Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 2a1f6c179e546b6219dcee2d55add5dc8c7c6b3e
https://github.com/WebKit/WebKit/commit/2a1f6c179e546b6219dcee2d55add5dc8c7c6b3e
Author: Ross Kirsling <[email protected]>
Date: 2024-02-26 (Mon, 26 Feb 2024)
Changed paths:
M JSTests/test262/expectations.yaml
M Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
Log Message:
-----------
instanceof should not get RHS prototype when LHS is primitive
https://bugs.webkit.org/show_bug.cgi?id=270065
Reviewed by Justin Michaud.
The expression `x instanceof obj` should not access obj.prototype when x is
primitive per the spec,
but our implementation eagerly grabs the prototype in order to hand it off to
OpInstanceof.
https://tc39.es/ecma262/multipage/abstract-operations.html#sec-ordinaryhasinstance
7.3.21 OrdinaryHasInstance ( C, O )
...
3. If O is not an Object, return false.
4. Let P be ? Get(C, "prototype").
...
We could refactor OpInstanceof to take the RHS directly instead of its
prototype, but it suffices to add a couple of
lines to InstanceOfNode::emitBytecode. (And while we're at it, we can also do a
bit better with temp register reuse.)
* JSTests/test262/expectations.yaml: Mark two tests as passing.
* Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp:
(JSC::InstanceOfNode::emitBytecode):
Canonical link: https://commits.webkit.org/275318@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
