[webkit-changes] [WebKit/WebKit] c3f07d: [JSC] Propagate InstanceFieldEvalContext through a...

Sat, 04 Apr 2026 21:07:53 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: c3f07df74de48d48b30bd6068cd9927539b04457
      
https://github.com/WebKit/WebKit/commit/c3f07df74de48d48b30bd6068cd9927539b04457
  Author: Sosuke Suzuki <[email protected]>
  Date:   2026-04-04 (Sat, 04 Apr 2026)

  Changed paths:
    A JSTests/stress/class-field-eval-arguments-in-nested-scope.js
    M JSTests/test262/expectations.yaml
    M Source/JavaScriptCore/builtins/BuiltinExecutables.cpp
    M Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp
    M Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.h
    M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
    M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h
    M Source/JavaScriptCore/interpreter/Interpreter.cpp
    M Source/JavaScriptCore/parser/Parser.cpp
    M Source/JavaScriptCore/parser/Parser.h
    M Source/JavaScriptCore/runtime/CachedTypes.cpp
    M Source/JavaScriptCore/runtime/CodeCache.cpp

  Log Message:
  -----------
  [JSC] Propagate InstanceFieldEvalContext through arrows and nested scopes
https://bugs.webkit.org/show_bug.cgi?id=310158

Reviewed by Yusuke Suzuki.

Direct eval inside class field initializer must throw SyntaxError when
ContainsArguments is true (sec-performeval-rules-in-initializer). Two
independent propagation gaps let `arguments` slip through:

1. Parser: currentScope()->evalContextType() reset to None inside nested
   lexical/arrow scopes. Walk to closestScopeOwningArguments() instead.
2. Interpreter: computed evalContextType from caller parseMode directly,
   losing the flag when an arrow sits between initializer and eval. Store
   on UnlinkedFunctionExecutable and inherit through arrows like
   DerivedContextType already does.

sizeof(UnlinkedFunctionExecutable) unchanged (fits in bitfield padding).

Test: JSTests/stress/class-field-eval-arguments-in-nested-scope.js

* JSTests/stress/class-field-eval-arguments-in-nested-scope.js: Added.
(shouldThrowSyntaxError):
(shouldNotThrowSyntaxError):
(x):
(prototype.run):
* JSTests/test262/expectations.yaml:
* Source/JavaScriptCore/builtins/BuiltinExecutables.cpp:
(JSC::BuiltinExecutables::createExecutable):
* Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp:
(JSC::generateUnlinkedFunctionCodeBlock):
(JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
* Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.h:
* Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitNewClassFieldInitializerFunction):
* Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h:
(JSC::BytecodeGenerator::makeFunction):
* Source/JavaScriptCore/interpreter/Interpreter.cpp:
(JSC::eval):
* Source/JavaScriptCore/parser/Parser.cpp:
(JSC::Parser<LexerType>::tryParseArgumentsDotLengthForFastPath):
(JSC::Parser<LexerType>::parsePrimaryExpression):
* Source/JavaScriptCore/parser/Parser.h:
* Source/JavaScriptCore/runtime/CachedTypes.cpp:
(JSC::CachedFunctionExecutable::evalContextType const):
(JSC::CachedFunctionExecutable::encode):
(JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
* Source/JavaScriptCore/runtime/CodeCache.cpp:
(JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):

Canonical link: https://commits.webkit.org/310594@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to