Bug 64424 - Our direct eval behaviour deviates slightly from the spec.
Summary: Our direct eval behaviour deviates slightly from the spec.
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
Depends on:
Reported: 2011-07-12 19:29 PDT by Gavin Barraclough
Modified: 2011-07-13 12:02 PDT (History)
2 users (show)

See Also:

The patch (10.35 KB, patch)
2011-07-12 23:09 PDT, Gavin Barraclough
oliver: review+
webkit.review.bot: commit-queue-
Details | Formatted Diff | Diff
Archive of layout-test-results from ec2-cr-linux-01 (5.81 MB, application/zip)
2011-07-12 23:37 PDT, WebKit Review Bot
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Gavin Barraclough 2011-07-12 19:29:16 PDT
The ES5 spec defines a concept of 'Direct Call to Eval' (see section, where behaviour will differ from that of an indirect call (e.g. " { eval: window.eval }.eval();" or "var a = eval; a();" are indirect calls), particularly in non-strict scopes variables may be introduced into the caller's environment.

ES5 direct calls are any call where the callee function is provided by a reference, a base of that Reference is an EnvironmentRecord (this corresponds to all productions "PrimaryExpression: Identifier", see GetIdentifierReference), and where the name of the reference is "eval".  This means any expression of the form "eval(...)", and that calls the standard built in eval method from on the Global Object, is considered to be direct.

In JavaScriptCore we are currently overly restrictive.  We also check that the EnvironmentRecord that is the base of the reference is the Declaractive Environment Record at the root of the scope chain, corresponding to the Global Object - an "eval(..)" statement that hits a var eval in a nested scope is not considered to be direct.  This behaviour does not emanate from the spec, and is incorrect.
Comment 1 Gavin Barraclough 2011-07-12 23:09:32 PDT
Created attachment 100631 [details]
The patch
Comment 2 WebKit Review Bot 2011-07-12 23:37:00 PDT
Comment on attachment 100631 [details]
The patch

Attachment 100631 [details] did not pass chromium-ews (chromium-xvfb):
Output: http://queues.webkit.org/results/9016454

New failing tests:
Comment 3 WebKit Review Bot 2011-07-12 23:37:06 PDT
Created attachment 100634 [details]
Archive of layout-test-results from ec2-cr-linux-01

The attached test failures were seen while running run-webkit-tests on the chromium-ews.
Bot: ec2-cr-linux-01  Port: Chromium  Platform: Linux-2.6.35-28-virtual-x86_64-with-Ubuntu-10.10-maverick
Comment 4 Gavin Barraclough 2011-07-13 12:02:19 PDT
Fixed in r90938