Changeset 271265 in webkit for trunk/Source/JavaScriptCore/parser/SyntaxChecker.h

Timestamp:

Jan 7, 2021, 3:17:44 PM (4 years ago)

Author:

[email protected]

Message:

[JSC] New expression and value function call should reserve function register if arguments include assignments
​https://bugs.webkit.org/show_bug.cgi?id=220429
<rdar://problem/70598359>

Reviewed by Alexey Shvayka.

JSTests:

• stress/comma-value-func-call-resolve.js: Added.

(shouldBe):
(fn.x):
(fn):

• stress/construct-overwritten-variable.js:

(shouldThrow):
(new.x.x): Deleted.

• stress/construct-spread-overwritten-variable-2.js:

(shouldThrow):
(new.x.x): Deleted.

• stress/construct-spread-overwritten-variable.js:

(shouldThrow):
(new.x.x): Deleted.

• stress/destructuring-func-call-resolve.js: Added.

(shouldBe):
(fn.x):
(fn):
(fn2.x):
(fn2):

• stress/resolve-func-call-resolve.js: Added.

(shouldBe):
(fn.x):
(fn):

• stress/tagged-template-call-resolve.js: Added.

(shouldBe):
(fn.x):
(fn):

• test262/expectations.yaml:

Source/JavaScriptCore:

If the following code is executed, we need to reserve |x| before evaluating arguments since arguments can override
local |x| variable before calling it.

new x(x = 1)

We found there are two places we are not doing this.

1. new expression
2. function value call (it is checking isLocation(), but we can still use local variables for function if we use comma expression)

We introduced hasAssignment flag to ArgumentsNode, and reserve a function in a new temporary register if arguments include assignments.
We also need to increment assignmentCount in destructuring assignment.

• bytecompiler/NodesCodegen.cpp:

(JSC::NewExprNode::emitBytecode):
(JSC::FunctionCallValueNode::emitBytecode):

• parser/ASTBuilder.h:

(JSC::ASTBuilder::createArguments):

• parser/NodeConstructors.h:

(JSC::ArgumentsNode::ArgumentsNode):

• parser/Nodes.h:
• parser/Parser.cpp:

(JSC::Parser<LexerType>::parseDestructuringPattern):
(JSC::Parser<LexerType>::parseArguments):

• parser/SyntaxChecker.h:

(JSC::SyntaxChecker::createArguments):

File:

• trunk/Source/JavaScriptCore/parser/SyntaxChecker.h (modified) (1 diff)

trunk/Source/JavaScriptCore/parser/SyntaxChecker.h

@@ -201 +201 @@
     void setFunctionNameStart(int, int) { }
     int createArguments() { return ArgumentsResult; }
-    int createArguments(int) { return ArgumentsResult; }
+    int createArguments(int, bool) { return ArgumentsResult; }
     ExpressionType createSpreadExpression(const JSTokenLocation&, ExpressionType, int, int, int) { return SpreadExpr; }
     ExpressionType createObjectSpreadExpression(const JSTokenLocation&, ExpressionType, int, int, int) { return ObjectSpreadExpr; }