Bug 167697 - Typed array private name resolvable only after public name has been seen
Summary: Typed array private name resolvable only after public name has been seen
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-02-01 10:32 PST by Romain Bellessort
Modified: 2017-02-02 17:25 PST (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Romain Bellessort 2017-02-01 10:32:20 PST 
While working on https://bugs.webkit.org/show_bug.cgi?id=167593, I found out that private names of typed arrays (e.g. @Uint8Array) cannot be resolved unless the public name has been met before (e.g. Uint8Array). This issue can be seen when running LayoutTests/streams/readable-byte-stream-controller.html: one of the tests fails with the error "Can't find private variable: @Uint8Array" (@Uint8Array is used in a builtin function in Source/WebCore/Modules/streams/ReadableByteStreamInternals.js). However, if a line such as "const tmp = Uint8Array" is added in test file, the test passes.

Typed arrays are initialized as lazy classes in JSGlobalObject.cpp. The last step of this init consists in declaring considered private name. Hence, private names such as @Uint8Array can be resolved only once the late init has been performed, i.e. once public name has been met.

Would it be possible to perform the same late init process when the private typed array name is met? (i.e. the first time either the private or public name is met, late init is performed) I was not able to determine how to do so, but my understanding of JSCore is quite limited. Alternatively, I was able to fix this bug by "unlazying" typed arrays, but removing an optimization may not be the right approach.