[webkit-changes] [WebKit/WebKit] ad6899: [JSC] try/catch should not intercept errors origin...

Mon, 26 Feb 2024 16:44:39 -0800 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: ad689935bb77e592b0b622143a71ff5520d6456b
      
https://github.com/WebKit/WebKit/commit/ad689935bb77e592b0b622143a71ff5520d6456b
  Author: Alexey Shvayka <ashva...@apple.com>
  Date:   2024-02-26 (Mon, 26 Feb 2024)

  Changed paths:
    A JSTests/stress/regress-268411.js
    M JSTests/test262/expectations.yaml
    M Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
    M Source/JavaScriptCore/parser/Parser.cpp
    M Source/JavaScriptCore/parser/Parser.h

  Log Message:
  -----------
  [JSC] try/catch should not intercept errors originated in [[Construct]] of 
derived class
https://bugs.webkit.org/show_bug.cgi?id=268411
<rdar://problem/121959506>

Reviewed by Justin Michaud.

Before this change, if a `return` statement of a derived class constructor was 
inside a `try` .. `catch`
statement, errors thrown at steps 10-12 of [1] were caught by the `catch` 
block, which is obviously
wrong since the userland code should have been evaluated during step 9 of [1].

It's infeasible to perform these checks (super() wasn't called / returned 
non-undefined primitive) in
`op_construct` because we can't distinguish derived class constructors in a 
performant way, plus accounting
for inlining would be challenging.

Rather than introducing a mechanism of "fake returns" that jump out from `try` 
block to perform
above-mentioned checks before actually returning, which would be quite 
complicated, this patch leverages
existing emitJumpViaFinallyIfNeeded() logic by creating an empty `finally` 
block right inside a parser.

I argue that containing this whole workaround cohesively in parseTryStatement() 
is better than passing
a CodeFeature that `try` block contains a `return` all the way to 
TryNode::emitBytecode().

Aligns JSC with the spec [1], V8, and SpiderMonkey. Until very recently, V8 
used to have the same bug.

[1]: 
https://tc39.es/ecma262/#sec-ecmascript-function-objects-construct-argumentslist-newtarget

* JSTests/stress/regress-268411.js: Added.
* JSTests/test262/expectations.yaml: Mark 6 tests as passing.
* Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp:
(JSC::EmptyStatementNode::emitBytecode):
* Source/JavaScriptCore/parser/Parser.cpp:
(JSC::Parser<LexerType>::parseReturnStatement):
(JSC::Parser<LexerType>::parseTryStatement):
* Source/JavaScriptCore/parser/Parser.h:

Canonical link: https://commits.webkit.org/275353@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to