Title: [263930] trunk
- Revision
- 263930
- Author
- [email protected]
- Date
- 2020-07-03 23:42:10 -0700 (Fri, 03 Jul 2020)
Log Message
[JSC] Promise should check whether a user-provided function is set by using `@isUndefinedOrNull`
https://bugs.webkit.org/show_bug.cgi?id=213951
Reviewed by Ross Kirsling.
JSTests:
* stress/masquerader-as-function-in-promise.js: Added.
Source/_javascript_Core:
If a user-provided function is masquerade-as-undefined value, `if (!xxx.@onRejected)` returns wrong
value since this function object is considered as undefined in this context. We should use `@isUndefinedOrNull`
here instead since this if-branch is checking whether this property is null/undefined actually.
And `if (@isUndefinedOrNull(...))` is efficient since we have `jundefined_or_null` / `jnundefined_or_null` bytecodes.
* builtins/PromiseOperations.js:
(globalPrivate.promiseReactionJob):
Modified Paths
Added Paths
Diff
Modified: trunk/JSTests/ChangeLog (263929 => 263930)
--- trunk/JSTests/ChangeLog 2020-07-04 06:38:53 UTC (rev 263929)
+++ trunk/JSTests/ChangeLog 2020-07-04 06:42:10 UTC (rev 263930)
@@ -1,5 +1,14 @@
2020-07-03 Yusuke Suzuki <[email protected]>
+ [JSC] Promise should check whether a user-provided function is set by using `@isUndefinedOrNull`
+ https://bugs.webkit.org/show_bug.cgi?id=213951
+
+ Reviewed by Ross Kirsling.
+
+ * stress/masquerader-as-function-in-promise.js: Added.
+
+2020-07-03 Yusuke Suzuki <[email protected]>
+
[JSC] Add exception checks before and after viewWithUnderlyingString
https://bugs.webkit.org/show_bug.cgi?id=213923
<rdar://problem/65068473>
Added: trunk/JSTests/stress/masquerader-as-function-in-promise.js (0 => 263930)
--- trunk/JSTests/stress/masquerader-as-function-in-promise.js (rev 0)
+++ trunk/JSTests/stress/masquerader-as-function-in-promise.js 2020-07-04 06:42:10 UTC (rev 263930)
@@ -0,0 +1,3 @@
+Promise.resolve().then(0, makeMasquerader());
+Promise.resolve().then(makeMasquerader(), 0);
+Promise.resolve().then(makeMasquerader(), makeMasquerader());
Modified: trunk/Source/_javascript_Core/ChangeLog (263929 => 263930)
--- trunk/Source/_javascript_Core/ChangeLog 2020-07-04 06:38:53 UTC (rev 263929)
+++ trunk/Source/_javascript_Core/ChangeLog 2020-07-04 06:42:10 UTC (rev 263930)
@@ -1,3 +1,18 @@
+2020-07-03 Yusuke Suzuki <[email protected]>
+
+ [JSC] Promise should check whether a user-provided function is set by using `@isUndefinedOrNull`
+ https://bugs.webkit.org/show_bug.cgi?id=213951
+
+ Reviewed by Ross Kirsling.
+
+ If a user-provided function is masquerade-as-undefined value, `if (!xxx.@onRejected)` returns wrong
+ value since this function object is considered as undefined in this context. We should use `@isUndefinedOrNull`
+ here instead since this if-branch is checking whether this property is null/undefined actually.
+ And `if (@isUndefinedOrNull(...))` is efficient since we have `jundefined_or_null` / `jnundefined_or_null` bytecodes.
+
+ * builtins/PromiseOperations.js:
+ (globalPrivate.promiseReactionJob):
+
2020-07-03 Sam Weinig <[email protected]>
Remove support for ENABLE_INPUT_TYPE_DATETIME_INCOMPLETE
Modified: trunk/Source/_javascript_Core/builtins/PromiseOperations.js (263929 => 263930)
--- trunk/Source/_javascript_Core/builtins/PromiseOperations.js 2020-07-04 06:38:53 UTC (rev 263929)
+++ trunk/Source/_javascript_Core/builtins/PromiseOperations.js 2020-07-04 06:42:10 UTC (rev 263930)
@@ -365,8 +365,8 @@
var promiseOrCapability = reaction.@promiseOrCapability;
// Case (3).
- if (!reaction.@onRejected) {
- @assert(!reaction.@onFulfilled);
+ if (@isUndefinedOrNull(reaction.@onRejected)) {
+ @assert(@isUndefinedOrNull(reaction.@onFulfilled));
try {
@assert(@isPromise(promiseOrCapability));
if (state === @promiseStateFulfilled)
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
