Bug 155012

Summary: [[Set]] isn't correct with respect to the spec and Proxy
Product: WebKit Reporter: Saam Barati <saam>
Component: JavaScriptCoreAssignee: Saam Barati <saam>
Status: RESOLVED FIXED    
Severity: Normal CC: ashvayka, commit-queue, ews-watchlist, keith_miller, mark.lam, msaboff, ross.kirsling, tzagallo, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Saam Barati
Reported 2016-03-04 00:46:24 PST
When we traverse the prototype chain during [[Set]], we need to perform the following if O is a proxy because this is observable behavior. ``` if (O is a proxy) { let result = O.[[GetOwnPropertyDescriptor]](...) if (result) return; let proto = O.[[GetPrototypeOf]]() ... } ``` Right now, we just perform the [[Set]] unconditionally. We can special case Proxy here because this behavior is only observable with a Proxy. If the thing isn't a Proxy, we can do the fast prototype() lookup, etc.
Attachments
Patch (1.99 KB, patch)
2019-11-04 13:22 PST, Alexey Shvayka 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alexey Shvayka
Comment 1 2019-11-04 13:22:17 PST
Created attachment 382766 [details] Patch
Saam Barati
Comment 2 2019-11-04 14:28:44 PST
Comment on attachment 382766 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=382766&action=review > Source/JavaScriptCore/runtime/JSObject.cpp:-843 > - // https://bugs.webkit.org/show_bug.cgi?id=155012 can you close this bug?
Alexey Shvayka
Comment 3 2019-11-04 14:33:54 PST
(In reply to Saam Barati from comment #2) > Comment on attachment 382766 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=382766&action=review > > > Source/JavaScriptCore/runtime/JSObject.cpp:-843 > > - // https://bugs.webkit.org/show_bug.cgi?id=155012 > > can you close this bug? It is this very bug, so the commit bot will close it (I don't have such rights yet).
Saam Barati
Comment 4 2019-11-04 14:37:37 PST
(In reply to Alexey Shvayka from comment #3) > (In reply to Saam Barati from comment #2) > > Comment on attachment 382766 [details] > > Patch > > > > View in context: > > https://bugs.webkit.org/attachment.cgi?id=382766&action=review > > > > > Source/JavaScriptCore/runtime/JSObject.cpp:-843 > > > - // https://bugs.webkit.org/show_bug.cgi?id=155012 > > > > can you close this bug? > > It is this very bug, so the commit bot will close it (I don't have such > rights yet). haha. Oops. I didn't realize it was the same one :-)
WebKit Commit Bot
Comment 5 2019-11-04 15:29:17 PST
Comment on attachment 382766 [details] Patch Clearing flags on attachment: 382766 Committed r252019: <https://trac.webkit.org/changeset/252019>
WebKit Commit Bot
Comment 6 2019-11-04 15:29:19 PST
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 7 2019-11-04 15:30:16 PST
<rdar://problem/56883293>
Note You need to log in before you can comment on or make changes to this bug.