mirror of
https://github.com/LadybirdBrowser/ladybird
synced 2026-04-26 17:55:07 +02:00
LibJS: Fix evaluation order of computed property keys in object literals
The spec for PropertyDefinitionEvaluation requires that when evaluating a property definition with a computed key (PropertyDefinition : PropertyName : AssignmentExpression), the PropertyName is fully evaluated (including ToPropertyKey, which calls ToPrimitive) before the value's AssignmentExpression is evaluated. Our bytecode compiler was evaluating the key expression first, then the value expression, and only performing ToPropertyKey later inside PutByValue at runtime. This meant user-observable side effects from ToPrimitive (such as calling Symbol.toPrimitive or toString on the key object) would fire after the value expression had already been evaluated. Fix this by using a new ToPrimitiveWithStringHint instruction that performs ToPrimitive with string hint(!), and emitting it between the key and value evaluations in ObjectExpression codegen. After ToPrimitive, the key is already a primitive, so the subsequent ToPropertyKey inside PutByValue becomes a no-op from the perspective of user-observable side effects. Also update an existing test that was asserting the old (incorrect) evaluation order, and add comprehensive new tests for computed property key evaluation order.
This commit is contained in:
Andreas Kling
committed by
Andreas Kling
Andreas Kling
parent
bef09b899c
commit
5cefa59116
Notes:
github-actions[bot]
2026-02-09 00:24:46 +00:00
Author: https://github.com/awesomekling Commit: https://github.com/LadybirdBrowser/ladybird/commit/5cefa591161 Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/7837
@@ -62,6 +62,11 @@ op ToString < Instruction
|
||||
m_value: Operand
|
||||
endop
|
||||
|
||||
op ToPrimitiveWithStringHint < Instruction
|
||||
m_dst: Operand
|
||||
m_value: Operand
|
||||
endop
|
||||
|
||||
op BitwiseXor < Instruction
|
||||
m_dst: Operand
|
||||
m_lhs: Operand
|
||||
|
||||
Reference in New Issue
Block a user