[ddc] Avoid overriding LegacyJavaScriptObject type rules across link phases.

This prevents libraries from accidentally clobbering LegacyJavaScriptObject rules when linking.

Change-Id: Ia7465013633a34907ca6ab9d1d5bfcdf99ffa13c
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/395161
Reviewed-by: Srujan Gaddam <[email protected]>
Commit-Queue: Mark Zhou <[email protected]>
Reviewed-by: Nicholas Shahan <[email protected]>

Author: Markzipan

pkg/dev_compiler/lib/src/kernel/compiler.dart

@@ -662,6 +662,11 @@ class ProgramCompiler extends ComputeOnceConstantVisitor<js_ast.Expression>
     var universeClass =
         _rtiLibrary.classes.firstWhere((cls) => cls.name == '_Universe');
     var typeRules = _typeRecipeGenerator.liveInterfaceTypeRules;
+    var legacyJavaScriptObjectRecipe = _typeRecipeGenerator.interfaceTypeRecipe(
+        _coreTypes.index
+            .getClass('dart:_interceptors', 'LegacyJavaScriptObject'));
+    var legacyJavaScriptObjectRules =
+        typeRules.remove(legacyJavaScriptObjectRecipe);
     if (typeRules.isNotEmpty) {
       var template = '#._Universe.#(#, JSON.parse(#))';
       var addRulesStatement = js.call(template, [
@@ -672,6 +677,22 @@ class ProgramCompiler extends ComputeOnceConstantVisitor<js_ast.Expression>
       ]).toStatement();
       _moduleItems.add(addRulesStatement);
     }
+    if (legacyJavaScriptObjectRules != null) {
+      var legacyJavaScriptObjectAddRules = {
+        legacyJavaScriptObjectRecipe: legacyJavaScriptObjectRules
+      };
+      // The recipe for 'LegacyJavaScriptObject' is updated during the lifetime
+      // of the program and should be emitted with 'addOrUpdateRules' to avoid
+      // clobbering its previous state.
+      var updateRulesStatement =
+          js.statement('#._Universe.#(#, JSON.parse(#))', [
+        _emitLibraryName(_rtiLibrary),
+        _emitMemberName('addOrUpdateRules', memberClass: universeClass),
+        _runtimeCall('typeUniverse'),
+        js.string(jsonEncode(legacyJavaScriptObjectAddRules), "'")
+      ]);
+      _moduleItems.add(updateRulesStatement);
+    }
     // Update type rules for `LegacyJavaScriptObject` to add all interop
     // types in this module as a supertype.
     var updateRules = _typeRecipeGenerator.updateLegacyJavaScriptObjectRules;

pkg/dev_compiler/lib/src/kernel/compiler_new.dart

@@ -801,53 +801,79 @@ class LibraryCompiler extends ComputeOnceConstantVisitor<js_ast.Expression>
     }
     var universeClass =
         _rtiLibrary.classes.firstWhere((cls) => cls.name == '_Universe');
-    var typeRules = _typeRecipeGenerator.liveInterfaceTypeRules;
-    if (typeRules.isNotEmpty) {
-      var template = '#._Universe.#(#, JSON.parse(#))';
-      var addRulesStatement = js.call(template, [
-        _emitLibraryName(_rtiLibrary),
-        _emitMemberName('addRules', memberClass: universeClass),
-        _runtimeCall('typeUniverse'),
-        js.string(jsonEncode(typeRules), "'")
-      ]).toStatement();
-      _typeRuleLinks.add(addRulesStatement);
-    }
-    // Reset type rules for all classes with empty type hierarchies. These
-    // classes implicitly extend `Object` and may have been updated after a
-    // hot reload. This is unnecessary for types in `liveInterfaceTypeRules`,
-    // as `addRules` overrides the old rules.
-    // TODO(57049): Only do this after a hot reload.
-    var emptyInterfaceTypeRecipes =
-        Set.from(_typeRecipeGenerator.visitedInterfaceTypeRecipes)
-          ..removeAll(typeRules.keys);
-    if (emptyInterfaceTypeRecipes.isNotEmpty) {
+
+    // Emits either an 'addRules', 'addOrUpdateRules', or 'deleteRules'
+    // statement for a JSON-serializable [rules] made of RTI type rules.
+    //
+    // 'addRules' overrides existing state. Calling this function multiple
+    // times is safe for types whose hierarchies can be exhaustively
+    // discovered at compile-time, which is true for all types that aren't
+    // 'LegacyJavaScriptObject'.
+    //
+    // TODO: The above assumption may not hold if a class's hierarchy
+    // changes after a hot reload. Outdated 'addRules' invocations (during
+    // linking) may clobber updated type rules.
+    js_ast.Statement emitRulesStatement(Object? rules,
+        {required String rulesFunction}) {
       var template = '#._Universe.#(#, JSON.parse(#))';
-      var deleteRulesStatement = js.call(template, [
+      var rulesExpr = js.call(template, [
         _emitLibraryName(_rtiLibrary),
-        _emitMemberName('deleteRules', memberClass: universeClass),
+        _emitMemberName(rulesFunction, memberClass: universeClass),
         _runtimeCall('typeUniverse'),
-        js.string(jsonEncode(emptyInterfaceTypeRecipes.toList()), "'")
-      ]).toStatement();
-      _typeRuleLinks.add(deleteRulesStatement);
-    }
-    // Update type rules for `LegacyJavaScriptObject` to add all interop
-    // types in this module as a supertype.
-    var updateRules = _typeRecipeGenerator.updateLegacyJavaScriptObjectRules;
-    if (updateRules.isNotEmpty) {
-      // All JavaScript interop classes should be mutual subtypes with
-      // `LegacyJavaScriptObject`. To achieve this the rules are manually
-      // added here. There is special redirecting rule logic in the dart:_rti
-      // library for interop types because otherwise they would duplicate
-      // a lot of supertype information.
-      var updateRulesStatement =
-          js.statement('#._Universe.#(#, JSON.parse(#))', [
-        _emitLibraryName(_rtiLibrary),
-        _emitMemberName('addOrUpdateRules', memberClass: universeClass),
-        _runtimeCall('typeUniverse'),
-        js.string(jsonEncode(updateRules), "'")
+        js.string(jsonEncode(rules), "'")
       ]);
-      _typeRuleLinks.add(updateRulesStatement);
+      return rulesExpr.toStatement();
+    }
+
+    // We must emit type rules for every interface type encountered by DDC,
+    // with several caveats:
+    // 1) 'LegacyJavaScriptObject' has special treatment. Its hierarchy
+    //    accumulates across libraries and must always be emitted in 'append'
+    //    mode ('addOrUpdateRules') to avoid clobbering its previous state.
+    // 2) We manually add rules for mutual subtype relationships between
+    //    'LegacyJavaScriptObject' and all JavaScript interop classes. There is
+    //    special redirecting rule logic in the dart:_rti library for interop
+    //    types because otherwise they would duplicate a lot of supertype
+    //    information.
+    // 3) The RTI treats an empty type hierarchy as implicitly containing
+    //    'Object'. We explicitly emit 'deleteRules' instructions in case
+    //    a type hierarchy was deleted or edited to extend 'Object' after hot
+    //    reload.
+    var legacyJavaScriptObjectRecipe = _typeRecipeGenerator.interfaceTypeRecipe(
+        _coreTypes.index
+            .getClass('dart:_interceptors', 'LegacyJavaScriptObject'));
+    var legacyJavaScriptObjectRules = _typeRecipeGenerator
+        .liveInterfaceTypeRules[legacyJavaScriptObjectRecipe];
+    var typeRulesExceptLegacyJavaScriptObject = _typeRecipeGenerator
+        .liveInterfaceTypeRules
+      ..remove(legacyJavaScriptObjectRecipe);
+    var typesThatOnlyExtendObject =
+        Set.from(_typeRecipeGenerator.visitedInterfaceTypeRecipes)
+          ..removeAll(typeRulesExceptLegacyJavaScriptObject.keys)
+          ..remove(legacyJavaScriptObjectRecipe);
+    var legacyJavaScriptObjectMutualSubtypingRules =
+        _typeRecipeGenerator.updateLegacyJavaScriptObjectRules;
+
+    if (typeRulesExceptLegacyJavaScriptObject.isNotEmpty) {
+      _typeRuleLinks.add(emitRulesStatement(
+          typeRulesExceptLegacyJavaScriptObject,
+          rulesFunction: 'addRules'));
     }
+    if (typesThatOnlyExtendObject.isNotEmpty) {
+      _typeRuleLinks.add(emitRulesStatement(typesThatOnlyExtendObject.toList(),
+          rulesFunction: 'deleteRules'));
+    }
+    if (legacyJavaScriptObjectRules != null) {
+      _typeRuleLinks.add(emitRulesStatement({
+        legacyJavaScriptObjectRecipe: legacyJavaScriptObjectRules,
+      }, rulesFunction: 'addOrUpdateRules'));
+    }
+    if (legacyJavaScriptObjectMutualSubtypingRules.isNotEmpty) {
+      _typeRuleLinks.add(emitRulesStatement(
+          legacyJavaScriptObjectMutualSubtypingRules,
+          rulesFunction: 'addOrUpdateRules'));
+    }
+
     var jsInteropTypeRecipes = _typeRecipeGenerator.visitedJsInteropTypeRecipes;
     if (jsInteropTypeRecipes.isNotEmpty) {
       // Update the `LegacyJavaScriptObject` class with the type tags for all

tests/web/js_interop_generic_cast_test.dart

@@ -0,0 +1,46 @@
+// Copyright (c) 2024, the Dart project authors.  Please see the AUTHORS file
+// for details. All rights reserved. Use of this source code is governed by a
+// BSD-style license that can be found in the LICENSE file.
+
+// Tests that type checks work properly for Legacy JS Objects across generic
+// boundaries.
+
+import 'dart:html';
+import "dart:js" as js;
+import 'dart:js_interop';
+import 'dart:js_interop_unsafe';
+
+import 'package:js/js.dart' as pkgJs;
+
+class TestGenericClass<X> {
+  X x;
+  TestGenericClass(this.x);
+
+  directCast(p) {
+    return p as PackageJSClass<String>;
+  }
+
+  typeArgCast(p) {
+    return p as X;
+  }
+}
+
+@pkgJs.JS()
+class PackageJSClass<T> {
+  external factory PackageJSClass(T x);
+}
+
+void main() {
+  js.context.callMethod("eval", [
+    """
+    window.PackageJSClass = function PackageJSClass(x) {
+      this.x = x;
+    };
+  """
+  ]);
+
+  var instance =
+      TestGenericClass<PackageJSClass<JSString>>(PackageJSClass("Hello".toJS));
+  print(instance.directCast(PackageJSClass("Hello".toJS)));
+  print(instance.typeArgCast(PackageJSClass("Hello".toJS)));
+}