Bug 201484 - LazyClassStructure::setConstructor should not store the constructor to the global object
Summary: LazyClassStructure::setConstructor should not store the constructor to the gl...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Tadeu Zagallo
URL:
Keywords: InRadar
: 202433 (view as bug list)
Depends on:
Blocks:
 
Reported: 2019-09-04 18:53 PDT by Tadeu Zagallo
Modified: 2019-10-02 07:57 PDT (History)
9 users (show)

See Also:


Attachments
Patch (6.53 KB, patch)
2019-09-04 19:10 PDT, Tadeu Zagallo
no flags Details | Formatted Diff | Diff
Patch (6.49 KB, patch)
2019-09-04 19:32 PDT, Tadeu Zagallo
no flags Details | Formatted Diff | Diff
Patch for landing (6.48 KB, patch)
2019-09-05 11:00 PDT, Tadeu Zagallo
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Tadeu Zagallo 2019-09-04 18:53:51 PDT
<rdar://problem/50400451>
Comment 1 Tadeu Zagallo 2019-09-04 19:10:16 PDT
Created attachment 378035 [details]
Patch
Comment 2 Yusuke Suzuki 2019-09-04 19:14:47 PDT
Comment on attachment 378035 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=378035&action=review

r=me with comment.

> Source/JavaScriptCore/runtime/Lookup.h:367
> +        if (!propertyName.isNull())

I think this never happens because this function is called for property materialization.
I think `propertyName.isNull()` code in the original one exists for the use case not through static-property-table. And I believe we do not have a case like,

1. While using LazyClassStructure without specifying it in static-property-table...
2. But still we want global object property for that.

Can you ensure that the above use case does not exist in our code base?
Comment 3 Tadeu Zagallo 2019-09-04 19:30:01 PDT
(In reply to Yusuke Suzuki from comment #2)
> I think this never happens because this function is called for property
> materialization.
> I think `propertyName.isNull()` code in the original one exists for the use
> case not through static-property-table. And I believe we do not have a case
> like,
> 
> 1. While using LazyClassStructure without specifying it in
> static-property-table...
> 2. But still we want global object property for that.
> 
> Can you ensure that the above use case does not exist in our code base?

You're right, thanks! I've updated the patch.
Comment 4 Tadeu Zagallo 2019-09-04 19:32:19 PDT
Created attachment 378038 [details]
Patch
Comment 5 Yusuke Suzuki 2019-09-04 21:17:43 PDT
Comment on attachment 378038 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=378038&action=review

> Source/JavaScriptCore/runtime/Lookup.h:367
> +        thisObj.putDirect(vm, propertyName, constructor, static_cast<unsigned>(PropertyAttribute::DontEnum));

Oops, please check attribute. This doesn't matter since all LazyClassStructure property's attribute is now DontEnum, but it is possible that other properties will use LazyClassStructure in the future.
So, can you use `value.attributes()` ?
Comment 6 Tadeu Zagallo 2019-09-05 10:55:39 PDT
Comment on attachment 378038 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=378038&action=review

>> Source/JavaScriptCore/runtime/Lookup.h:367
>> +        thisObj.putDirect(vm, propertyName, constructor, static_cast<unsigned>(PropertyAttribute::DontEnum));
> 
> Oops, please check attribute. This doesn't matter since all LazyClassStructure property's attribute is now DontEnum, but it is possible that other properties will use LazyClassStructure in the future.
> So, can you use `value.attributes()` ?

Oops, good catch, I'll fix it. Thanks!
Comment 7 Tadeu Zagallo 2019-09-05 11:00:31 PDT
Created attachment 378099 [details]
Patch for landing
Comment 8 WebKit Commit Bot 2019-09-05 11:48:02 PDT
Comment on attachment 378099 [details]
Patch for landing

Clearing flags on attachment: 378099

Committed r249538: <https://trac.webkit.org/changeset/249538>
Comment 9 WebKit Commit Bot 2019-09-05 11:48:03 PDT
All reviewed patches have been landed.  Closing bug.
Comment 10 Keith Miller 2019-10-02 07:57:03 PDT
*** Bug 202433 has been marked as a duplicate of this bug. ***