Bug 149380

Summary:

Promise constructor should throw when not called with "new"

Product:

WebKit

Reporter:

Jordan Harband <ljharb>

Component:

JavaScriptCore

Assignee:

Yusuke Suzuki <ysuzuki>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

benjamin, buildbot, darin, fpizlo, ggaren, keith_miller, mark.lam, msaboff, rniwa, saam, stefan.penner, ysuzuki

Priority:

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

URL:

http://www.ecma-international.org/ecma-262/6.0/#sec-promise-executor

Attachments:

Description	Flags
Patch	none
Patch	none
Archive of layout-test-results from ews102 for mac-mavericks	none
Archive of layout-test-results from ews104 for mac-mavericks-wk2	none
Patch	none
Archive of layout-test-results from ews100 for mac-mavericks	none
Archive of layout-test-results from ews107 for mac-mavericks-wk2	none
Patch	darin: review+

Jordan Harband

Reported 2015-09-19 19:01:05 PDT

Per http://www.ecma-international.org/ecma-262/6.0/#sec-promise-executor step 1 - if `newTarget` is undefined, a TypeError should be thrown. Even if `new.target` isn't yet implemented, this can be 99% fixed with the equivalent of the line `if (!(this instanceof Promise)) { throw new TypeError(this + ' is not a Promise'); }`. If there's internal slots you can check, checking those would be cross-realm-safe as well. This is the sole Promise violation the es6-shim is currently aware of in Safari 9/WebKit Nightly, and when this is fixed, es6-shim won't have to patch it at all.

Attachments
Patch (5.48 KB, patch) 2015-10-17 17:46 PDT, Yusuke Suzuki	no flags	Details Formatted Diff Diff
Patch (5.56 KB, patch) 2015-10-17 17:48 PDT, Yusuke Suzuki	no flags	Details Formatted Diff Diff
Archive of layout-test-results from ews102 for mac-mavericks (693.81 KB, application/zip) 2015-10-17 18:22 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews104 for mac-mavericks-wk2 (711.16 KB, application/zip) 2015-10-17 18:27 PDT, Build Bot	no flags	Details
Patch (18.94 KB, patch) 2015-10-17 18:40 PDT, Yusuke Suzuki	no flags	Details Formatted Diff Diff
Archive of layout-test-results from ews100 for mac-mavericks (630.31 KB, application/zip) 2015-10-17 19:12 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews107 for mac-mavericks-wk2 (702.45 KB, application/zip) 2015-10-17 19:18 PDT, Build Bot	no flags	Details
Patch (18.93 KB, patch) 2015-10-17 21:46 PDT, Yusuke Suzuki	darin: review+	Details Formatted Diff Diff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.

Jordan Harband

Comment 1 2015-10-03 11:02:41 PDT

Bumping importance since this is a spec violation and nobody's responded yet.

Yusuke Suzuki

Comment 2 2015-10-17 16:23:42 PDT

Personally, I think Blocker means crashing bug.

Yusuke Suzuki

Comment 3 2015-10-17 16:27:43 PDT

I think the ieal way to handle this is, 1. Implement Promise constructor in JS 2. Handles newTarget in JS But still not implemented these features. I think implementing the above in C++ is good workaround for now.

Yusuke Suzuki

Comment 4 2015-10-17 17:46:38 PDT

Created attachment 263393 [details] Patch

Yusuke Suzuki

Comment 5 2015-10-17 17:48:49 PDT

Created attachment 263394 [details] Patch

Jordan Harband

Comment 6 2015-10-17 17:58:10 PDT

Thanks for fixing the severity, as well as the code patch!

Build Bot

Comment 7 2015-10-17 18:22:27 PDT

Comment on attachment 263394 [details] Patch Attachment 263394 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/301949 New failing tests: js/dom/Promise-types.html

Build Bot

Comment 8 2015-10-17 18:22:30 PDT

Created attachment 263398 [details] Archive of layout-test-results from ews102 for mac-mavericks The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews102 Port: mac-mavericks Platform: Mac OS X 10.9.5

Build Bot

Comment 9 2015-10-17 18:27:45 PDT

Comment on attachment 263394 [details] Patch Attachment 263394 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/301956 New failing tests: js/dom/Promise-types.html

Build Bot

Comment 10 2015-10-17 18:27:48 PDT

Created attachment 263399 [details] Archive of layout-test-results from ews104 for mac-mavericks-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews104 Port: mac-mavericks-wk2 Platform: Mac OS X 10.9.5

Yusuke Suzuki

Comment 11 2015-10-17 18:40:01 PDT

Created attachment 263400 [details] Patch

Yusuke Suzuki

Comment 12 2015-10-17 18:41:06 PDT

(In reply to comment #6) > Thanks for fixing the severity, as well as the code patch! :D

Build Bot

Comment 13 2015-10-17 19:12:39 PDT

Comment on attachment 263400 [details] Patch Attachment 263400 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/302071 New failing tests: js/Promise-types.html

Build Bot

Comment 14 2015-10-17 19:12:43 PDT

Created attachment 263401 [details] Archive of layout-test-results from ews100 for mac-mavericks The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews100 Port: mac-mavericks Platform: Mac OS X 10.9.5

Build Bot

Comment 15 2015-10-17 19:18:06 PDT

Comment on attachment 263400 [details] Patch Attachment 263400 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/302074 New failing tests: js/Promise-types.html

Build Bot

Comment 16 2015-10-17 19:18:09 PDT

Created attachment 263402 [details] Archive of layout-test-results from ews107 for mac-mavericks-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews107 Port: mac-mavericks-wk2 Platform: Mac OS X 10.9.5

Yusuke Suzuki

Comment 17 2015-10-17 21:46:59 PDT

Created attachment 263408 [details] Patch

Darin Adler

Comment 18 2015-10-17 23:06:30 PDT

Comment on attachment 263408 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=263408&action=review > Source/JavaScriptCore/runtime/JSPromiseConstructor.cpp:93 > + if (!newTarget || newTarget.isUndefined()) Why do we have to check for both of these? Are both really possible? When do we get one rather than the other?

Yusuke Suzuki

Comment 19 2015-10-17 23:53:07 PDT

Comment on attachment 263408 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=263408&action=review >> Source/JavaScriptCore/runtime/JSPromiseConstructor.cpp:93 >> + if (!newTarget || newTarget.isUndefined()) > > Why do we have to check for both of these? Are both really possible? When do we get one rather than the other? For now, I've aligned this part to the existing code like IntlCollatorConstructor.cpp because they do the same thing for `new.target`. But, `!newTarget` won't become true. newTarget should not become JSEmpty if the callee is called as a constructor. On the other hand, newTarget can be undefined if we execute `Reflect.construct(Promise, [], undefined)`. This `Reflect.construct` is not implemented yet in WebKit JSC, but it may be implemented in the future. Is it better that dropping `!newTarget` for JSPromiseConstructor in this patch? Or is it better that dropping all the `!newTarget` in the tree in the different patch?

Yusuke Suzuki

Comment 20 2015-10-18 00:22:25 PDT

(In reply to comment #19) > Comment on attachment 263408 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=263408&action=review > > >> Source/JavaScriptCore/runtime/JSPromiseConstructor.cpp:93 > >> + if (!newTarget || newTarget.isUndefined()) > > > > Why do we have to check for both of these? Are both really possible? When do we get one rather than the other? > > For now, I've aligned this part to the existing code like > IntlCollatorConstructor.cpp because they do the same thing for `new.target`. > But, `!newTarget` won't become true. newTarget should not become JSEmpty if > the callee is called as a constructor. > On the other hand, newTarget can be undefined if we execute > `Reflect.construct(Promise, [], undefined)`. > This `Reflect.construct` is not implemented yet in WebKit JSC, but it may be > implemented in the future. > > Is it better that dropping `!newTarget` for JSPromiseConstructor in this > patch? Or is it better that dropping all the `!newTarget` in the tree in the > different patch? Personally, I prefer aligning to the existing code and fixing all of them in the separate patch.

Darin Adler

Comment 21 2015-10-18 15:12:14 PDT

(In reply to comment #20) > Personally, I prefer aligning to the existing code and fixing all of them in > the separate patch. Fine with me. Long run I’d like to see it cleaned up because I don’t like code that branches for situations that can never happen. It’s a form of dead code and untestable code path.

Yusuke Suzuki

Comment 22 2015-10-18 17:52:07 PDT

Committed r191276: <http://trac.webkit.org/changeset/191276>

Yusuke Suzuki

Comment 23 2015-10-18 18:33:52 PDT

(In reply to comment #21) > (In reply to comment #20) > > Personally, I prefer aligning to the existing code and fixing all of them in > > the separate patch. > > Fine with me. > > Long run I’d like to see it cleaned up because I don’t like code that > branches for situations that can never happen. It’s a form of dead code and > untestable code path. Thanks for your review :) I'll open the issue to drop these unnecessary path.

Alexey Shvayka

Comment 24 2020-04-03 11:04:04 PDT

*** Bug 149477 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.