[webkit-changes] [WebKit/WebKit] 26302c: [JSC] emitReturn() should load `this` value from a...

Tue, 27 Feb 2024 22:40:12 -0800 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 26302cf8d239273b6b659e4e746829b8322a83b5
      
https://github.com/WebKit/WebKit/commit/26302cf8d239273b6b659e4e746829b8322a83b5
  Author: Alexey Shvayka <[email protected]>
  Date:   2024-02-27 (Tue, 27 Feb 2024)

  Changed paths:
    A JSTests/stress/regress-268864.js
    M JSTests/test262/expectations.yaml
    M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
    M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h
    M Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp

  Log Message:
  -----------
  [JSC] emitReturn() should load `this` value from arrow function lexical 
environment prior to TDZ check
https://bugs.webkit.org/show_bug.cgi?id=268864
<rdar://problem/122430056>

Reviewed by Justin Michaud.

This change:

  1) Hoists first TDZ check of emitReturn() up to FunctionNode::emitBytecode(), 
and refactors it
     leveraging semantically equivalent ensureThis(), which makes 
automatically-inserted return
     equivalent to `return this`.
     I confirmed this to be the only call site of emitReturn() with unchecked 
thisRegister() as `src`.
     This is non-observable.

  2) Adds missing emitLoadThisFromArrowFunctionLexicalEnvironment() before 
second TDZ check, and
     refactors it using ensureThis().
     This is an observable change that prevents ReferenceError being thrown on 
totally valid and
     rather sane code of calling super() inside an arrow function before 
explicit `return`.
     Aligns JSC with the spec [1], V8, and SpiderMonkey.

  3) Since when `from == ReturnFrom::Finally` is true, `src` is always 
completionValueRegister(),
     meaning the check ^^ is useless. Removes it altogether with 
BytecodeGenerator::ReturnFrom.

[1]: 
https://tc39.es/ecma262/#sec-ecmascript-function-objects-construct-argumentslist-newtarget
 (step 12)

* JSTests/stress/regress-268864.js: Added.
* JSTests/test262/expectations.yaml: Mark 6 tests as passing.
* Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitReturn):
(JSC::BytecodeGenerator::emitFinallyCompletion):
* Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h:
* Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp:
(JSC::FunctionNode::emitBytecode):

Canonical link: https://commits.webkit.org/275425@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to