<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><span class="vcard"><a class="email" href="mailto:sbarati@apple.com" title="Saam Barati <sbarati@apple.com>"> <span class="fn">Saam Barati</span></a>
</span> changed
<a class="bz_bug_link
bz_status_NEW "
title="NEW - calling super() a second time in a constructor should throw"
href="https://bugs.webkit.org/show_bug.cgi?id=151113">bug 151113</a>
<br>
<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>What</th>
<th>Removed</th>
<th>Added</th>
</tr>
<tr>
<td style="text-align:right;">Attachment #276169 Flags</td>
<td>review?, commit-queue?
</td>
<td>review-, commit-queue-
</td>
</tr></table>
<p>
<div>
<b><a class="bz_bug_link
bz_status_NEW "
title="NEW - calling super() a second time in a constructor should throw"
href="https://bugs.webkit.org/show_bug.cgi?id=151113#c20">Comment # 20</a>
on <a class="bz_bug_link
bz_status_NEW "
title="NEW - calling super() a second time in a constructor should throw"
href="https://bugs.webkit.org/show_bug.cgi?id=151113">bug 151113</a>
from <span class="vcard"><a class="email" href="mailto:sbarati@apple.com" title="Saam Barati <sbarati@apple.com>"> <span class="fn">Saam Barati</span></a>
</span></b>
<pre>Comment on <span class=""><a href="attachment.cgi?id=276169&action=diff" name="attach_276169" title="Patch">attachment 276169</a> <a href="attachment.cgi?id=276169&action=edit" title="Patch">[details]</a></span>
Patch
View in context: <a href="https://bugs.webkit.org/attachment.cgi?id=276169&action=review">https://bugs.webkit.org/attachment.cgi?id=276169&action=review</a>
LGTM besides my suggestions in abstract interpreter
code gen.
<span class="quote">> Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp:770
> + generator.emitThrowReferenceError(ASCIILiteral("'super()' can't be called more than once in constructor."));</span >
"in constructor" => "in a constructor"
<span class="quote">> Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:967
> + case IsEmpty:</span >
I think we can more aggressively constant fold this based on type information as well.
We can fold to false if the speculated type for child1 doesn't have SpecEmpty in it.
We can fold to true if the speculated type is equal to SpecEmpty.
<span class="quote">> Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:4405
> + case IsEmpty: { </span >
This code is more easily written as a compare instruction.
<span class="quote">> Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:4410
> + case IsEmpty: {</span >
I think the below code is subtly wrong because you just or the ValueTrue/False disregarding junk old
values in the register. But, regardless of that, this code is better written as a compare instruction
+ "or ValueFalse". I believe we use this paradigm in other code in the DFG.
<span class="quote">> Source/JavaScriptCore/jit/JITOpcodes.cpp:179
> +void JIT::emit_op_is_empty(Instruction* currentInstruction)</span >
Ditto with compare instruction.
<span class="quote">> Source/JavaScriptCore/jit/JITOpcodes32_64.cpp:294
> +void JIT::emit_op_is_empty(Instruction* currentInstruction)</span >
Ditto with compare instruction.
<span class="quote">> Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm:1214
> +_llint_op_is_empty:</span >
Ditto
<span class="quote">> Source/JavaScriptCore/llint/LowLevelInterpreter64.asm:1102
> +_llint_op_is_empty:</span >
Ditto.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>