Closed
Bug 1369680
Opened 9 years ago
Closed 9 years ago
Functions and arguments shouldn't use HasProperty to trigger reflection of lazy properties
Categories
(Core :: JavaScript Engine, enhancement)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla55
| Tracking | Status | |
|---|---|---|
| firefox55 | --- | fixed |
People
(Reporter: anba, Assigned: anba)
Details
Attachments
(1 file)
|
5.15 KB,
patch
|
jandem
:
review+
|
Details | Diff | Splinter Review |
Test case:
function enumerateArgs() {
var a = arguments;
Object.setPrototypeOf(a, new Proxy(Object.prototype, {
has(t, pk) {
print("Has", String(pk));
return Reflect.has(t, pk)
}
}));
delete a.length;
for (var k in a);
}
enumerateArgs();
function enumerateFunction() {
function f() {}
Object.setPrototypeOf(f, new Proxy(Object.prototype, {
has(t, pk) {
print("Has", String(pk));
return Reflect.has(t, pk)
}
}));
delete f.length;
for (var k in f);
}
enumerateFunction();
---
Expected: "Has length" is not printed
Actual: "Has length" is printed for both test functions
|
||
Comment 1•9 years ago
|
||
While looking into bug 1364816 I noticed the browser does something similar for the global object (calling JS_HasUCProperty). It may be nice to overhaul all this stuff at the same time (change the enumerate hook to just return the lazy properties or something).
|
Assignee | |
Comment 2•9 years ago
|
||
(In reply to Jan de Mooij [:jandem] from comment #1)
> While looking into bug 1364816 I noticed the browser does something similar
> for the global object (calling JS_HasUCProperty). It may be nice to overhaul
> all this stuff at the same time (change the enumerate hook to just return
> the lazy properties or something).
I was thinking about just replacing HasProperty with HasOwnProperty for the function/arguments case. Is it possible for the browser components to use JSNewEnumerateOp?
|
|
||
Comment 3•9 years ago
|
||
(In reply to André Bargull from comment #2)
> I was thinking about just replacing HasProperty with HasOwnProperty for the
> function/arguments case.
Ah yes that makes sense.
> Is it possible for the browser components to use JSNewEnumerateOp?
Yeah I hope we can make that work somehow...
|
|
Assignee | |
Comment 4•9 years ago
|
||
Simply replaces HasProperty with HasOwnProperty in fun_enumerate, MappedArgumentsObject::obj_enumerate, and UnmappedArgumentsObject::obj_enumerate.
Assignee: nobody → andrebargull
Status: NEW → ASSIGNED
Attachment #8873860 -
Flags: review?(jdemooij)
|
|
||
Comment 5•9 years ago
|
||
Comment on attachment 8873860 [details] [diff] [review]
bug1369680.patch
Review of attachment 8873860 [details] [diff] [review]:
-----------------------------------------------------------------
Nice find!
Attachment #8873860 -
Flags: review?(jdemooij) → review+
|
|
Assignee | |
Comment 6•9 years ago
|
||
Try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=5c2f4711c9d7c5e898216a8a1a893dded9170aa5
Keywords: checkin-needed
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/a6aa43c2ff31
Use HasOwnProperty when resolving lazy properties to avoid triggering proxy traps in the proto-chain. r=jandem
Keywords: checkin-needed
|
||
Comment 8•9 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox55:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
You need to log in
before you can comment on or make changes to this bug.
Description
•