Changeset 69940 in webkit for trunk/JavaScriptCore/bytecompiler/NodesCodegen.cpp

Timestamp:

Oct 17, 2010, 9:08:37 PM (15 years ago)

Author:

[email protected]

Message:

2010-10-17 Oliver Hunt <​[email protected]>

Reviewed by Sam Weinig.

Strict mode: Assignment that would create a global should be a late ReferenceError, not a syntax failure
​https://bugs.webkit.org/show_bug.cgi?id=47788

Fixing this required a couple of changes:

• resolve_base now has a flag to indicate whether it is being used for a put in strict mode. this allows us to throw an exception when we're doing a completely generic resolve for assignment, and that assignment would create a new global.
• There is a new opcode 'op_ensure_property_exists' that is used to determine whether the property being assigned to already exists on the global object. This currently has no caching, but such caching could be added relatively trivially. It is only used in the case where we know that a property will be placed on the global object, and we cannot verify that the property already exists.

In the jit we plant a call to cti_op_resolve_base_strict_put in the effected case rather
than making op_resolve_base have an additional runtime branch.

There's also a new helper function to create the exception for the invalid assignment.

• bytecode/CodeBlock.cpp: (JSC::CodeBlock::dump):
• bytecode/Opcode.h:
• bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::emitResolveBase): (JSC::BytecodeGenerator::emitResolveBaseForPut):
• bytecompiler/BytecodeGenerator.h:
• bytecompiler/NodesCodegen.cpp: (JSC::AssignResolveNode::emitBytecode): (JSC::ForInNode::emitBytecode):
• interpreter/Interpreter.cpp: (JSC::Interpreter::resolveBase): (JSC::Interpreter::privateExecute):
• jit/JIT.cpp: (JSC::JIT::privateCompileMainPass):
• jit/JIT.h:
• jit/JITOpcodes.cpp: (JSC::JIT::emit_op_resolve_base): (JSC::JIT::emit_op_ensure_property_exists):
• jit/JITOpcodes32_64.cpp: (JSC::JIT::emit_op_resolve_base): (JSC::JIT::emit_op_ensure_property_exists):
• jit/JITStubs.cpp: (JSC::DEFINE_STUB_FUNCTION):
• jit/JITStubs.h:
• parser/JSParser.cpp: (JSC::JSParser::parseProgram):
• runtime/ExceptionHelpers.cpp: (JSC::createErrorForInvalidGlobalAssignment):
• runtime/ExceptionHelpers.h:
• runtime/Operations.h: (JSC::resolveBase):

2010-10-17 Oliver Hunt <​[email protected]>

Reviewed by Sam Weinig.

Strict mode: Assignment that would create a global should be a late ReferenceError, not a syntax failure
​https://bugs.webkit.org/show_bug.cgi?id=47788

Update test to check for the correct behaviour.

• fast/js/basic-strict-mode-expected.txt:
• fast/js/script-tests/basic-strict-mode.js:

File:

• trunk/JavaScriptCore/bytecompiler/NodesCodegen.cpp (modified) (2 diffs)

trunk/JavaScriptCore/bytecompiler/NodesCodegen.cpp

@@ -1232 +1232 @@
     }
 
-    RefPtr<RegisterID> base = generator.emitResolveBase(generator.newTemporary(), m_ident);
+    RefPtr<RegisterID> base = generator.emitResolveBaseForPut(generator.newTemporary(), m_ident);
     if (dst == generator.ignoredResult())
         dst = 0;
@@ -1606 +1606 @@
             propertyName = generator.newTemporary();
             RefPtr<RegisterID> protect = propertyName;
-            RegisterID* base = generator.emitResolveBase(generator.newTemporary(), ident);
+            RegisterID* base = generator.emitResolveBaseForPut(generator.newTemporary(), ident);
 
             generator.emitExpressionInfo(divot(), startOffset(), endOffset());