Fix Array.from using defineOwnProperty instead of defineOwnComputedPr…

…imitive Summary: `Array.from` was using `JSObject::defineOwnProperty` to create properties on the new array. Using that API creates a Symbol and a StringPrimitive for a simple number. It also triggers later slow-paths in the VM, because the "fast index" flags aren't set correctly. Fix this by changing to `JSObject::defineOwnComputedPrimitive`. Reviewed By: tmikov Differential Revision: D23770063 fbshipit-source-id: 1f0412be482793275408eb21ccbcb2f869ca65bb
gfx · Sep 18, 2020 · 444fed4 · 444fed4
1 parent b28c502
commit 444fed4
Showing 1 changed file with 4 additions and 16 deletions.
diff --git a/lib/VM/JSLib/Array.cpp b/lib/VM/JSLib/Array.cpp
@@ -3377,12 +3377,6 @@ CallResult<HermesValue> arrayFrom(void *, Runtime *runtime, NativeArgs args) {
     MutableHandle<> nextValue{runtime};
     while (true) {
       GCScopeMarkerRAII marker1{runtime};
-      // i. Let Pk be ToString(k).
-      auto pkRes = valueToSymbolID(runtime, k);
-      if (LLVM_UNLIKELY(pkRes == ExecutionStatus::EXCEPTION)) {
-        return ExecutionStatus::EXCEPTION;
-      }
-      auto pkHandle = pkRes.getValue();
       // ii. Let next be IteratorStep(iteratorRecord).
       // iii. ReturnIfAbrupt(next).
       auto next = iteratorStep(runtime, iteratorRecord);
@@ -3433,10 +3427,10 @@ CallResult<HermesValue> arrayFrom(void *, Runtime *runtime, NativeArgs args) {
       // x. If defineStatus is an abrupt completion, return
       // IteratorClose(iterator, defineStatus).
       if (LLVM_UNLIKELY(
-              JSObject::defineOwnProperty(
+              JSObject::defineOwnComputedPrimitive(
                   A,
                   runtime,
-                  *pkHandle,
+                  k,
                   DefinePropertyFlags::getDefaultNewPropertyFlags(),
                   mappedValue,
                   PropOpFlags().plusThrowOnError()) ==
@@ -3497,12 +3491,6 @@ CallResult<HermesValue> arrayFrom(void *, Runtime *runtime, NativeArgs args) {
   MutableHandle<> mappedValue{runtime};
   while (k->getNumberAs<uint32_t>() < len) {
     GCScopeMarkerRAII marker2{runtime};
-    // a. Let Pk be ToString(k).
-    auto pkRes = valueToSymbolID(runtime, k);
-    if (LLVM_UNLIKELY(pkRes == ExecutionStatus::EXCEPTION)) {
-      return ExecutionStatus::EXCEPTION;
-    }
-    auto pkHandle = pkRes.getValue();
     // b. Let kValue be Get(arrayLike, Pk).
     propRes = JSObject::getComputed_RJS(arrayLike, runtime, k);
     // c. ReturnIfAbrupt(kValue).
@@ -3526,10 +3514,10 @@ CallResult<HermesValue> arrayFrom(void *, Runtime *runtime, NativeArgs args) {
     // f. Let defineStatus be CreateDataPropertyOrThrow(A, Pk, mappedValue).
     // g. ReturnIfAbrupt(defineStatus).
     if (LLVM_UNLIKELY(
-            JSObject::defineOwnProperty(
+            JSObject::defineOwnComputedPrimitive(
                 A,
                 runtime,
-                *pkHandle,
+                k,
                 DefinePropertyFlags::getDefaultNewPropertyFlags(),
                 mappedValue,
                 PropOpFlags().plusThrowOnError()) ==