Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 8f6b2012d16c22469a4ebff6badf4756dbc824e6
https://github.com/WebKit/WebKit/commit/8f6b2012d16c22469a4ebff6badf4756dbc824e6
Author: Alexey Shvayka <[email protected]>
Date: 2024-01-04 (Thu, 04 Jan 2024)
Changed paths:
A JSTests/stress/regress-223533.js
M Source/JavaScriptCore/builtins/BuiltinExecutables.cpp
M Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp
M Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.h
M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h
M Source/JavaScriptCore/runtime/CachedTypes.cpp
M Source/JavaScriptCore/runtime/CodeCache.cpp
Log Message:
-----------
[JSC] Redeclaring parameter of a generator / async function makes it
`undefined`
https://bugs.webkit.org/show_bug.cgi?id=223533
<rdar://problem/75899149>
Reviewed by Yusuke Suzuki.
Since under the hood, a generator / async function is implemented using two
functions (wrapper and body),
parameter redeclaration with `var` requires special care.
Given the bytecode for a generator / async body function is generated with the
result of reparsing,
we can't consult parent scope in parser and detect which declarations shadow
parameters of the wrapper
function, hence the only way to pass that information is via bytecode
generator, in rare data
of UnlinkedFunctionExecutable.
This patch prevents createVariable() from being called on `var` declarations
that would otherwise
erroneously shadow generator / async wrapper function parameters, downgrading
them to VarKind::Invalid
and emitting extra get_from_scope / resolve_scope ops as if `var foo;`
declarations were missing.
It's sensible and safe as long as Annex B function hoisting [1] is aligned and
shadowed generator /
async wrapper function parameters are marked as captured (done conservatively
for all parameters).
Fixes long-standing bug that resulted in Safari breaking on minified code
produced by UglifyJS
in default configuration [2].
[1]: https://tc39.es/ecma262/#sec-web-compat-functiondeclarationinstantiation
(step 29.a.ii)
[2]: https://github.com/mishoo/UglifyJS/issues/5032
* JSTests/stress/regress-223533.js: Added.
* Source/JavaScriptCore/builtins/BuiltinExecutables.cpp:
(JSC::BuiltinExecutables::createExecutable):
* Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp:
(JSC::generateUnlinkedFunctionCodeBlock):
(JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
* Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.h:
* Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::hoistSloppyModeFunctionIfNecessary):
(JSC::BytecodeGenerator::getParameterNames const):
(JSC::BytecodeGenerator::emitNewClassFieldInitializerFunction):
* Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h:
(JSC::BytecodeGenerator::generate):
(JSC::BytecodeGenerator::makeFunction):
* Source/JavaScriptCore/runtime/CachedTypes.cpp:
(JSC::CachedFunctionExecutableRareData::encode):
(JSC::CachedFunctionExecutableRareData::decode const):
* Source/JavaScriptCore/runtime/CodeCache.cpp:
(JSC::generateUnlinkedCodeBlockImpl):
(JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
Canonical link: https://commits.webkit.org/272666@main
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
