[JSC] emitReturn() should load this value from arrow function lexical environment prior to TDZ check
#23965
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
shvaikalesh
added
the
JavaScriptCore
Collaborator
|
EWS run on previous version of this PR (hash 11e828a) |
🧪 api-mac
hyjorc1
reviewed
Feb 8, 2024
shvaikalesh
force-pushed
the
eng/JSC-emitReturn-should-load-this-value-from-arrow-function-lexical-environment-prior-to-TDZ-check
branch
from
11e828a to
18cf617
Compare
Collaborator
|
EWS run on current version of this PR (hash 18cf617) |
shvaikalesh
added
skip-ews
…al environment prior to TDZ check https://bugs.webkit.org/show_bug.cgi?id=268864 <rdar://problem/122430056> Reviewed by Justin Michaud. This change: 1) Hoists first TDZ check of emitReturn() up to FunctionNode::emitBytecode(), and refactors it leveraging semantically equivalent ensureThis(), which makes automatically-inserted return equivalent to `return this`. I confirmed this to be the only call site of emitReturn() with unchecked thisRegister() as `src`. This is non-observable. 2) Adds missing emitLoadThisFromArrowFunctionLexicalEnvironment() before second TDZ check, and refactors it using ensureThis(). This is an observable change that prevents ReferenceError being thrown on totally valid and rather sane code of calling super() inside an arrow function before explicit `return`. Aligns JSC with the spec [1], V8, and SpiderMonkey. 3) Since when `from == ReturnFrom::Finally` is true, `src` is always completionValueRegister(), meaning the check ^^ is useless. Removes it altogether with BytecodeGenerator::ReturnFrom. [1]: https://tc39.es/ecma262/#sec-ecmascript-function-objects-construct-argumentslist-newtarget (step 12) * JSTests/stress/regress-268864.js: Added. * JSTests/test262/expectations.yaml: Mark 6 tests as passing. * Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::emitReturn): (JSC::BytecodeGenerator::emitFinallyCompletion): * Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h: * Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp: (JSC::FunctionNode::emitBytecode): Canonical link: https://commits.webkit.org/275425@main
webkit-commit-queue
force-pushed
the
eng/JSC-emitReturn-should-load-this-value-from-arrow-function-lexical-environment-prior-to-TDZ-check
branch
from
18cf617 to
26302cf
Compare
Collaborator
|
Committed 275425@main (26302cf): https://commits.webkit.org/275425@main Reviewed commits have been landed. Closing PR #23965 and removing active labels. |
webkit-commit-queue
removed
the
unsafe-merge-queue
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
26302cf
18cf617
🛠 ios🛠 mac🛠 wpe🛠 wincairo🛠 ios-sim🛠 mac-AS-debug🧪 wpe-wk2🧪 webkitperl🧪 ios-wk2🧪 api-mac🧪 api-wpe🧪 ios-wk2-wpt🧪 mac-wk1🛠 gtk🛠 🧪 jsc🧪 api-ios🧪 mac-wk2🧪 gtk-wk2🛠 🧪 jsc-arm64🛠 tv🧪 mac-AS-debug-wk2🧪 api-gtk🛠 tv-sim🧪 mac-wk2-stress🛠 jsc-armv7🛠 watch🧪 jsc-armv7-tests🛠 watch-sim