eval("this.foo") causes a crash if this had not been initialized in a derived class's constructor
https://bugs.webkit.org/show_bug.cgi?id=142883
Reviewed by Filip Pizlo.
The crash was caused by eval inside the constructor of a derived class not checking TDZ.
Fixed the bug by adding a parser flag that forces the TDZ check to be always emitted when accessing "this"
in eval inside a derived class' constructor.
- bytecode/EvalCodeCache.h:
(JSC::EvalCodeCache::getSlow):
- bytecompiler/NodesCodegen.cpp:
(JSC::ThisNode::emitBytecode):
- debugger/DebuggerCallFrame.cpp:
(JSC::DebuggerCallFrame::evaluate):
- interpreter/Interpreter.cpp:
(JSC::eval):
(JSC::ASTBuilder::thisExpr):
- parser/NodeConstructors.h:
(JSC::ThisNode::ThisNode):
- parser/Nodes.h:
- parser/Parser.cpp:
(JSC::Parser<LexerType>::Parser):
(JSC::Parser<LexerType>::parsePrimaryExpression):
(JSC::parse):
- parser/ParserModes.h:
- parser/SyntaxChecker.h:
(JSC::SyntaxChecker::thisExpr):
(JSC::CodeCache::getGlobalCodeBlock):
(JSC::CodeCache::getProgramCodeBlock):
(JSC::CodeCache::getEvalCodeBlock):
(JSC::SourceCodeKey::SourceCodeKey):
(JSC::EvalExecutable::create):
- runtime/Executable.h:
- runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::createEvalCodeBlock):
- runtime/JSGlobalObject.h:
- runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncEval):
- tests/stress/class-syntax-no-tdz-in-eval.js: Added.
- tests/stress/class-syntax-tdz-in-eval.js: Added.
