09-07 10:46 PDT, Build Bot 		no flags
Details
Archive of layout-test-results from ews115 for mac-yosemite (1.49 MB, application/zip)
2016-09-07 10:50 PDT, Build Bot 		no flags
Details
Archive of layout-test-results from ews123 for ios-simulator-elcapitan-wk2 (9.12 MB, application/zip)
2016-09-07 10:55 PDT, Build Bot 		no flags
Details
Patch (60.44 KB, patch)
2016-09-07 11:54 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (60.75 KB, patch)
2016-09-07 13:17 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (61.08 KB, patch)
2016-09-08 14:30 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (61.07 KB, patch)
2016-09-08 14:40 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (61.08 KB, patch)
2016-09-08 14:43 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (21) View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2016-08-31 14:07:53 PDT
Created attachment 287541 [details] Patch
Mark Lam
Comment 3 2016-09-01 09:57:14 PDT
Comment on attachment 287541 [details] Patch r=me
Chris Dumez
Comment 4 2016-09-01 10:50:20 PDT
Comment on attachment 287541 [details] Patch Clearing flags on attachment: 287541 Committed r205297: <http://trac.webkit.org/changeset/205297>
Chris Dumez
Comment 5 2016-09-01 10:50:28 PDT
All reviewed patches have been landed. Closing bug.
Chris Dumez
Comment 6 2016-09-01 11:36:07 PDT
Reverted r205297 for reason: Caused some JSC test failures Committed r205301: <http://trac.webkit.org/changeset/205301>
Chris Dumez
Comment 7 2016-09-01 21:21:41 PDT
Created attachment 287728 [details] Patch
Chris Dumez
Comment 8 2016-09-01 22:13:18 PDT
Created attachment 287730 [details] Patch
Chris Dumez
Comment 9 2016-09-01 22:17:36 PDT
Comment on attachment 287730 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=287730&action=review > Source/JavaScriptCore/runtime/JSObject.cpp:1382 > + // if (UNLIKELY(asObject(nextPrototype)->methodTable(vm)->getPrototype != JSObject::getPrototype)) I am proposing to comment this out for now. There are a lot of places in the code base where we iterate over the prototype chain and do not handle cycles. Allowing for cycles would be a significant amount of work.
Build Bot
Comment 10 2016-09-01 23:14:11 PDT
Comment on attachment 287730 [details] Patch Attachment 287730 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/1991935 New failing tests: fast/dom/Window/window-custom-prototype.html js/object-literal-shorthand-construction.html js/sloppy-getter-setter-global-object.html fast/dom/Window/window-custom-prototype-crash.html
Build Bot
Comment 11 2016-09-01 23:14:16 PDT
Created attachment 287737 [details] Archive of layout-test-results from ews101 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews101 Port: mac-yosemite Platform: Mac OS X 10.10.5
Build Bot
Comment 12 2016-09-01 23:19:54 PDT
Comment on attachment 287730 [details] Patch Attachment 287730 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/1991946 New failing tests: fast/dom/Window/window-custom-prototype.html js/object-literal-shorthand-construction.html js/sloppy-getter-setter-global-object.html fast/dom/Window/window-custom-prototype-crash.html
Build Bot
Comment 13 2016-09-01 23:20:00 PDT
Created attachment 287739 [details] Archive of layout-test-results from ews106 for mac-yosemite-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews106 Port: mac-yosemite-wk2 Platform: Mac OS X 10.10.5
Build Bot
Comment 14 2016-09-01 23:23:08 PDT
Comment on attachment 287730 [details] Patch Attachment 287730 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/1991940 New failing tests: fast/dom/Window/window-custom-prototype.html js/object-literal-shorthand-construction.html js/sloppy-getter-setter-global-object.html fast/dom/Window/window-custom-prototype-crash.html
Build Bot
Comment 15 2016-09-01 23:23:15 PDT
Created attachment 287740 [details] Archive of layout-test-results from ews114 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews114 Port: mac-yosemite Platform: Mac OS X 10.10.5
Build Bot
Comment 16 2016-09-01 23:55:05 PDT
Comment on attachment 287730 [details] Patch Attachment 287730 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: http://webkit-queues.webkit.org/results/1991980 New failing tests: fast/dom/Window/window-custom-prototype.html js/object-literal-shorthand-construction.html js/sloppy-getter-setter-global-object.html fast/dom/Window/window-custom-prototype-crash.html
Build Bot
Comment 17 2016-09-01 23:55:10 PDT
Created attachment 287745 [details] Archive of layout-test-results from ews122 for ios-simulator-elcapitan-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews122 Port: ios-simulator-elcapitan-wk2 Platform: Mac OS X 10.11.5
Chris Dumez
Comment 18 2016-09-02 08:51:43 PDT
Created attachment 287762 [details] Patch
Chris Dumez
Comment 19 2016-09-02 09:47:33 PDT
Comment on attachment 287762 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=287762&action=review > Source/JavaScriptCore/runtime/JSObject.cpp:1380 > + // FIXME: The specification says we should do this but this allows for cycles and our I filed https://bugs.webkit.org/show_bug.cgi?id=161534 to track this.
Mark Lam
Comment 20 2016-09-02 10:21:23 PDT
Comment on attachment 287762 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=287762&action=review r=me > Source/JavaScriptCore/ChangeLog:52 > + html/browsers/history/the-location-interface/allow_prototype_cycle_through_location.sub.html Please add the https://bugs.webkit.org/show_bug.cgi?id=161534 url after this for reference. >> Source/JavaScriptCore/runtime/JSObject.cpp:1380 >> + // FIXME: The specification says we should do this but this allows for cycles and our > > I filed https://bugs.webkit.org/show_bug.cgi?id=161534 to track this. Please add the bug url in the comment here.
Chris Dumez
Comment 21 2016-09-02 10:34:23 PDT
Created attachment 287773 [details] Patch
WebKit Commit Bot
Comment 22 2016-09-02 11:06:20 PDT
Comment on attachment 287773 [details] Patch Clearing flags on attachment: 287773 Committed r205354: <http://trac.webkit.org/changeset/205354>
WebKit Commit Bot
Comment 23 2016-09-02 11:06:29 PDT
All reviewed patches have been landed. Closing bug.
Chris Dumez
Comment 24 2016-09-02 11:42:37 PDT
*** Bug 161508 has been marked as a duplicate of this bug. ***
Saam Barati
Comment 25 2016-09-02 13:04:48 PDT
Comment on attachment 287773 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=287773&action=review > Source/JavaScriptCore/runtime/JSObject.cpp:1384 > + // if (UNLIKELY(asObject(nextPrototype)->methodTable(vm)->getPrototype != JSObject::getPrototype)) > + // break; // We're done. Set the prototype. I don't think this is how we land changes in JSC. We don't turn things off to allow for other features to be added in WebCore. I think the onus is on your patch to ensure that anything new you're adding is safe.
Geoffrey Garen
Comment 26 2016-09-02 13:07:00 PDT
Comment on attachment 287773 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=287773&action=review >> Source/JavaScriptCore/runtime/JSObject.cpp:1384 >> + // break; // We're done. Set the prototype. > > I don't think this is how we land changes in JSC. We don't turn things off to allow for other features to be added in WebCore. I think the onus is on your patch to ensure that anything new you're adding is safe. Behavior decision notwithstanding, we definitely don't want to land a paragraph of commented-out code.
Chris Dumez
Comment 27 2016-09-02 13:08:19 PDT
(In reply to comment #25) > Comment on attachment 287773 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=287773&action=review > > > Source/JavaScriptCore/runtime/JSObject.cpp:1384 > > + // if (UNLIKELY(asObject(nextPrototype)->methodTable(vm)->getPrototype != JSObject::getPrototype)) > > + // break; // We're done. Set the prototype. > > I don't think this is how we land changes in JSC. We don't turn things off > to allow for other features to be added in WebCore. I think the onus is on > your patch to ensure that anything new you're adding is safe. Updating the code base to properly deal with cycles is not a trivial task and there are performance implications :/
Saam Barati
Comment 28 2016-09-02 13:19:22 PDT
Comment on attachment 287773 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=287773&action=review >>>> Source/JavaScriptCore/runtime/JSObject.cpp:1384 >>>> + // break; // We're done. Set the prototype. >>> >>> I don't think this is how we land changes in JSC. We don't turn things off to allow for other features to be added in WebCore. I think the onus is on your patch to ensure that anything new you're adding is safe. >> >> Behavior decision notwithstanding, we definitely don't want to land a paragraph of commented-out code. > > Updating the code base to properly deal with cycles is not a trivial task and there are performance implications :/ I understand. Maybe this is the correct decision. However, I think we need to have a deeper discussion about this to fully realize all the implications.
Chris Dumez
Comment 29 2016-09-02 14:00:20 PDT
Reopen to deal with JSC test failures.
Chris Dumez
Comment 30 2016-09-02 14:15:56 PDT
Created attachment 287813 [details] Follow-up fix Still running the tests locally.
Chris Dumez
Comment 31 2016-09-02 14:25:28 PDT
Reopen to deal with JSC test failures.
Chris Dumez
Comment 32 2016-09-02 14:25:52 PDT
Created attachment 287815 [details] Follow-up fix
WebKit Commit Bot
Comment 33 2016-09-02 14:28:16 PDT
Attachment 287815 [details] did not pass style-queue: ERROR: Source/JavaScriptCore/ChangeLog:1: ChangeLog entry has no bug number [changelog/bugnumber] [5] Total errors found: 1 in 2 files If any of these errors are false positives, please file a bug against check-webkit-style.
Chris Dumez
Comment 34 2016-09-02 14:45:22 PDT
Rolled out in <http://trac.webkit.org/changeset/205372>.
Chris Dumez
Comment 35 2016-09-07 08:54:57 PDT
Created attachment 288139 [details] Patch
Chris Dumez
Comment 36 2016-09-07 09:34:45 PDT
Created attachment 288146 [details] Patch
Build Bot
Comment 37 2016-09-07 10:40:43 PDT
Comment on attachment 288146 [details] Patch Attachment 288146 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/2026461 New failing tests: js/object-literal-shorthand-construction.html js/sloppy-getter-setter-global-object.html
Build Bot
Comment 38 2016-09-07 10:40:49 PDT
Created attachment 288157 [details] Archive of layout-test-results from ews102 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews102 Port: mac-yosemite Platform: Mac OS X 10.10.5
Build Bot
Comment 39 2016-09-07 10:46:38 PDT
Comment on attachment 288146 [details] Patch Attachment 288146 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/2026481 New failing tests: js/object-literal-shorthand-construction.html js/sloppy-getter-setter-global-object.html
Build Bot
Comment 40 2016-09-07 10:46:43 PDT
Created attachment 288159 [details] Archive of layout-test-results from ews105 for mac-yosemite-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews105 Port: mac-yosemite-wk2 Platform: Mac OS X 10.10.5
Build Bot
Comment 41 2016-09-07 10:50:11 PDT
Comment on attachment 288146 [details] Patch Attachment 288146 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/2026480 New failing tests: js/object-literal-shorthand-construction.html js/sloppy-getter-setter-global-object.html
Build Bot
Comment 42 2016-09-07 10:50:18 PDT
Created attachment 288160 [details] Archive of layout-test-results from ews115 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews115 Port: mac-yosemite Platform: Mac OS X 10.10.5
Build Bot
Comment 43 2016-09-07 10:55:45 PDT
Comment on attachment 288146 [details] Patch Attachment 288146 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: http://webkit-queues.webkit.org/results/2026482 New failing tests: js/object-literal-shorthand-construction.html js/sloppy-getter-setter-global-object.html
Build Bot
Comment 44 2016-09-07 10:55:51 PDT
Created attachment 288161 [details] Archive of layout-test-results from ews123 for ios-simulator-elcapitan-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews123 Port: ios-simulator-elcapitan-wk2 Platform: Mac OS X 10.11.5
Chris Dumez
Comment 45 2016-09-07 11:54:29 PDT
Created attachment 288163 [details] Patch
Chris Dumez
Comment 46 2016-09-07 13:17:19 PDT
Created attachment 288176 [details] Patch
Chris Dumez
Comment 47 2016-09-07 13:22:13 PDT
I have verified that this passes the JSC tests now that the fix for Bug 161558 has landed.
Chris Dumez
Comment 48 2016-09-07 16:41:21 PDT
Any feedback from JSC people?
Saam Barati
Comment 49 2016-09-07 17:46:48 PDT
Comment on attachment 288176 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=288176&action=review > Source/JavaScriptCore/runtime/JSObject.cpp:1313 > + // FIXME: The specification says we should do this but this allows for cycles and our > + // code base currently does not deal properly with such cycles. > + // https://bugs.webkit.org/show_bug.cgi?id=161534 Any word from the folks who work on the html spec on this?
Chris Dumez
Comment 50 2016-09-07 18:40:40 PDT
(In reply to comment #49) > Comment on attachment 288176 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=288176&action=review > > > Source/JavaScriptCore/runtime/JSObject.cpp:1313 > > + // FIXME: The specification says we should do this but this allows for cycles and our > > + // code base currently does not deal properly with such cycles. > > + // https://bugs.webkit.org/show_bug.cgi?id=161534 > > Any word from the folks who work on the html spec on this? Domenic, an HTML spec editor, already commented on the bug you filed against EcmaScript.
Chris Dumez
Comment 51 2016-09-07 18:51:40 PDT
(In reply to comment #50) > (In reply to comment #49) > > Comment on attachment 288176 [details] > > Patch > > > > View in context: > > https://bugs.webkit.org/attachment.cgi?id=288176&action=review > > > > > Source/JavaScriptCore/runtime/JSObject.cpp:1313 > > > + // FIXME: The specification says we should do this but this allows for cycles and our > > > + // code base currently does not deal properly with such cycles. > > > + // https://bugs.webkit.org/show_bug.cgi?id=161534 > > > > Any word from the folks who work on the html spec on this? > > Domenic, an HTML spec editor, already commented on the bug you filed against > EcmaScript. That said, I filed https://github.com/whatwg/html/issues/1760 to track the issue on HTML side as well.
Chris Dumez
Comment 52 2016-09-07 19:14:57 PDT
Comment on attachment 288176 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=288176&action=review >>>> Source/JavaScriptCore/runtime/JSObject.cpp:1313 >>>> + // https://bugs.webkit.org/show_bug.cgi?id=161534 >>> >>> Any word from the folks who work on the html spec on this? >> >> Domenic, an HTML spec editor, already commented on the bug you filed against EcmaScript. > > That said, I filed https://github.com/whatwg/html/issues/1760 to track the issue on HTML side as well. If you'd prefer, we could do something like: if (UNLIKELY(nextPrototype->type() == ProxyObjectType)) break; // We're done. Set the prototype. to maintain the previous behavior. Only ProxyObject in JSC has a custom [[GetPrototypeOf]] it seems. What do you think?
Chris Dumez
Comment 53 2016-09-08 14:30:23 PDT
Created attachment 288321 [details] Patch
Saam Barati
Comment 54 2016-09-08 14:36:29 PDT
Comment on attachment 288321 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=288321&action=review r=me > Source/WebCore/bindings/js/JSDOMWindowCustom.cpp:365 > + throwTypeError(exec, scope, ASCIILiteral("Cannot set prototype of this object")); Nit: instead of "this object" maybe it's worth having a more detailed error message? > Source/WebCore/bindings/js/JSLocationCustom.cpp:145 > + throwTypeError(exec, scope, ASCIILiteral("Cannot set prototype of this object")); ditto
Chris Dumez
Comment 55 2016-09-08 14:40:25 PDT
Created attachment 288325 [details] Patch
Chris Dumez
Comment 56 2016-09-08 14:43:32 PDT
Created attachment 288328 [details] Patch
WebKit Commit Bot
Comment 57 2016-09-08 15:32:28 PDT
Comment on attachment 288328 [details] Patch Clearing flags on attachment: 288328 Committed r205670: <http://trac.webkit.org/changeset/205670>
WebKit Commit Bot
Comment 58 2016-09-08 15:32:36 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.