[Harmony proxies] recursive fixing doesn't throw

RESOLVED FIXED

Status

()

Core
JavaScript Engine
P2
normal
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: Tom Van Cutsem, Assigned: jdm)

Tracking

Trunk
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [fixed-in-tracemonkey])

Attachments

(1 attachment, 1 obsolete attachment)

(Reporter)

Description

6 years ago
Recursively fixing a Harmony proxy should be short-circuited by throwing a TypeError, to safeguard against infinite loops. For instance:

    var proxy = Proxy.create({
      fix: function() {
        Object.preventExtensions(proxy); // triggers 'fix()' recursively
        return {};
      }
    });
    Object.preventExtensions(proxy); // triggers 'fix'

Result: InternalError: too much recursion
Expected: a TypeError

We reached consensus on this behavior in a TC39 meeting last year. Admittedly,
it's well hidden on the semantics page:
<http://wiki.ecmascript.org/doku.php?id=harmony:proxies_semantics>

"Note: recursive fixing should be disallowed. If fix() is called on a proxy
handler while the same proxy is already being fixed (an earlier call to fix()
is already on the stack), a TypeError should be thrown. "
(Reporter)

Updated

6 years ago
Priority: -- → P2
(Assignee)

Comment 1

6 years ago
Created attachment 528646 [details] [diff] [review]
Potential fix

So it looks like the code to do this properly is already present, but in the wrong spot. I have no way of accessing tryserver or a recent tree, so this patch may not apply or be correct. If someone (gal?) could try applying it and see if it solves the problem, I would be mighty appreciative.
Attachment #528646 - Flags: feedback?(gal)
Andreas, want to own this till Josh returns?

/be
Blocks: 600677
(Assignee)

Updated

6 years ago
Blocks: 655112
(Assignee)

Comment 3

6 years ago
Created attachment 530403 [details] [diff] [review]
Check proxy operations before fixing object.

Tested; this works correctly.
Assignee: general → josh
Attachment #528646 - Attachment is obsolete: true
Attachment #528646 - Flags: feedback?(gal)
Attachment #530403 - Flags: review?(gal)

Comment 4

6 years ago
Comment on attachment 530403 [details] [diff] [review]
Check proxy operations before fixing object.

Nice patch. Thanks!
Attachment #530403 - Flags: review?(gal) → review+
(Assignee)

Updated

6 years ago
Keywords: checkin-needed
Whiteboard: [needs push to t-m]
Keywords: checkin-needed → 4xp
OS: Mac OS X → All
Hardware: x86 → All
Whiteboard: [needs push to t-m] → [fixed in tracemonkey]
Keywords: 4xp

Comment 5

6 years ago
We need a regression test for this bug. http://hg.mozilla.org/tracemonkey/rev/6855db79531d does not include one.
cdleary-bot mozilla-central merge info:
http://hg.mozilla.org/mozilla-central/rev/6855db79531d
Note: not marking as fixed because fixed-in-tracemonkey is not present on the whiteboard.

Updated

6 years ago
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Whiteboard: [fixed in tracemonkey] → [fixed-in-tracemonkey]
You need to log in before you can comment on or make changes to this bug.