Revision: 6291
Author: [email protected]
Date: Wed Jan 12 22:56:54 2011
Log: Do not allow accessors to intercept getting/setting properties on
error objects under construction and string conversions.
Review URL: http://codereview.chromium.org/6146009
http://code.google.com/p/v8/source/detail?r=6291
Modified:
/branches/bleeding_edge/src/messages.js
/branches/bleeding_edge/test/mjsunit/error-constructors.js
=======================================
--- /branches/bleeding_edge/src/messages.js Wed Dec 15 01:31:05 2010
+++ /branches/bleeding_edge/src/messages.js Wed Jan 12 22:56:54 2011
@@ -946,12 +946,20 @@
f.prototype.name = name;
%SetCode(f, function(m) {
if (%_IsConstructCall()) {
+ // Define all the expected properties directly on the error
+ // object. This avoids going through getters and setters defined
+ // on prototype objects.
+ %IgnoreAttributesAndSetProperty(this, 'stack', void 0);
+ %IgnoreAttributesAndSetProperty(this, 'arguments', void 0);
+ %IgnoreAttributesAndSetProperty(this, 'type', void 0);
if (m === kAddMessageAccessorsMarker) {
+ // DefineOneShotAccessor always inserts a message property and
+ // ignores setters.
DefineOneShotAccessor(this, 'message', function (obj) {
return FormatMessage({type: obj.type, args: obj.arguments});
});
} else if (!IS_UNDEFINED(m)) {
- this.message = ToString(m);
+ %IgnoreAttributesAndSetProperty(this, 'message', ToString(m));
}
captureStackTrace(this, f);
} else {
@@ -992,8 +1000,8 @@
if (type && !this.hasOwnProperty("message")) {
return this.name + ": " + FormatMessage({ type: type, args:
this.arguments });
}
- var message = this.message;
- return this.name + (message ? (": " + message) : "");
+ var message = this.hasOwnProperty("message") ? (": " +
this.message) : "";
+ return this.name + message;
}, DONT_ENUM);
=======================================
--- /branches/bleeding_edge/test/mjsunit/error-constructors.js Tue Dec 7
03:01:02 2010
+++ /branches/bleeding_edge/test/mjsunit/error-constructors.js Wed Jan 12
22:56:54 2011
@@ -1,4 +1,4 @@
-// Copyright 2009 the V8 project authors. All rights reserved.
+// Copyright 2011 the V8 project authors. All rights reserved.
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are
// met:
@@ -30,3 +30,22 @@
Error.prototype.toString = Object.prototype.toString;
assertEquals("[object Error]", Error.prototype.toString());
assertEquals(Object.prototype, Error.prototype.__proto__);
+
+// Check that error construction does not call setters for the
+// properties on error objects in prototypes.
+function fail() { assertTrue(false); };
+ReferenceError.prototype.__defineSetter__('stack', fail);
+ReferenceError.prototype.__defineSetter__('message', fail);
+ReferenceError.prototype.__defineSetter__('type', fail);
+ReferenceError.prototype.__defineSetter__('arguments', fail);
+var e0 = new ReferenceError();
+var e1 = new ReferenceError('123');
+assertTrue(e1.hasOwnProperty('message'));
+assertTrue(e0.hasOwnProperty('stack'));
+assertTrue(e1.hasOwnProperty('stack'));
+assertTrue(e0.hasOwnProperty('type'));
+assertTrue(e1.hasOwnProperty('type'));
+assertTrue(e0.hasOwnProperty('arguments'));
+assertTrue(e1.hasOwnProperty('arguments'));
+
+
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
