[Webkit-unassigned] [Bug 178124] New: [JSC] CallLinkInfo should record new.target for op_construct
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Oct 10 03:53:07 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=178124
Bug ID: 178124
Summary: [JSC] CallLinkInfo should record new.target for
op_construct
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: utatane.tea at gmail.com
Let's consider the case,
class DerivedArray extends Array {
constructor()
{
super(4);
}
}
new DerivedArray;
When compiling DerivedArray's constructor, we do not have information about new.target well.
In that case, we cannot attempt to make this `super(4)` to some kind of `NewArrayWithSize()` with new.target's allocation profile.
In the case of usual JS functions, op_create_this has this information. But when subclassing builtin objects (like Arrays), we do not have op_create_this and this cache. We should have this one in op_construct's CallLinkInfo.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20171010/b90499e5/attachment.html>
More information about the webkit-unassigned
mailing list