Bug 180779

Summary: Arrow functions need their own structure because they have different properties than sloppy functions
Product: WebKit Reporter: Saam Barati <saam>
Component: JavaScriptCoreAssignee: Saam Barati <saam>
Status: RESOLVED FIXED    
Severity: Normal CC: benjamin, commit-queue, fpizlo, ggaren, gskachkov, jfbastien, keith_miller, mark.lam, msaboff, rmorisset, ticaiolima, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
patch none

Description Saam Barati 2017-12-13 16:06:57 PST
What we do now invalidates our caching policies. For example, arrow functions and normal vanilla sloppy functions share a structure.
If we do:
```
function foo() { }
let bar = () => undefined;

bar.hasOwnProperty("prototype"); // false. This is expected
foo.hasOwnProperty("prototype"); // false. This is wrong!
```

This is probably broken in get ICs as well. The bug is we either can't cache this property, or we need different structures to represent the difference in type here.
Comment 1 Saam Barati 2017-12-13 16:09:11 PST
Here is an example of get being broken:

```
function assert(b) {
    if (!b)
        throw new Error;
}

function foo(f) {
    return f.prototype;
}

{
    let f1 = function () { };
    let f2 = () => undefined;
    for (let i = 0; i < 100; ++i)
        assert(foo(f2) === undefined);
    assert(foo(f1) !== undefined);
}
```

I think JF recently fixed a similar issue w/ strict vs sloppy mode functions.
Comment 2 Saam Barati 2017-12-13 16:16:54 PST
<rdar://problem/35814591>
Comment 3 Radar WebKit Bug Importer 2017-12-13 16:18:21 PST
<rdar://problem/36035267>
Comment 4 Saam Barati 2017-12-13 17:51:23 PST
Created attachment 329298 [details]
patch
Comment 5 Mark Lam 2017-12-13 17:55:52 PST
Comment on attachment 329298 [details]
patch

r=me
Comment 6 WebKit Commit Bot 2017-12-13 20:10:06 PST
Comment on attachment 329298 [details]
patch

Clearing flags on attachment: 329298

Committed r225891: <https://trac.webkit.org/changeset/225891>
Comment 7 WebKit Commit Bot 2017-12-13 20:10:07 PST
All reviewed patches have been landed.  Closing bug.
Comment 8 JF Bastien 2017-12-14 09:12:56 PST
Comment on attachment 329298 [details]
patch

Belated r=me too