From 9e93e715fc0f23dd5b8dd443ef044b179f79f465 Mon Sep 17 00:00:00 2001
From: Petrov Igor <petrov.826961@huawei.com>
Date: Wed, 29 Mar 2023 17:25:40 +0300
Subject: [PATCH] [MM] Fix CSA detection: GC-trigger function in argument list

Signed-off-by: Petrov Igor <petrov.826961@huawei.com>
---
 runtime/builtins/builtins_promise_handler.cpp |  4 ++--
 runtime/ecma_vm.cpp                           | 15 ++++++++++-----
 runtime/object_factory.cpp                    |  3 ++-
 3 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/runtime/builtins/builtins_promise_handler.cpp b/runtime/builtins/builtins_promise_handler.cpp
index 29f32d37d..8f8c2ea09 100644
--- a/runtime/builtins/builtins_promise_handler.cpp
+++ b/runtime/builtins/builtins_promise_handler.cpp
@@ -188,7 +188,6 @@ JSTaggedValue BuiltinsPromiseHandler::ResolveElementFunction(EcmaRuntimeCallInfo
     // 3. Set alreadyCalled.[[value]] to true.
     already_called->SetValue(thread, JSTaggedValue::True());
     // 4. Let index be the value of F's [[Index]] internal slot.
-    JSHandle<JSTaggedValue> index(thread, func->GetIndex());
     // 5. Let values be the value of F's [[Values]] internal slot.
     JSHandle<PromiseRecord> values = JSHandle<PromiseRecord>::Cast(JSHandle<JSTaggedValue>(thread, func->GetValues()));
     // 6. Let promiseCapability be the value of F's [[Capabilities]] internal slot.
@@ -200,7 +199,8 @@ JSTaggedValue BuiltinsPromiseHandler::ResolveElementFunction(EcmaRuntimeCallInfo
     // 8. Set values[index] to x.
     JSHandle<TaggedArray> array_values =
         JSHandle<TaggedArray>::Cast(JSHandle<JSTaggedValue>(thread, values->GetValue()));
-    array_values->Set(thread, JSTaggedValue::ToUint32(thread, index), GetCallArg(argv, 0).GetTaggedValue());
+    auto index = JSTaggedValue::ToUint32(thread, JSHandle<JSTaggedValue>(thread, func->GetIndex()));
+    array_values->Set(thread, index, GetCallArg(argv, 0).GetTaggedValue());
     // 9. Set remainingElementsCount.[[value]] to remainingElementsCount.[[value]] - 1.
     remain_cnt->SetValue(thread, --JSTaggedNumber(remain_cnt->GetValue()));
     // 10. If remainingElementsCount.[[value]] is 0,
diff --git a/runtime/ecma_vm.cpp b/runtime/ecma_vm.cpp
index 49d4744a4..9ff93ce4d 100644
--- a/runtime/ecma_vm.cpp
+++ b/runtime/ecma_vm.cpp
@@ -255,13 +255,18 @@ bool EcmaVM::Initialize()
     global_const->InitGlobalConstant(thread_);
     global_env_handle->SetEmptyArray(thread_, factory_->NewEmptyArray());
     global_env_handle->SetEmptyWeakArray(thread_, factory_->NewEmptyArray(true));
-    global_env_handle->SetEmptyLayoutInfo(thread_, factory_->CreateLayoutInfo(0));
-    global_env_handle->SetRegisterSymbols(thread_, SymbolTable::Create(thread_));
+    auto layout_info_handle = factory_->CreateLayoutInfo(0);
+    global_env_handle->SetEmptyLayoutInfo(thread_, layout_info_handle);
+    auto symbol_table_handle = SymbolTable::Create(thread_);
+    global_env_handle->SetRegisterSymbols(thread_, symbol_table_handle);
     JSTaggedValue empty_str = thread_->GlobalConstants()->GetEmptyString();
     string_table_->InternEmptyString(EcmaString::Cast(empty_str.GetTaggedObject()));
-    global_env_handle->SetEmptyTaggedQueue(thread_, factory_->NewTaggedQueue(0));
-    global_env_handle->SetTemplateMap(thread_, TemplateMap::Create(thread_));
-    global_env_handle->SetRegisterSymbols(GetJSThread(), SymbolTable::Create(GetJSThread()));
+    auto tagged_queue_handle = factory_->NewTaggedQueue(0);
+    global_env_handle->SetEmptyTaggedQueue(thread_, tagged_queue_handle);
+    auto template_map_handle = TemplateMap::Create(thread_);
+    global_env_handle->SetTemplateMap(thread_, template_map_handle);
+    auto symbol_table_2_handle = SymbolTable::Create(GetJSThread());
+    global_env_handle->SetRegisterSymbols(GetJSThread(), symbol_table_2_handle);
     SetupRegExpResultCache();
     micro_job_queue_ = factory_->NewMicroJobQueue().GetTaggedValue();
 
diff --git a/runtime/object_factory.cpp b/runtime/object_factory.cpp
index 619a97755..9fc69579e 100644
--- a/runtime/object_factory.cpp
+++ b/runtime/object_factory.cpp
@@ -1626,7 +1626,8 @@ JSHandle<JSRealm> ObjectFactory::NewJSRealm()
 
     ObtainRootClass(env);
     realm_env_handle->SetEmptyArray(thread_, NewEmptyArray());
-    realm_env_handle->SetEmptyTaggedQueue(thread_, NewTaggedQueue(0));
+    auto tagged_queue_handle = NewTaggedQueue(0);
+    realm_env_handle->SetEmptyTaggedQueue(thread_, tagged_queue_handle);
     auto result = TemplateMap::Create(thread_);
     realm_env_handle->SetTemplateMap(thread_, result);
 
-- 
Gitee