180779 – Arrow functions need their own structure because they have different properties than sloppy functions

Bug 180779 - Arrow functions need their own structure because they have different properties than sloppy functions

Summary: Arrow functions need their own structure because they have different properti...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Saam Barati

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2017-12-13 16:06 PST by Saam Barati
Modified:	2017-12-14 09:12 PST (History)
CC List:	13 users (show)

See Also:

Attachments
patch (14.61 KB, patch) 2017-12-13 17:51 PST, Saam Barati	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Saam Barati 2017-12-13 16:06:57 PST

What we do now invalidates our caching policies. For example, arrow functions and normal vanilla sloppy functions share a structure.
If we do:
```
function foo() { }
let bar = () => undefined;

bar.hasOwnProperty("prototype"); // false. This is expected
foo.hasOwnProperty("prototype"); // false. This is wrong!
```

This is probably broken in get ICs as well. The bug is we either can't cache this property, or we need different structures to represent the difference in type here.

Comment 1 Saam Barati 2017-12-13 16:09:11 PST

Here is an example of get being broken:

```
function assert(b) {
    if (!b)
        throw new Error;
}

function foo(f) {
    return f.prototype;
}

{
    let f1 = function () { };
    let f2 = () => undefined;
    for (let i = 0; i < 100; ++i)
        assert(foo(f2) === undefined);
    assert(foo(f1) !== undefined);
}
```

I think JF recently fixed a similar issue w/ strict vs sloppy mode functions.

Comment 2 Saam Barati 2017-12-13 16:16:54 PST

<rdar://problem/35814591>

Comment 3 Radar WebKit Bug Importer 2017-12-13 16:18:21 PST

<rdar://problem/36035267>

Comment 4 Saam Barati 2017-12-13 17:51:23 PST

Created attachment 329298 [details]
patch

Comment 5 Mark Lam 2017-12-13 17:55:52 PST

Comment on attachment 329298 [details]
patch

r=me

Comment 6 WebKit Commit Bot 2017-12-13 20:10:06 PST

Comment on attachment 329298 [details]
patch

Clearing flags on attachment: 329298

Committed r225891: <https://trac.webkit.org/changeset/225891>

Comment 7 WebKit Commit Bot 2017-12-13 20:10:07 PST

All reviewed patches have been landed.  Closing bug.

Comment 8 JF Bastien 2017-12-14 09:12:56 PST

Comment on attachment 329298 [details]
patch

Belated r=me too