RESOLVED FIXED 199202
Add didBecomePrototype() calls to global context prototypes 
https://bugs.webkit.org/show_bug.cgi?id=199202
Summary Add didBecomePrototype() calls to global context prototypes
Keith Miller
Reported 2019-06-25 13:56:58 PDT
Add didBecomePrototype() calls to global context prototypes
Attachments
Patch (5.15 KB, patch)
2019-06-25 13:57 PDT, Keith Miller 		no flags
DetailsFormatted DiffDiff
Patch (1.08 KB, patch)
2019-06-25 14:36 PDT, Keith Miller 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Keith Miller
Comment 1 2019-06-25 13:57:54 PDT
Created attachment 372860 [details] Patch
Saam Barati
Comment 2 2019-06-25 14:02:16 PDT
Comment on attachment 372860 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=372860&action=review > Source/WebCore/ChangeLog:9 > + This fixes some crashes related to checking that all prototypes have been > + marked as such to JSC. What crashes? I thought the assert got rolled out? And we were doing things in another way?
Saam Barati
Comment 3 2019-06-25 14:03:56 PDT
Comment on attachment 372860 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=372860&action=review >> Source/WebCore/ChangeLog:9 >> + marked as such to JSC. > > What crashes? I thought the assert got rolled out? And we were doing things in another way? Do you mean this will crash a future change? Can you be more specific here
Yusuke Suzuki
Comment 4 2019-06-25 14:04:57 PDT
Comment on attachment 372860 [details] Patch r=me too, and can we add this `didBecomePrototype()` call before calling setPrototypeWithoutTransition() in JSGlobalObject's m_functionPrototype thing too?
Keith Miller
Comment 5 2019-06-25 14:05:36 PDT
Comment on attachment 372860 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=372860&action=review >>> Source/WebCore/ChangeLog:9 >>> + marked as such to JSC. >> >> What crashes? I thought the assert got rolled out? And we were doing things in another way? > > Do you mean this will crash a future change? Can you be more specific here The patch in https://trac.webkit.org/changeset/246801 breaks debug builds right now because setPrototypeWithoutTransition looks for isValidPrototype. I'll update the ChangeLog to make this clearer.
Mark Lam
Comment 6 2019-06-25 14:07:05 PDT
Comment on attachment 372860 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=372860&action=review > Source/WebCore/bindings/js/JSWindowProxy.cpp:115 > + properties.didBecomePrototype(); > prototype->structure(vm)->setPrototypeWithoutTransition(vm, &properties); I thought we were going too make setPrototypeWithoutTransition() call didBecomePrototype() on the passed in prototype object. Was there a change of plans?
Mark Lam
Comment 7 2019-06-25 14:12:24 PDT
Comment on attachment 372860 [details] Patch restoring Saam's r+.
Keith Miller
Comment 8 2019-06-25 14:14:47 PDT
Comment on attachment 372860 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=372860&action=review >> Source/WebCore/bindings/js/JSWindowProxy.cpp:115 >> prototype->structure(vm)->setPrototypeWithoutTransition(vm, &properties); > > I thought we were going too make setPrototypeWithoutTransition() call didBecomePrototype() on the passed in prototype object. Was there a change of plans? No, we were going to do it on Structure::create because we know no objects already have that structure thus we don't need to check for haveABadTime. setPrototypeWithoutTransition() can modify existing objects thus haveABadTime should be enforced.
Keith Miller
Comment 9 2019-06-25 14:19:35 PDT
Committed r246808: <https://trac.webkit.org/changeset/246808>
Radar WebKit Bug Importer
Comment 10 2019-06-25 14:22:05 PDT
<rdar://problem/52133576>
Keith Miller
Comment 11 2019-06-25 14:36:25 PDT
Reopening to attach new patch.
Keith Miller
Comment 12 2019-06-25 14:36:26 PDT
Created attachment 372862 [details] Patch
Michael Catanzaro
Comment 13 2019-08-02 10:42:20 PDT
Should this be closed?
Note You need to log in before you can comment on or make changes to this bug.