[Webkit-unassigned] [Bug 151113] calling super() a second time in a constructor should throw

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Apr 12 12:39:37 PDT 2016 

https://bugs.webkit.org/show_bug.cgi?id=151113

--- Comment #22 from GSkachkov <gskachkov at gmail.com> ---
Comment on attachment 276169
  --> https://bugs.webkit.org/attachment.cgi?id=276169
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=276169&action=review

>> Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:967
>> +    case IsEmpty:
> 
> I think we can more aggressively constant fold this based on type information as well.
> We can fold to false if the speculated type for child1 doesn't have SpecEmpty in it.
> We can fold to true if the speculated type is equal to SpecEmpty.

I'll try to play, hope in with next patch will be fixed this comment

>> Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:4405
>> +    case IsEmpty: {        
> 
> This code is more easily written as a compare instruction.

Hope I did in way that you mean, but I don't know if it correct work in 32bit

>> Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:4410
>> +    case IsEmpty: {
> 
> I think the below code is subtly wrong because you just or the ValueTrue/False disregarding junk old
> values in the register. But, regardless of that, this code is better written as a compare instruction 
> + "or ValueFalse". I believe we use this paradigm in other code in the DFG.

Refactored

>> Source/JavaScriptCore/jit/JITOpcodes.cpp:179
>> +void JIT::emit_op_is_empty(Instruction* currentInstruction)
> 
> Ditto with compare instruction.

Refactored

>> Source/JavaScriptCore/jit/JITOpcodes32_64.cpp:294
>> +void JIT::emit_op_is_empty(Instruction* currentInstruction)
> 
> Ditto with compare instruction.

Refactored

>> Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm:1214
>> +_llint_op_is_empty:
> 
> Ditto

Refactored

>> Source/JavaScriptCore/llint/LowLevelInterpreter64.asm:1102
>> +_llint_op_is_empty:
> 
> Ditto.

Refactored

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160412/6969ca1e/attachment-0001.html>

More information about the webkit-unassigned mailing list