change initial type to prevent conversions when creating bound function

Author: MikeHolman

lib/Runtime/Library/JavascriptExternalFunction.cpp

@@ -58,7 +58,7 @@ namespace Js
 
     bool __cdecl JavascriptExternalFunction::DeferredLengthInitializer(DynamicObject * instance, DeferredTypeHandlerBase * typeHandler, DeferredInitializeMode mode)
     {
-        Js::JavascriptLibrary::InitializeFunction<true, true, true>(instance, typeHandler, mode);
+        Js::JavascriptLibrary::InitializeFunction<true, true, true, true>(instance, typeHandler, mode);
 
         JavascriptExternalFunction* object = static_cast<JavascriptExternalFunction*>(instance);
 

lib/Runtime/Library/JavascriptLibrary.cpp

@@ -594,7 +594,7 @@ namespace Js
             Js::DeferredTypeHandler<Js::JavascriptExternalFunction::DeferredConstructorInitializer>::GetDefaultInstance(), true, true);
 
         boundFunctionType = DynamicType::New(scriptContext, TypeIds_Function, functionPrototype, BoundFunction::NewInstance,
-            GetDeferredFunctionTypeHandler(), true, true);
+            GetDeferredFunctionWithLengthUnsetTypeHandler(), true, true);
         crossSiteDeferredFunctionType = CreateDeferredFunctionTypeNoProfileThunk(
             scriptContext->CurrentCrossSiteThunk, true /*isShared*/);
         crossSiteDeferredPrototypeFunctionType = CreateDeferredPrototypeFunctionTypeNoProfileThunk(
@@ -784,7 +784,7 @@ namespace Js
         JavascriptArray::EnsureCalculationOfAllocationBuckets<Js::JavascriptArray>();
     }
 
-    template<bool addPrototype, bool addName, bool useLengthType>
+    template<bool addPrototype, bool addName, bool useLengthType, bool addLength>
     bool JavascriptLibrary::InitializeFunction(DynamicObject *instance, DeferredTypeHandlerBase * typeHandler, DeferredInitializeMode mode)
     {
         JavascriptFunction * function = VarTo<JavascriptFunction>(instance);
@@ -833,7 +833,8 @@ namespace Js
         {
             ParseableFunctionInfo * funcInfo = scriptFunction->GetFunctionProxy()->EnsureDeserialized();
 
-            if (useLengthType)
+            CompileAssert(!addLength || useLengthType);
+            if (addLength)
             {
                 function->SetPropertyWithAttributes(PropertyIds::length, TaggedInt::ToVarUnchecked(funcInfo->GetReportedInParamsCount() - 1), PropertyConfigurable, nullptr, PropertyOperation_None, SideEffects_None);
             }
@@ -914,10 +915,10 @@ namespace Js
         }
     };
 
-    template<bool isNameAvailable, bool isPrototypeAvailable, bool isLengthAvailable>
+    template<bool isNameAvailable, bool isPrototypeAvailable, bool isLengthAvailable, bool addLength>
     DynamicTypeHandler * JavascriptLibrary::GetDeferredFunctionTypeHandlerBase()
     {
-        return DeferredTypeHandler<InitializeFunction<isPrototypeAvailable, isNameAvailable, isLengthAvailable>, InitializeFunctionDeferredTypeHandlerFilter<isNameAvailable, isPrototypeAvailable, isLengthAvailable>>::GetDefaultInstance();
+        return DeferredTypeHandler<InitializeFunction<isPrototypeAvailable, isNameAvailable, isLengthAvailable, addLength>, InitializeFunctionDeferredTypeHandlerFilter<isNameAvailable, isPrototypeAvailable, isLengthAvailable>>::GetDefaultInstance();
     }
 
     template<bool isNameAvailable, bool isPrototypeAvailable>
@@ -993,6 +994,11 @@ namespace Js
         return GetDeferredFunctionTypeHandlerBase</*isNameAvailable*/ true, /*isPrototypeAvailable*/ false, /* isLengthAvailable */ true>();
     }
 
+    DynamicTypeHandler * JavascriptLibrary::GetDeferredFunctionWithLengthUnsetTypeHandler()
+    {
+        return GetDeferredFunctionTypeHandlerBase</*isNameAvailable*/ true, /*isPrototypeAvailable*/ false, /* isLengthAvailable */ true, /* addLength */ false>();
+    }
+
     DynamicTypeHandler * JavascriptLibrary::ScriptFunctionTypeHandler(bool noPrototypeProperty, bool isAnonymousFunction)
     {
         DynamicTypeHandler * scriptFunctionTypeHandler = nullptr;

lib/Runtime/Library/JavascriptLibrary.h

@@ -902,11 +902,12 @@ namespace Js
 
         DynamicTypeHandler * GetDeferredFunctionTypeHandler();
         DynamicTypeHandler * GetDeferredFunctionWithLengthTypeHandler();
+        DynamicTypeHandler* GetDeferredFunctionWithLengthUnsetTypeHandler();
         DynamicTypeHandler * GetDeferredPrototypeFunctionWithNameAndLengthTypeHandler();
         DynamicTypeHandler * ScriptFunctionTypeHandler(bool noPrototypeProperty, bool isAnonymousFunction);
         DynamicTypeHandler * GetDeferredAnonymousFunctionWithLengthTypeHandler();
         DynamicTypeHandler * GetDeferredAnonymousFunctionTypeHandler();
-        template<bool isNameAvailable, bool isPrototypeAvailable = true, bool isLengthAvailable = false>
+        template<bool isNameAvailable, bool isPrototypeAvailable = true, bool isLengthAvailable = false, bool addLength = isLengthAvailable>
         static DynamicTypeHandler * GetDeferredFunctionTypeHandlerBase();
         template<bool isNameAvailable, bool isPrototypeAvailable = true>
         static DynamicTypeHandler * GetDeferredGeneratorFunctionTypeHandlerBase();
@@ -1236,7 +1237,7 @@ namespace Js
 #endif
 
     public:
-        template<bool addPrototype, bool addName, bool useLengthType>
+        template<bool addPrototype, bool addName, bool useLengthType, bool addLength>
         static bool __cdecl InitializeFunction(DynamicObject* function, DeferredTypeHandlerBase * typeHandler, DeferredInitializeMode mode);
         virtual void Finalize(bool isShutdown) override;