Fix order between initializing x and this.x in strict mode #6438
Conversation
https://bugs.webkit.org/show_bug.cgi?id=247493 rdar://102064848 Reviewed by NOBODY (OOPS!). Given following JavaScript program: ``` "use strict"; x = this.x = 0; ``` It should throw ReferenceError since https://tc39.es/ecma262/2022/multipage/ecmascript-language-expressions.html#sec-assignment-operators-runtime-semantics-evaluation ``` AssignmentExpression : LeftHandSideExpression = AssignmentExpression 1. If LeftHandSideExpression is neither an ObjectLiteral nor an ArrayLiteral, then ... e. Perform ? PutValue(lref, rval). ``` and https://tc39.es/ecma262/2022/multipage/ecmascript-data-types-and-values.html#sec-putvalue ``` 4. If IsUnresolvableReference(V) is true, then a. If V.[[Strict]] is true, throw a ReferenceError exception ``` * JSTests/stress/put-to-scope-reference-error.js: Added. (shouldThrow): (shouldNotThrow): * Source/JavaScriptCore/llint/LLIntSlowPaths.cpp: (JSC::LLInt::LLINT_SLOW_PATH_DECL):
hyjorc1
added
JavaScriptCore
|
EWS run on current version of this PR (hash 6b1504a) |
webkit-ews-buildbot
added
the
merging-blocked
|
Hmm, I'm not actually certain whether this change is web compatible, as it appears that no other browsers pass the test case in question either (though engine262 does, which confirms the reporter's reading of the spec). The same reporter filed issues with V8 and SM; SM closed theirs as a duplicate of a 12(!)-year-old bug, but it doesn't give a reason for not fixing it. We definitely need to investigate this situation further; I'll discuss this on Matrix with other TC39 folks as to how to proceed. |
|
Sure enough, this is a web reality issue to be fixed spec-side; it is not something that a single implementation can do anything about at present: tc39/ecma262#2205 (There is a test262 case for the currently spec'ed behavior, but it will be updated in the corresponding tc39/test262#2891.) |
|
@rkirsling Oh, this is nice catch! |
6b1504a
6b1504a