From e0b2757f9534d3cd2f76c362c3338a56c6d56dd6 Mon Sep 17 00:00:00 2001
From: Andreas Kling <kling@serenityos.org>
Date: Mon, 10 Jul 2023 08:44:28 +0200
Subject: [PATCH] LibJS/Bytecode: Always make own properties in object
 expressions

When building an object from an object expression, we don't want to
go through the full property setting machinery. This patch adds a new
PropertyKind::DirectKeyValue for PutById which guarantees that the
property becomes an own property.

This fixes an issue where setting the "__proto__" property in object
expressions wasn't working right.

12 new passes on test262. :^)
---
 Userland/Libraries/LibJS/Bytecode/ASTCodegen.cpp | 2 +-
 Userland/Libraries/LibJS/Bytecode/Op.cpp         | 3 +++
 Userland/Libraries/LibJS/Bytecode/Op.h           | 1 +
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/Userland/Libraries/LibJS/Bytecode/ASTCodegen.cpp b/Userland/Libraries/LibJS/Bytecode/ASTCodegen.cpp
index e4a873ba09..22e3479346 100644
--- a/Userland/Libraries/LibJS/Bytecode/ASTCodegen.cpp
+++ b/Userland/Libraries/LibJS/Bytecode/ASTCodegen.cpp
@@ -936,7 +936,7 @@ Bytecode::CodeGenerationErrorOr<void> ObjectExpression::generate_bytecode(Byteco
         Bytecode::Op::PropertyKind property_kind;
         switch (property->type()) {
         case ObjectProperty::Type::KeyValue:
-            property_kind = Bytecode::Op::PropertyKind::KeyValue;
+            property_kind = Bytecode::Op::PropertyKind::DirectKeyValue;
             break;
         case ObjectProperty::Type::Getter:
             property_kind = Bytecode::Op::PropertyKind::Getter;
diff --git a/Userland/Libraries/LibJS/Bytecode/Op.cpp b/Userland/Libraries/LibJS/Bytecode/Op.cpp
index 2faed42f25..3b3773bab0 100644
--- a/Userland/Libraries/LibJS/Bytecode/Op.cpp
+++ b/Userland/Libraries/LibJS/Bytecode/Op.cpp
@@ -76,6 +76,9 @@ static ThrowCompletionOr<void> put_by_property_key(VM& vm, Value base, Value thi
             return vm.throw_completion<TypeError>(ErrorType::ReferenceNullishSetProperty, name, TRY_OR_THROW_OOM(vm, base.to_string_without_side_effects()));
         break;
     }
+    case PropertyKind::DirectKeyValue:
+        object->define_direct_property(name, value, Attribute::Enumerable | Attribute::Writable | Attribute::Configurable);
+        break;
     case PropertyKind::Spread:
         TRY(object->copy_data_properties(vm, value, {}));
         break;
diff --git a/Userland/Libraries/LibJS/Bytecode/Op.h b/Userland/Libraries/LibJS/Bytecode/Op.h
index 0bb111d1ca..49c2ba580d 100644
--- a/Userland/Libraries/LibJS/Bytecode/Op.h
+++ b/Userland/Libraries/LibJS/Bytecode/Op.h
@@ -644,6 +644,7 @@ enum class PropertyKind {
     Getter,
     Setter,
     KeyValue,
+    DirectKeyValue, // Used for Object expressions. Always sets an own property, never calls a setter.
     Spread,
     ProtoSetter,
 };