search

chakra-core / ChakraCore

ChakraCore is an open source Javascript engine with a C API.
MIT License
9.1k stars 1.19k forks source link

An issue about the Object.freeze() #6518

Open NWU-NISL opened 3 years ago

NWU-NISL commented 3 years ago

When I performed a freeze operation on an initialized TypedArray, ChakraCore did not report an error, but other engines, such as SpiderMonkey and JavascriptCore, all reported errors.So I think there may be something wrong here.

version

chakra-1_11_22

command

ChakraCore/out/Debug/ch testcase.js

testcase

var NISLFuzzingFunc = function(){
    Object.freeze(new Int8Array(1));
}
NISLFuzzingFunc();

Output

No output.

Expected behavior

TypeError:cannot redefine non-configurable property 0.

Contributor : @Haobin-Lee

ppenzin commented 3 years ago

MDN has almost the same example: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/freeze

Yes, that should be a TypeError

rhuanjl commented 3 years ago

I've had a quick dig here - the spec sets out a specific way of doing this that would throw with an typed array BUT the CC implementation is different - and doesn't have the ability to throw. To fix this could either implement the actual method per spec OR special case it to throw for non-empty typedarrays/dataviews.