Comment #2 on issue 4168 by [email protected]: Array.of/from
use %AddElement unsafely
https://code.google.com/p/v8/issues/detail?id=4168
I don't understand the issue. Constructors must return objects (see step 13
of
http://people.mozilla.org/~jorendorff/es6-draft.html#sec-ecmascript-function-objects-construct-argumentslist-newtarget)
and objects seem to be able to hold their own against %AddElement when
they're sealed or have non-writable properties:
d8> function x() { Object.seal(this); }
undefined
d8> Array.of.call(x, [1])
(d8):1: TypeError: Can't add property length, object is not extensible
Array.of.call(x, [1])
^
TypeError: Can't add property length, object is not extensible
at Function.of (native)
at (d8):1:10
d8> function y() { Object.defineProperty(this, 'length', {value: 1,
configurable: false, writable: false}); }
undefined
d8> Array.of.call(y, [1])
(d8):1: TypeError: Cannot assign to read only property 'length' of #<y>
Array.of.call(y, [1])
^
TypeError: Cannot assign to read only property 'length' of #<y>
at Function.of (native)
at (d8):1:10
I can't find any exotic objects which behave badly; seems like only exotic
objects with a constructor are at issue, and I tried all of those that I
could think of, and they're fine.
Is this because I'm running in d8, and it could be worse if optimization
takes place, with optimized code not throwing the right exceptions somehow?
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
