JavascriptArray bugs in numeric propertyId handling

[jianchun]

There is an issue in multiple JavascriptArray methods when handling numeric propertyId. Needs a thorough review of JavascriptArray/ES5Array methods. We rarely hit these code paths because we usually call uint32 index methods. With JSRT, one can create a numeric propertyId and use it to access an array.

E.g., compare 2 methods:

BOOL JavascriptArray::DeleteProperty(PropertyId propertyId, PropertyOperationFlags flags)
{
    if (propertyId == PropertyIds::length)
    {
        return false;
    }
    return DynamicObject::DeleteProperty(propertyId, flags);
}

BOOL JavascriptArray::HasProperty(PropertyId propertyId)
{
    if (propertyId == PropertyIds::length)
    {
        return true;
    }

    ScriptContext* scriptContext = GetScriptContext();
    uint32 index;
    if (scriptContext->IsNumericPropertyId(propertyId, &index))
    {
        return this->HasItem(index);
    }

    return DynamicObject::HasProperty(propertyId);
}

DeleteProperty is missing numeric propertyId handling available in HasProperty. It delegates to DynamicObject::DeleteProperty, which invokes TypeHandler::DeleteProperty. But TypeHandler methods do not handle array instance with numeric proeprtyId either. They all have following pattern and only deal with object's internal array:

// Check numeric propertyRecord only if objectArray available
if (instance->HasObjectArray() && propertyRecord->IsNumeric())
{
    return DictionaryTypeHandlerBase<T>::DeleteItem(instance, propertyRecord->GetNumericValue(), propertyOperationFlags);
}

return true;

From a glance several JavascriptArray methods have this problem... IsEnumerable, IsConfigurable... Not sure if issue exists in ES5Array too.

[ianwjhalliday]

To me this suggests that we are lacking thorough test coverage of the JavascriptArray APIs. If there are numerous instances of this problem at a glance, then we should write a thorough test suite to hit all the APIs in the numeric property cases to flush out as much of these problems as possible, and ensure we do not regress them in future.

[jianchun]

Related issue is that we are lacking JSRT API test coverage. One reason is the tests were in native code (TE) and hard/verbose to author, so we have little coverage of API/runtime combinations.

[dilijev]

@jianchun should we make a separate issue to improve JSRT API test coverage?

[jianchun]

should we make a separate issue to improve JSRT API test coverage?

@dilijev You could though that new issue may look too broad. May be fine to have this one issue about numeric propertyId with Array.