Bug 17012

Summary: REGRESSION: JSC can't round trip an object literal
Product: WebKit Reporter: Oliver Hunt <oliver>
Component: JavaScriptCoreAssignee: Oliver Hunt <oliver>
Status: RESOLVED FIXED    
Severity: Normal CC: darin, jruderman, sam, slewis
Priority: P2 Keywords: HasReduction, Regression
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: OS X 10.4   
Bug Depends on:    
Bug Blocks: 13638    
Attachments:
Description Flags
Patch to fix the bug
oliver: review-
New version of fix mjs: review+

Oliver Hunt
Reported 2008-01-25 19:01:42 PST
JSC looses a pair of parenthesis when performing toString on a function, so that function f(){ ({}).x; } f.toString() produces function f(){ {}.x; } which is invalid. This was found by jsfunfuzz
Attachments
Patch to fix the bug (2.96 KB, patch)
2008-01-25 22:22 PST, Oliver Hunt 		oliver: review-
DetailsFormatted DiffDiff
New version of fix (7.65 KB, patch)
2008-01-25 23:39 PST, Oliver Hunt 		mjs: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Oliver Hunt
Comment 1 2008-01-25 19:14:21 PST
I have a one line fix for this
Sam Weinig
Comment 2 2008-01-25 19:15:48 PST
This is a regression from shipping Safari.
Jesse Ruderman
Comment 3 2008-01-25 19:17:08 PST
toSource and uneval have to put parens around functions, but toString doesn't have to. JSC's current behavior matches Spidermonkey.
Jesse Ruderman
Comment 4 2008-01-25 19:26:16 PST
Never mind, I misread the bug.
Oliver Hunt
Comment 5 2008-01-25 19:59:29 PST
this also occurs with function expressions
Oliver Hunt
Comment 6 2008-01-25 22:12:49 PST
I was wrong, it looks like our current funciton expression behaviour is sufficient
Oliver Hunt
Comment 7 2008-01-25 22:22:13 PST
Created attachment 18697 [details] Patch to fix the bug
Darin Adler
Comment 8 2008-01-25 22:36:05 PST
Comment on attachment 18697 [details] Patch to fix the bug r=me But is this a bug fix or not?
Oliver Hunt
Comment 9 2008-01-25 22:47:58 PST
Comment on attachment 18697 [details] Patch to fix the bug This is a bug fix -- the current code means Function.toString can produce incorrect code. Maciej suggested an approach that would not use unnecessary ()'s for object literals.
Oliver Hunt
Comment 10 2008-01-25 23:39:44 PST
Created attachment 18699 [details] New version of fix No longer introduce unnecessary ()'s
Maciej Stachowiak
Comment 11 2008-01-25 23:43:50 PST
Comment on attachment 18699 [details] New version of fix r=me
Oliver Hunt
Comment 12 2008-01-25 23:56:53 PST
Landed r29802
Note You need to log in before you can comment on or make changes to this bug.