[webkit-changes] [WebKit/WebKit] fca15e: [JSC] delete operator shouldn't perform TDZ checks

Commit Queue noreply at github.com
Thu Jun 15 16:04:08 PDT 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: fca15e410aef3a78d5f573612079c4692ac54faa
      https://github.com/WebKit/WebKit/commit/fca15e410aef3a78d5f573612079c4692ac54faa
  Author: Alexey Shvayka <ashvayka at apple.com>
  Date:   2023-06-15 (Thu, 15 Jun 2023)

  Changed paths:
    M JSTests/ChakraCore/test/LetConst/tdz1.baseline-jsc
    M JSTests/stress/const-not-strict-mode.js
    M JSTests/stress/lexical-let-not-strict-mode.js
    M Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp

  Log Message:
  -----------
  [JSC] delete operator shouldn't perform TDZ checks
https://bugs.webkit.org/show_bug.cgi?id=257697
<rdar://problem/110237888>

Reviewed by Yusuke Suzuki.

ReferenceError for an uninitialized binding is being originated in GetBindingValue [1], yet delete
operator [2] calls into DeleteBinding instead, which is a no-op [3] in case of a lexical binding.

This change removes TDZ check and calls into JSSymbolTableObject::deleteProperty() instead,
which does nothing but returning `false` that is being ignored by del_by_id opcode in sloppy mode,
precluding a runtime error from being thrown for code like `delete foo; let foo`.

As for the strict mode, TDZ check isn't even reached because a SyntaxError is thrown for any binding
that could possibly end up being unitialized [4].

In no way this change affects WithStatement since it can't produce a value deemed as
uninitialized binding (an empty JSValue).

Aligns JSC with V8 and SpiderMonkey.

[1]: https://tc39.es/ecma262/#sec-declarative-environment-records-getbindingvalue-n-s (step 2)
[2]: https://tc39.es/ecma262/#sec-delete-operator-runtime-semantics-evaluation (step 5.c)
[3]: https://tc39.es/ecma262/#sec-declarative-environment-records-deletebinding-n (step 2)
[4]: https://tc39.es/ecma262/#sec-delete-operator-static-semantics-early-errors

* JSTests/ChakraCore/test/LetConst/tdz1.baseline-jsc:
* JSTests/stress/const-not-strict-mode.js:
* JSTests/stress/lexical-let-not-strict-mode.js:
* Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp:
(JSC::DeleteResolveNode::emitBytecode):

Canonical link: https://commits.webkit.org/265212@main

More information about the webkit-changes mailing list