Title: [247003] releases/WebKitGTK/webkit-2.24
- Revision
- 247003
- Author
- [email protected]
- Date
- 2019-07-01 04:04:28 -0700 (Mon, 01 Jul 2019)
Log Message
Merge r246708 - [JSC] ClassExpr should not store result in the middle of evaluation
https://bugs.webkit.org/show_bug.cgi?id=199106
Reviewed by Tadeu Zagallo.
JSTests:
* stress/class-_expression_-should-store-result-at-last.js: Added.
(shouldThrow):
(shouldThrow.let.a):
Source/_javascript_Core:
Let's consider the case,
let a = class A {
static get[a=0x12345678]() {
}
};
When evaluating `class A` _expression_, we should not use the local register for `let a`
until we finally store it to that register. Otherwise, `a=0x12345678` will override it.
Out BytecodeGenerator does that this by using tempDestination and finalDestination, but
we did not do that in ClassExprNode.
This patch leverages tempDestination and finalDestination to store `class A` result finally,
while we attempt to reduce mov.
* bytecompiler/NodesCodegen.cpp:
(JSC::ClassExprNode::emitBytecode):
Modified Paths
Added Paths
Diff
Modified: releases/WebKitGTK/webkit-2.24/JSTests/ChangeLog (247002 => 247003)
--- releases/WebKitGTK/webkit-2.24/JSTests/ChangeLog 2019-07-01 11:04:24 UTC (rev 247002)
+++ releases/WebKitGTK/webkit-2.24/JSTests/ChangeLog 2019-07-01 11:04:28 UTC (rev 247003)
@@ -1,3 +1,14 @@
+2019-06-22 Yusuke Suzuki <[email protected]>
+
+ [JSC] ClassExpr should not store result in the middle of evaluation
+ https://bugs.webkit.org/show_bug.cgi?id=199106
+
+ Reviewed by Tadeu Zagallo.
+
+ * stress/class-_expression_-should-store-result-at-last.js: Added.
+ (shouldThrow):
+ (shouldThrow.let.a):
+
2019-06-17 Yusuke Suzuki <[email protected]>
[JSC] Introduce DisposableCallSiteIndex to enforce type-safety
Added: releases/WebKitGTK/webkit-2.24/JSTests/stress/class-_expression_-should-store-result-at-last.js (0 => 247003)
--- releases/WebKitGTK/webkit-2.24/JSTests/stress/class-_expression_-should-store-result-at-last.js (rev 0)
+++ releases/WebKitGTK/webkit-2.24/JSTests/stress/class-_expression_-should-store-result-at-last.js 2019-07-01 11:04:28 UTC (rev 247003)
@@ -0,0 +1,22 @@
+function shouldThrow(func, errorMessage) {
+ var errorThrown = false;
+ var error = null;
+ try {
+ func();
+ } catch (e) {
+ errorThrown = true;
+ error = e;
+ }
+ if (!errorThrown)
+ throw new Error('not thrown');
+ if (String(error) !== errorMessage)
+ throw new Error(`bad error: ${String(error)}`);
+}
+
+shouldThrow(() => {
+ let a = class c {
+ static get[(a=0x12345678, b=0x42424242)]()
+ {
+ }
+ };
+}, `ReferenceError: Cannot access uninitialized variable.`);
Modified: releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/ChangeLog (247002 => 247003)
--- releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/ChangeLog 2019-07-01 11:04:24 UTC (rev 247002)
+++ releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/ChangeLog 2019-07-01 11:04:28 UTC (rev 247003)
@@ -1,3 +1,28 @@
+2019-06-22 Yusuke Suzuki <[email protected]>
+
+ [JSC] ClassExpr should not store result in the middle of evaluation
+ https://bugs.webkit.org/show_bug.cgi?id=199106
+
+ Reviewed by Tadeu Zagallo.
+
+ Let's consider the case,
+
+ let a = class A {
+ static get[a=0x12345678]() {
+ }
+ };
+
+ When evaluating `class A` _expression_, we should not use the local register for `let a`
+ until we finally store it to that register. Otherwise, `a=0x12345678` will override it.
+ Out BytecodeGenerator does that this by using tempDestination and finalDestination, but
+ we did not do that in ClassExprNode.
+
+ This patch leverages tempDestination and finalDestination to store `class A` result finally,
+ while we attempt to reduce mov.
+
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::ClassExprNode::emitBytecode):
+
2019-06-17 Yusuke Suzuki <[email protected]>
[JSC] Introduce DisposableCallSiteIndex to enforce type-safety
Modified: releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/bytecompiler/NodesCodegen.cpp (247002 => 247003)
--- releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/bytecompiler/NodesCodegen.cpp 2019-07-01 11:04:24 UTC (rev 247002)
+++ releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/bytecompiler/NodesCodegen.cpp 2019-07-01 11:04:28 UTC (rev 247003)
@@ -3980,7 +3980,7 @@
generator.emitNode(superclass.get(), m_classHeritage);
}
- RefPtr<RegisterID> constructor;
+ RefPtr<RegisterID> constructor = generator.tempDestination(dst);
bool needsHomeObject = false;
if (m_constructorExpression) {
@@ -3988,10 +3988,10 @@
FunctionMetadataNode* metadata = static_cast<FuncExprNode*>(m_constructorExpression)->metadata();
metadata->setEcmaName(ecmaName());
metadata->setClassSource(m_classSource);
- constructor = generator.emitNode(dst, m_constructorExpression);
+ constructor = generator.emitNode(constructor.get(), m_constructorExpression);
needsHomeObject = m_classHeritage || metadata->superBinding() == SuperBinding::Needed;
} else
- constructor = generator.emitNewDefaultConstructor(generator.finalDestination(dst), m_classHeritage ? ConstructorKind::Extends : ConstructorKind::Base, m_name, ecmaName(), m_classSource);
+ constructor = generator.emitNewDefaultConstructor(constructor.get(), m_classHeritage ? ConstructorKind::Extends : ConstructorKind::Base, m_name, ecmaName(), m_classSource);
const auto& propertyNames = generator.propertyNames();
RefPtr<RegisterID> prototype = generator.emitNewObject(generator.newTemporary());
@@ -4048,7 +4048,7 @@
generator.popLexicalScope(this);
}
- return generator.move(dst, constructor.get());
+ return generator.move(generator.finalDestination(dst, constructor.get()), constructor.get());
}
// ------------------------------ ImportDeclarationNode -----------------------
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
