From 6ed6434bab2b136a64a7e8374dbc58b467017016 Mon Sep 17 00:00:00 2001
From: Andreas Kling <kling@serenityos.org>
Date: Tue, 22 Jun 2021 11:40:16 +0200
Subject: [PATCH] LibJS: Remove home object from DeclarativeEnvironmentRecord

According to the spec, [[HomeObject]] is an internal slot on function
objects, and should always be accessed through there.
---
 .../Runtime/DeclarativeEnvironmentRecord.cpp    | 17 +++++++----------
 .../Runtime/DeclarativeEnvironmentRecord.h      |  3 ---
 .../Libraries/LibJS/Runtime/ScriptFunction.cpp  |  1 -
 3 files changed, 7 insertions(+), 14 deletions(-)

diff --git a/Userland/Libraries/LibJS/Runtime/DeclarativeEnvironmentRecord.cpp b/Userland/Libraries/LibJS/Runtime/DeclarativeEnvironmentRecord.cpp
index fadf235f85..5a8f8ef91a 100644
--- a/Userland/Libraries/LibJS/Runtime/DeclarativeEnvironmentRecord.cpp
+++ b/Userland/Libraries/LibJS/Runtime/DeclarativeEnvironmentRecord.cpp
@@ -50,7 +50,6 @@ void DeclarativeEnvironmentRecord::visit_edges(Visitor& visitor)
 {
     Base::visit_edges(visitor);
     visitor.visit(m_this_value);
-    visitor.visit(m_home_object);
     visitor.visit(m_new_target);
     visitor.visit(m_current_function);
     for (auto& it : m_variables)
@@ -72,17 +71,15 @@ bool DeclarativeEnvironmentRecord::delete_from_environment_record(FlyString cons
     return m_variables.remove(name);
 }
 
-bool DeclarativeEnvironmentRecord::has_super_binding() const
-{
-    return m_environment_record_type == EnvironmentRecordType::Function && this_binding_status() != ThisBindingStatus::Lexical && m_home_object.is_object();
-}
-
 Value DeclarativeEnvironmentRecord::get_super_base()
 {
-    VERIFY(has_super_binding());
-    if (m_home_object.is_object())
-        return m_home_object.as_object().prototype();
-    return {};
+    if (m_environment_record_type != EnvironmentRecordType::Function)
+        return {};
+    VERIFY(m_current_function);
+    auto home_object = m_current_function->home_object();
+    if (!home_object.is_object())
+        return {};
+    return home_object.as_object().prototype();
 }
 
 bool DeclarativeEnvironmentRecord::has_this_binding() const
diff --git a/Userland/Libraries/LibJS/Runtime/DeclarativeEnvironmentRecord.h b/Userland/Libraries/LibJS/Runtime/DeclarativeEnvironmentRecord.h
index 5841be9917..baac4a26a1 100644
--- a/Userland/Libraries/LibJS/Runtime/DeclarativeEnvironmentRecord.h
+++ b/Userland/Libraries/LibJS/Runtime/DeclarativeEnvironmentRecord.h
@@ -46,8 +46,6 @@ public:
 
     HashMap<FlyString, Variable> const& variables() const { return m_variables; }
 
-    void set_home_object(Value object) { m_home_object = object; }
-    bool has_super_binding() const;
     Value get_super_base();
 
     ThisBindingStatus this_binding_status() const { return m_this_binding_status; }
@@ -71,7 +69,6 @@ private:
     EnvironmentRecordType m_environment_record_type : 8 { EnvironmentRecordType::Declarative };
     ThisBindingStatus m_this_binding_status : 8 { ThisBindingStatus::Uninitialized };
     HashMap<FlyString, Variable> m_variables;
-    Value m_home_object;
     Value m_this_value;
     Value m_new_target;
     // Corresponds to [[FunctionObject]]
diff --git a/Userland/Libraries/LibJS/Runtime/ScriptFunction.cpp b/Userland/Libraries/LibJS/Runtime/ScriptFunction.cpp
index bb2678673d..57133f7db2 100644
--- a/Userland/Libraries/LibJS/Runtime/ScriptFunction.cpp
+++ b/Userland/Libraries/LibJS/Runtime/ScriptFunction.cpp
@@ -123,7 +123,6 @@ DeclarativeEnvironmentRecord* ScriptFunction::create_environment_record()
     }
 
     auto* environment = heap().allocate<DeclarativeEnvironmentRecord>(global_object(), move(variables), m_parent_scope, DeclarativeEnvironmentRecord::EnvironmentRecordType::Function);
-    environment->set_home_object(home_object());
     environment->set_current_function(*this);
     if (m_is_arrow_function) {
         if (is<DeclarativeEnvironmentRecord>(m_parent_scope))