[webkit-changes] [WebKit/WebKit] 68f502: Fix reassigning to class name during static field ...
Commit Queue
noreply at github.com
Mon Nov 14 11:56:43 PST 2022
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 68f502ba813d3162e60f92023084d72c167bbc7f
https://github.com/WebKit/WebKit/commit/68f502ba813d3162e60f92023084d72c167bbc7f
Author: Yijia Huang <yijia_huang at apple.com>
Date: 2022-11-14 (Mon, 14 Nov 2022)
Changed paths:
A JSTests/stress/destructuring-array-class-static.js
A JSTests/stress/destructuring-object-class-static.js
M Source/JavaScriptCore/parser/Parser.cpp
Log Message:
-----------
Fix reassigning to class name during static field initialization
https://bugs.webkit.org/show_bug.cgi?id=247428
rdar://102193862
Reviewed by Alexey Shvayka.
Our investigation shows that there is a different path for `{ x = 0 } = 0`
by comparing to `{ x } = 0`, which go through `parseMemberExpression`
=> `parsePrimaryExpression` => `createResolveAndUseVariable` =>
`currentScope()->useVariable()`. `useVariable` is necessary so the
BytecodeGenerator would know it's used via scope VarKind::Scope and
set it up via op_put_to_scope rather than simple mov, which used to
trigger TDZ error.
For `{ x = 0 } = 0`, the parser will go through `parseProperty` and step
into the branch
```
if (match(EQUAL))
classifyExpressionError(ErrorIndicatesPattern);
```
which fails to updating the used variables when encountering the
object destructuring with assignment expressions. This fix is to
handle those edge cases. In this case, symbolTablePut will check
for read-only variable without ignoring.
* JSTests/stress/destructuring-array-class-static.js: Added.
(shouldThrow):
(x):
* JSTests/stress/destructuring-object-class-static.js: Added.
(shouldThrow):
(x):
(eval.x):
* Source/JavaScriptCore/parser/Parser.cpp:
(JSC::Parser<LexerType>::parseDestructuringPattern):
Canonical link: https://commits.webkit.org/256663@main
More information about the webkit-changes
mailing list