mirrors/ladybird
0
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-07-12 20:11:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

LibJS: Do more comprehensive check if next() fast path is possible

Browse source 
Before this change each built-in iterator object has a boolean
`m_next_method_was_redefined`. If user code later changed the iterator’s
prototype (e.g. `Object.setPrototypeOf()`), we still believed the
built-in fast-path was safe and skipped the user supplied override,
producing wrong results.

With this change
`BuiltinIterator::as_builtin_iterator_if_next_is_not_redefined()` looks
up the current `next` property and verifies that it is still the
built-in native function.
This commit is contained in:
Aliaksandr Kalenik 2025-06-01 18:44:18 +02:00 committed by Alexander Kalenik
parent 0fcb574041
commit 285bc005cb
Notes: github-actions[bot] 2025-06-01 22:16:38 +00:00
25 changed files with 168 additions and 98 deletions
Download patch file Download diff file Expand all files Collapse all files

7
Libraries/LibJS/Runtime/NativeFunction.cpp
View file

@ -32,7 +32,7 @@ void NativeFunction::visit_edges(Cell::Visitor& visitor)
// 10.3.3 CreateBuiltinFunction ( behaviour, length, name, additionalInternalSlotsList [ , realm [ , prototype [ , prefix ] ] ] ), https://tc39.es/ecma262/#sec-createbuiltinfunction
// NOTE: This doesn't consider additionalInternalSlotsList, which is rarely used, and can either be implemented using only the `function` lambda, or needs a NativeFunction subclass.
GC::Ref<NativeFunction> NativeFunction::create(Realm& allocating_realm, Function<ThrowCompletionOr<Value>(VM&)> behaviour, i32 length, PropertyKey const& name, Optional<Realm*> realm, Optional<StringView> const& prefix)
GC::Ref<NativeFunction> NativeFunction::create(Realm& allocating_realm, Function<ThrowCompletionOr<Value>(VM&)> behaviour, i32 length, PropertyKey const& name, Optional<Realm*> realm, Optional<StringView> const& prefix, Optional<Bytecode::Builtin> builtin)
{
auto& vm = allocating_realm.vm();
@ -51,7 +51,7 @@ GC::Ref<NativeFunction> NativeFunction::create(Realm& allocating_realm, Function
// 7. Set func.[[Extensible]] to true.
// 8. Set func.[[Realm]] to realm.
// 9. Set func.[[InitialName]] to null.
auto function = allocating_realm.create<NativeFunction>(move(behaviour), prototype, *realm.value());
auto function = allocating_realm.create<NativeFunction>(move(behaviour), prototype, *realm.value(), builtin);
function->unsafe_set_shape(realm.value()->intrinsics().native_function_shape());
@ -73,8 +73,9 @@ GC::Ref<NativeFunction> NativeFunction::create(Realm& realm, FlyString const& na
return realm.create<NativeFunction>(name, move(function), realm.intrinsics().function_prototype());
}
NativeFunction::NativeFunction(AK::Function<ThrowCompletionOr<Value>(VM&)> native_function, Object* prototype, Realm& realm)
NativeFunction::NativeFunction(AK::Function<ThrowCompletionOr<Value>(VM&)> native_function, Object* prototype, Realm& realm, Optional<Bytecode::Builtin> builtin)
: FunctionObject(realm, prototype)
, m_builtin(builtin)
, m_native_function(move(native_function))
, m_realm(&realm)
{