[Webkit-unassigned] [Bug 143836] New: Incorrect behavior when patching window.setTimeout

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Apr 16 11:55:21 PDT 2015 

https://bugs.webkit.org/show_bug.cgi?id=143836

            Bug ID: 143836
           Summary: Incorrect behavior when patching window.setTimeout
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore JavaScript
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mmanela at gmail.com

Created attachment 250935
  --> https://bugs.webkit.org/attachment.cgi?id=250935&action=review
File which demonstrates the issue

This is a demonstration of a really strange issue in Webkit (and PhantomJS which uses Webkit). The issue involves what happens when you monkey patch the window.setTimeout method in Javascript. The issue was discovered when debugging test failures that were using sinonJS (which monkey patches setTimeout). I worked through that issue and distilled the minimum repro out of it.

I validated this issue does not occur in Chrome 41, Firefox 36 and IE 11. As far as I can tell it only repros in Webkit based browsers (like Phantomjs).

Short Repro

1: Define a method (check) which references window.setTimeout

2: Call this method two times, then patch setTimeout to be a custom method and then call check again.

CODE:

function check() {
    console.log("window.setTimeout = " + window.setTimeout);
}
check();
check();
window.setTimeout = function() { console.log ("Patched"); }
check();
OUTPUT:

window.setTimeout = function setTimeout() {
    [native code]
}

window.setTimeout = function setTimeout() {
    [native code]
}

window.setTimeout = function setTimeout() {
    [native code]
}
3: Then call to check the third time will not output the contents of the monkey patched function. It will still contain the native one. THe odd thing is if you call the check() method only once (or not at all) before your patched setTimeout then it will output the expected value. For example:

CODE:

function check() {
    console.log("window.setTimeout = " + window.setTimeout);
}
check();
window.setTimeout = function() { console.log ("Patched"); }
check();
OUTPUT:

window.setTimeout = function setTimeout() {
    [native code]
}

window.setTimeout = function () { console.log("PATCHED"); }

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150416/83a7ad31/attachment-0001.html>

More information about the webkit-unassigned mailing list