[webkit-changes] [WebKit/WebKit] ad6899: [JSC] try/catch should not intercept errors origin...
Commit Queue
noreply at github.com
Mon Feb 26 16:44:31 PST 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: ad689935bb77e592b0b622143a71ff5520d6456b
https://github.com/WebKit/WebKit/commit/ad689935bb77e592b0b622143a71ff5520d6456b
Author: Alexey Shvayka <ashvayka at apple.com>
Date: 2024-02-26 (Mon, 26 Feb 2024)
Changed paths:
A JSTests/stress/regress-268411.js
M JSTests/test262/expectations.yaml
M Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
M Source/JavaScriptCore/parser/Parser.cpp
M Source/JavaScriptCore/parser/Parser.h
Log Message:
-----------
[JSC] try/catch should not intercept errors originated in [[Construct]] of derived class
https://bugs.webkit.org/show_bug.cgi?id=268411
<rdar://problem/121959506>
Reviewed by Justin Michaud.
Before this change, if a `return` statement of a derived class constructor was inside a `try` .. `catch`
statement, errors thrown at steps 10-12 of [1] were caught by the `catch` block, which is obviously
wrong since the userland code should have been evaluated during step 9 of [1].
It's infeasible to perform these checks (super() wasn't called / returned non-undefined primitive) in
`op_construct` because we can't distinguish derived class constructors in a performant way, plus accounting
for inlining would be challenging.
Rather than introducing a mechanism of "fake returns" that jump out from `try` block to perform
above-mentioned checks before actually returning, which would be quite complicated, this patch leverages
existing emitJumpViaFinallyIfNeeded() logic by creating an empty `finally` block right inside a parser.
I argue that containing this whole workaround cohesively in parseTryStatement() is better than passing
a CodeFeature that `try` block contains a `return` all the way to TryNode::emitBytecode().
Aligns JSC with the spec [1], V8, and SpiderMonkey. Until very recently, V8 used to have the same bug.
[1]: https://tc39.es/ecma262/#sec-ecmascript-function-objects-construct-argumentslist-newtarget
* JSTests/stress/regress-268411.js: Added.
* JSTests/test262/expectations.yaml: Mark 6 tests as passing.
* Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp:
(JSC::EmptyStatementNode::emitBytecode):
* Source/JavaScriptCore/parser/Parser.cpp:
(JSC::Parser<LexerType>::parseReturnStatement):
(JSC::Parser<LexerType>::parseTryStatement):
* Source/JavaScriptCore/parser/Parser.h:
Canonical link: https://commits.webkit.org/275353@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list