[Webkit-unassigned] [Bug 193308] New: [JSC] Global lexical bindings can shadow global variables if it is `configurable = true`

Wed Jan 9 16:30:15 PST 2019

https://bugs.webkit.org/show_bug.cgi?id=193308

            Bug ID: 193308
           Summary: [JSC] Global lexical bindings can shadow global
                    variables if it is `configurable = true`
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: yusukesuzuki at slowstart.org

When we construct our GlobalProperty, GlobalLexicalVar, etc. mechanism, we assumed that lexical binding cannot shadow global object's properties. But it is wrong. Wc can shadow it if it's configurable attribute is true.

Let's see the example.

// script1.js
function foo()
{
    bar = 4;
}
function foo2()
{
    return bar;
}
foo();
print(foo2()); // => 4

// script2.js
const bar = 5;
print(foo2());  // => 4, but it should be 5!

Once the reference to "bar" is configured as GlobalProperty, then, it attempts to load the value from JSGlobalObject.
However, `const bar = 5` can shadow it, and we should not use GlobalProperty no longer for that.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190110/197a3201/attachment.html>