[Webkit-unassigned] [Bug 14237] New: Javascript "var" statement interprets initialization in the topmost function scope

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jun 19 16:28:01 PDT 2007 

http://bugs.webkit.org/show_bug.cgi?id=14237

           Summary: Javascript "var" statement interprets initialization in
                    the topmost function scope
           Product: WebKit
           Version: 522+ (nightly)
          Platform: Macintosh
        OS/Version: Mac OS X 10.4
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: WebCore JavaScript
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: kkowal at apple.com
                CC: brendan at mozilla.org, kkowal at apple.com


Javascript "var" statement interprets initialization in the topmost function
scope.  While the declaration must be interpreted in the topmost function
scope, the initialization should be interpreted in the topmost scope.  For
example, the statement, {{{ var name = value; }}}, can be conceptually split
into {{{ var name; }}} and {{{ name = value; }}}.  The former statement is
interpreted in the topmost function scope or the global scope if there are no
function scopes on the scope chain.  According to the ECMA 262 Edition 3
specification, the latter statement is interpreted in the topmost scope.  The
distinction is only apparent when a variable is declared inside a {with} block
that has the same name as a variable in the topmost context.  For example: {{{
with ({'a': 10}) { var a = 20 } }}}.

This code exposes the flaw:
{{{
if (this.alert) print = alert;
var a = 10;
print(a); /* should be 10; not an issue */
var object = {'a': 20};
with (object) {
    print(a); /* should be 20; so far no controversy */
    var a = 30; /* "var a" is evaluated in the function scope and ignored, but
"a = 30" gets evaluated in the topmost scope*/
    print(object.a) /* should be 30, fails in Safari with an output of 20 */
    print(a); /* should be 30, fails in Safari with an output of 20 */
}
print(a); /* should be 10, fails in Safari with an output of 30 */
}}}

Expected Results:
    10
    20
    30
    30
    10

Actual Results:
    10
    20
    20
    20
    30

NOTES:

This bug is closely related to an _invalid_ bug I filed against Firefox's
Javascript implementation wherein Brendan Eich settled several of my
misconceptions about the "var" statement:
https://bugzilla.mozilla.org/show_bug.cgi?id=383558


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list