256941 – Function.prototype.caller gives different values

NEW256941

Function.prototype.caller gives different values

https://bugs.webkit.org/show_bug.cgi?id=256941

Summary Function.prototype.caller gives different values

GuY

Reported 2023-05-17 19:24:26 PDT

Created attachment 466392 [details] poc run with: ./WebKitBuild/Debug/bin/jsc --useConcurrentJIT=0 --jitPolicyScale=0.001 poc.js output: ``` true false false // for loop i = 0 false true false // for loop i = 1 false false true // main ``` the opt function was called 3 times. It was called from `a.valueOf` two times, and the 1st time JSC says caller is null, while the 2nd time JSC says caller is `opt`.

Attachments
poc (238 bytes, text/plain) 2023-05-17 19:24 PDT, GuY	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2023-05-24 19:25:16 PDT

<rdar://problem/109808960>

GuY

Comment 2 2024-08-20 02:06:43 PDT

This issue still exists, and here is a more detailed explanation of this issue. The `opt` function is called twice in the same way by the for loop, but the problem is `opt.caller` in these two times is different. The first time is `null`, and the second time is the `opt` function. This behavior could be confusing, even though `Function.prototype.caller` is not in the standard.

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Local Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Nobody

Reported

2023-05-17 19:24 PDT

Modified

2024-08-20 02:06 PDT History

CC List

3 users Show

URL

Keywords InRadar

Depends on

Blocks