Observability of NaN distinctions — is this a concern?

Brendan Eich brendan at mozilla.com
Fri Mar 22 19:47:52 PDT 2013


Kenneth Russell wrote:
> I hope that the ES6 integration of typed arrays will not require
> normalization of NaNs on write, even if other specification changes
> need to be made to avoid requiring it.

What other specification changes?

JITs use nan-boxing 
(http://wingolog.org/archives/2011/05/18/value-representation-in-javascript-implementations). 
If a typed array user could forge a nan-boxed value, they could pwn the 
JITting VM.

For interop, JS requires cross-browser (VM) NaN canonicalization to 
avoid observably different results on different browsers.

Ergo, ES6 must specify normative handling of NaNs

/be


More information about the es-discuss mailing list