eval("this.foo") causes a crash if this had not been initialized in a derived class's constructor
https://bugs.webkit.org/show_bug.cgi?id=142883
Reviewed by Filip Pizlo.
The crash was caused by eval inside the constructor of a derived class not checking TDZ.
Fixed the bug by adding a parser flag that forces the TDZ check to be always emitted when accessing "this"
in eval inside a derived class' constructor.
* bytecode/EvalCodeCache.h:
(JSC::EvalCodeCache::getSlow):
* bytecompiler/NodesCodegen.cpp:
(JSC::ThisNode::emitBytecode):
* debugger/DebuggerCallFrame.cpp:
(JSC::DebuggerCallFrame::evaluate):
* interpreter/Interpreter.cpp:
(JSC::eval):
* parser/ASTBuilder.h:
(JSC::ASTBuilder::thisExpr):
* parser/NodeConstructors.h:
(JSC::ThisNode::ThisNode):
* parser/Nodes.h:
* parser/Parser.cpp:
(JSC::Parser<LexerType>::Parser):
(JSC::Parser<LexerType>::parsePrimaryExpression):
* parser/Parser.h:
(JSC::parse):
* parser/ParserModes.h:
* parser/SyntaxChecker.h:
(JSC::SyntaxChecker::thisExpr):
* runtime/CodeCache.cpp:
(JSC::CodeCache::getGlobalCodeBlock):
(JSC::CodeCache::getProgramCodeBlock):
(JSC::CodeCache::getEvalCodeBlock):
* runtime/CodeCache.h:
(JSC::SourceCodeKey::SourceCodeKey):
* runtime/Executable.cpp:
(JSC::EvalExecutable::create):
* runtime/Executable.h:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::createEvalCodeBlock):
* runtime/JSGlobalObject.h:
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncEval):
* tests/stress/class-syntax-no-tdz-in-eval.js: Added.
* tests/stress/class-syntax-tdz-in-eval.js: Added.
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@182198
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
git://git.webkit.org / WebKit-https.git / commit