Thanks for the discussion, I'll add a test case for this. (I was tracing some code trying to understand why HasElement was so slow and this seemed like low-hanging fruit.)
On Mon, Feb 25, 2013 at 6:51 AM, <[email protected]> wrote: > On 2013/02/25 14:43:40, rossberg wrote: > >> On 2013/02/25 14:29:08, Michael Starzinger wrote: >> > The removal of the HandleScope itself looks good. >> > >> > https://codereview.chromium.**org/12328064/diff/1/src/**objects.cc<https://codereview.chromium.org/12328064/diff/1/src/objects.cc> >> > File src/objects.cc (left): >> > >> > https://codereview.chromium.**org/12328064/diff/1/src/** >> objects.cc#oldcode3373<https://codereview.chromium.org/12328064/diff/1/src/objects.cc#oldcode3373> >> > src/objects.cc:3373: // Handle [] on String objects. >> > On 2013/02/25 10:46:25, rossberg wrote: >> > > I'm not sure removing this is correct. This function is also called by >> > > GetPropertyAttributeWithReceiv**er, and on that path, I don't think >> strings >> > would >> > > be handled otherwise. >> > >> > I agree with this comment. I think this can be triggered by checking >> "'0' in >> o" >> > where o has an interceptor and it's prototype is a string. But that is >> just >> > speculation. >> > > You cannot actually have a string as a prototype. I think the example in >> question would be: >> > > "0" in "" >> > > It is true that a string primitive cannot be used as a prototype, but a > string > value wrapper can be. And there is a call-path that leads to this site > through > the post-interceptor lookup on the prototype chain. So the following should > reproduce the issue ... > > var s = new String('foobar'); > var o = { __proto__:s }; > print('0' in o); > > ... if "o" also has an interceptor. But then again, I am still speculating > here, > and I am too lazy to write a cctest to prove my point. :) > > https://codereview.chromium.**org/12328064/<https://codereview.chromium.org/12328064/> > -- -- v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev --- You received this message because you are subscribed to the Google Groups "v8-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
