Bug 155267
| Summary: | [ES6] We use isJSArray in our VM in places where we should be using the spec's IsArray function | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Saam Barati <saam> |
| Component: | JavaScriptCore | Assignee: | Saam Barati <saam> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Normal | CC: | ashvayka, benjamin, fpizlo, ggaren, gskachkov, keith_miller, mark.lam, msaboff, oliver, sukolsak, ysuzuki |
| Priority: | P2 | ||
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Saam Barati
This has implications for Proxy.
IsArray is used in speciesConstructArray, JSON stuff, etc.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Alexey Shvayka
(In reply to Saam Barati from comment #0)
> This has implications for Proxy.
> IsArray is used in speciesConstructArray, JSON stuff, etc.
I've vetted all call sites of IsArray() abstract op: JSC correctly detects array proxies, which is covered by test262 suite.
The last isJSArray() => isArray() change for JSON.parse() was landed in r250860.
*** This bug has been marked as a duplicate of bug 199292 ***