Hide the rest-array in default derived class constructors
Categories
(Core :: JavaScript Engine, defect, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr78 | --- | unaffected |
firefox85 | --- | unaffected |
firefox86 | --- | unaffected |
firefox87 | --- | wontfix |
firefox88 | --- | fixed |
People
(Reporter: anba, Assigned: anba)
References
(Depends on 1 open bug, Regression)
Details
(Keywords: regression)
Attachments
(1 file)
The debugger can cause havoc when it modifies the rest-array in default derived class constructors: https://phabricator.services.mozilla.com/D104406#3397378
It seems like we can avoid this issue when we change the argument name from args
to .args
, which makes it impossible for the debugger to access the parameter.
Assignee | ||
Comment 1•3 years ago
|
||
Hide the rest-array in default derived class constructors, so the debugger can't
modify it.
Comment 2•3 years ago
|
||
This seems quite sensible.
In the old model with self-hosting, would that have prevented debugger from getting involved?
Assignee | ||
Comment 3•3 years ago
|
||
Unless I'm misunderstanding your question:
Before bug 1681567, the iteration protocol when evaluating super(...args)
would have handled this case gracefully (either by throwing a TypeError
when effectively evaluating super(...null)
or using normal array iteration when evaluating super(...[/* hole */, 1])
). Only after bug 1681567 we have to worry about modifications of the args
binding or the args
array itself.
Comment 4•3 years ago
|
||
Can the debugger break in self-hosting code and mutate variables? If not, would extending the filter there to also exclude synthetic constructors solve this?
(I still think what you have is a better answer. Simply trying to understand the problem space)
Assignee | ||
Comment 5•3 years ago
|
||
I don't think the debugger can modify variables in self-hosting code. But the old, self-hosted default constructors were changed to non-selfhosted functions when exposed to the user. And then it was possible to change any variables.
(This is all probably controlled in Debugger::observesScript, which hides self-hosted scripts from the debuggger.)
Comment 6•3 years ago
|
||
Set release status flags based on info from the regressing bug 1681567
Updated•3 years ago
|
Assignee | ||
Comment 7•3 years ago
|
||
Using .args
makes devtools unhappy:
JavaScript error: resource://devtools/shared/protocol/Front.js, line 361: Error: Protocol error (TypeError): name is not an identifier from: server0.conn0.child3/frame95 (resource://devtools/server/actors/environment.js:108:30)
The error results in only showing "Loading..." under the "Scopes" panel.
So I guess we should instead go with your idea and hide the synthetic constructors.
Updated•3 years ago
|
Updated•3 years ago
|
Pushed by andre.bargull@gmail.com: https://hg.mozilla.org/integration/autoland/rev/8bd9afc1c9eb Hide the rest-array in default derived class constructors. r=tcampbell
Comment 9•3 years ago
|
||
bugherder |
Updated•3 years ago
|
Comment 10•3 years ago
|
||
The patch landed in nightly and beta is affected.
:anba, is this bug important enough to require an uplift?
If not please set status_beta
to wontfix
.
For more information, please visit auto_nag documentation.
Assignee | ||
Comment 11•3 years ago
|
||
No, it's not important enough for an uplift, because the bug can only be triggered through the debugger.
Updated•3 years ago
|
Updated•3 years ago
|
Description
•