[v8-dev] Fixes issue 712 causing non-configurable accessors to be overwritable by usin... (issue2131019)

Thu, 20 May 2010 06:28:31 -0700 

Reviewers: Erik Corry,

Message:
Ugly conditional with a lot of comparisons - I don't have an easy solution to 
make this more readable.

Description:
Fixes issue 712 causing non-configurable accessors to be overwritable by using 
Object.defineProperty with empty property descriptor.
The issue is fixed by implementing step 5 and 6 from DefineOwnProperty in the 
specification (ES5 8.12.9).

This also fixes a bug in SameValue when used on boolean values (it
would priorly return a number - not a boolean).


Please review this at http://codereview.chromium.org/2131019/show

SVN Base: http://v8.googlecode.com/svn/branches/bleeding_edge/

Affected files:
  M     src/runtime.js
  M     src/v8natives.js
  A     test/mjsunit/regress/regress-712.js


Index: src/runtime.js
===================================================================
--- src/runtime.js      (revision 4684)
+++ src/runtime.js      (working copy)
@@ -570,7 +570,7 @@
     return x == y;
   }
   if (IS_STRING(x)) return %StringEquals(x, y);
-  if (IS_BOOLEAN(x))return %NumberEquals(%ToNumber(x),%ToNumber(y));
+  if (IS_BOOLEAN(x))return y == x;

   return %_ObjectEquals(x, y);
 }
Index: src/v8natives.js
===================================================================
--- src/v8natives.js    (revision 4684)
+++ src/v8natives.js    (working copy)
@@ -434,6 +434,11 @@
 }


+PropertyDescriptor.prototype.hasWritable = function() {
+  return this.hasWritable_;
+}
+
+
 PropertyDescriptor.prototype.setConfigurable = function(configurable) {
   this.configurable_ = configurable;
   this.hasConfigurable_ = true;
@@ -537,6 +542,25 @@
     throw MakeTypeError("define_disallowed", ["defineProperty"]);

   if (!IS_UNDEFINED(current) && !current.isConfigurable()) {
+    // Step 5
+    if (!desc.hasConfigurable() && !desc.hasEnumerable() &&
+        !desc.hasWritable() && !desc.hasValue() && !desc.hasGetter() &&
+        !desc.hasSetter()) return true;
+
+    // Step 6
+    if ((!desc.hasEnumerable() ||
+         SameValue(desc.isEnumerable() && current.isEnumerable())) &&
+        (!desc.hasConfigurable() ||
+         SameValue(desc.isConfigurable(), current.isConfigurable())) &&
+        (!desc.hasWritable() ||
+         SameValue(desc.isWritable(), current.isWritable())) &&
+        (!desc.hasValue() ||
+         SameValue(desc.getValue(), current.getValue())) &&
+        (!desc.hasGetter() ||
+         SameValue(desc.getGet(), current.getGet())) &&
+        (!desc.hasSetter() ||
+         SameValue(desc.getSet(), current.getSet()))) return true;
+                       
     // Step 7
if (desc.isConfigurable() || desc.isEnumerable() != current.isEnumerable()) 
       throw MakeTypeError("redefine_disallowed", ["defineProperty"]);
Index: test/mjsunit/regress/regress-712.js
===================================================================
--- test/mjsunit/regress/regress-712.js (revision 0)
+++ test/mjsunit/regress/regress-712.js (revision 0)
@@ -0,0 +1,35 @@
+// Copyright 2010 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+//       notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer in the documentation and/or other materials provided
+//       with the distribution.
+//     * Neither the name of Google Inc. nor the names of its
+//       contributors may be used to endorse or promote products derived
+//       from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// See: http://code.google.com/p/v8/issues/detail?id=712
+
+var obj = {};
+Object.defineProperty(obj, "x", { get: function() { return "42"; },
+                                  configurable: false });
+assertEquals(obj.x, "42");
+Object.defineProperty(obj, 'x', {});
+assertEquals(obj.x, "42");


--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev

Reply via email to