253634 – [JSC] Bound function optimization is observable with instanceof

RESOLVED FIXED 253634

[JSC] Bound function optimization is observable with instanceof

https://bugs.webkit.org/show_bug.cgi?id=253634

Summary [JSC] Bound function optimization is observable with instanceof

Jan de Mooij

Reported 2023-03-09 00:19:31 PST

Created attachment 465371 [details] Test When binding an already-bound function, JSC tries to flatten this chain. This optimization is observable with `instanceof` because it gets the bound function's immediate target and does a `Symbol.hasInstance` lookup on it. See the attached testcase. It should alert 10000 but I get 0 with Safari Technology Preview 165.

Attachments
Test (339 bytes, text/html) 2023-03-09 00:19 PST, Jan de Mooij	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2023-03-09 06:37:30 PST

<rdar://problem/106498460>

Yusuke Suzuki

Comment 2 2023-03-10 14:57:22 PST

Pull request: https://github.com/WebKit/WebKit/pull/11385

Yusuke Suzuki

Comment 3 2023-03-13 10:22:09 PDT

https://github.com/WebKit/WebKit/commit/d1911bf073cc55fc8ca76bcee8b4783539e43c2e

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version Safari Technology Preview

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Yusuke Suzuki

Reported

2023-03-09 00:19 PST

Modified

2023-03-13 10:22 PDT History

CC List

3 users Show

URL

Keywords InRadar

Depends on

Blocks