Closed Bug 1290752 Opened 9 years ago Closed 9 years ago

MergeSort needs to invoke callFunction

Categories

(Core :: JavaScript: Standard Library, defect)

Product:
Core
Component:
JavaScript: Standard Library
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla51
Tracking Flags:
Tracking Status
firefox50 --- affected
firefox51 --- fixed

People

(Reporter: anba, Assigned: efaust, Mentored)

References

Details

Attachments

(1 file)

Fix
8.35 KB, patch
till
: review+
Details | Diff | Splinter Review
Test case: --- Function.prototype.call = function() { return "kaboom"; }; r = [].sort.apply(new Int8Array(0), [(a, b) => (a - b)|0]); print("result", r); --- Expected: Doesn't print "kaboom" Actual: Prints "kaboom"
BytecodeEmitter::emitDebugOnlyCheckSelfHosted() is not called for JSOP_FUNAPPLY/JSOP_FUNCALL, is it? Because I'd normally expect a debug warning for the (call-)method syntax in [1]. [1] http://hg.mozilla.org/mozilla-central/file/4a18b5cacb1b/js/src/builtin/Sorting.js#l240
Flags: needinfo?(efaustbmo)
Mentor: winter2718
Attached patch FixSplinter Review
Nice find, thanks! Just remove method calls again. We re-added them optimistically when we added callContentFunction, but there's no reason to, and it avoids this kind of nonsense. This is less ergonomic, but safer.
Assignee: nobody → efaustbmo
Status: NEW → ASSIGNED
Flags: needinfo?(efaustbmo)
Attachment #8777559 - Flags: review?(till)
Comment on attachment 8777559 [details] [diff] [review] Fix Review of attachment 8777559 [details] [diff] [review]: ----------------------------------------------------------------- r=me with comments addressed. Thank you for doing this. ::: js/src/frontend/Parser.cpp @@ +8847,5 @@ > return handler.newSetThis(thisName, nextMember); > } > > + if (options().selfHostingMode && handler.isPropertyAccess(lhs)) { > + report(ParseError, false, null(), JSMSG_SELFHOSTED_METHOD_CALL); I think this should be an ASSERT. There's no situation in which we would successfully complete startup after this error has been thrown, so we might just as well abort now. ::: js/src/js.msg @@ +299,5 @@ > MSG_DEF(JSMSG_REDECLARED_PARAM, 1, JSEXN_SYNTAXERR, "redeclaration of formal parameter {0}") > MSG_DEF(JSMSG_RESERVED_ID, 1, JSEXN_SYNTAXERR, "{0} is a reserved identifier") > MSG_DEF(JSMSG_REST_WITH_DEFAULT, 0, JSEXN_SYNTAXERR, "rest parameter may not have a default") > MSG_DEF(JSMSG_SELFHOSTED_TOP_LEVEL_LEXICAL, 1, JSEXN_SYNTAXERR, "self-hosted code cannot contain top-level {0} declarations") > +MSG_DEF(JSMSG_SELFHOSTED_METHOD_CALL, 0, JSEXN_SYNTAXERR, "self-hosted code may not contain direct method calls. Use callFunction() or callContentFunction()") ... which would obviate the need for this.
Attachment #8777559 - Flags: review?(till) → review+
Pushed by efaustbmo@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/ec1190dcff7c Re-disallow method calls in self-hosted code. (r=till)
Till and I discussed the review on IRC, and agreed to go with the original patch.
https://hg.mozilla.org/mozilla-central/rev/ec1190dcff7c
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox51: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla51
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: