[webkit-changes] [WebKit/WebKit] bb825e: [JSC] eval() call with ...spread syntax should be ...

Tue, 30 Jan 2024 14:09:42 -0800 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: bb825e021a874b1bc85ff26172e19587cb634f5a
      
https://github.com/WebKit/WebKit/commit/bb825e021a874b1bc85ff26172e19587cb634f5a
  Author: Alexey Shvayka <[email protected]>
  Date:   2024-01-30 (Tue, 30 Jan 2024)

  Changed paths:
    A JSTests/stress/direct-eval-spread.js
    M JSTests/test262/expectations.yaml
    M Source/JavaScriptCore/builtins/BuiltinNames.h
    M Source/JavaScriptCore/bytecode/LinkTimeConstant.h
    M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
    M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h
    M Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
    M Source/JavaScriptCore/runtime/JSGlobalObject.cpp
    M Source/JavaScriptCore/runtime/JSGlobalObject.h
    M Source/JavaScriptCore/runtime/JSGlobalObjectInlines.h

  Log Message:
  -----------
  [JSC] eval() call with ...spread syntax should be direct
https://bugs.webkit.org/show_bug.cgi?id=268028
<rdar://problem/121547890>

Reviewed by Justin Michaud.

Before this change, EvalFunctionCallNode was emitting op_call_varargs for calls 
with ...spread syntax,
rather than op_call_direct_eval, thus always performing indirect eval. Per spec 
[1], that was wrong:
CoverCallExpressionAndAsyncArrowHead production matches ...spread syntax as 
well.

Since global eval() function takes only one parameter, and we would like to 
avoid introducing yet
another call bytecode just for this very rare case, this change emits op_spread 
to perform full iteration
and passes first argument into op_call_direct_eval, conditional on callee 
function to be built-in eval()
from the lexical realm.

To perform this check, we need a LinkTimeConstant and the 
globalObject->evalFunction() to share the same
JSFunction, which is tricky since m_linkTimeConstants stores stateful 
LazyProperty object directly, without
a pointer, and their initializers should be stateless. That is why 
initializeEvalFunction() is introduced.

[1]: https://tc39.es/ecma262/#sec-function-calls-runtime-semantics-evaluation

* JSTests/stress/direct-eval-spread.js: Added.
* JSTests/test262/expectations.yaml: Mark 6 tests as passing.
* Source/JavaScriptCore/builtins/BuiltinNames.h:
* Source/JavaScriptCore/bytecode/LinkTimeConstant.h:
* Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitJumpIfNotEvalFunction):
(JSC::BytecodeGenerator::emitCall):
* Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h:
* Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp:
(JSC::EvalFunctionCallNode::emitBytecode):
* Source/JavaScriptCore/runtime/JSGlobalObject.cpp:
(JSC::initializeEvalFunction):
(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::visitChildrenImpl):
* Source/JavaScriptCore/runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::evalFunction const): Deleted.
* Source/JavaScriptCore/runtime/JSGlobalObjectInlines.h:
(JSC::JSGlobalObject::evalFunction const):

Canonical link: https://commits.webkit.org/273788@main


_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to