<rdar://problem/32147443>

If it's ok to you, I can look this bug tonight.

(In reply to Caio Lima from comment #2) > If it's ok to you, I can look this bug tonight. Hi Caio, I'm already looking into this. But feel free to look and contribute if you like.

(In reply to Mark Lam from comment #3) > (In reply to Caio Lima from comment #2) > > If it's ok to you, I can look this bug tonight. > > Hi Caio, I'm already looking into this. But feel free to look and > contribute if you like. I just looked at it and figured out the problem. I changed ObjectPatternNode::bindValue to add target.propertyName into excluded set and this code consider's that always we have a propertyName, which isn't true and I didn't think in this edge case. FYI, the excludedSet in https://github.com/caiolima/webkit/blob/master/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp#L4070 is used to collect statically the identifiers that should be excluded from the rest destructuring. We then use this set to create a JSSet in constant pool at link time in https://github.com/caiolima/webkit/blob/master/Source/JavaScriptCore/bytecode/CodeBlock.cpp#L870 This approach isn't valid for this case because the property will just be evaluated in runtime and we can't populate excludedSet in compile time here. Does it make sense? One solution I have in mind to handle this specific case is to emit code to populate the identifier/value into excludedSet dynamically, like the first patch version of https://bugs.webkit.org/show_bug.cgi?id=167962

The offending patch came from r213697 due to https://bugs.webkit.org/show_bug.cgi?id=167962, ... and was rolled out in r216891: <http://trac.webkit.org/r216891> due to https://bugs.webkit.org/show_bug.cgi?id=172147. Hence, this specific issue is no more. Let's fix the rest destructuring implementation in https://bugs.webkit.org/show_bug.cgi?id=167962. Closing this one as a dupe of 172147. *** This bug has been marked as a duplicate of bug 172147 ***