[Webkit-unassigned] [Bug 175470] Support the with keyword in DFG
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Aug 14 16:51:36 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=175470
--- Comment #18 from Saam Barati <sbarati at apple.com> ---
(In reply to Robin Morisset from comment #17)
> I added that line to be conservative, I am not sure if it is needed. I can
> see two reasons why pushing a with scope could be more dangerous that
> popping one:
> - it allocates memory for the new scope
> - it calls toObject() on its argument, which can emit an exception.
> Not sure if these justify clobbering the world or if something more limited
> would be better.
I just audited the toObject code following the call tree of JSValue::toObject(.), and it would be safe to remove the clobbersWorld here. Just allocating does not mandate clobberWorld. Just throwing an exception due to OOM or some other type checks is also not enough to mandate clobberWorld. If I read the code correctly, that's all toObject() can do, so I think we're safe not clobbering the world here.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170814/ea4533d8/attachment.html>
More information about the webkit-unassigned
mailing list