[webkit-dev] Question about Constructors in WebKit JS Bindings

Maciej Stachowiak mjs at apple.com
Tue Jun 23 16:53:10 PDT 2009 

On Jun 23, 2009, at 4:08 PM, Drew Wilson wrote:

> Oh, certainly - I just started looking at the Worker constructor  
> code, so I definitely have no sense of ownership there, so pick  
> away. I was just trying to understand the issues well enough to  
> understand what the Worker code is doing before I steal it :)
>
> Looking at the Workers code (since that happens to be where I'm  
> poking around):
>
> JSWorkerConstructor::JSWorkerConstructor(ExecState* exec)
>     : DOMObject(JSWorkerConstructor::createStructure(exec- 
> >lexicalGlobalObject()->objectPrototype()))
> {
>     putDirect(exec->propertyNames().prototype,  
> JSWorkerPrototype::self(exec, exec->lexicalGlobalObject()), None);
>     putDirect(exec->propertyNames().length, jsNumber(exec, 1),  
> ReadOnly|DontDelete|DontEnum);
> }
>
> It looks like the constructor's .prototype is taken from the  
> originating window (set at the time the constructor itself is  
> created) - I haven't followed the construction code, but I'm  
> guessing that results in the prototype property of new objects being  
> attached to the chain from the original window. Is that incorrect  
> behavior?

The code above means that Worker.prototype is set at the time the  
Worker constructor itself is created, which is good. In the line you  
bolded, a fresh prototype object is created, and under the covers it  
will get cached. However, it looks to me like the Worker wrapper will  
use the prototype from the Window where the reference is created,  
rather than the one that the Worker constructor came from. So  
everything I said may be wrong. Short version: this all needs tests.

Also, there might be a subtle bug in the above code: what if  
window.Worker is first accessed from a different frame? Then the  
prototype of the Worker constructor itself will use the other frame's  
Object prototype as its prototype. I'm not sure if that is right. I  
think maybe JSWorkerConstructor should be passed the global object  
from which it is retrieved as a property, instead of using the lexical  
global object.

Regards,
Maciej

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20090623/03ea1e60/attachment.html>

More information about the webkit-dev mailing list