The infinite recursion detection logic in layout test fast/dom/Window/window-properties.html is kind of broken. It causes false alarms for those prototypes that have parent prototypes exposed. For example, CSSStyleRule derives from CSSRule and both constructors are exposed in DOMWindow. When running the above layout test, window.CSSStyleRule.prototype is dumped as the following: window.CSSStyleRule.prototype [printed above as window.CSSRule.prototype] This is because the infinite recursion detection logic in this test relies on setting and checking the property with the fixed name "__visitedByLogValue__". Once it is set in the parent prototype element, it can be seen from the child prototype element and thus causes the early abortion when processing the child prototype element. We should fix this logic in order to get the following output: window.CSSStyleRule.prototype [object CSSStyleRulePrototype] window.CSSStyleRule.prototype.CHARSET_RULE [number] ... One possible fix is to add the value name into the name of the property used to check if it has been visited or not.
Created attachment 47238 [details] Proposed Patch
Comment on attachment 47238 [details] Proposed Patch Is this right? Over and over again all I see ATTRIBUTE_NODE on lots of prototypes. Do they really all have separate ATTRIBUTE_NODE properties.
A simpler way to fix this bug is to change "value.__visitedByLogValue__" to "value.hasOwnProperty("__visitedByLogValue__")".