[Webkit-unassigned] [Bug 64657] Converted this value not preserved when accessed via direct eval.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Jul 16 15:52:47 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=64657
--- Comment #1 from Gavin Barraclough <barraclough at apple.com> 2011-07-16 15:52:47 PST ---
Lemme try that description thing again.
Upon entry into a non-strict function, primitive this values should be boxed as Object types (or substituted with the global object) - which is done by op_convert_this. However we only do so where this is used lexically within the function (we omit the conversion op if not). The problem comes if a direct eval (running within the function's scope) accesses the this value.
We are safe in the case of a single eval, since the this object will be converted within callEval, however the converted value is not preserved, and a new wrapper object is allocated each time eval is invoked. This is inefficient and incorrect, since any changes to the wrapper object will be lost between eval statements.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list