Bug 147071

Summary: In strict mode, `Object.keys(arguments)` includes "length"
Product: WebKit Reporter: Jordan Harband <ljharb>
Component: JavaScriptCoreAssignee: Yusuke Suzuki <ysuzuki>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, darin, fpizlo, timothy, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on: 146510    
Bug Blocks:    
Attachments:
Description Flags
Patch none

Jordan Harband
Reported 2015-07-18 15:09:29 PDT
Given this JS: ``` var argsSloppy = (function () { return arguments; }(1,2,3)); var argsStrict = (function () { 'use strict'; return arguments; }(1,2,3)); assert(!Object.prototype.propertyIsEnumerable(argsSloppy, 'length')); assert(!Object.prototype.propertyIsEnumerable(argsStrict, 'length')); assert(Object.keys(argsSloppy).length === Object.keys(argsStrict).length); // fails assert(Object.keys(argsSloppy).indexOf('length') === -1) assert(Object.keys(argsStrict).indexOf('length') === -1); // fails ``` Even though `length` is non-enumerable on both arguments objects, `Object.keys` returns "length" for the one created in strict mode. Additionally, in the inspector, both look different - the sloppy one looks nice and pretty; the strict one doesn't. This is not broken in Safari, but it is in the latest WebKit Nightly. Note that it's a type error to do `argsStrict.callee` but not `argsSloppy.callee` - I suspect this is implementation difference between the two modes is the cause of this bug.
Attachments
Patch (2.90 KB, patch)
2015-07-18 15:35 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Yusuke Suzuki
Comment 1 2015-07-18 15:33:47 PDT
Nice catch. This is because, ClonedArguments doesn't set "length" with DontEnum. I'll upload the patch to fix this.
Yusuke Suzuki
Comment 2 2015-07-18 15:35:53 PDT
Created attachment 257034 [details] Patch
Jordan Harband
Comment 3 2015-07-18 15:40:06 PDT
I'm surprised that a property that's not set with DontEnum would report "propertyIsEnumerable" as false :-/ Why aren't they consistent? When you fix this, could you also make ClonedArguments look the same in the inspector?
Yusuke Suzuki
Comment 4 2015-07-19 15:50:13 PDT
Comment on attachment 257034 [details] Patch Thank you for your review, darin!
WebKit Commit Bot
Comment 5 2015-07-19 16:39:02 PDT
Comment on attachment 257034 [details] Patch Clearing flags on attachment: 257034 Committed r187017: <http://trac.webkit.org/changeset/187017>
WebKit Commit Bot
Comment 6 2015-07-19 16:39:06 PDT
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 7 2015-08-27 07:37:05 PDT
<rdar://problem/22455520>
Note You need to log in before you can comment on or make changes to this bug.