Modify Object.{freeze,seal,isFrozen,isSealed} to avoid the problematic "caller" method on Functions.

Modify Object.{freeze,seal,isFrozen,isSealed} to avoid the problematic "caller" method on Functions.

Given that we know the property is always non-writable and non-configurable, there's no need to ever check it or redefine it in these methods.

BUG=v8:2407

[adamk, 2012-11-14 20:34:14]

This approach is pretty hacky, but other approaches I tried were worse. We can't
simply create a %GetOwnPropertyAttributes method, since we need (for freeze and
seal) to actually get ahold of the current value. That's how I settled on this
minimal approach.

[rossberg, 2012-11-16 12:28:55]

Hm, I'm not sure that this hack is the right way to approach the problem. It
actually points at a deeper issue with caller poisoning and our implementation
of it, which attempts to fix a hole in the spec (cf.
https://bugs.ecmascript.org/show_bug.cgi?id=310). I sent a mail to es-discuss in
the hope of finding a resolution.

For the time being, I'd suggest simply commenting out the check in
Object.observe, which is not crucial anyway.

https://codereview.chromium.org/11312247/diff/1/src/v8natives.js
File src/v8natives.js (right):

https://codereview.chromium.org/11312247/diff/1/src/v8natives.js#newcode1159
src/v8natives.js:1159: if (IS_SPEC_FUNCTION(obj)) {
IS_FUNCTION probably is more adequate here, since it shouldn't be a proxy.

[arv (Not doing code reviews), 2012-11-16 14:38:05]

https://codereview.chromium.org/11312247/diff/1/src/v8natives.js
File src/v8natives.js (right):

https://codereview.chromium.org/11312247/diff/1/src/v8natives.js#newcode1159
src/v8natives.js:1159: if (IS_SPEC_FUNCTION(obj)) {
On 2012/11/16 12:28:55, rossberg wrote:
> IS_FUNCTION probably is more adequate here, since it shouldn't be a proxy.

There are more poison pills than functionObj.caller

function.arguments
arguments.caller
arguments.callee

[rossberg, 2012-11-16 15:52:45]

https://codereview.chromium.org/11312247/diff/1/src/v8natives.js
File src/v8natives.js (right):

https://codereview.chromium.org/11312247/diff/1/src/v8natives.js#newcode1159
src/v8natives.js:1159: if (IS_SPEC_FUNCTION(obj)) {
On 2012/11/16 14:38:06, arv wrote:
> On 2012/11/16 12:28:55, rossberg wrote:
> > IS_FUNCTION probably is more adequate here, since it shouldn't be a proxy.
> 
> There are more poison pills than functionObj.caller
> 
> function.arguments
> arguments.caller
> arguments.callee

Yes, but this issue affects only "caller", because it is due to its special
casing in 15.3.5.4.

[arv (Not doing code reviews), 2012-11-16 16:07:33]

On 2012/11/16 15:52:45, rossberg wrote:
> https://codereview.chromium.org/11312247/diff/1/src/v8natives.js
> File src/v8natives.js (right):
> 
> https://codereview.chromium.org/11312247/diff/1/src/v8natives.js#newcode1159
> src/v8natives.js:1159: if (IS_SPEC_FUNCTION(obj)) {
> On 2012/11/16 14:38:06, arv wrote:
> > On 2012/11/16 12:28:55, rossberg wrote:
> > > IS_FUNCTION probably is more adequate here, since it shouldn't be a proxy.
> > 
> > There are more poison pills than functionObj.caller
> > 
> > function.arguments
> > arguments.caller
> > arguments.callee
> 
> Yes, but this issue affects only "caller", because it is due to its special
> casing in 15.3.5.4.

Thanks. Very clear.

Adam, maybe add a comment to see 15.3.5.4?