Getters/setters called inside self-hosted JS cannot be caught by debugger
Categories
(Core :: JavaScript Engine, task, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox111 | --- | fixed |
People
(Reporter: arai, Assigned: arai)
References
Details
Attachments
(1 file)
In bug 1609432, we've added CallReason::CallContent
, to notify function call inside self-hosted JS to debugger.
enum class CallReason {
Call,
// callContentFunction or constructContentFunction in self-hosted JS.
CallContent,
// Function.prototype.call or Function.prototype.apply.
FunCall,
Getter,
Setter,
};
In bug 1806598, we're going to stop treating all getters non-effectful inside eager evaluation, which means we'll want to catch getter call inside self-hosted JS.
This is problematic in the following case:
RegExp.prototype[@@match]
accesses "flags" property, which is by default RegExp.prototype.flags
getter.
https://tc39.es/ecma262/#sec-regexp.prototype-@@match
22.2.6.8 RegExp.prototype [ @@match ] ( string )
...
4. Let flags be ? ToString(? Get(rx, "flags")).
function RegExpMatch(string) {
...
return RegExpMatchSlowPath(rx, S);
}
...
function RegExpMatchSlowPath(rx, S) {
...
var flags = ToString(rx.flags);
RegExp.prototype.flags
getter accesses all flag propeties, e.g. global
with Get operation.
https://tc39.es/ecma262/#sec-get-regexp.prototype.flags
22.2.6.4 get RegExp.prototype.flags
...
6. Let global be ToBoolean(? Get(R, "global")).
function $RegExpFlagsGetter() {
...
if (R.global) {
Here, this Get operation is observable to web content if
RegExp.prototype.global
getter is modifiedthis
valueR
hasglobal
getter
So, if we don't expose the getter access inside self-hosted JS, RegExp.prototype[@@match]
needs to be marked as effectful, even if it's non-effectful in most case.
Assignee | ||
Comment 1•2 years ago
|
||
Possible option here is to introduce JSOp::GetContentProp
, with some notation in self-hosted JS to emit it,
and call onNativeCall
hook if the property is a getter.
Assignee | ||
Comment 2•2 years ago
|
||
the other option is to just call onNativeCall
for all getter/setter call inside self-hosted JS.
Assignee | ||
Comment 3•2 years ago
|
||
Updated•2 years ago
|
Comment 5•2 years ago
|
||
Backed out for causing dt failures in devtools/client/webconsole/test/browser/browser_console_evaluation_context_selector.js
Backout link: https://hg.mozilla.org/integration/autoland/rev/c4af9a62fcca732c7d39ea8bc8cdd36c37c4b046
Comment 7•2 years ago
|
||
bugherder |
Assignee | ||
Updated•2 years ago
|
Description
•