RESOLVED FIXED233143
[JSC] Shadow realms: set correct Function prototype on wrapped functions 
https://bugs.webkit.org/show_bug.cgi?id=233143
Summary [JSC] Shadow realms: set correct Function prototype on wrapped functions
Joseph Griego
Reported 2021-11-15 13:07:42 PST
[JSC] Shadow realms: set correct Function prototype on wrapped functions
Attachments
Patch (11.66 KB, patch)
2021-11-15 13:14 PST, Joseph Griego 		no flags
DetailsFormatted DiffDiff
Patch (13.70 KB, patch)
2021-11-18 11:52 PST, Joseph Griego 		no flags
DetailsFormatted DiffDiff
Patch (14.13 KB, patch)
2021-11-18 15:48 PST, Joseph Griego 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Joseph Griego
Comment 1 2021-11-15 13:14:39 PST
Created attachment 444299 [details] Patch
Joseph Griego
Comment 2 2021-11-15 13:21:10 PST
(NB: in `JSGlobalObject.cpp` i erred on the side of matching surrounding code, but the linter is complaining--not sure what the usual course of action is here)
Phillip Mates
Comment 3 2021-11-16 07:09:56 PST
Comment on attachment 444299 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=444299&action=review > Source/JavaScriptCore/runtime/ShadowRealmPrototype.cpp:141 > + wrappedFn->setPrototype(vm, targetGlobalObj, targetGlobalObj->strictFunctionStructure(isBuiltin)->storedPrototype()); Any idea if `setPrototype` plays nice with function inlining optimizations? Might be worth trying to get some coverage for this change in the stress tests (like in JSTests/stress/shadow-realm-evaluate.js where we try to force inlining)
Joseph Griego
Comment 4 2021-11-18 11:52:15 PST
Created attachment 444710 [details] Patch
Joseph Griego
Comment 5 2021-11-18 13:15:24 PST
I am not sure how correct inlining could ruin our day here, but I added some more tests that we're getting this right to the existing stress tests.
Yusuke Suzuki
Comment 6 2021-11-18 13:48:04 PST
Comment on attachment 444710 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=444710&action=review r=me but probably, eventually, I think we need to use bound function. > Source/JavaScriptCore/builtins/ShadowRealmPrototype.js:56 > + if (callerRealm !== null) { > + @moveFunctionToRealm(wrapped, callerRealm); > + } WebKit coding style do not use brace if there is only one statement.
Caitlin Potter (:caitp)
Comment 7 2021-11-18 14:36:28 PST
(In reply to Yusuke Suzuki from comment #6) > Comment on attachment 444710 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=444710&action=review > > r=me but probably, eventually, I think we need to use bound function. I'm working on a variant using something like JSBoundFunction, it's in progress
Caitlin Potter (:caitp)
Comment 8 2021-11-18 14:37:47 PST
(In reply to Caitlin Potter (:caitp) from comment #7) > (In reply to Yusuke Suzuki from comment #6) > > Comment on attachment 444710 [details] > > Patch > > > > View in context: > > https://bugs.webkit.org/attachment.cgi?id=444710&action=review > > > > r=me but probably, eventually, I think we need to use bound function. > > I'm working on a variant using something like JSBoundFunction, it's in > progress However, I think the JS builtin version is fine, and I'd be happy with it.
Joseph Griego
Comment 9 2021-11-18 15:48:41 PST
Created attachment 444748 [details] Patch
Joseph Griego
Comment 10 2021-11-18 15:49:33 PST
After discussing with caitp, we think this version (using a bool instead of swapping realm arguments) is more readable. Also fixed the tests (which were typo'd) and style.
Yusuke Suzuki
Comment 11 2021-11-19 10:36:06 PST
Comment on attachment 444748 [details] Patch r=me
EWS
Comment 12 2021-11-19 11:17:14 PST
Committed r286069 (244456@main): <https://commits.webkit.org/244456@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 444748 [details].
Radar WebKit Bug Importer
Comment 13 2021-11-19 11:18:25 PST
<rdar://problem/85612395>
Note You need to log in before you can comment on or make changes to this bug.