[webkit-changes] [WebKit/WebKit] 26302c: [JSC] emitReturn() should load `this` value from a...

Commit Queue noreply at github.com
Tue Feb 27 22:40:03 PST 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 26302cf8d239273b6b659e4e746829b8322a83b5
      https://github.com/WebKit/WebKit/commit/26302cf8d239273b6b659e4e746829b8322a83b5
  Author: Alexey Shvayka <ashvayka at apple.com>
  Date:   2024-02-27 (Tue, 27 Feb 2024)

  Changed paths:
    A JSTests/stress/regress-268864.js
    M JSTests/test262/expectations.yaml
    M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
    M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h
    M Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp

  Log Message:
  -----------
  [JSC] emitReturn() should load `this` value from arrow function lexical environment prior to TDZ check
https://bugs.webkit.org/show_bug.cgi?id=268864
<rdar://problem/122430056>

Reviewed by Justin Michaud.

This change:

  1) Hoists first TDZ check of emitReturn() up to FunctionNode::emitBytecode(), and refactors it
     leveraging semantically equivalent ensureThis(), which makes automatically-inserted return
     equivalent to `return this`.
     I confirmed this to be the only call site of emitReturn() with unchecked thisRegister() as `src`.
     This is non-observable.

  2) Adds missing emitLoadThisFromArrowFunctionLexicalEnvironment() before second TDZ check, and
     refactors it using ensureThis().
     This is an observable change that prevents ReferenceError being thrown on totally valid and
     rather sane code of calling super() inside an arrow function before explicit `return`.
     Aligns JSC with the spec [1], V8, and SpiderMonkey.

  3) Since when `from == ReturnFrom::Finally` is true, `src` is always completionValueRegister(),
     meaning the check ^^ is useless. Removes it altogether with BytecodeGenerator::ReturnFrom.

[1]: https://tc39.es/ecma262/#sec-ecmascript-function-objects-construct-argumentslist-newtarget (step 12)

* JSTests/stress/regress-268864.js: Added.
* JSTests/test262/expectations.yaml: Mark 6 tests as passing.
* Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitReturn):
(JSC::BytecodeGenerator::emitFinallyCompletion):
* Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h:
* Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp:
(JSC::FunctionNode::emitBytecode):

Canonical link: https://commits.webkit.org/275425@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list