Bug 200739

Summary: ProxyObject should not be allow to access its target's private properties.
Product: WebKit Reporter: Mark Lam <mark.lam>
Component: JavaScriptCoreAssignee: Mark Lam <mark.lam>
Status: RESOLVED FIXED    
Severity: Normal CC: ews-watchlist, fpizlo, keith_miller, msaboff, rmorisset, ryanhaddad, saam, tzagallo, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=200788
Bug Depends on: 200829    
Bug Blocks:    
Attachments:
Description Flags
proposed patch.
ysuzuki: review+, ews-watchlist: commit-queue-
patch for landing. none

Description Mark Lam 2019-08-14 15:39:38 PDT 
<rdar://problem/53972768>
Comment 1 Mark Lam 2019-08-14 15:50:09 PDT 
Created attachment 376324 [details]
proposed patch.
Comment 2 Yusuke Suzuki 2019-08-14 15:54:03 PDT 
Comment on attachment 376324 [details]
proposed patch.

r=me
Comment 3 EWS Watchlist 2019-08-14 18:56:53 PDT 
Comment on attachment 376324 [details]
proposed patch.

Attachment 376324 [details] did not pass jsc-ews (mac):
Output: https://webkit-queues.webkit.org/results/12914309

New failing tests:
stress/proxy-with-private-symbols.js.ftl-no-cjit-no-inline-validate
stress/proxy-with-private-symbols.js.dfg-eager-no-cjit-validate
stress/proxy-with-private-symbols.js.ftl-no-cjit-no-put-stack-validate
stress/proxy-with-private-symbols.js.no-ftl
stress/proxy-with-private-symbols.js.ftl-no-cjit-validate-sampling-profiler
stress/proxy-with-private-symbols.js.no-cjit-validate-phases
stress/proxy-with-private-symbols.js.ftl-no-cjit-small-pool
stress/proxy-with-private-symbols.js.dfg-maximal-flush-validate-no-cjit
stress/proxy-with-private-symbols.js.default
stress/proxy-with-private-symbols.js.ftl-eager-no-cjit
stress/proxy-with-private-symbols.js.mini-mode
stress/proxy-with-private-symbols.js.bytecode-cache
stress/proxy-with-private-symbols.js.ftl-eager
stress/proxy-with-private-symbols.js.dfg-eager
stress/proxy-with-private-symbols.js.ftl-no-cjit-b3o0
stress/proxy-with-private-symbols.js.ftl-eager-no-cjit-b3o1
stress/proxy-with-private-symbols.js.no-cjit-collect-continuously
stress/proxy-with-private-symbols.js.no-llint
Comment 4 Mark Lam 2019-08-14 20:26:17 PDT 
Created attachment 376346 [details]
patch for landing.
Comment 5 Mark Lam 2019-08-14 23:20:56 PDT 
Thanks for the review.  Landed in r248709: <http://trac.webkit.org/r248709>.
Comment 6 Ryan Haddad 2019-08-16 13:09:21 PDT 
Reverted r248709 for reason:

Caused test/built-ins/Promise/prototype/finally/this-value-non-promise.js to fail on test262 bot

Committed r248786: <https://trac.webkit.org/changeset/248786>
Comment 7 Ryan Haddad 2019-08-16 13:09:35 PDT 
(In reply to Ryan Haddad from comment #6)
> Reverted r248709 for reason:
> 
> Caused test/built-ins/Promise/prototype/finally/this-value-non-promise.js to
> fail on test262 bot
> 
> Committed r248786: <https://trac.webkit.org/changeset/248786>

Details in https://bugs.webkit.org/show_bug.cgi?id=200788
Comment 8 Mark Lam 2019-08-16 14:04:23 PDT 
Re-landed in r248796: <http://trac.webkit.org/r248796>.