[webkit-changes] [WebKit/WebKit] bb825e: [JSC] eval() call with ...spread syntax should be ...

Commit Queue noreply at github.com
Tue Jan 30 14:09:32 PST 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: bb825e021a874b1bc85ff26172e19587cb634f5a
      https://github.com/WebKit/WebKit/commit/bb825e021a874b1bc85ff26172e19587cb634f5a
  Author: Alexey Shvayka <ashvayka at apple.com>
  Date:   2024-01-30 (Tue, 30 Jan 2024)

  Changed paths:
    A JSTests/stress/direct-eval-spread.js
    M JSTests/test262/expectations.yaml
    M Source/JavaScriptCore/builtins/BuiltinNames.h
    M Source/JavaScriptCore/bytecode/LinkTimeConstant.h
    M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
    M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h
    M Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
    M Source/JavaScriptCore/runtime/JSGlobalObject.cpp
    M Source/JavaScriptCore/runtime/JSGlobalObject.h
    M Source/JavaScriptCore/runtime/JSGlobalObjectInlines.h

  Log Message:
  -----------
  [JSC] eval() call with ...spread syntax should be direct
https://bugs.webkit.org/show_bug.cgi?id=268028
<rdar://problem/121547890>

Reviewed by Justin Michaud.

Before this change, EvalFunctionCallNode was emitting op_call_varargs for calls with ...spread syntax,
rather than op_call_direct_eval, thus always performing indirect eval. Per spec [1], that was wrong:
CoverCallExpressionAndAsyncArrowHead production matches ...spread syntax as well.

Since global eval() function takes only one parameter, and we would like to avoid introducing yet
another call bytecode just for this very rare case, this change emits op_spread to perform full iteration
and passes first argument into op_call_direct_eval, conditional on callee function to be built-in eval()
from the lexical realm.

To perform this check, we need a LinkTimeConstant and the globalObject->evalFunction() to share the same
JSFunction, which is tricky since m_linkTimeConstants stores stateful LazyProperty object directly, without
a pointer, and their initializers should be stateless. That is why initializeEvalFunction() is introduced.

[1]: https://tc39.es/ecma262/#sec-function-calls-runtime-semantics-evaluation

* JSTests/stress/direct-eval-spread.js: Added.
* JSTests/test262/expectations.yaml: Mark 6 tests as passing.
* Source/JavaScriptCore/builtins/BuiltinNames.h:
* Source/JavaScriptCore/bytecode/LinkTimeConstant.h:
* Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitJumpIfNotEvalFunction):
(JSC::BytecodeGenerator::emitCall):
* Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h:
* Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp:
(JSC::EvalFunctionCallNode::emitBytecode):
* Source/JavaScriptCore/runtime/JSGlobalObject.cpp:
(JSC::initializeEvalFunction):
(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::visitChildrenImpl):
* Source/JavaScriptCore/runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::evalFunction const): Deleted.
* Source/JavaScriptCore/runtime/JSGlobalObjectInlines.h:
(JSC::JSGlobalObject::evalFunction const):

Canonical link: https://commits.webkit.org/273788@main

More information about the webkit-changes mailing list