Bug 205848 - Implementation of the class "extends" clause incorrectly uses __proto__ for setting prototypes
Summary: Implementation of the class "extends" clause incorrectly uses __proto__ for s...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: All All
: P2 Trivial
Assignee: Alexey Shvayka
URL:
Keywords: InRadar, WebExposed
Depends on:
Blocks: 140491
  Show dependency treegraph
 
Reported: 2020-01-07 00:34 PST by Claude Pache
Modified: 2020-08-25 00:46 PDT (History)
12 users (show)

See Also:

Attachments
Patch (14.28 KB, patch)
2020-08-24 15:48 PDT, Alexey Shvayka 		keith_miller: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Claude Pache 2020-01-07 00:34:43 PST 
Control case:

    Object.defineProperty(Object.prototype, '__proto__', {
        configurable: true
      , set(x) { Reflect.setPrototypeOf(this, x); }
    })
    class A extends Array { }
    Reflect.getPrototypeOf(A) === Array // true
    Reflect.getPrototypeOf(A.prototype) === Array.prototype // true
    "push" in (new A) // true

Things become weird as soon as someone is removing Object.prototype.__proto__:

    delete Object.prototype.__proto__
    class B extends Array { }
    Reflect.getPrototypeOf(B) === Array // false
    Reflect.getOwnPropertyDescriptor(B, '__proto__').value === Array // true
    Reflect.getPrototypeOf(B.prototype) === Array.prototype // false
    "push" in (new B) // false

Or, said more clearly:

    Object.defineProperty(Object.prototype, '__proto__', {
        configurable: true
      , set(x) { throw new EvalError("Your code is bitrotten!"); }
    })
    class C extends Array { } // EvalError: Your code is bitrotten!
Comment 1 Claude Pache 2020-01-07 00:44:11 PST 
Related bug: #157972
Comment 2 Alexey Shvayka 2020-08-24 15:48:50 PDT 
Created attachment 407145 [details]
Patch
Comment 3 Keith Miller 2020-08-24 16:13:21 PDT 
Comment on attachment 407145 [details]
Patch

r=me.
Comment 4 Alexey Shvayka 2020-08-25 00:45:04 PDT 
Committed r266106: <https://trac.webkit.org/changeset/266106>
Comment 5 Radar WebKit Bug Importer 2020-08-25 00:46:18 PDT 
<rdar://problem/67723992>