RESOLVED FIXED 79588
[[Get]]/[[Put]] for primitives should not wrap on strict accessor call 
https://bugs.webkit.org/show_bug.cgi?id=79588
Summary [[Get]]/[[Put]] for primitives should not wrap on strict accessor call
Sam Sneddon [:gsnedders]
Reported 2012-02-25 17:18:33 PST
Created attachment 128896 [details] Test cases See attached TC. The special [[Get]]/[[Put]] defined in ES5.1 §8.7 calls accessors with the primitive value as thisArg; in the non-strict accessor case §10.4.3 calls ToObject on thisArg before entering the function code, whereas in the strict accessor case thisArg is passed through untouched (i.e., as a primitive). Currently SM (730632), JSC, and Carakan (CORE-44789) all always wrap, V8 never does (about to be reported).
Attachments
Test cases (2.62 KB, application/x-javascript)
2012-02-25 17:18 PST, Sam Sneddon [:gsnedders] 		no flags
Details
Fix (17.70 KB, patch)
2012-02-28 17:32 PST, Gavin Barraclough 		oliver: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Gavin Barraclough
Comment 1 2012-02-25 22:17:11 PST
Ugh, yes. Should be a relatively easy fix, thanks for the bug report!
Gavin Barraclough
Comment 2 2012-02-28 15:36:50 PST
I think there is a second, related bug here. Following through the spec, the behavior described in this bug arises from how primitives are handled as the bases of references, in section 8.7. In the case of access to a data property, in strict mode a put should always throw rather than creating a new value on a transient object.
Gavin Barraclough
Comment 3 2012-02-28 17:32:38 PST
Created attachment 129362 [details] Fix
Gavin Barraclough
Comment 4 2012-02-28 17:40:39 PST
Fixed in r109177
Gavin Barraclough
Comment 5 2012-02-29 15:29:30 PST
*** Bug 79843 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.