[Webkit-unassigned] [Bug 151113] calling super() a second time in a constructor should throw

Mon Apr 18 14:39:43 PDT 2016

https://bugs.webkit.org/show_bug.cgi?id=151113

Saam Barati <sbarati at apple.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #276660|                            |review+
              Flags|                            |

--- Comment #39 from Saam Barati <sbarati at apple.com> ---
Comment on attachment 276660
  --> https://bugs.webkit.org/attachment.cgi?id=276660
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=276660&action=review

r=me with comments.

> Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:1101
> +            if (!(child.m_type & SpecEmpty)) {

You also want this one to check child.m_type && ...

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:4419
> +        m_jit.comparePtr(JITCompiler::Equal, value.gpr(), TrustedImm32(ValueEmpty), result.gpr());

I think this is probably correct, but I think it's way clearer as:
m_jit.comparePtr(Equal, value.gpr(), TrustedImm64(JSValue::encode(JSValue())), result.gpr())

> Source/JavaScriptCore/jit/JITOpcodes.cpp:185
> +    compare64(Equal, regT0, TrustedImm32(ValueEmpty), regT0);

ditto.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160418/d77aad6b/attachment.html>