Bug 256941

Summary:

Function.prototype.caller gives different values

Product:

WebKit

Reporter:

GuY <q602706150>

Component:

JavaScriptCore

Assignee:

Nobody <webkit-unassigned>

Status:

NEW

Severity:

Normal

CC:

mark.lam, webkit-bug-importer, ysuzuki

Priority:

Keywords:

InRadar

Version:

WebKit Local Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
poc	none

GuY

Reported 2023-05-17 19:24:26 PDT

Created attachment 466392 [details] poc run with: ./WebKitBuild/Debug/bin/jsc --useConcurrentJIT=0 --jitPolicyScale=0.001 poc.js output: ``` true false false // for loop i = 0 false true false // for loop i = 1 false false true // main ``` the opt function was called 3 times. It was called from `a.valueOf` two times, and the 1st time JSC says caller is null, while the 2nd time JSC says caller is `opt`.

Attachments
poc (238 bytes, text/plain) 2023-05-17 19:24 PDT, GuY	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2023-05-24 19:25:16 PDT

<rdar://problem/109808960>

GuY

Comment 2 2024-08-20 02:06:43 PDT

This issue still exists, and here is a more detailed explanation of this issue. The `opt` function is called twice in the same way by the for loop, but the problem is `opt.caller` in these two times is different. The first time is `null`, and the second time is the `opt` function. This behavior could be confusing, even though `Function.prototype.caller` is not in the standard.

Note You need to log in before you can comment on or make changes to this bug.