Skip to content

[CP][stable channel][beta channel] Mitigate unspecified behavior in DDC with Chrome 86 #43885

Closed
@sigmundch

Description

@sigmundch

commit(s) to merge: 34b485c

merge instructions: clean merge

What is the issue: Chrome 86 has several breaking changes that may affect DDC. Some affect DDC during load time (like the one we fixed and cherry-picked 2 months ago: #43287) and some only if certain browser APIs are used (like getGamepads: #43750).

The reason these changes broke DDC is that DDC adds interceptors to browser APIs by updating the prototype of the underlying browser object. If that prototype is removed (which is what happened with MemoryInfo and GamepadList), DDC accidentally updates Object.prototype, which may affect all objects in the program.

It's hard to predict what kind of errors follows: with MemoryInfo, invariants about dart2js were broken. With GamepadList all dynamic calls in the program were broken in DDC.

What is the fix: 34b485c mitigates the problem, but wont fix individual APIs. It makes sure that when adding interceptors to browser APIs, they are added on a valid prototype and not on Object's prototype.

Why cherrypick: Developers that use the APIs changed by Chrome 86 see a very bizarre error far removed from the issue, almost as a memory corruption error would look. For example, #43750 shows that all dynamic calls break.

Risk: low. Change is pretty minimal and already rolled to internal users.

Link to original issue(s): #43750 #43193

/cc @kevmoo @mit-mit @whesse @athomas @vsmenon @franklinyow @Markzipan @srujzs

Metadata

Metadata

Assignees

Labels

area-web-jsIssues related to JavaScript support for Dart Web, including DDC, dart2js, and JS interop.cherry-pick-approvedLabel for approved cherrypick requestcherry-pick-reviewIssue that need cherry pick triage to approvemerge-to-betamerge-to-stable

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions