From 30fe3de91dd49bc6f725bbae24095c99fe7d001f Mon Sep 17 00:00:00 2001 From: Fabrice Bellard Date: Tue, 29 Apr 2025 19:03:36 +0200 Subject: [PATCH] Object.prototype has an immutable prototype --- TODO | 4 ++-- quickjs.c | 23 ++++++++++++++++++++++- test262_errors.txt | 3 +-- 3 files changed, 25 insertions(+), 5 deletions(-) diff --git a/TODO b/TODO index e770bce..db4ff5f 100644 --- a/TODO +++ b/TODO @@ -62,6 +62,6 @@ Optimization ideas: Test262o: 0/11262 errors, 463 excluded Test262o commit: 7da91bceb9ce7613f87db47ddd1292a2dda58b42 (es5-tests branch) -Result: 66/78176 errors, 1612 excluded, 7236 skipped -Test262 commit: 56e77d6325067a545ea7e8ff5be5d9284334e33c +Result: 65/78182 errors, 1628 excluded, 7233 skipped +Test262 commit: 27622d764767dcb3778784884022c2c7de5769b8 diff --git a/quickjs.c b/quickjs.c index 9979dc4..aa174e9 100644 --- a/quickjs.c +++ b/quickjs.c @@ -914,6 +914,7 @@ struct JSObject { uint8_t is_exotic : 1; /* TRUE if object has exotic property handlers */ uint8_t fast_array : 1; /* TRUE if u.array is used for get/put (for JS_CLASS_ARRAY, JS_CLASS_ARGUMENTS and typed arrays) */ uint8_t is_constructor : 1; /* TRUE if object is a constructor function */ + uint8_t has_immutable_prototype : 1; /* cannot modify the prototype */ uint8_t tmp_mark : 1; /* used in JS_WriteObjectRec() */ uint8_t is_HTMLDDA : 1; /* specific annex B IsHtmlDDA behavior */ uint16_t class_id; /* see JS_CLASS_x */ @@ -5053,6 +5054,7 @@ static JSValue JS_NewObjectFromShape(JSContext *ctx, JSShape *sh, JSClassID clas p->is_exotic = 0; p->fast_array = 0; p->is_constructor = 0; + p->has_immutable_prototype = 0; p->tmp_mark = 0; p->is_HTMLDDA = 0; p->weakref_count = 0; @@ -7192,6 +7194,15 @@ static inline __exception int js_poll_interrupts(JSContext *ctx) } } +static void JS_SetImmutablePrototype(JSContext *ctx, JSValueConst obj) +{ + JSObject *p; + if (JS_VALUE_GET_TAG(obj) != JS_TAG_OBJECT) + return; + p = JS_VALUE_GET_OBJ(obj); + p->has_immutable_prototype = TRUE; +} + /* Return -1 (exception) or TRUE/FALSE. 'throw_flag' = FALSE indicates that it is called from Reflect.setPrototypeOf(). */ static int JS_SetPrototypeInternal(JSContext *ctx, JSValueConst obj, @@ -7241,7 +7252,15 @@ static int JS_SetPrototypeInternal(JSContext *ctx, JSValueConst obj, sh = p->shape; if (sh->proto == proto) return TRUE; - if (!p->extensible) { + if (unlikely(p->has_immutable_prototype)) { + if (throw_flag) { + JS_ThrowTypeError(ctx, "prototype is immutable"); + return -1; + } else { + return FALSE; + } + } + if (unlikely(!p->extensible)) { if (throw_flag) { JS_ThrowTypeError(ctx, "object is not extensible"); return -1; @@ -51162,6 +51181,8 @@ static void JS_AddIntrinsicBasicObjects(JSContext *ctx) int i; ctx->class_proto[JS_CLASS_OBJECT] = JS_NewObjectProto(ctx, JS_NULL); + JS_SetImmutablePrototype(ctx, ctx->class_proto[JS_CLASS_OBJECT]); + ctx->function_proto = JS_NewCFunction3(ctx, js_function_proto, "", 0, JS_CFUNC_generic, 0, ctx->class_proto[JS_CLASS_OBJECT]); diff --git a/test262_errors.txt b/test262_errors.txt index c6251d2..5fb832d 100644 --- a/test262_errors.txt +++ b/test262_errors.txt @@ -5,7 +5,7 @@ test262/test/staging/sm/Date/non-iso.js:76: Test262Error: Expected SameValue(«N test262/test/staging/sm/Date/two-digit-years.js:76: Test262Error: Expected SameValue(«915177600000», «NaN») to be true test262/test/staging/sm/Function/arguments-parameter-shadowing.js:15: Test262Error: Expected SameValue(«true», «false») to be true test262/test/staging/sm/Function/constructor-binding.js:12: Test262Error: Expected SameValue(«"function"», «"undefined"») to be true -test262/test/staging/sm/Function/function-bind.js:14: Test262Error: Expected SameValue(«false», «true») to be true +test262/test/staging/sm/Function/function-bind.js:14: Test262Error: Conforms to NativeFunction Syntax: "function bound unbound() {\n [native code]\n}" test262/test/staging/sm/Function/function-name-for.js:12: Test262Error: Expected SameValue(«""», «"forInHead"») to be true test262/test/staging/sm/Function/function-toString-builtin.js:14: Test262Error: Expected match to '/^\s*function\s*(get|set)?\s*(\w+|(?:'[^']*')|(?:"[^"]*")|\d+|(?:\[[^\]]+\]))?\s*\(\s*\)\s*\{\s*\[native code\]\s*\}\s*$/', Actual value 'function bound fn() { [native code] @@ -51,7 +51,6 @@ test262/test/staging/sm/lexical-environment/block-scoped-functions-annex-b-if.js test262/test/staging/sm/lexical-environment/block-scoped-functions-annex-b-notapplicable.js:15: Test262Error: Expected SameValue(«function x() {2}», «function x() {1}») to be true test262/test/staging/sm/lexical-environment/block-scoped-functions-deprecated-redecl.js:23: Test262Error: Expected SameValue(«3», «4») to be true test262/test/staging/sm/lexical-environment/var-in-catch-body-annex-b-eval.js:17: Test262Error: Expected SameValue(«"g"», «"global-x"») to be true -test262/test/staging/sm/module/module-export-name-star.js:15: SyntaxError: identifier expected test262/test/staging/sm/object/defineProperties-order.js:14: Test262Error: Expected SameValue(«"ownKeys,getOwnPropertyDescriptor,getOwnPropertyDescriptor,get,get"», «"ownKeys,getOwnPropertyDescriptor,get,getOwnPropertyDescriptor,get"») to be true test262/test/staging/sm/regress/regress-577648-1.js:21: Test262Error: 1 Expected SameValue(«true», «false») to be true test262/test/staging/sm/regress/regress-577648-2.js:14: Test262Error: Expected SameValue(«true», «false») to be true