Ignore:
Timestamp:
Jul 23, 2020, 8:53:46 PM (5 years ago)
Author:
[email protected]
Message:

[JSC] Arrow function |this| resolution should not be trapped by with-scope
https://bugs.webkit.org/show_bug.cgi?id=214716
<rdar://problem/65980639>

Reviewed by Darin Adler.

JSTests:

  • stress/proxy-trap-this.js: Added.

(shouldNotThrow):
(const.handler.has):
(test):

Source/JavaScriptCore:

We were using usual "this" named variable in lexical-environment to load and store arrow-function's |this|.
But since this looks normal variable, it can be trapped by "with" scope's object while it should not be.
We use thisPrivateName instead to avoid this behavior since Proxy does not trap private names.

  • builtins/BuiltinNames.h:
  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::initializeArrowFunctionContextScopeIfNeeded):
(JSC::BytecodeGenerator::variable):
(JSC::BytecodeGenerator::createVariable):
(JSC::BytecodeGenerator::emitLoadThisFromArrowFunctionLexicalEnvironment):
(JSC::BytecodeGenerator::emitPutThisToArrowFunctionContextScope):

  • bytecompiler/NodesCodegen.cpp:

(JSC::HasOwnPropertyFunctionCallDotNode::emitBytecode):
(JSC::ForInNode::emitBytecode):

  • runtime/CommonIdentifiers.cpp:

(JSC::CommonIdentifiers::CommonIdentifiers):

  • runtime/CommonIdentifiers.h:
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp

    r264750 r264809  
    19561956            // After generator.ensureThis (which must be invoked in |base|'s materialization), we can ensure that |this| is in local this-register.
    19571957            ASSERT(base);
    1958             return generator.variable(generator.propertyNames().thisIdentifier, ThisResolutionType::Local) == structureContext->baseVariable().value();
     1958            return generator.variable(generator.propertyNames().builtinNames().thisPrivateName(), ThisResolutionType::Local) == structureContext->baseVariable().value();
    19591959        }
    19601960        return false;
     
    38953895        // After generator.ensureThis (which must be invoked in |base|'s materialization), we can ensure that |this| is in local this-register.
    38963896        ASSERT(base);
    3897         baseVariable = generator.variable(generator.propertyNames().thisIdentifier, ThisResolutionType::Local);
     3897        baseVariable = generator.variable(generator.propertyNames().builtinNames().thisPrivateName(), ThisResolutionType::Local);
    38983898    }
    38993899
Note: See TracChangeset for help on using the changeset viewer.