Possible Loophole (was: Proposal: Property fixing)

David Bruant david.bruant at labri.fr
Sun Jun 19 09:11:18 PDT 2011


Le 19/06/2011 16:53, Tom Van Cutsem a écrit :
> 2011/6/17 David Bruant <david.bruant at labri.fr
> <mailto:david.bruant at labri.fr>>
>
>     Le 17/06/2011 22:20, Mark S. Miller a écrit :
>>     Hmmm. This suggests a loophole that might help out on some of the
>>     proxy cases we're concerned about. I know of no universal
>>     constraint that a proxy's handler could violate if it could 1)
>>     trap attempts to change the value of a writable non-configurable
>>     property, and 2) could respond by either setting the value as it
>>     likes or reporting a failed assignment. The handler must of
>>     course be prevented from changing any other attribute, except to
>>     change from writable to non-writable. AFAICT, this does not
>>     weaken any assumptions that are safe to assume regarding ES5.1
>>     non-native objects.
>     Actually, since in the recent version of the strawman, the
>     defineProperty trap is actualy trapped even for fixed properties,
>     I think that what you're describing is happening already. Is it Tom?
>
>
> Yes, with one minor difference: as currently specced in the strawman,
> the proxy handler can trap attempts to change the value of any fixed
> non-configurable property, both writable and non-writable. Still, the
> handler will be prevented from changing writable:false to
> writable:true, which seems to be the important invariant to uphold.
>
> So, updates to non-writable, non-configurable fixed properties are
> currently trapped, but the handler can't actually change the
> property. Should the strawman be changed such that defineProperty is
> only trapped on writable, non-configurable fixed properties?
With the current fixed properties proposal, here is what happens in the
engine at an Object.defineProperty(o, name, pd) call:
----
if("name" has already been observed as non-configurable){
  [[DefineOwnProperty]] (name, pd) on the fixed properties record //
ES5.1 - 8.12.9
  // This call includes invariant checking code
}
else{
  resPd = ToPropertydescriptor(call o's defineProperty trap with [o,
name, pd]);
  if(!resPd.configurable){
    add "name" to fixed properties record with resPd as property descriptor
  }
}
----

What about doing the following:
----
// (Calling the trap in all cases)
resPd = ToPropertyDescriptor(call o's defineProperty trap with [o, name,
pd]);

if("name" has already been observed as non-configurable){
  [[DefineOwnProperty]] (name, resPd) on the non-configurable properties
record // ES5.1 - 8.12.9
  // This call includes the exact same invariant checking code

}
else{
  if(!resPd.configurable){
    add "name" to non-configurable properties record with resPd as
property descriptor
  } 
}
----

The same amount of engine code is called and we have the genericity of
calling the defineProperty trap every single time.

David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20110619/d096b9ab/attachment.html>


More information about the es-discuss mailing list