Please consider the following code: ``` var target = { get prop() { console.log(this == proxy) // => `false`, should be `true` } } var proxy = new Proxy(target, {}) proxy.prop ``` `proxy.prop` calls `[[Get]]` on `proxy` with `"prop"` as key and `proxy` as receiver. Proxy's `[[Get]]` method checks for `get` trap, it is missing, so it should call `[[Get]]` on `target` with **the same** parameters. However, JSC does not pass receiver, thus `prop` getter is called with context of `target`, not `proxy`. Both V8 and SpiderMonkey implement this correctly. tc39/test-262 PR: https://github.com/tc39/test262/pull/792 chai/chaijs issue: https://github.com/chaijs/chai/issues/855
<rdar://problem/31767058>
Created attachment 310579 [details] patch
Comment on attachment 310579 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=310579&action=review > JSTests/stress/proxy-get-set-correct-receiver.js:21 > + assert(this === proxy) // => `false`, should be `true` oops, let me remove these comments.
Created attachment 310580 [details] patch
Comment on attachment 310580 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=310580&action=review r=me > JSTests/stress/proxy-get-set-correct-receiver.js:36 > + assert(this === proxy) OK, receiver is proxy. > JSTests/stress/proxy-get-set-correct-receiver.js:50 > + assert(this === proxy) OK, receiver is neither p1 nor target. > Source/JavaScriptCore/runtime/ProxyObject.cpp:135 > + return jsUndefined(); OK, previously, we ignored receiver.
Comment on attachment 310580 [details] patch Attachment 310580 [details] did not pass jsc-ews (mac): Output: http://webkit-queues.webkit.org/results/3772712 New failing tests: stress/proxy-set.js.ftl-no-cjit-small-pool stress/reflect-set-proxy-set.js.ftl-no-cjit-no-put-stack-validate stress/reflect-set-receiver-proxy-set.js.default stress/reflect-set-receiver-proxy-set.js.no-llint stress/reflect-set-receiver-proxy-set.js.ftl-no-cjit-validate-sampling-profiler stress/reflect-set-proxy-set.js.ftl-no-cjit-b3o1 stress/reflect-set-receiver-proxy-set.js.ftl-eager stress/reflect-set-proxy-set.js.ftl-no-cjit-small-pool stress/reflect-set-receiver-proxy-set.js.ftl-eager-no-cjit-b3o1 stress/reflect-set-proxy-set.js.ftl-no-cjit-validate-sampling-profiler stress/proxy-set.js.ftl-no-cjit-validate-sampling-profiler stress/proxy-set.js.ftl-eager-no-cjit-b3o1 stress/reflect-set-proxy-set.js.ftl-eager-no-cjit stress/reflect-set-receiver-proxy-set.js.ftl-eager-no-cjit stress/proxy-set.js.ftl-eager stress/reflect-set-proxy-set.js.ftl-no-cjit-no-inline-validate stress/proxy-set.js.dfg-eager stress/reflect-set-proxy-set.js.dfg-eager stress/proxy-set.js.ftl-no-cjit-no-inline-validate stress/proxy-set.js.ftl-no-cjit-b3o1 stress/proxy-set.js.no-llint stress/reflect-set-proxy-set.js.ftl-eager stress/reflect-set-proxy-set.js.dfg-eager-no-cjit-validate stress/proxy-set.js.default stress/proxy-set.js.no-cjit-validate-phases stress/reflect-set-proxy-set.js.no-cjit-validate-phases stress/reflect-set-receiver-proxy-set.js.ftl-no-cjit-no-put-stack-validate stress/reflect-set-receiver-proxy-set.js.dfg-eager-no-cjit-validate stress/reflect-set-receiver-proxy-set.js.dfg-eager stress/reflect-set-receiver-proxy-set.js.ftl-no-cjit-no-inline-validate stress/proxy-set.js.ftl-eager-no-cjit stress/reflect-set-proxy-set.js.default stress/proxy-set.js.dfg-eager-no-cjit-validate stress/reflect-set-proxy-set.js.no-llint stress/proxy-set.js.ftl-no-cjit-no-put-stack-validate stress/reflect-set-receiver-proxy-set.js.no-cjit-validate-phases stress/reflect-set-proxy-set.js.no-cjit-collect-continuously stress/proxy-set.js.no-ftl stress/reflect-set-proxy-set.js.dfg-maximal-flush-validate-no-cjit stress/reflect-set-proxy-set.js.no-ftl stress/reflect-set-receiver-proxy-set.js.no-ftl stress/reflect-set-receiver-proxy-set.js.ftl-no-cjit-b3o1 stress/proxy-set.js.dfg-maximal-flush-validate-no-cjit stress/reflect-set-receiver-proxy-set.js.ftl-no-cjit-small-pool stress/reflect-set-receiver-proxy-set.js.dfg-maximal-flush-validate-no-cjit stress/reflect-set-proxy-set.js.ftl-eager-no-cjit-b3o1 stress/proxy-set.js.no-cjit-collect-continuously stress/reflect-set-receiver-proxy-set.js.no-cjit-collect-continuously
Created attachment 310587 [details] patch for landing
Comment on attachment 310587 [details] patch for landing Clearing flags on attachment: 310587 Committed r217093: <http://trac.webkit.org/changeset/217093>
All reviewed patches have been landed. Closing bug.
*** Bug 169040 has been marked as a duplicate of this bug. ***
*** Bug 171915 has been marked as a duplicate of this bug. ***