Bug 206888

Summary:

[ESNext][BigInt] We don't support BigInt literal as PropertyName

Product:

WebKit

Reporter:

Caio Lima <ticaiolima>

Component:

JavaScriptCore

Assignee:

Caio Lima <ticaiolima>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

commit-queue, ews-watchlist, keith_miller, mark.lam, msaboff, rmorisset, ross.kirsling, saam, tzagallo, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Patch	none
Patch	none
Patch	none

Caio Lima

Reported 2020-01-28 09:52:43 PST

According to spec, BigInt is a valid PropertyName (https://tc39.es/ecma262/#prod-PropertyName) and it should be evaluated using ToString (https://tc39.es/ecma262/#sec-object-initializer-runtime-semantics-evaluation). Given this, this script should be evaluated without error: ``` // Object Literal let o = { 1n: "foo" }; assert(a[1n] === "foo"); assert(a[1] === "foo"); assert(a["1"] === "foo"); // MethodDeclaration o = { 1n() => "bar" }; assert(a[1n]() === "bar"); assert(a[1]() === "bar"); assert(a["1"]() === "bar"); class C { 1n() { return "baz"; } } let c = new C(); assert(c.[1n]() === "baz"); assert(c.[1]() === "baz"); assert(c.["1"] === "baz"); // Destructuring let {1n: a} = {1n: "foo"}; assert(a === "foo"); ``` Original report from https://bugzilla.mozilla.org/show_bug.cgi?id=1605835

Attachments
Patch (4.33 KB, patch) 2020-01-28 10:28 PST, Caio Lima	no flags	Details Formatted Diff Diff
Patch (7.74 KB, patch) 2020-02-11 07:23 PST, Caio Lima	no flags	Details Formatted Diff Diff
Patch (11.33 KB, patch) 2020-02-11 14:02 PST, Caio Lima	no flags	Details Formatted Diff Diff
Patch (11.45 KB, patch) 2020-02-12 05:30 PST, Caio Lima	no flags	Details Formatted Diff Diff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.

Caio Lima

Comment 1 2020-01-28 10:15:27 PST

Oops, previous script is not correct. Correct version is: ``` // Object Literal let o = { 1n: "foo" }; assert.sameValue(o[1n], "foo"); assert.sameValue(o[1], "foo"); assert.sameValue(o["1"], "foo"); // MethodDeclaration o = { 1n() { return "bar"; } }; assert.sameValue(o[1n](), "bar"); assert.sameValue(o[1](), "bar"); assert.sameValue(o["1"](), "bar"); class C { 1n() { return "baz"; } } let c = new C(); assert.sameValue(c[1n](), "baz"); assert.sameValue(c[1](), "baz"); assert.sameValue(c["1"](), "baz"); // Destructuring let {1n: a} = {1n: "foo"}; assert.sameValue(a, "foo"); ```

Caio Lima

Comment 2 2020-01-28 10:28:37 PST

Created attachment 389029 [details] Patch

Caio Lima

Comment 3 2020-02-11 07:23:31 PST

Created attachment 390368 [details] Patch

Ross Kirsling

Comment 4 2020-02-11 10:02:34 PST

Wow, interesting that every engine missed this! Looks like this is the test262 PR? https://github.com/tc39/test262/pull/2457

Ross Kirsling

Comment 5 2020-02-11 10:27:21 PST

Comment on attachment 390368 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=390368&action=review r=me with comments. Seems like Mozilla's tests also cover binary/octal/hex literals: https://searchfox.org/mozilla-central/source/js/src/tests/non262/BigInt/property-name.js Do you think it's worth adding tests for these (maybe not necessary since they're all just BIGINT tokens)? > Source/JavaScriptCore/parser/Parser.cpp:4177 > + InferName inferName = ident && *ident == m_vm.propertyNames->underscoreProto ? InferName::Disallowed : InferName::Allowed; bigIntString can't be underscoreProto though, can it? Should this be an ASSERT? > JSTests/ChangeLog:8 > + * stress/big-int-as-proeprty-name.js: Added. Nit: spelling in filename :p

Caio Lima

Comment 6 2020-02-11 10:55:54 PST

Comment on attachment 390368 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=390368&action=review I don't think it hurts to add tests with binary, octals and hexdecimals. I'll add those as well. >> Source/JavaScriptCore/parser/Parser.cpp:4177 >> + InferName inferName = ident && *ident == m_vm.propertyNames->underscoreProto ? InferName::Disallowed : InferName::Allowed; > > bigIntString can't be underscoreProto though, can it? Should this be an ASSERT? This should not be here! I think I'll put InferName::Allowed directly on createProperty. >> JSTests/ChangeLog:8 >> + * stress/big-int-as-proeprty-name.js: Added. > > Nit: spelling in filename :p Oops.

Caio Lima

Comment 7 2020-02-11 14:02:00 PST

Created attachment 390419 [details] Patch

Caio Lima

Comment 8 2020-02-11 14:04:04 PST

(In reply to Ross Kirsling from comment #5) > Comment on attachment 390368 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=390368&action=review > > r=me with comments. > > Seems like Mozilla's tests also cover binary/octal/hex literals: > https://searchfox.org/mozilla-central/source/js/src/tests/non262/BigInt/ > property-name.js > Do you think it's worth adding tests for these (maybe not necessary since > they're all just BIGINT tokens)? It turns out that those cases found a bug on implementation! Thank you for pointing this out. I updated a new version of the patch to handle cases when we use non-decimal literals. Do you mind take another look?

Ross Kirsling

Comment 9 2020-02-11 15:44:54 PST

Comment on attachment 390419 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=390419&action=review Hooray for tests finding bugs! > Source/JavaScriptCore/parser/ParserArena.cpp:90 > + // FIXME: We are allocating a JSBigInt just to be able to use > + // JSBigInt::tryGetString when radix is not 10. > + // This creates some GC pressure, but since these identifiers > + // will only be created when BigInt literal is used as a property name, > + // it wont be much problematic, given such cases are very rare. Should this FIXME have a bug?

Caio Lima

Comment 10 2020-02-12 05:05:45 PST

(In reply to Ross Kirsling from comment #9) > Comment on attachment 390419 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=390419&action=review > > Hooray for tests finding bugs! > > > Source/JavaScriptCore/parser/ParserArena.cpp:90 > > + // FIXME: We are allocating a JSBigInt just to be able to use > > + // JSBigInt::tryGetString when radix is not 10. > > + // This creates some GC pressure, but since these identifiers > > + // will only be created when BigInt literal is used as a property name, > > + // it wont be much problematic, given such cases are very rare. > > Should this FIXME have a bug? Yes. I was waiting until get an r+ before creating it. I created https://bugs.webkit.org/show_bug.cgi?id=207627.

Caio Lima

Comment 11 2020-02-12 05:30:44 PST

Created attachment 390507 [details] Patch

Caio Lima

Comment 12 2020-02-13 13:17:13 PST

Comment on attachment 390507 [details] Patch Thank you very much for the review!

WebKit Commit Bot

Comment 13 2020-02-13 13:59:16 PST

Comment on attachment 390507 [details] Patch Clearing flags on attachment: 390507 Committed r256541: <https://trac.webkit.org/changeset/256541>

WebKit Commit Bot

Comment 14 2020-02-13 13:59:18 PST

All reviewed patches have been landed. Closing bug.

Radar WebKit Bug Importer

Comment 15 2020-02-13 14:00:16 PST

<rdar://problem/59436664>

Note You need to log in before you can comment on or make changes to this bug.