Getter on prototype is called even though property is also defined on instance 
https://bugs.webkit.org/show_bug.cgi?id=132872
Summary Getter on prototype is called even though property is also defined on instance
Sebastian Noack
Reported 2014-05-13 10:30:03 PDT
If you define a getter on the prototype and cache its value by defining a property with the same name on the instance, sometimes the getter is called a second time, when the property is accessed. This can be reproduced on Safari 7.0.3 with the attached HTML page. A "TypeError: Attempting to change value of a readonly property" is thrown when the getter is called the second time and calls Object.defineProperty() again. The expected behavior would be that the getter is executed only once per instance.
Attachments
test case (82 bytes, text/plain)
2014-05-13 10:31 PDT, Sebastian Noack 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Sebastian Noack
Comment 1 2014-05-13 10:31:01 PDT
Created attachment 231392 [details] test case
Wladimir Palant
Comment 2 2014-05-13 11:40:41 PDT
Note that the issue only happens if there are at least 9 objects created (the testcase creates 1000 of them, just in case). It seems that the issue here is a wrong optimization when the JIT compiler processes method Class.bar() - it will call the getter on the prototype directly, without checking whether the same property exists on the object instance. The issue is only reproducible in Safari, neither Firefox nor Chrome show this behavior.
Oliver Hunt
Comment 3 2014-05-13 12:30:30 PDT
getter cache misoptimization?
Note You need to log in before you can comment on or make changes to this bug.