Closed Bug 1519142 Opened 5 years ago Closed 5 years ago

Simple snippet involving getPrototype hangs forever

Categories

(Core :: JavaScript Engine, enhancement)

enhancement
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla66
Tracking Status
firefox66 --- fixed

People

(Reporter: evilpie, Assigned: evilpie)

References

(Depends on 1 open bug)

Details

Attachments

(1 file)

Running Location.prototype.__proto__ = { __proto__: location} will hang Firefox forever and no slow-script dialog appears.

js::CrossCompartmentWrapper::getPrototype is a the top of my profile.

We could do CheckForInterrupt in js::IsPrototypeOf, but presumably we actually want to prevent the [[Prototype]] cycle from the beginning.

Running Location.prototype.proto = { proto: location} will hang Firefox forever and no slow-script dialog appears.

Only if you do it via devtools console, right? See bug 1519154.

presumably we actually want to prevent the [[Prototype]] cycle from the beginning.

That's what https://github.com/heycam/webidl/pull/606 and the discussion in https://github.com/tc39/ecma262/issues/683 are about, right?

Depends on: 1519154

(In reply to Boris Zbarsky [:bzbarsky, bz on IRC] from comment #2)

Running Location.prototype.proto = { proto: location} will hang Firefox forever and no slow-script dialog appears.

Only if you do it via devtools console, right? See bug 1519154.

I was actually testing this with jsconsole.com, but the hang also seem to happen when trying to instanceof on the resulting value.

presumably we actually want to prevent the [[Prototype]] cycle from the beginning.

That's what https://github.com/heycam/webidl/pull/606 and the discussion in https://github.com/tc39/ecma262/issues/683 are about, right?

Yeah right, I just saw this snippet without the whole context.

but the hang also seem to happen when trying to instanceof on the resulting value.

OK. Well, in that case, do you get a similar hang when just using a Proxy with a cyclical proto chain? That's definitely allowed by the spec (not least because a Proxy can just return a different result from [[GetPrototypeOf]] every time).

If we get a hang in that case, then CheckForInterrupt somewhere in the loop seems like the only solution...

Assignee: nobody → evilpies

I started patching some places that were missing CheckForInterrupt, but maybe it would make sense to just call in Proxy::getPrototype?

I think we have to check in each loop, rather than in Proxy::getPrototype, because prototype chains that don't involve proxies can still be extremely long.

(It is also way more obvious what's going on when you put a CheckForInterrupt() call in a loop body, fwiw.)

Pushed by evilpies@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/9fb6d716ad11
Handle cyclic [[Protototype]] chains in two places. r=jorendorff
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla66
You need to log in before you can comment on or make changes to this bug.