Accessors should be kept alive during their invocation (#5167)

gergocs · web-flow · commit 348e6a470e20 · 2024-11-18T09:47:07.000+01:00
This patch fixes #4900. The implementation is based on PR #4943, only resolved the conflicts. Co-authored-by: Robert Fancsik robert.fancsik@h-lab.eu JerryScript-DCO-1.0-Signed-off-by: Gergo Csizi gergocs@inf.u-szeged.hu
diff --git a/jerry-core/ecma/operations/ecma-function-object.c b/jerry-core/ecma/operations/ecma-function-object.c
@@ -1359,6 +1359,55 @@ ecma_op_function_call_bound (ecma_object_t *func_obj_p, /**< Function object */
   return ret_value;
 } /* ecma_op_function_call_bound */
 
+/**
+ * Invoke accessor getter function
+ *
+ * @return ecma value
+ *         Returned value must be freed with ecma_free_value
+ */
+extern inline ecma_value_t JERRY_ATTR_ALWAYS_INLINE
+ecma_op_invoke_getter (ecma_getter_setter_pointers_t *get_set_pair_p, /**< accessor pair */
+                       ecma_value_t this_value) /**< 'this' argument's value */
+{
+  if (get_set_pair_p->getter_cp == JMEM_CP_NULL)
+  {
+    return ECMA_VALUE_UNDEFINED;
+  }
+
+  ecma_object_t *getter_p = ECMA_GET_NON_NULL_POINTER (ecma_object_t, get_set_pair_p->getter_cp);
+  ecma_ref_object (getter_p);
+
+  ecma_value_t result = ecma_op_function_call (getter_p, this_value, NULL, 0);
+  ecma_deref_object (getter_p);
+
+  return result;
+} /* ecma_op_invoke_getter */
+
+/**
+ * Invoke accessor setter function
+ *
+ * @return ecma value
+ *         Returned value must be freed with ecma_free_value
+ */
+extern inline ecma_value_t JERRY_ATTR_ALWAYS_INLINE
+ecma_op_invoke_setter (ecma_getter_setter_pointers_t *get_set_pair_p, /**< accessor pair */
+                       ecma_value_t this_value, /**< 'this' argument's value */
+                       ecma_value_t value) /**< value to set */
+{
+  if (get_set_pair_p->setter_cp == JMEM_CP_NULL)
+  {
+    return ecma_raise_type_error (ECMA_ERR_PRIVATE_FIELD_WAS_DEFINED_WITHOUT_A_SETTER);
+  }
+
+  ecma_object_t *setter_p = ECMA_GET_NON_NULL_POINTER (ecma_object_t, get_set_pair_p->setter_cp);
+  ecma_ref_object (setter_p);
+
+  ecma_value_t result = ecma_op_function_call (setter_p, this_value, &value, 1);
+  ecma_deref_object (setter_p);
+
+  return result;
+} /* ecma_op_invoke_setter */
+
 /**
  * General [[Call]] implementation
  *
diff --git a/jerry-core/ecma/operations/ecma-function-object.h b/jerry-core/ecma/operations/ecma-function-object.h
@@ -79,6 +79,11 @@ ecma_object_t *ecma_op_get_prototype_from_constructor (ecma_object_t *ctor_obj_p
 
 ecma_value_t ecma_op_function_has_instance (ecma_object_t *func_obj_p, ecma_value_t value);
 
+ecma_value_t ecma_op_invoke_getter (ecma_getter_setter_pointers_t *get_set_pair_p, ecma_value_t this_value);
+
+ecma_value_t
+ecma_op_invoke_setter (ecma_getter_setter_pointers_t *get_set_pair_p, ecma_value_t this_value, ecma_value_t value);
+
 ecma_value_t ecma_op_function_validated_call (ecma_value_t callee,
                                               ecma_value_t this_arg_value,
                                               const ecma_value_t *arguments_list_p,
diff --git a/jerry-core/ecma/operations/ecma-objects.c b/jerry-core/ecma/operations/ecma-objects.c
@@ -697,16 +697,7 @@ ecma_op_object_find_own (ecma_value_t base_value, /**< base value */
     return ecma_fast_copy_value (prop_value_p->value);
   }
 
-  ecma_getter_setter_pointers_t *get_set_pair_p = ecma_get_named_accessor_property (prop_value_p);
-
-  if (get_set_pair_p->getter_cp == JMEM_CP_NULL)
-  {
-    return ECMA_VALUE_UNDEFINED;
-  }
-
-  ecma_object_t *getter_p = ECMA_GET_NON_NULL_POINTER (ecma_object_t, get_set_pair_p->getter_cp);
-
-  return ecma_op_function_call (getter_p, base_value, NULL, 0);
+  return ecma_op_invoke_getter (ecma_get_named_accessor_property (prop_value_p), base_value);
 } /* ecma_op_object_find_own */
 
 /**
@@ -1474,6 +1465,7 @@ ecma_op_object_put_with_receiver (ecma_object_t *object_p, /**< the object */
     }
   }
 
+  ecma_getter_setter_pointers_t *get_set_pair_p = NULL;
   jmem_cpointer_t setter_cp = JMEM_CP_NULL;
 
   if (property_p != NULL)
@@ -1497,7 +1489,6 @@ ecma_op_object_put_with_receiver (ecma_object_t *object_p, /**< the object */
     }
     else
     {
-      ecma_getter_setter_pointers_t *get_set_pair_p;
       get_set_pair_p = ecma_get_named_accessor_property (ECMA_PROPERTY_VALUE_PTR (property_p));
       setter_cp = get_set_pair_p->setter_cp;
     }
@@ -1538,7 +1529,8 @@ ecma_op_object_put_with_receiver (ecma_object_t *object_p, /**< the object */
 
         if (!(inherited_property & ECMA_PROPERTY_FLAG_DATA))
         {
-          setter_cp = ecma_get_named_accessor_property (property_ref.value_p)->setter_cp;
+          get_set_pair_p = ecma_get_named_accessor_property (property_ref.value_p);
+          setter_cp = get_set_pair_p->setter_cp;
           create_new_property = false;
           break;
         }
@@ -1611,8 +1603,7 @@ ecma_op_object_put_with_receiver (ecma_object_t *object_p, /**< the object */
     return ecma_raise_readonly_assignment (property_name_p, is_throw);
   }
 
-  ecma_value_t ret_value =
-    ecma_op_function_call (ECMA_GET_NON_NULL_POINTER (ecma_object_t, setter_cp), receiver, &value, 1);
+  ecma_value_t ret_value = ecma_op_invoke_setter (get_set_pair_p, receiver, value);
 
   if (!ECMA_IS_VALUE_ERROR (ret_value))
   {
diff --git a/jerry-core/ecma/operations/ecma-reference.c b/jerry-core/ecma/operations/ecma-reference.c
@@ -354,17 +354,8 @@ ecma_op_resolve_reference_value (ecma_object_t *lex_env_p, /**< starting lexical
               return ecma_fast_copy_value (prop_value_p->value);
             }
 
-            ecma_getter_setter_pointers_t *get_set_pair_p = ecma_get_named_accessor_property (prop_value_p);
-
-            if (get_set_pair_p->getter_cp == JMEM_CP_NULL)
-            {
-              return ECMA_VALUE_UNDEFINED;
-            }
-
-            ecma_object_t *getter_p = ECMA_GET_NON_NULL_POINTER (ecma_object_t, get_set_pair_p->getter_cp);
-
-            ecma_value_t base_value = ecma_make_object_value (binding_obj_p);
-            return ecma_op_function_call (getter_p, base_value, NULL, 0);
+            return ecma_op_invoke_getter (ecma_get_named_accessor_property (prop_value_p),
+                                          ecma_make_object_value (binding_obj_p));
           }
 #endif /* JERRY_LCACHE */
         }
diff --git a/jerry-core/vm/opcodes.c b/jerry-core/vm/opcodes.c
@@ -1430,17 +1430,7 @@ opfunc_private_set (ecma_value_t base, /**< this object */
   else
   {
     ecma_getter_setter_pointers_t *get_set_pair_p = ecma_get_named_accessor_property (ECMA_PROPERTY_VALUE_PTR (prop_p));
-
-    if (get_set_pair_p->setter_cp == JMEM_CP_NULL)
-    {
-      result = ecma_raise_type_error (ECMA_ERR_PRIVATE_FIELD_WAS_DEFINED_WITHOUT_A_SETTER);
-    }
-    else
-    {
-      ecma_object_t *setter_p = ECMA_GET_NON_NULL_POINTER (ecma_object_t, get_set_pair_p->setter_cp);
-
-      result = ecma_op_function_call (setter_p, base, &value, 1);
-    }
+    result = ecma_op_invoke_setter (get_set_pair_p, base, value);
   }
 
   ecma_deref_object (obj_p);
@@ -1493,8 +1483,7 @@ opfunc_private_get (ecma_value_t base, /**< this object */
     }
     else
     {
-      ecma_object_t *getter_p = ECMA_GET_NON_NULL_POINTER (ecma_object_t, get_set_pair_p->getter_cp);
-      result = ecma_op_function_call (getter_p, base, NULL, 0);
+      result = ecma_op_invoke_getter (get_set_pair_p, base);
     }
   }
 
diff --git a/tests/jerry/es.next/regression-test-issue-4900.js b/tests/jerry/es.next/regression-test-issue-4900.js
@@ -0,0 +1,41 @@
+// Copyright JS Foundation and other contributors, http://js.foundation
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+function assertArrayEqual(actual, expected) {
+  assert(actual.length === expected.length);
+
+  for (var i = 0; i < actual.length; i++) {
+    assert(actual[i] === expected[i]);
+  }
+}
+
+var i = 0;
+var a = [];
+var JSEtest = [];
+
+JSEtest.__defineGetter__(0, function NaN() {
+  if (i++ > 2) {
+    return;
+  }
+
+  JSEtest.shift();
+  gc();
+  a.push(0);
+  a.concat(JSEtest);
+});
+
+JSEtest[0];
+
+assertArrayEqual(a, [0, 0, 0]);
+assertArrayEqual(JSEtest, []);

Original file line number	Diff line number	Diff line change
`@@ -697,16 +697,7 @@ ecma_op_object_find_own (ecma_value_t base_value, /*< base value /`
`697`	`697`	`return ecma_fast_copy_value (prop_value_p->value);`
`698`	`698`	`}`
`699`	`699`
`700`		`- ecma_getter_setter_pointers_t *get_set_pair_p = ecma_get_named_accessor_property (prop_value_p);`
`701`		`-`
`702`		`- if (get_set_pair_p->getter_cp == JMEM_CP_NULL)`
`703`		`- {`
`704`		`- return ECMA_VALUE_UNDEFINED;`
`705`		`- }`
`706`		`-`
`707`		`- ecma_object_t *getter_p = ECMA_GET_NON_NULL_POINTER (ecma_object_t, get_set_pair_p->getter_cp);`
`708`		`-`
`709`		`- return ecma_op_function_call (getter_p, base_value, NULL, 0);`
	`700`	`+ return ecma_op_invoke_getter (ecma_get_named_accessor_property (prop_value_p), base_value);`
`710`	`701`	`} /* ecma_op_object_find_own */`
`711`	`702`
`712`	`703`	`/**`
`@@ -1474,6 +1465,7 @@ ecma_op_object_put_with_receiver (ecma_object_t object_p, /< the object /`
`1474`	`1465`	`}`
`1475`	`1466`	`}`
`1476`	`1467`
	`1468`	`+ ecma_getter_setter_pointers_t *get_set_pair_p = NULL;`
`1477`	`1469`	`jmem_cpointer_t setter_cp = JMEM_CP_NULL;`
`1478`	`1470`
`1479`	`1471`	`if (property_p != NULL)`
`@@ -1497,7 +1489,6 @@ ecma_op_object_put_with_receiver (ecma_object_t object_p, /< the object /`
`1497`	`1489`	`}`
`1498`	`1490`	`else`
`1499`	`1491`	`{`
`1500`		`- ecma_getter_setter_pointers_t *get_set_pair_p;`
`1501`	`1492`	`get_set_pair_p = ecma_get_named_accessor_property (ECMA_PROPERTY_VALUE_PTR (property_p));`
`1502`	`1493`	`setter_cp = get_set_pair_p->setter_cp;`
`1503`	`1494`	`}`
`@@ -1538,7 +1529,8 @@ ecma_op_object_put_with_receiver (ecma_object_t object_p, /< the object /`
`1538`	`1529`
`1539`	`1530`	`if (!(inherited_property & ECMA_PROPERTY_FLAG_DATA))`
`1540`	`1531`	`{`
`1541`		`- setter_cp = ecma_get_named_accessor_property (property_ref.value_p)->setter_cp;`
	`1532`	`+ get_set_pair_p = ecma_get_named_accessor_property (property_ref.value_p);`
	`1533`	`+ setter_cp = get_set_pair_p->setter_cp;`
`1542`	`1534`	`create_new_property = false;`
`1543`	`1535`	`break;`
`1544`	`1536`	`}`
`@@ -1611,8 +1603,7 @@ ecma_op_object_put_with_receiver (ecma_object_t object_p, /< the object /`
`1611`	`1603`	`return ecma_raise_readonly_assignment (property_name_p, is_throw);`
`1612`	`1604`	`}`
`1613`	`1605`
`1614`		`- ecma_value_t ret_value =`
`1615`		`- ecma_op_function_call (ECMA_GET_NON_NULL_POINTER (ecma_object_t, setter_cp), receiver, &value, 1);`
	`1606`	`+ ecma_value_t ret_value = ecma_op_invoke_setter (get_set_pair_p, receiver, value);`
`1616`	`1607`
`1617`	`1608`	`if (!ECMA_IS_VALUE_ERROR (ret_value))`
`1618`	`1609`	`{`
Original file line number	Diff line number	Diff line change
`@@ -354,17 +354,8 @@ ecma_op_resolve_reference_value (ecma_object_t lex_env_p, /*< starting lexical`
`354`	`354`	`return ecma_fast_copy_value (prop_value_p->value);`
`355`	`355`	`}`
`356`	`356`
`357`		`- ecma_getter_setter_pointers_t *get_set_pair_p = ecma_get_named_accessor_property (prop_value_p);`
`358`		`-`
`359`		`- if (get_set_pair_p->getter_cp == JMEM_CP_NULL)`
`360`		`- {`
`361`		`- return ECMA_VALUE_UNDEFINED;`
`362`		`- }`
`363`		`-`
`364`		`- ecma_object_t *getter_p = ECMA_GET_NON_NULL_POINTER (ecma_object_t, get_set_pair_p->getter_cp);`
`365`		`-`
`366`		`- ecma_value_t base_value = ecma_make_object_value (binding_obj_p);`
`367`		`- return ecma_op_function_call (getter_p, base_value, NULL, 0);`
	`357`	`+ return ecma_op_invoke_getter (ecma_get_named_accessor_property (prop_value_p),`
	`358`	`+ ecma_make_object_value (binding_obj_p));`
`368`	`359`	`}`
`369`	`360`	`#endif /* JERRY_LCACHE */`
`370`	`361`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1430,17 +1430,7 @@ opfunc_private_set (ecma_value_t base, /*< this object /`
`1430`	`1430`	`else`
`1431`	`1431`	`{`
`1432`	`1432`	`ecma_getter_setter_pointers_t *get_set_pair_p = ecma_get_named_accessor_property (ECMA_PROPERTY_VALUE_PTR (prop_p));`
`1433`		`-`
`1434`		`- if (get_set_pair_p->setter_cp == JMEM_CP_NULL)`
`1435`		`- {`
`1436`		`- result = ecma_raise_type_error (ECMA_ERR_PRIVATE_FIELD_WAS_DEFINED_WITHOUT_A_SETTER);`
`1437`		`- }`
`1438`		`- else`
`1439`		`- {`
`1440`		`- ecma_object_t *setter_p = ECMA_GET_NON_NULL_POINTER (ecma_object_t, get_set_pair_p->setter_cp);`
`1441`		`-`
`1442`		`- result = ecma_op_function_call (setter_p, base, &value, 1);`
`1443`		`- }`
	`1433`	`+ result = ecma_op_invoke_setter (get_set_pair_p, base, value);`
`1444`	`1434`	`}`
`1445`	`1435`
`1446`	`1436`	`ecma_deref_object (obj_p);`
`@@ -1493,8 +1483,7 @@ opfunc_private_get (ecma_value_t base, /*< this object /`
`1493`	`1483`	`}`
`1494`	`1484`	`else`
`1495`	`1485`	`{`
`1496`		`- ecma_object_t *getter_p = ECMA_GET_NON_NULL_POINTER (ecma_object_t, get_set_pair_p->getter_cp);`
`1497`		`- result = ecma_op_function_call (getter_p, base, NULL, 0);`
	`1486`	`+ result = ecma_op_invoke_getter (get_set_pair_p, base);`
`1498`	`1487`	`}`
`1499`	`1488`	`}`
`1500`	`1489`