[webkit-changes] [WebKit/WebKit] 2a1f6c: instanceof should not get RHS prototype when LHS i...
Ross Kirsling
noreply at github.com
Mon Feb 26 06:43:41 PST 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 2a1f6c179e546b6219dcee2d55add5dc8c7c6b3e
https://github.com/WebKit/WebKit/commit/2a1f6c179e546b6219dcee2d55add5dc8c7c6b3e
Author: Ross Kirsling <ross.kirsling at sony.com>
Date: 2024-02-26 (Mon, 26 Feb 2024)
Changed paths:
M JSTests/test262/expectations.yaml
M Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
Log Message:
-----------
instanceof should not get RHS prototype when LHS is primitive
https://bugs.webkit.org/show_bug.cgi?id=270065
Reviewed by Justin Michaud.
The expression `x instanceof obj` should not access obj.prototype when x is primitive per the spec,
but our implementation eagerly grabs the prototype in order to hand it off to OpInstanceof.
https://tc39.es/ecma262/multipage/abstract-operations.html#sec-ordinaryhasinstance
7.3.21 OrdinaryHasInstance ( C, O )
...
3. If O is not an Object, return false.
4. Let P be ? Get(C, "prototype").
...
We could refactor OpInstanceof to take the RHS directly instead of its prototype, but it suffices to add a couple of
lines to InstanceOfNode::emitBytecode. (And while we're at it, we can also do a bit better with temp register reuse.)
* JSTests/test262/expectations.yaml: Mark two tests as passing.
* Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp:
(JSC::InstanceOfNode::emitBytecode):
Canonical link: https://commits.webkit.org/275318@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list