[Webkit-unassigned] [Bug 142882] Extending null should set __proto__ to null

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Mar 20 14:30:00 PDT 2015 

https://bugs.webkit.org/show_bug.cgi?id=142882

--- Comment #1 from Ryosuke Niwa <rniwa at webkit.org> ---
@@ -2899,6 +2903,9 @@ RegisterID* ClassExprNode::emitBytecode(BytecodeGenerator& generator, RegisterID
     prototype = generator.emitGetById(generator.newTemporary(), constructor.get(), generator.propertyNames().prototype);

     if (superclass) {
+        RefPtr<RegisterID> protoParent = generator.newTemporary();
+        generator.emitLoad(protoParent.get(), jsNull());
+
         RefPtr<RegisterID> tempRegister = generator.newTemporary();
         RefPtr<Label> superclassIsNullLabel = generator.newLabel();
         generator.emitJumpIfTrue(generator.emitUnaryOp(op_eq_null, tempRegister.get(), superclass.get()), superclassIsNullLabel.get());
@@ -2908,8 +2915,6 @@ RegisterID* ClassExprNode::emitBytecode(BytecodeGenerator& generator, RegisterID
         generator.emitJumpIfTrue(generator.emitIsObject(tempRegister.get(), superclass.get()), superclassIsObjectLabel.get());
         generator.emitThrowTypeError(ASCIILiteral("The superclass is not an object."));
         generator.emitLabel(superclassIsObjectLabel.get());
-
-        RefPtr<RegisterID> protoParent = generator.newTemporary();
         generator.emitGetById(protoParent.get(), superclass.get(), generator.propertyNames().prototype);

         RefPtr<Label> protoParentIsObjectOrNullLabel = generator.newLabel();
@@ -2918,9 +2923,9 @@ RegisterID* ClassExprNode::emitBytecode(BytecodeGenerator& generator, RegisterID
         generator.emitLabel(protoParentIsObjectOrNullLabel.get());

         generator.emitDirectPutById(constructor.get(), generator.propertyNames().underscoreProto, superclass.get(), PropertyNode::Unknown);
+        generator.emitLabel(superclassIsNullLabel.get());
         generator.emitDirectPutById(prototype.get(), generator.propertyNames().underscoreProto, protoParent.get(), PropertyNode::Unknown);

-        generator.emitLabel(superclassIsNullLabel.get());
         emitPutHomeObject(generator, constructor.get(), prototype.get());
     }

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150320/3ce6cc63/attachment-0002.html>

More information about the webkit-unassigned mailing list