Closed
Bug 1654278
Opened 4 years ago
Closed 4 years ago
Overly restrictive assert in private field proxy support
Categories
(Core :: JavaScript Engine, task, P2)
Core
JavaScript Engine
Tracking
()
RESOLVED
DUPLICATE
of bug 1655443
People
(Reporter: mgaudet, Assigned: mgaudet)
References
Details
Attachments
(1 obsolete file)
As part of review feedback on Bug 1644160 I added some asserts to avoid private fields in parts of the Proxy object protocol methods where I understood we ought not to see private fields.
At least one case there was a mistake:
Assertion failure: !JSID_TO_SYMBOL(id)->isPrivateName(), at /home/matthew/unified/js/src/proxy/Proxy.cpp:91
This is the assert inside of Proxy::getOwnPropertyDescriptor
which is triggered while doing definePrivateField
on an Xray:
#0 0x00007fdcd7092bb5 in js::Proxy::getOwnPropertyDescriptor(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::PropertyKey>, JS::MutableHandle<JS::PropertyDescriptor>) (cx=0x7fdcb7c1c000, proxy=..., id=..., desc=...)
at /home/matthew/unified/js/src/proxy/Proxy.cpp:91
#1 0x00007fdcd730aac8 in js::GetOwnPropertyDescriptor(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::PropertyKey>, JS::MutableHandle<JS::PropertyDescriptor>) (cx=0x7fdcb7c1c000, obj=..., id=..., desc=...)
at /home/matthew/unified/js/src/vm/JSObject.cpp:2693
#2 0x00007fdcd7318bc3 in js::GetPropertyDescriptor(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::PropertyKey>, JS::MutableHandle<JS::PropertyDescriptor>) (cx=0x7fdcb7c1c000, obj=..., id=..., desc=...)
at /home/matthew/unified/js/src/vm/JSObject.cpp:2819
#3 0x00007fdcd701a993 in JS_GetPropertyDescriptorById(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::PropertyKey>, JS::MutableHandle<JS::PropertyDescriptor>) (cx=0x7fdcb7c1c000, obj=..., id=..., desc=...)
at /home/matthew/unified/js/src/jsapi.cpp:2037
#4 0x00007fdcced838de in xpc::XrayWrapper<js::CrossCompartmentWrapper, xpc::DOMXrayTraits>::defineProperty(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::PropertyKey>, JS::Handle<JS::PropertyDescriptor>, JS::ObjectOpResult&) const (this=0x7fdcdccc6858 <xpc::XrayWrapper<js::CrossCompartmentWrapper, xpc::DOMXrayTraits>::singleton>, cx=0x7fdcb7c1c000, wrapper=..., id=..., desc=..., result=...) at /home/matthew/unified/js/xpconnect/wrappers/XrayWrapper.cpp:1970
#5 0x00007fdcd70aca61 in js::ForwardingProxyHandler::definePrivateField(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::PropertyKey>, JS::Handle<JS::PropertyDescriptor>, JS::ObjectOpResult&) const (this=0x7fdcdccc6858 <xpc::XrayWrapper<js::CrossCompartmentWrapper, xpc::DOMXrayTraits>::singleton>, cx=0x7fdcb7c1c000, proxy=..., id=..., desc=..., result=...) at /home/matthew/unified/js/src/proxy/Wrapper.cpp:222
#6 0x00007fdcd7092f61 in js::Proxy::defineProperty(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::PropertyKey>, JS::Handle<JS::PropertyDescriptor>, JS::ObjectOpResult&) (cx=0x7fdcb7c1c000, proxy=..., id=..., desc=..., result=...)
This wasn't triggered previously because the XRay test is being run without the private field pref set. The above was triggered by hardcoding private fields enabled, then running ./mach xpcshell-test --debugger rr --headless js/xpconnect/tests/unit/test_private_field_xrays.js
Assignee | ||
Comment 1•4 years ago
|
||
Updated•4 years ago
|
Assignee: nobody → mgaudet
Status: NEW → ASSIGNED
Updated•4 years ago
|
Severity: -- → N/A
Priority: -- → P2
Updated•4 years ago
|
Attachment #9165095 -
Attachment is obsolete: true
Assignee | ||
Updated•4 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•