[Webkit-unassigned] [Bug 151113] calling super() a second time in a constructor should throw

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Apr 18 12:25:56 PDT 2016 

https://bugs.webkit.org/show_bug.cgi?id=151113

--- Comment #37 from Keith Miller <keith_miller at apple.com> ---
Comment on attachment 276498
  --> https://bugs.webkit.org/attachment.cgi?id=276498
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=276498&action=review

> Source/JavaScriptCore/ChangeLog:14
> +        Current patch implement check if 'super()' was called in constructor 
> +        more than once and raise RuntimeError if 'super()' called second time. 
> +        According to spec we need to raise error just after second super() 
> +        is finished, and before new this is assign 
> +        https://esdiscuss.org/topic/duplicate-super-call-behaviour. 
> +        To implement this behavior was introduced new op code - op_is_empty
> +        that is used to check if 'this' is empty.

I think the phrasing of the changelog would be clearer as:

Currently, our implementation checks if 'super()' was called in a constructor more than once and raises a RuntimeError before the second call. According to the spec we need to raise an error just after the second super() is finished and before the new 'this' is assigned https://esdiscuss.org/topic/duplicate-super-call-behaviour. To implement this behavior this patch adds a new op code, op_is_empty, that is used to check if 'this' is empty.

> Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:1097
> +            if (!(child.m_type & ~SpecEmpty)) {
> +                setConstant(node, jsBoolean(true));
> +                constantWasSet = true;
> +                break;
> +            }

I think this case is wrong. If the abstract interpreter has no information then child.m_type will be SpecNone (0) and this case will convert the IsEmpty check into a constant. I think a correct condition would be "child.m_type && !(child.m_type & ~SpecEmpty)".

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160418/c98dc1fa/attachment.html>

More information about the webkit-unassigned mailing list