mirrors/ladybird
0
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-07-13 04:21:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

LibJS: Do more comprehensive check if next() fast path is possible

Browse source 
Before this change each built-in iterator object has a boolean
`m_next_method_was_redefined`. If user code later changed the iterator’s
prototype (e.g. `Object.setPrototypeOf()`), we still believed the
built-in fast-path was safe and skipped the user supplied override,
producing wrong results.

With this change
`BuiltinIterator::as_builtin_iterator_if_next_is_not_redefined()` looks
up the current `next` property and verifies that it is still the
built-in native function.
This commit is contained in:
Aliaksandr Kalenik 2025-06-01 18:44:18 +02:00 committed by Alexander Kalenik
parent 0fcb574041
commit 285bc005cb
Notes: github-actions[bot] 2025-06-01 22:16:38 +00:00
25 changed files with 168 additions and 98 deletions
Download patch file Download diff file Expand all files Collapse all files

14
Libraries/LibJS/Runtime/Object.cpp
View file

@ -961,18 +961,6 @@ ThrowCompletionOr<bool> Object::internal_set(PropertyKey const& property_key, Va
VERIFY(!value.is_special_empty_value());
VERIFY(!receiver.is_special_empty_value());
if (receiver.is_object() && property_key == vm().names.next) {
auto& receiver_object = receiver.as_object();
if (auto* array_iterator_prototype = as_if<ArrayIteratorPrototype>(receiver_object))
array_iterator_prototype->set_next_method_was_redefined();
else if (auto* map_iterator_prototype = as_if<MapIteratorPrototype>(receiver_object))
map_iterator_prototype->set_next_method_was_redefined();
else if (auto* set_iterator_prototype = as_if<SetIteratorPrototype>(receiver_object))
set_iterator_prototype->set_next_method_was_redefined();
else if (auto* string_iterator_prototype = as_if<StringIteratorPrototype>(receiver_object))
string_iterator_prototype->set_next_method_was_redefined();
}
// 2. Let ownDesc be ? O.[[GetOwnProperty]](P).
auto own_descriptor = TRY(internal_get_own_property(property_key));
@ -1349,7 +1337,7 @@ Value Object::get_without_side_effects(PropertyKey const& property_key) const
void Object::define_native_function(Realm& realm, PropertyKey const& property_key, Function<ThrowCompletionOr<Value>(VM&)> native_function, i32 length, PropertyAttributes attribute, Optional<Bytecode::Builtin> builtin)
{
auto function = NativeFunction::create(realm, move(native_function), length, property_key, &realm);
auto function = NativeFunction::create(realm, move(native_function), length, property_key, &realm, {}, builtin);
define_direct_property(property_key, function, attribute);
if (builtin.has_value())
realm.define_builtin(builtin.value(), function);