[Webkit-unassigned] [Bug 151113] calling super() a second time in a constructor should throw

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Apr 11 22:41:30 PDT 2016


https://bugs.webkit.org/show_bug.cgi?id=151113

Saam Barati <sbarati at apple.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #276169|review?, commit-queue?      |review-, commit-queue-
              Flags|                            |

--- Comment #20 from Saam Barati <sbarati at apple.com> ---
Comment on attachment 276169
  --> https://bugs.webkit.org/attachment.cgi?id=276169
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=276169&action=review

LGTM besides my suggestions in abstract interpreter
code gen.

> Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp:770
> +        generator.emitThrowReferenceError(ASCIILiteral("'super()' can't be called more than once in constructor."));

"in constructor" => "in a constructor"

> Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:967
> +    case IsEmpty:

I think we can more aggressively constant fold this based on type information as well.
We can fold to false if the speculated type for child1 doesn't have SpecEmpty in it.
We can fold to true if the speculated type is equal to SpecEmpty.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:4405
> +    case IsEmpty: {        

This code is more easily written as a compare instruction.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:4410
> +    case IsEmpty: {

I think the below code is subtly wrong because you just or the ValueTrue/False disregarding junk old
values in the register. But, regardless of that, this code is better written as a compare instruction 
+ "or ValueFalse". I believe we use this paradigm in other code in the DFG.

> Source/JavaScriptCore/jit/JITOpcodes.cpp:179
> +void JIT::emit_op_is_empty(Instruction* currentInstruction)

Ditto with compare instruction.

> Source/JavaScriptCore/jit/JITOpcodes32_64.cpp:294
> +void JIT::emit_op_is_empty(Instruction* currentInstruction)

Ditto with compare instruction.

> Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm:1214
> +_llint_op_is_empty:

Ditto

> Source/JavaScriptCore/llint/LowLevelInterpreter64.asm:1102
> +_llint_op_is_empty:

Ditto.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160412/604255de/attachment.html>


More information about the webkit-unassigned mailing list