When we traverse the prototype chain during [[Set]], we need to perform the following if O is a proxy because this is observable behavior. ``` if (O is a proxy) { let result = O.[[GetOwnPropertyDescriptor]](...) if (result) return; let proto = O.[[GetPrototypeOf]]() ... } ``` Right now, we just perform the [[Set]] unconditionally. We can special case Proxy here because this behavior is only observable with a Proxy. If the thing isn't a Proxy, we can do the fast prototype() lookup, etc.
Created attachment 382766 [details] Patch
Comment on attachment 382766 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=382766&action=review > Source/JavaScriptCore/runtime/JSObject.cpp:-843 > - // https://bugs.webkit.org/show_bug.cgi?id=155012 can you close this bug?
(In reply to Saam Barati from comment #2) > Comment on attachment 382766 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=382766&action=review > > > Source/JavaScriptCore/runtime/JSObject.cpp:-843 > > - // https://bugs.webkit.org/show_bug.cgi?id=155012 > > can you close this bug? It is this very bug, so the commit bot will close it (I don't have such rights yet).
(In reply to Alexey Shvayka from comment #3) > (In reply to Saam Barati from comment #2) > > Comment on attachment 382766 [details] > > Patch > > > > View in context: > > https://bugs.webkit.org/attachment.cgi?id=382766&action=review > > > > > Source/JavaScriptCore/runtime/JSObject.cpp:-843 > > > - // https://bugs.webkit.org/show_bug.cgi?id=155012 > > > > can you close this bug? > > It is this very bug, so the commit bot will close it (I don't have such > rights yet). haha. Oops. I didn't realize it was the same one :-)
Comment on attachment 382766 [details] Patch Clearing flags on attachment: 382766 Committed r252019: <https://trac.webkit.org/changeset/252019>
All reviewed patches have been landed. Closing bug.
<rdar://problem/56883293>