Bug 217051
| Summary: | A question about defineProperty of Proxy object | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | NWU_NISL <nisl_grammarly1> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Normal | CC: | ashvayka, fpizlo, ysuzuki |
| Priority: | P2 | ||
| Version: | WebKit Local Build | ||
| Hardware: | PC | ||
| OS: | Linux | ||
NWU_NISL
When calling "Object.defineProperty" as below, the internal method "[[DefineOwnProperty]" will be invoked.
According to ES10.0, when invoking the internal method "[[DefineOwnProperty]]" of the proxy object, the method "defineProperty" of proxy handler is called. So the overwritten property "defineProperty " below is called. And a false will be returned after using "ToBoolean" dealing with its return value, because the method's default return value is undefined.
Finally, a TypeError will be thrown as other engines(like V8,spiderMonkey and quickjs) do.
But jsc didn't throw any error as my expection, Is there any information I have missed?
#### version
dbae081
#### command
webkit/WebKitBuild/Debug/bin/jsc testcase.js
#### testcase
function main() {
var handler = {defineProperty:function(){
print("overwrite definedProperty");
}
};
var target = {"a":3};
var descBefore = Object.getOwnPropertyDescriptor(target,"a");
for(var j in descBefore){
print(j,descBefore[j]);
}
var p = new Proxy(target,handler);
var desc = {value:200};
var v21 = Object.defineProperty(p,"a",desc);
print(v21);
var descAfter = Object.getOwnPropertyDescriptor(target,"a");
for(var i in descAfter){
print(i,descAfter[i]);
}
}
main();
#### output
value 3
writable true
enumerable true
configurable true
overwrite definedProperty
[object Object]
value 3
writable true
enumerable true
configurable true
#### expected output
value 3
writable true
enumerable true
configurable true
overwrite definedProperty
TypeError: proxy defineProperty handler returned false for property '"a"'
contributor:Yuan Wang
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Alexey Shvayka
(In reply to NWU_NISL from comment #0)
> But jsc didn't throw any error as my expection, Is there any information I
> have missed?
Thank you for detailed bug report.
You are absolutely right, a TypeError should be thrown because the trap didn't return a truthy value.
r259822 fixed ProxyObject::performDefineOwnProperty() to do that, aligning JSC with other engines.
> #### version
> dbae081
This appears to be referring to https://github.com/WebKit/webkit/commit/dbae081ad7e22d9ab61edf2f337f6c2bb593c7f8,
which was 6 weeks after the fix. Are we sure it's correct?
I can confirm the bug reproducing in Safari 13.1.2, yet fixed in TP 113.
*** This bug has been marked as a duplicate of bug 210267 ***