Redefining Function.prototype.toString causes typed array constructors to throw TypeError

[paul-calvelage]

This is a bug I discovered while working on a Javascript kata, where the author had redefined Function.prototype.toString in the preloaded code section, I am guessing in an attempt to prevent cheating. I then attempted a solution using typed arrays and stumbled onto this. Luckily I have enough honor points to poke around the beta kata to see what is happening.

Anyway, I can reproduce the problem on other kata, which is why I am reporting it here rather than just to the author. The steps below are sufficient to duplicate the issue on any kata.

For some reason I am not able to grasp, redefining Function.prototype.toString causes the typed array constructors, such as Int16Array, to throw a TypeError (not directly, but via the backend of Codewars somewhere). This is unexpected, and I'm sure the author was not trying to block the use of typed arrays by hiding the source code of functions.

How to reproduce the problem:

Step 1: (While logged in...) Train on any random Javascript kata (it doesn't matter, say http://www.codewars.com/kata/56dae9dc54c0acd29d00109a/train/javascript just for example).
Step 2: In the "Your Solution" editor paste:

Function.prototype.toString = {};
var x = new Int16Array();
var y = new Int16Array();

Step 3: In the "Your Test Cases" editor paste:

Test.expect(true);

Step 4: Click "Run Tests"

Expected behavior: "Test Passed" appears in the "Output" window highlighted in green. This is expected since Test.expect(true) should pass and new Int16Array() should not throw an error.
Buggy behavior: "TypeError: Cannot convert object to primitive value" appears in the "Output" window highlighted in red.

Clues

Something in the backend could be calling toString on Int16Array. This code:

Function.prototype.toString = function() { console.log(this); };
var x = new Int16Array();
var y = new Int16Array();

produces:

[Function: get]
[Function: set]
[Function: slice]
[Function: subarray]
[Function: slice]
Test Passed

And this:

Function.prototype.toString = function() { Int16Array(); };
var x = new Int16Array();
var y = new Int16Array();

is enough to blow up the stack via recursion

RangeError: Maximum call stack size exceeded

So why is toString being called on Int16Array functions? Is noderunner doing it or something else?

[jhoffner]

I'll have to think on this one. Not sure if this is really a bug with CW or not. You would expect bad things to happen if you do Function.prototype.toString = {};. {} isn't even a function.

[paul-calvelage]

I agree that it might not be Codewars. My first instinct was that this could be a problem with the version of Node.js and/or Babel. But I couldn't reproduce it using Node.js on my computer, and I didn't see anything in the Node.js or Babel bug database relating to this. It's very possible I missed something.

When I have more time I might try downgrading my machine to the versions that Codewars is using to see if this is something that has already been fixed upstream.

At my suggestion, the author of the kata I noticed this on had already worked around the problem yesterday by changing the definition to

Function.prototype.toString = function() { return ''; }

(http://www.codewars.com/kata/how-many-are-smaller-than-me-ii/discuss#570b448b023799af2d000a51)

There didn't seem to be any obvious ill effects. But I'm still scratching my head about the cause.

[kazk]

Closing because this is not Codewars issue and we don't support Node 0.10.x anymore. (I'm assuming this is about 0.10.x because Node 6 was not released when this issue was opened.)