Closed
Bug 718022
Opened 12 years ago
Closed 12 years ago
can we further nerf f.arguments?
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla12
People
(Reporter: luke, Assigned: luke)
References
Details
Attachments
(1 file, 3 obsolete files)
8.06 KB,
patch
|
Waldo
:
review+
dmandelin
:
superreview+
|
Details | Diff | Splinter Review |
Even with bug 592927, f.arguments still causes undue complexity (and gets in the way of the ideal solution for bug 659577). Fortunately, other browsers (chrome and ie) "break" f.arguments even more than we currently do (scare quotes b/c f.arguments is unspecified in ES3 and specified-to-be-a-poison-pill in ES5 strict). Already, in IE9, Chrome, and FF4+, function g() { f.arguments[0] = 42; } function f(arg) { g(); return arg; } f(10) returns 10. In Chrome: function g() { f.arguments[0] = 42; } function f(arg) { g(); return arguments[0]; } f(10) returns 10 when called from crankshaft. In IE9: function g() { return f.arguments[0]; } function f(arg) { arg = 42; return g(); } f(10) returns 10. The conditions where f.arguments breaks is obviously pretty irregular. Based on this and the fact that we didn't have a single reported breakage resulting from bug 592927, I doubt much code can be depending on these aliasing subtleties. Thus, I propose the following nerfing extension: f.arguments creates a new non-aliasing copy of the actual arguments, always. (If noone objects) the patch for this should be simple and back-out-able so we can use the same "send it down the chutes and back it out if it breaks the web" model as, say, the single-threaded runtime assert.
Assignee | ||
Comment 1•12 years ago
|
||
Assignee: general → luke
Status: NEW → ASSIGNED
Assignee | ||
Comment 2•12 years ago
|
||
I'll wait a bit longer for comment before requesting review on these.
Assignee | ||
Comment 3•12 years ago
|
||
Green on try
Assignee | ||
Updated•12 years ago
|
Attachment #588570 -
Flags: review?(jwalden+bmo)
Assignee | ||
Updated•12 years ago
|
Attachment #588571 -
Flags: superreview?(dmandelin)
Attachment #588571 -
Flags: review?(jwalden+bmo)
Assignee | ||
Comment 4•12 years ago
|
||
This patch nerfs a case the original missed by just doing what comment 0 said directly. It also adds a comment.
Attachment #588570 -
Attachment is obsolete: true
Attachment #588571 -
Attachment is obsolete: true
Attachment #588570 -
Flags: review?(jwalden+bmo)
Attachment #588571 -
Flags: superreview?(dmandelin)
Attachment #588571 -
Flags: review?(jwalden+bmo)
Attachment #588927 -
Flags: superreview?(dmandelin)
Attachment #588927 -
Flags: review?(jwalden+bmo)
Assignee | ||
Comment 5•12 years ago
|
||
Oops, missed a test in src/tests (overwritten args are ignored).
Attachment #588927 -
Attachment is obsolete: true
Attachment #588927 -
Flags: superreview?(dmandelin)
Attachment #588927 -
Flags: review?(jwalden+bmo)
Attachment #588949 -
Flags: superreview?(dmandelin)
Attachment #588949 -
Flags: review?(jwalden+bmo)
Comment 6•12 years ago
|
||
Comment on attachment 588949 [details] [diff] [review] simpler and more direct patch Review of attachment 588949 [details] [diff] [review]: ----------------------------------------------------------------- It's really really early and my sleep schedule's all shot to pieces (hopefully to be put back together during the BOS->SFO flight, priming me for a very early night's sleep that has me waking up at a normal time tomorrow), but I think I can review such a short patch without too much danger of footgunning.
Attachment #588949 -
Flags: review?(jwalden+bmo) → review+
Updated•12 years ago
|
Attachment #588949 -
Flags: superreview?(dmandelin) → superreview+
Assignee | ||
Comment 7•12 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/96fe039c4685
Target Milestone: --- → mozilla12
Comment 8•12 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/96fe039c4685
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•