[Webkit-unassigned] [Bug 231572] New: Unexpected behaviour for-in-loop

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Oct 12 06:43:26 PDT 2021 

https://bugs.webkit.org/show_bug.cgi?id=231572

            Bug ID: 231572
           Summary: Unexpected behaviour for-in-loop
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: All
                OS: All
            Status: NEW
          Severity: Major
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: c.jaentsch at gastronovi.com

Created attachment 440923

  --> https://bugs.webkit.org/attachment.cgi?id=440923&action=review

screenshots from debugging

Since Safari 15.1 we are experiencing a strange behaviour when using for-in-loops on objects with are themselves inherited from Object which have no own properties but only inherited ones.

In this case the for-in-loop does not iterate on any properties - which it correctly does on Safari until version 15.0 and other browsers (e.g. latest Chrome).

Unfortunately I can't reproduce this behaviour with a plain JS snippet, but it occurs in our app, so it might have some relation to certain scope scenarios.

The attached screenshot shows an example of the different behaviour on latest Safari 15.0 (MacOS) compared to latest Safari Technology Preview 15.4 (MacOS) (the bug also occurs on Safari 15.1 with iOS beta 3).

Above: On the left side you can see the related code snippet and on the right the watched variables on 15.0 (left) and 15.4 (right).
The variable "obj" holds an object which itself has no properties, but inherits the properties "reader" and "type". The for-in-loop then concats the keys and values of the properites into "debugString". On 15.0 you can see that it results in "type > memory reader > array". On 15.4 it does not enter the for-in-loop, so "debugString" stays empty.

Below: Now when adding a local property to "obj", we suddenly can iterate over all properties (even the not before considered "type" and "reader") as you can see from the content of "debugString2".

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211012/fcdefdd5/attachment.htm>

More information about the webkit-unassigned mailing list