RESOLVED FIXED 163579
Fix how JSFunction handles "caller" and "arguments" for functions that don't have those properties 
https://bugs.webkit.org/show_bug.cgi?id=163579
Summary Fix how JSFunction handles "caller" and "arguments" for functions that don't ...
Caitlin Potter (:caitp)
Reported 2016-10-17 19:02:27 PDT
The following code in Source/JavaScriptCore/runtime/JSFunction.cpp, added in 2011, could use some investigation/auditing: ``` // This will trigger the property to be reified, if this is not already the case! bool okay = thisObject->hasProperty(exec, propertyName); ASSERT_UNUSED(okay, okay); scope.release(); return Base::put(thisObject, exec, propertyName, value, slot); ``` It's unclear what the purpose of reifying this is, as the properties in question are not lazy. Base::put() ought to be enough.
Attachments
patch (8.62 KB, patch)
2017-12-13 00:02 PST, Saam Barati 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Saam Barati
Comment 1 2017-12-12 23:12:32 PST
It turns out that not only is this not needed, this weird behavior is causing observable side effects.
Saam Barati
Comment 2 2017-12-12 23:35:12 PST
<rdar://problem/35455798>
Saam Barati
Comment 3 2017-12-13 00:02:19 PST
Created attachment 329211 [details] patch
Saam Barati
Comment 4 2017-12-13 00:05:04 PST
There's a chance I need to update test262 test expectations.
Mark Lam
Comment 5 2017-12-13 00:46:52 PST
Comment on attachment 329211 [details] patch r=me
WebKit Commit Bot
Comment 6 2017-12-13 09:29:25 PST
Comment on attachment 329211 [details] patch Clearing flags on attachment: 329211 Committed r225845: <https://trac.webkit.org/changeset/225845>
WebKit Commit Bot
Comment 7 2017-12-13 09:29:26 PST
All reviewed patches have been landed. Closing bug.
Caitlin Potter (:caitp)
Comment 8 2017-12-13 09:42:16 PST
👏🙌
Alexey Shvayka
Comment 9 2021-05-14 04:51:58 PDT
*** Bug 157461 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.