Closed Bug 1032956 Opened 11 years ago Closed 11 years ago

Self-hosted functions in {Object,Function}.{,prototype.}* are broken and fail on an assert

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla33

People

(Reporter: nathan, Assigned: nathan)

References

Details

Attachments

(1 file, 3 obsolete files)

newJSFunctionSpecArray_v2.patch
3.75 KB, patch
Waldo
: review+
Details | Diff | Splinter Review
Trying to self-host a function in {Object,Function}.{,prototype.}* cause the engine to fail the assertion JS_ASSERT(!getSlot(INTRINSICS).isUndefined()); in js/src/vm/GlobalObject.h This happens because the INTRINSICS slot isn't set up until the post-initialization hook, which happens after we try to set up the self-hosted functions. (This is in GlobalObject::resolveConstructor) One partial solution is to reorder this so that the post-initialization happens earlier, but there's something wrong with doing initialization after a post-initilization hook. Anyway, this doesn't fix it for Function, just Object. Attached is a patch that does the reordering (just to test) and a patch origionally made by Waldo (in bug 937855) that includes a simple Object self hosted function for testing. I also added a commented out line in jsfun.cpp that does the same thing.
Attachment #8448882 - Flags: feedback?(jwalden+bmo)
Assignee: nobody → miloignis
I think it'd be better to delay installing the self-hosted functions for Function and Object. In bug 825199 comment 2 I described how that could work. Essentially, you just create a second set of JSFunctionSpec[] lists and apply it at the end of FinishObjectClassInit, after the intrinsicsHolder has been set.
Comment on attachment 8448882 [details] [diff] [review] reorderPartialFix.patch - The reordering patch - not a final solution Review of attachment 8448882 [details] [diff] [review]: ----------------------------------------------------------------- Hmm, yeah. I agree with till that doing this as a post-processing step in FinishObjectClassInit is better than disrupting the entire init path. Looks like you can do that just after the JSObject::defineProperty(cx, intrinsicsHolder, cx->names().global bit in jsobj.cpp.
Attachment #8448882 - Flags: feedback?(jwalden+bmo)
Attached patch selfHostObjectForReview.patch (obsolete) — Splinter Review
Attachment #8448882 - Attachment is obsolete: true
Attachment #8450441 - Flags: review?(jwalden+bmo)
Comment on attachment 8450441 [details] [diff] [review] selfHostObjectForReview.patch Review of attachment 8450441 [details] [diff] [review]: ----------------------------------------------------------------- ::: js/src/builtin/Object.h @@ +15,5 @@ > > extern const JSFunctionSpec object_methods[]; > extern const JSPropertySpec object_properties[]; > extern const JSFunctionSpec object_static_methods[]; > +extern const JSFunctionSpec object_self_hosted_methods[]; object_static_selfhosted_methods, please. "static" most important part, very mild preference for selfhosted as being more readable as one word in under_score_naming_style. ::: js/src/jsobj.cpp @@ +169,5 @@ > } > > + /* Define self-hosted functions after setting the intrinsics holder > + * (which is needed to define self-hosted functions) > + */ /* * Define self-hosted... * (which... */ is the right style for multi-line /**/-style comments. Alternatively, you could do // Define self-hosted... // (which... if you don't want to burn two more lines. Doesn't matter either way to me.
Attachment #8450441 - Flags: review?(jwalden+bmo) → review+
Fixed stuff up from review.
Attachment #8448885 - Attachment is obsolete: true
Attachment #8450441 - Attachment is obsolete: true
Attachment #8451807 - Flags: review?(jwalden+bmo)
Comment on attachment 8451807 [details] [diff] [review] newJSFunctionSpecArray_v2.patch Review of attachment 8451807 [details] [diff] [review]: ----------------------------------------------------------------- I'll push this shortly. ::: js/src/builtin/Object.cpp @@ +274,5 @@ > comma = true; > if (gsop[j]) { > if (!buf.append(gsop[j]) || !buf.append(' ')) > return nullptr; > + } As far as I can tell, this hunk removes a line, then inserts the exact same line again. Dunno what's up with that. Fixed locally to remove the trailing space that's currently there on trunk, which is I guess what you (or your editor) wanted to do.
Attachment #8451807 - Flags: review?(jwalden+bmo) → review+
https://hg.mozilla.org/mozilla-central/rev/923774f79869
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla33
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: