RESOLVED FIXED 154768
ProxyObject.[[GetOwnProperty]] is partially broken because it doesn't propagate information back to the slot 
https://bugs.webkit.org/show_bug.cgi?id=154768
Summary ProxyObject.[[GetOwnProperty]] is partially broken because it doesn't propaga...
Saam Barati
Reported 2016-02-26 18:13:49 PST
...
Attachments
patch (12.23 KB, patch)
2016-02-26 20:34 PST, Saam Barati 		rniwa: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Saam Barati
Comment 1 2016-02-26 20:34:46 PST
Created attachment 272397 [details] patch
Ryosuke Niwa
Comment 2 2016-02-26 21:53:11 PST
Comment on attachment 272397 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=272397&action=review > Source/JavaScriptCore/ChangeLog:10 > + This fixes a big bug with ProxyObject.[[GetOwnProperty]]. We weren't > + correctly propagating the result of this operation to the out PropertySlot& > + parameter. This patch fixes that and adds tests. Can we refer to http://www.ecma-international.org/ecma-262/6.0/#sec-proxy-object-internal-methods-and-internal-slots-getownproperty-p either in the change log or in the code? > Source/JavaScriptCore/runtime/ObjectConstructor.cpp:236 > JSObject* description = constructEmptyObject(exec); > + if (exec->hadException()) > + return jsUndefined(); Please mention this change in the change log. > Source/JavaScriptCore/runtime/ProxyObject.cpp:216 > + GetterSetter* getterSetter = trapResultAsDescriptor.slowGetterSetter(exec); > + if (exec->hadException()) > + return false; I guess the only way we can fail here would be memory exhaustion? Otherwise, we should be careful about the order in which these conditions are checked as they're observable.
Saam Barati
Comment 3 2016-02-28 10:40:53 PST
landed in: http://trac.webkit.org/changeset/197295
Note You need to log in before you can comment on or make changes to this bug.