New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Constructor for Symbol class in VM does not validate - should this be declared correct? #11669
Comments
cc @gbracha. |
I think that it would be quite reasonable for Symbol to encode any string. Symbol literals are syntactically restricted to (optionally qualified) identifiers but the class Symbol need not enforce that I think. |
The current specification of Symbol was agreed upon in the initial specification and is implemented as a special rule in dart2js. The VM should be able to do the same. Removed Area-Library label. |
Issue #19636 has been merged into this issue. |
The current design requires special compiler recognition and handling of the A const invocation of It's current declaration signature is The VM's current approach is to just not implement the specified behavior. Apparently it hasn't been a problem (it does allow all the cases that should be allowed, it just allows more as well). There are usability consequences, though. They cannot make it an error if someone tries to create a private symbol as |
This is still an issue: The VM accepts arguments to the constructor which it is specified to reject. On top of that, the VM assumes that a user provided symbol string does follow the specification, and mangles the user input. var uri = Uri.parse("http://foo:bar@baz.qux/test.dyt");
var symbol = Symbol(uri.authority); // Should be rejected.
print(symbol); // Prints Symbol("bar.qux").
print(#bar.qux); // Prints Symbol("bar.qux").
print(symbol == #bar.qux); // false This happens because the VM accepts unvalidated user inputs, but it also assumes that it can embed its own secret information in the string. Those two are choices are incompatible. The VM needs to either validate user inputs, or find a way to avoid that its internal representation clashes with user inputs (maybe insert escapes if the user input contains This is not a front-end issue, the issue happens with run-time created objects (the front end does check constants in the constant transformer, but apparently the VM doesn't use that). (I'm personally OK with removing the need to validate symbol inputs, but then the VM still needs to avoid collisions with its internal string encodings). |
This issue was originally filed by @mhausner
The VM version of the const constructor Symbol() is wrong. It has a non-const initializer.
const Symbol(String name)
: this._name = validate(name);
I am implementing stricter constness checks in the VM right now and am removing the call to validate(). This results in corelib/symbol_test failing.
The text was updated successfully, but these errors were encountered: