Hide the rest-array in default derived class constructors
Categories
(Core :: JavaScript Engine, defect, P1)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr78 | --- | unaffected |
| firefox85 | --- | unaffected |
| firefox86 | --- | unaffected |
| firefox87 | --- | wontfix |
| firefox88 | --- | fixed |
People
(Reporter: anba, Assigned: anba)
References
(Depends on 1 open bug, Regression)
Details
(Keywords: regression)
Attachments
(1 file)
The debugger can cause havoc when it modifies the rest-array in default derived class constructors: https://phabricator.services.mozilla.com/D104406#3397378
It seems like we can avoid this issue when we change the argument name from args to .args, which makes it impossible for the debugger to access the parameter.
|
Assignee | |
Comment 1•3 years ago
|
||
Hide the rest-array in default derived class constructors, so the debugger can't
modify it.
|
||
Comment 2•3 years ago
|
||
This seems quite sensible.
In the old model with self-hosting, would that have prevented debugger from getting involved?
|
|
Assignee | |
Comment 3•3 years ago
|
||
Unless I'm misunderstanding your question:
Before bug 1681567, the iteration protocol when evaluating super(...args) would have handled this case gracefully (either by throwing a TypeError when effectively evaluating super(...null) or using normal array iteration when evaluating super(...[/* hole */, 1])). Only after bug 1681567 we have to worry about modifications of the args binding or the args array itself.
|
|
||
Comment 4•3 years ago
|
||
Can the debugger break in self-hosting code and mutate variables? If not, would extending the filter there to also exclude synthetic constructors solve this?
(I still think what you have is a better answer. Simply trying to understand the problem space)
|
|
Assignee | |
Comment 5•3 years ago
|
||
I don't think the debugger can modify variables in self-hosting code. But the old, self-hosted default constructors were changed to non-selfhosted functions when exposed to the user. And then it was possible to change any variables.
(This is all probably controlled in Debugger::observesScript, which hides self-hosted scripts from the debuggger.)
|
||
Comment 6•3 years ago
|
||
Set release status flags based on info from the regressing bug 1681567
|
||
Updated•3 years ago
|
|
|
Assignee | |
Comment 7•3 years ago
|
||
Using .args makes devtools unhappy:
JavaScript error: resource://devtools/shared/protocol/Front.js, line 361: Error: Protocol error (TypeError): name is not an identifier from: server0.conn0.child3/frame95 (resource://devtools/server/actors/environment.js:108:30)
The error results in only showing "Loading..." under the "Scopes" panel.
So I guess we should instead go with your idea and hide the synthetic constructors.
|
||
Updated•3 years ago
|
|
|
||
Updated•3 years ago
|
Pushed by andre.bargull@gmail.com: https://hg.mozilla.org/integration/autoland/rev/8bd9afc1c9eb Hide the rest-array in default derived class constructors. r=tcampbell
|
||
Comment 9•3 years ago
|
||
| bugherder | ||
|
|
||
Updated•3 years ago
|
|
|
||
Comment 10•3 years ago
|
||
The patch landed in nightly and beta is affected.
:anba, is this bug important enough to require an uplift?
If not please set status_beta to wontfix.
For more information, please visit auto_nag documentation.
|
|
Assignee | |
Comment 11•3 years ago
|
||
No, it's not important enough for an uplift, because the bug can only be triggered through the debugger.
|
||
Updated•3 years ago
|
|
||
Updated•3 years ago
|
Description
•