зеркало из https://github.com/mozilla/gecko-dev.git
adc7298478
Originally, long ago, the builtin prototype object of a class was always an
actual instance of that class. For many of the oldest classes, this is still
true. Array.isArray(Array.prototype) is true; Function.prototype is callable;
and so on.
As it turns out, this is a bad idea. Prototypes are a lot like uninitialized
objects; thus it was a common bug to have code like
if (!obj->is<WidgetObject>()) { // safety check
return ThrowTypeError(cx, ...);
}
obj->as<WidgetObject>().getWidgetPrivateData()->doThings(); // BUG
This would crash when obj happened to be Widget.prototype, because that would
sneak past the safety check, and then `getWidgetPrivateData()` would typically
return null. Extra checks everywhere. The solution is for each builtin class to
have a class_ (for instances) and a protoClass_ (for the prototype object) that
share a single ClassSpec (for the benefit of the X-ray wrapper machinery).
(This problem was a pain for the spec, too. The standard committee has stopped
making prototype objects special in this way. The newer ones are just plain
objects with no internal slots, and where possible, old stuff like
Date.prototype was retroactively changed.)
GenericCreatePrototype never got the memo. This patch fixes it.
Differential Revision: https://phabricator.services.mozilla.com/D7666
--HG--
extra : moz-landing-system : lando
|
||
|---|---|---|
| .. | ||
| ductwork/debugger | ||
| examples | ||
| ipc | ||
| public | ||
| rust | ||
| src | ||
| xpconnect | ||
| app.mozbuild | ||
| ffi.configure | ||
| moz.build | ||
| moz.configure | ||