[webkit-dev] ExecState::thisObject()

Adam Barth abarth at webkit.org
Mon Jul 13 15:40:48 PDT 2009


On Mon, Jul 13, 2009 at 3:29 PM, Geoffrey Garen<ggaren at apple.com> wrote:
>> Our current behavior is buggy, unpredictable, and out of spec.  This
>> has led to security bugs in the past and will lead to security bugs in
>> the future.
>
> I don't disagree with you, but I'm not immediately convinced that a large
> design change will automatically reduce the bug count, either.
>
> Which spec did you have in mind? I'd like to read it.

Essentially, the ECMAScript spec requires this.  In spec-land, these
objects are all created at the beginning of time.  The fact that we
create them lazily is what leads to this bug.  Depending on who
touches them first, they end up with different prototype chains, which
doesn't make sense to ECMAScript.

Adam


More information about the webkit-dev mailing list