Ignore:
Timestamp:
Sep 5, 2019, 11:47:55 AM (6 years ago)
Author:
Tadeu Zagallo
Message:

LazyClassStructure::setConstructor should not store the constructor to the global object
https://bugs.webkit.org/show_bug.cgi?id=201484
<rdar://problem/50400451>

Reviewed by Yusuke Suzuki.

JSTests:

  • stress/web-assembly-constructors-should-not-override-global-object-property.js: Added.

Source/JavaScriptCore:

LazyClassStructure::setConstructor sets the constructor as a property of the global object.
This became a problem when it started being used for WebAssembly constructors, such as Module
and Instance, since they are properties of the WebAssembly object, not the global object. That
resulted in properties of the global object replaced whenever a lazy WebAssembly constructor
was first accessed. e.g.

globalThis.Module = x;
WebAssembly.Module;
globalThis.Module === WebAssembly.Module;

  • runtime/LazyClassStructure.cpp:

(JSC::LazyClassStructure::Initializer::setConstructor):

  • runtime/LazyClassStructure.h:
  • runtime/Lookup.h:

(JSC::reifyStaticProperty):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/runtime/LazyClassStructure.cpp

    r249175 r249538  
    6161}
    6262
    63 void LazyClassStructure::Initializer::setConstructor(PropertyName propertyName, JSObject* constructor)
     63void LazyClassStructure::Initializer::setConstructor(JSObject* constructor)
    6464{
    6565    RELEASE_ASSERT(structure);
     
    7070
    7171    prototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, constructor, static_cast<unsigned>(PropertyAttribute::DontEnum));
    72     if (!propertyName.isNull())
    73         global->putDirect(vm, propertyName, constructor, static_cast<unsigned>(PropertyAttribute::DontEnum));
    7472    classStructure.m_constructor.set(vm, global, constructor);
    75 }
    76 
    77 void LazyClassStructure::Initializer::setConstructor(JSObject* constructor)
    78 {
    79     String name;
    80     if (InternalFunction* internalFunction = jsDynamicCast<InternalFunction*>(vm, constructor))
    81         name = internalFunction->name();
    82     else if (JSFunction* function = jsDynamicCast<JSFunction*>(vm, constructor))
    83         name = function->name(vm);
    84     else
    85         RELEASE_ASSERT_NOT_REACHED();
    86    
    87     setConstructor(Identifier::fromString(vm, name), constructor);
    8873}
    8974
Note: See TracChangeset for help on using the changeset viewer.