RESOLVED WONTFIX247723
`Symbol.toPrimitive` in property access 
https://bugs.webkit.org/show_bug.cgi?id=247723
Summary `Symbol.toPrimitive` in property access
Kanguk Lee
Reported 2022-11-10 02:47:09 PST
// input.js null [ { [ Symbol . toPrimitive ] : () => { REF_ERR; } } ] ; ________________________________________________________________ Hello, Running `input.js` should throw `ReferenceError`. However, running it using Webkit JavaScriptCore throws `TypeError`: --- $ jsc input.js Exception: TypeError: null is not an object (evaluating 'null [ { [ Symbol . toPrimitive ] : () => { REF_ERR; } } ]') global code@input.js:2:5 --- According to [ECMAScript 2022 spec section 13.3.2.1](https://262.ecma-international.org/13.0/#prod-3HizunKA), **EvaluatePropertyAccessWithIdentifierKey** is called in line 4, where *baseValue* is `null` and *Expression* is `{ [ Symbol . toPrimitive ] : () => { REF_ERR; } }`: In line 3 of section [13.3.3](https://262.ecma-international.org/13.0/#sec-evaluate-property-access-with-expression-key), **ToPropertyKey** is called, where *propertyNameValue* is an evaluated value of `expression`( i.e. `{ [ Symbol . toPrimitive ] : () => { REF_ERR; } }`). By the way, `TypeError` caused by reading a property of `null` can be thrown after line 4: Then **ToPrimitive** in the first line of section [7.1.19](https://262.ecma-international.org/13.0/#sec-topropertykey) is executed, with *argument* `{ [ Symbol . toPrimitive ] : () => { REF_ERR; } }`: Inside the function [**ToPrimitive**](https://262.ecma-international.org/13.0/#sec-toprimitive), now *input* is `{ [ Symbol . toPrimitive ] : () => { REF_ERR; } }` so `exoticToPrim` in line 1-a becomes `() => { REF_ERR; }`. Finally in line 1-b-iv, **Call** ing *exoticToPrim* leads to `ReferenceError` since `REF_ERR` is not defined. Interestingly, V8 has the same bug: --- $ node input.js input.js:1 null [ { [ Symbol . toPrimitive ] : () => { REF_ERR; } } ] ; ^ TypeError: Cannot read properties of null (reading '#<Object>') at Object.<anonymous> (input.js:1:6) at Module._compile (node:internal/modules/cjs/loader:1159:14) at Module._extensions..js (node:internal/modules/cjs/loader:1213:10) at Module.load (node:internal/modules/cjs/loader:1037:32) at Module._load (node:internal/modules/cjs/loader:878:12) at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:81:12) at node:internal/main/run_main_module:23:47 Node.js v18.11.0 --- WebKit version: 615.1.10
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2022-11-10 12:30:55 PST
<rdar://problem/102206485>
Ross Kirsling
Comment 2 2022-11-21 17:37:29 PST
This is a TypeError in all engines, so this would not be web compatible to fix. Please raise an issue at https://github.com/tc39/ecma262 if you think the spec requires a web reality fix.
Ross Kirsling
Comment 3 2022-11-21 18:11:14 PST
(In reply to Ross Kirsling from comment #2) > This is a TypeError in all engines, so this would not be web compatible to > fix. Please raise an issue at https://github.com/tc39/ecma262 if you think > the spec requires a web reality fix. Oops, the issue already exists: https://github.com/tc39/ecma262/issues/2659
Note You need to log in before you can comment on or make changes to this bug.