Function.toString() should also copy the source code Functions that are class definit...
authormark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 2 Oct 2018 06:53:23 +0000 (06:53 +0000)
committermark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 2 Oct 2018 06:53:23 +0000 (06:53 +0000)
commitd06cb37c667ecdde1ac3d5ca3798ef968823fec1
tree0a2d5cac9ded5d6bee69432777f1253e980abfe8
parent9b6993017a508b50c88a802cf8038f8e94e88c58
Function.toString() should also copy the source code Functions that are class definitions.
https://bugs.webkit.org/show_bug.cgi?id=190186
<rdar://problem/44733360>

Reviewed by Saam Barati.

JSTests:

* stress/regress-190186.js: Added.

Source/JavaScriptCore:

Previously, if the Function is a class definition, functionProtoFuncToString()
would create a String using StringView::toStringWithoutCopying(), and use that
String to make a JSString.  This is not a problem if the underlying SourceProvider
(that backs the characters in that StringView) is immortal.  However, this is
not always the case in practice.

This patch fixes this issue by changing functionProtoFuncToString() to create the
String using StringView::toString() instead, which makes a copy of the underlying
characters buffer.  This detaches the resultant JSString from the SourceProvider
characters buffer that it was created from, and ensure that the underlying
characters buffer of the string will be alive for the entire lifetime of the
JSString.

* runtime/FunctionPrototype.cpp:
(JSC::functionProtoFuncToString):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@236713 268f45cc-cd09-0410-ab3c-d52691b4dbfc
JSTests/ChangeLog
JSTests/stress/regress-190186.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/FunctionPrototype.cpp