Fix pathological BailOut for chakraLibrary.isArray

rhuanjl · rhuanjl · commit b4f1bb49e4e7 · 2022-10-05T08:33:18.000+01:00
diff --git a/lib/Runtime/Library/JavascriptLibrary.cpp b/lib/Runtime/Library/JavascriptLibrary.cpp
@@ -1,6 +1,6 @@
 //-------------------------------------------------------------------------------------------------------
 // Copyright (C) Microsoft Corporation and contributors. All rights reserved.
-// Copyright (c) 2021 ChakraCore Project Contributors. All rights reserved.
+// Copyright (c) 2022 ChakraCore Project Contributors. All rights reserved.
 // Licensed under the MIT license. See LICENSE.txt file in the project root for full license information.
 //-------------------------------------------------------------------------------------------------------
 
@@ -1707,6 +1707,7 @@ namespace Js
         JsBuiltInEngineInterfaceExtensionObject* builtInExtension = RecyclerNew(recycler, JsBuiltInEngineInterfaceExtensionObject, scriptContext);
         engineInterfaceObject->SetEngineExtension(EngineInterfaceExtensionKind_JsBuiltIn, builtInExtension);
         this->isArrayFunction = this->DefaultCreateFunction(&JavascriptArray::EntryInfo::IsArray, 1, nullptr, nullptr, PropertyIds::isArray);
+        builtinFuncs[BuiltinFunction::JavascriptArray_IsArray] = this->isArrayFunction;
 #endif
 
 #endif
@@ -1902,7 +1903,6 @@ namespace Js
         library->AddMember(arrayConstructor, PropertyIds::name, scriptContext->GetPropertyString(PropertyIds::Array), PropertyConfigurable);
 
 #ifdef ENABLE_JS_BUILTINS
-        builtinFuncs[BuiltinFunction::JavascriptArray_IsArray] = library->isArrayFunction;
         library->AddMember(arrayConstructor, PropertyIds::isArray, library->isArrayFunction);
 #else
         library->AddFunctionToLibraryObject(arrayConstructor, PropertyIds::isArray, &JavascriptArray::EntryInfo::IsArray, 1);
diff --git a/lib/Runtime/Library/JsBuiltInEngineInterfaceExtensionObject.cpp b/lib/Runtime/Library/JsBuiltInEngineInterfaceExtensionObject.cpp
@@ -1,6 +1,6 @@
 //-------------------------------------------------------------------------------------------------------
 // Copyright (C) Microsoft. All rights reserved.
-// Copyright (c) 2021 ChakraCore Project Contributors. All rights reserved.
+// Copyright (c) 2022 ChakraCore Project Contributors. All rights reserved.
 // Licensed under the MIT license. See LICENSE.txt file in the project root for full license information.
 //-------------------------------------------------------------------------------------------------------
 #include "RuntimeLibraryPch.h"
@@ -135,21 +135,17 @@ namespace Js
             // Clear ReentrancyLock bit as initialization code doesn't have any side effect
             scriptContext->GetThreadContext()->SetNoJsReentrancy(false);
 #endif
+            // specify which set of BuiltIns are currently being loaded
+            current = file;
+
             // Clear disable implicit call bit as initialization code doesn't have any side effect
             {
                 ThreadContext::AutoRestoreImplicitFlags autoRestoreImplicitFlags(scriptContext->GetThreadContext(), scriptContext->GetThreadContext()->GetImplicitCallFlags(), scriptContext->GetThreadContext()->GetDisableImplicitFlags());
                 scriptContext->GetThreadContext()->ClearDisableImplicitFlags();
                 JavascriptFunction::CallRootFunctionInScript(functionGlobal, Js::Arguments(callInfo, args));
-            }
 
-            Js::ScriptFunction *functionBuiltins = scriptContext->GetLibrary()->CreateScriptFunction(jsBuiltInByteCode->GetNestedFunctionForExecution(0));
-            functionBuiltins->SetPrototype(scriptContext->GetLibrary()->nullValue);
-
-            current = file;
-            // Clear disable implicit call bit as initialization code doesn't have any side effect
-            {
-                ThreadContext::AutoRestoreImplicitFlags autoRestoreImplicitFlags(scriptContext->GetThreadContext(), scriptContext->GetThreadContext()->GetImplicitCallFlags(), scriptContext->GetThreadContext()->GetDisableImplicitFlags());
-                scriptContext->GetThreadContext()->ClearDisableImplicitFlags();
+                Js::ScriptFunction *functionBuiltins = scriptContext->GetLibrary()->CreateScriptFunction(jsBuiltInByteCode->GetNestedFunctionForExecution(0));
+                functionBuiltins->SetPrototype(scriptContext->GetLibrary()->nullValue);
                 JavascriptFunction::CallRootFunctionInScript(functionBuiltins, Js::Arguments(callInfo, args));
             }
 
