Title: [154630] trunk/Source/_javascript_Core
- Revision
- 154630
- Author
- [email protected]
- Date
- 2013-08-26 13:01:55 -0700 (Mon, 26 Aug 2013)
Log Message
Object.defineProperty should be able to create a PropertyDescriptor where m_attributes == 0
https://bugs.webkit.org/show_bug.cgi?id=120314
Reviewed by Darin Adler.
Currently with the way that defineProperty works, we leave a stray low bit set in
PropertyDescriptor::m_attributes in the following code:
var o = {};
Object.defineProperty(o, 100, {writable:true, enumerable:true, configurable:true, value:"foo"});
This is due to the fact that the lowest non-zero attribute (ReadOnly) is represented as 1 << 1
instead of 1 << 0. We then calculate the default attributes as (DontDelete << 1) - 1, which is 0xF,
but only the top three bits mean anything. Even in the case above, the top three bits are set
to 0 but the bottom bit remains set, which causes us to think m_attributes is non-zero.
Since some of these attributes and their corresponding values are exposed in the _javascript_Core
framework's public C API, it's safer to just change how we calculate the default value, which is
where the weirdness was originating from in the first place.
* runtime/PropertyDescriptor.cpp:
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (154629 => 154630)
--- trunk/Source/_javascript_Core/ChangeLog 2013-08-26 19:19:50 UTC (rev 154629)
+++ trunk/Source/_javascript_Core/ChangeLog 2013-08-26 20:01:55 UTC (rev 154630)
@@ -1,3 +1,27 @@
+2013-08-26 Mark Hahnenberg <[email protected]>
+
+ Object.defineProperty should be able to create a PropertyDescriptor where m_attributes == 0
+ https://bugs.webkit.org/show_bug.cgi?id=120314
+
+ Reviewed by Darin Adler.
+
+ Currently with the way that defineProperty works, we leave a stray low bit set in
+ PropertyDescriptor::m_attributes in the following code:
+
+ var o = {};
+ Object.defineProperty(o, 100, {writable:true, enumerable:true, configurable:true, value:"foo"});
+
+ This is due to the fact that the lowest non-zero attribute (ReadOnly) is represented as 1 << 1
+ instead of 1 << 0. We then calculate the default attributes as (DontDelete << 1) - 1, which is 0xF,
+ but only the top three bits mean anything. Even in the case above, the top three bits are set
+ to 0 but the bottom bit remains set, which causes us to think m_attributes is non-zero.
+
+ Since some of these attributes and their corresponding values are exposed in the _javascript_Core
+ framework's public C API, it's safer to just change how we calculate the default value, which is
+ where the weirdness was originating from in the first place.
+
+ * runtime/PropertyDescriptor.cpp:
+
2013-08-24 Sam Weinig <[email protected]>
Add support for Promises
Modified: trunk/Source/_javascript_Core/runtime/PropertyDescriptor.cpp (154629 => 154630)
--- trunk/Source/_javascript_Core/runtime/PropertyDescriptor.cpp 2013-08-26 19:19:50 UTC (rev 154629)
+++ trunk/Source/_javascript_Core/runtime/PropertyDescriptor.cpp 2013-08-26 20:01:55 UTC (rev 154630)
@@ -33,7 +33,7 @@
#include "Operations.h"
namespace JSC {
-unsigned PropertyDescriptor::defaultAttributes = (DontDelete << 1) - 1;
+unsigned PropertyDescriptor::defaultAttributes = DontDelete | DontEnum | ReadOnly;
bool PropertyDescriptor::writable() const
{
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
