system/serenity
system/serenity
1
0
Fork 0
mirror of https://github.com/SerenityOS/serenity synced 2024-10-17 05:12:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

LibJS: Don't set a prototype property on async functions

Browse source 
This is now as defined in the spec. However since we execute async
functions in bytecode by transforming it to a generator function it must
have a prototype for the GeneratorObject. We check whether it is an
async function and in that case use the hardcoded generator object
prototype. This also ensures that user code cannot override this
property thus preventing exposing internal implementation details.
This commit is contained in:
davidot 2021-11-15 01:48:55 +01:00 committed by Linus Groh
parent de46a2cff1
commit 5d0f666f22
3 changed files with 13 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
Userland/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp
View file

@ -101,10 +101,11 @@ void ECMAScriptFunctionObject::initialize(GlobalObject& global_object)
MUST(prototype->define_property_or_throw(vm.names.constructor, { .value = this, .writable = true, .enumerable = false, .configurable = true }));
break;
case FunctionKind::Generator:
case FunctionKind::Async:
// prototype is "g1.prototype" in figure-2 (https://tc39.es/ecma262/img/figure-2.png)
prototype = global_object.generator_object_prototype();
break;
case FunctionKind::Async:
break;
}
define_direct_property(vm.names.prototype, prototype, Attribute::Writable);
}

2
Userland/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.h
View file

@ -75,6 +75,8 @@ public:
// Equivalent to absence of [[Construct]]
virtual bool has_constructor() const override { return m_kind == FunctionKind::Regular && !m_is_arrow_function; }
FunctionKind kind() const { return m_kind; }
protected:
virtual bool is_strict_mode() const final { return m_strict; }

10
Userland/Libraries/LibJS/Runtime/GeneratorObject.cpp
View file

@ -16,7 +16,15 @@ namespace JS {
ThrowCompletionOr<GeneratorObject*> GeneratorObject::create(GlobalObject& global_object, Value initial_value, ECMAScriptFunctionObject* generating_function, ExecutionContext execution_context, Bytecode::RegisterWindow frame)
{
// This is "g1.prototype" in figure-2 (https://tc39.es/ecma262/img/figure-2.png)
auto generating_function_prototype = TRY(generating_function->get(global_object.vm().names.prototype));
Value generating_function_prototype;
if (generating_function->kind() == FunctionKind::Async) {
// We implement async functions by transforming them to generator function in the bytecode
// interpreter. However an async function does not have a prototype and should not be
// changed thus we hardcode the prototype.
generating_function_prototype = global_object.generator_object_prototype();
} else {
generating_function_prototype = TRY(generating_function->get(global_object.vm().names.prototype));
}
auto* generating_function_prototype_object = TRY(generating_function_prototype.to_object(global_object));
auto object = global_object.heap().allocate<GeneratorObject>(global_object, global_object, *generating_function_prototype_object, move(execution_context));
object->m_generating_function = generating_function;