Simple snippet involving getPrototype hangs forever
Categories
(Core :: JavaScript Engine, enhancement)
Tracking
()
Tracking | Status | |
---|---|---|
firefox66 | --- | fixed |
People
(Reporter: evilpie, Assigned: evilpie)
References
(Depends on 1 open bug)
Details
Attachments
(1 file)
Running Location.prototype.__proto__ = { __proto__: location}
will hang Firefox forever and no slow-script dialog appears.
js::CrossCompartmentWrapper::getPrototype
is a the top of my profile.
Assignee | ||
Comment 1•5 years ago
|
||
We could do CheckForInterrupt
in js::IsPrototypeOf
, but presumably we actually want to prevent the [[Prototype]] cycle from the beginning.
Comment 2•5 years ago
|
||
Running Location.prototype.proto = { proto: location} will hang Firefox forever and no slow-script dialog appears.
Only if you do it via devtools console, right? See bug 1519154.
presumably we actually want to prevent the [[Prototype]] cycle from the beginning.
That's what https://github.com/heycam/webidl/pull/606 and the discussion in https://github.com/tc39/ecma262/issues/683 are about, right?
Assignee | ||
Comment 3•5 years ago
•
|
||
(In reply to Boris Zbarsky [:bzbarsky, bz on IRC] from comment #2)
Running Location.prototype.proto = { proto: location} will hang Firefox forever and no slow-script dialog appears.
Only if you do it via devtools console, right? See bug 1519154.
I was actually testing this with jsconsole.com, but the hang also seem to happen when trying to instanceof
on the resulting value.
presumably we actually want to prevent the [[Prototype]] cycle from the beginning.
That's what https://github.com/heycam/webidl/pull/606 and the discussion in https://github.com/tc39/ecma262/issues/683 are about, right?
Yeah right, I just saw this snippet without the whole context.
Comment 4•5 years ago
|
||
but the hang also seem to happen when trying to instanceof on the resulting value.
OK. Well, in that case, do you get a similar hang when just using a Proxy with a cyclical proto chain? That's definitely allowed by the spec (not least because a Proxy can just return a different result from [[GetPrototypeOf]] every time).
If we get a hang in that case, then CheckForInterrupt somewhere in the loop seems like the only solution...
Assignee | ||
Updated•5 years ago
|
Assignee | ||
Comment 5•5 years ago
|
||
I started patching some places that were missing CheckForInterrupt, but maybe it would make sense to just call in Proxy::getPrototype?
Assignee | ||
Comment 6•5 years ago
|
||
Comment 7•5 years ago
|
||
I think we have to check in each loop, rather than in Proxy::getPrototype
, because prototype chains that don't involve proxies can still be extremely long.
(It is also way more obvious what's going on when you put a CheckForInterrupt() call in a loop body, fwiw.)
Pushed by evilpies@gmail.com: https://hg.mozilla.org/integration/autoland/rev/9fb6d716ad11 Handle cyclic [[Protototype]] chains in two places. r=jorendorff
Comment 9•5 years ago
|
||
bugherder |
Description
•