[Webkit-unassigned] [Bug 193308] [JSC] Global lexical bindings can shadow global variables if it is `configurable = true`
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jan 9 16:32:59 PST 2019
https://bugs.webkit.org/show_bug.cgi?id=193308
--- Comment #1 from Yusuke Suzuki <yusukesuzuki at slowstart.org> ---
The super simple solution is leveraging the existing VarInjectionCheck mechanism. But it is not acceptable since almost GlobalProperty now become GlobalPropertyWithVarInjectionCheck.
I think we can leverage the nature of GlobalProperty load.
1. GlobalProperty performs structure check before loading like IC.
2. Shadowing should be super rare.
We can discard the existing mis-cache by perform structure transition for JSGlobalObject. And in the slow path, we can transform GlobalProperty to GlobalLexicalVar if necessary.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190110/53f2f5b0/attachment.html>
More information about the webkit-unassigned
mailing list