Closed Bug 1654278 Opened 4 years ago Closed 4 years ago

Overly restrictive assert in private field proxy support

Categories

(Core :: JavaScript Engine, task, P2)

Product:
Core
Component:
JavaScript Engine
Type:
task

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1655443

People

(Reporter: mgaudet, Assigned: mgaudet)

References

Details

Attachments

(1 obsolete file)

As part of review feedback on Bug 1644160 I added some asserts to avoid private fields in parts of the Proxy object protocol methods where I understood we ought not to see private fields.

At least one case there was a mistake:

Assertion failure: !JSID_TO_SYMBOL(id)->isPrivateName(), at /home/matthew/unified/js/src/proxy/Proxy.cpp:91

This is the assert inside of Proxy::getOwnPropertyDescriptor which is triggered while doing definePrivateField on an Xray:

#0  0x00007fdcd7092bb5 in js::Proxy::getOwnPropertyDescriptor(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::PropertyKey>, JS::MutableHandle<JS::PropertyDescriptor>) (cx=0x7fdcb7c1c000, proxy=..., id=..., desc=...)
    at /home/matthew/unified/js/src/proxy/Proxy.cpp:91
#1  0x00007fdcd730aac8 in js::GetOwnPropertyDescriptor(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::PropertyKey>, JS::MutableHandle<JS::PropertyDescriptor>) (cx=0x7fdcb7c1c000, obj=..., id=..., desc=...)
    at /home/matthew/unified/js/src/vm/JSObject.cpp:2693
#2  0x00007fdcd7318bc3 in js::GetPropertyDescriptor(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::PropertyKey>, JS::MutableHandle<JS::PropertyDescriptor>) (cx=0x7fdcb7c1c000, obj=..., id=..., desc=...)
    at /home/matthew/unified/js/src/vm/JSObject.cpp:2819
#3  0x00007fdcd701a993 in JS_GetPropertyDescriptorById(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::PropertyKey>, JS::MutableHandle<JS::PropertyDescriptor>) (cx=0x7fdcb7c1c000, obj=..., id=..., desc=...)
    at /home/matthew/unified/js/src/jsapi.cpp:2037
#4  0x00007fdcced838de in xpc::XrayWrapper<js::CrossCompartmentWrapper, xpc::DOMXrayTraits>::defineProperty(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::PropertyKey>, JS::Handle<JS::PropertyDescriptor>, JS::ObjectOpResult&) const (this=0x7fdcdccc6858 <xpc::XrayWrapper<js::CrossCompartmentWrapper, xpc::DOMXrayTraits>::singleton>, cx=0x7fdcb7c1c000, wrapper=..., id=..., desc=..., result=...) at /home/matthew/unified/js/xpconnect/wrappers/XrayWrapper.cpp:1970
#5  0x00007fdcd70aca61 in js::ForwardingProxyHandler::definePrivateField(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::PropertyKey>, JS::Handle<JS::PropertyDescriptor>, JS::ObjectOpResult&) const (this=0x7fdcdccc6858 <xpc::XrayWrapper<js::CrossCompartmentWrapper, xpc::DOMXrayTraits>::singleton>, cx=0x7fdcb7c1c000, proxy=..., id=..., desc=..., result=...) at /home/matthew/unified/js/src/proxy/Wrapper.cpp:222
#6  0x00007fdcd7092f61 in js::Proxy::defineProperty(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::PropertyKey>, JS::Handle<JS::PropertyDescriptor>, JS::ObjectOpResult&) (cx=0x7fdcb7c1c000, proxy=..., id=..., desc=..., result=...)

This wasn't triggered previously because the XRay test is being run without the private field pref set. The above was triggered by hardcoding private fields enabled, then running ./mach xpcshell-test --debugger rr --headless js/xpconnect/tests/unit/test_private_field_xrays.js

Assignee: nobody → mgaudet
Status: NEW → ASSIGNED
See Also: → 1654308
Severity: -- → N/A
Priority: -- → P2
Attachment #9165095 - Attachment is obsolete: true
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: