Changeset 237241 in webkit for trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp

Timestamp:

Oct 17, 2018, 4:56:56 PM (7 years ago)

Author:

[email protected]

Message:

The parser should not emit a ApplyFunctionCallDotNode for Reflect.apply.
​https://bugs.webkit.org/show_bug.cgi?id=190671
<rdar://problem/45201145>

Reviewed by Saam Barati.

The bytecode generator does not currently know how to inline Reflect.apply (see
​https://bugs.webkit.org/show_bug.cgi?id=190668). Hence, it's a waste of time to
emit the ApplyFunctionCallDotNode since the function check against Function.apply
that it will generate will always fail.

Also fixed CallVariant::dump() to be able to handle dumping a non-executable
callee. Reflect.apply used to trip this up. Any object with an apply property
invoked as a function could also trip this up. This is now fixed.

• bytecode/CallVariant.cpp:

(JSC::CallVariant::dump const):

• bytecompiler/NodesCodegen.cpp:

(JSC::ApplyFunctionCallDotNode::emitBytecode):

• parser/ASTBuilder.h:

(JSC::ASTBuilder::makeFunctionCallNode):

File:

• trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp (modified) (1 diff)

trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp

@@ -1444 +1444 @@
     if (emitCallCheck) {
         makeFunction();
+        ASSERT(!m_base->isResolveNode() || static_cast<ResolveNode*>(m_base)->identifier() != "Reflect");
         generator.emitJumpIfNotFunctionApply(function.get(), realCall.get());
     }