commit 4b953954a4bbe55d37806666221bf4882f6ede53
author ross.kirsling@sony.com <ross.kirsling@sony.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Wed Mar 25 02:07:38 2020 +0000
committer ross.kirsling@sony.com <ross.kirsling@sony.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Wed Mar 25 02:07:38 2020 +0000
tree b55ef449c52d6ea429fadeae4d7e422df535f94e
parent 3b1271dab035116cc6f84f9dff347f7f6d9ca3b4

Introduce @tryGetByIdWithWellKnownSymbol instead of repurposing @tryGetById itself
https://bugs.webkit.org/show_bug.cgi?id=209524

Reviewed by Saam Barati and Yusuke Suzuki.

r258865 allowed @tryGetById to take any ResolveNode, such that a built-in could pass a well-known symbol.
This is much more permissive than necessary, since we shouldn't really need a ResolveNode in the first place;
instead, let's make a new bytecode intrinsic function @tryGetByIdWithWellKnownSymbol for this purpose.

* builtins/RegExpPrototype.js:
(globalPrivate.hasObservableSideEffectsForRegExpSplit):
* bytecode/BytecodeIntrinsicRegistry.h:
* bytecompiler/NodesCodegen.cpp:
(JSC::BytecodeIntrinsicNode::emit_intrinsic_tryGetById): Revert change from r258865.
(JSC::BytecodeIntrinsicNode::emit_intrinsic_tryGetByIdWithWellKnownSymbol): Added.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@258968 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/ChangeLog

diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog
index f3b09ec..c292b9f 100644
--- a/Source/JavaScriptCore/ChangeLog
+++ b/Source/JavaScriptCore/ChangeLog
@@ -1,3 +1,21 @@
+2020-03-24  Ross Kirsling  <ross.kirsling@sony.com>
+
+        Introduce @tryGetByIdWithWellKnownSymbol instead of repurposing @tryGetById itself
+        https://bugs.webkit.org/show_bug.cgi?id=209524
+
+        Reviewed by Saam Barati and Yusuke Suzuki.
+
+        r258865 allowed @tryGetById to take any ResolveNode, such that a built-in could pass a well-known symbol.
+        This is much more permissive than necessary, since we shouldn't really need a ResolveNode in the first place; 
+        instead, let's make a new bytecode intrinsic function @tryGetByIdWithWellKnownSymbol for this purpose.
+
+        * builtins/RegExpPrototype.js:
+        (globalPrivate.hasObservableSideEffectsForRegExpSplit):
+        * bytecode/BytecodeIntrinsicRegistry.h:
+        * bytecompiler/NodesCodegen.cpp:
+        (JSC::BytecodeIntrinsicNode::emit_intrinsic_tryGetById): Revert change from r258865.
+        (JSC::BytecodeIntrinsicNode::emit_intrinsic_tryGetByIdWithWellKnownSymbol): Added.
+
 2020-03-24  Tadeu Zagallo  <tzagallo@apple.com>
 
         LLIntGenerator must link switch jumps to otherwise redundant labels

Source/JavaScriptCore/builtins/RegExpPrototype.js

diff --git a/Source/JavaScriptCore/builtins/RegExpPrototype.js b/Source/JavaScriptCore/builtins/RegExpPrototype.js
index 256bc5b..13d59ec 100644
--- a/Source/JavaScriptCore/builtins/RegExpPrototype.js
+++ b/Source/JavaScriptCore/builtins/RegExpPrototype.js
@@ -463,7 +463,7 @@
     var regexpSource = @tryGetById(regexp, "source");
     if (regexpSource !== @regExpProtoSourceGetter)
         return true;
-    var regexpSymbolMatch = @tryGetById(regexp, @@match);
+    var regexpSymbolMatch = @tryGetByIdWithWellKnownSymbol(regexp, "match");
     if (regexpSymbolMatch !== @regExpPrototypeSymbolMatch)
         return true;
 

Source/JavaScriptCore/bytecode/BytecodeIntrinsicRegistry.h

diff --git a/Source/JavaScriptCore/bytecode/BytecodeIntrinsicRegistry.h b/Source/JavaScriptCore/bytecode/BytecodeIntrinsicRegistry.h
index cf1c382..9bf2c40 100644
--- a/Source/JavaScriptCore/bytecode/BytecodeIntrinsicRegistry.h
+++ b/Source/JavaScriptCore/bytecode/BytecodeIntrinsicRegistry.h
@@ -66,6 +66,7 @@
     macro(throwRangeError) \
     macro(throwOutOfMemoryError) \
     macro(tryGetById) \
+    macro(tryGetByIdWithWellKnownSymbol) \
     macro(putByIdDirect) \
     macro(putByIdDirectPrivate) \
     macro(putByValDirect) \

Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp

diff --git a/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp b/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
index b5ee141..69712aa 100644
--- a/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
+++ b/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
@@ -1422,14 +1422,29 @@
     RefPtr<RegisterID> base = generator.emitNode(node);
     node = node->m_next;
 
-    ASSERT(node->m_expr->isString() || node->m_expr->isResolveNode());
-    const Identifier& ident = node->m_expr->isString() ? static_cast<StringNode*>(node->m_expr)->value() : static_cast<ResolveNode*>(node->m_expr)->identifier();
+    ASSERT(node->m_expr->isString());
+    const Identifier& ident = static_cast<StringNode*>(node->m_expr)->value();
     ASSERT(!node->m_next);
 
     RefPtr<RegisterID> finalDest = generator.finalDestination(dst);
     return generator.emitTryGetById(finalDest.get(), base.get(), ident);
 }
 
+RegisterID* BytecodeIntrinsicNode::emit_intrinsic_tryGetByIdWithWellKnownSymbol(BytecodeGenerator& generator, RegisterID* dst)
+{
+    ArgumentListNode* node = m_args->m_listNode;
+    RefPtr<RegisterID> base = generator.emitNode(node);
+    node = node->m_next;
+
+    ASSERT(node->m_expr->isString());
+    SymbolImpl* symbol = generator.vm().propertyNames->builtinNames().lookUpWellKnownSymbol(static_cast<StringNode*>(node->m_expr)->value());
+    RELEASE_ASSERT(symbol);
+    ASSERT(!node->m_next);
+
+    RefPtr<RegisterID> finalDest = generator.finalDestination(dst);
+    return generator.emitTryGetById(finalDest.get(), base.get(), generator.parserArena().identifierArena().makeIdentifier(generator.vm(), symbol));
+}
+
 RegisterID* BytecodeIntrinsicNode::emit_intrinsic_toNumber(BytecodeGenerator& generator, RegisterID* dst)
 {
     ArgumentListNode* node = m_args->m_listNode;