Summary: | get_by_id_with_this does not trigger a to_this in caller. | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Keith Miller <keith_miller> | ||||||||
Component: | JavaScriptCore | Assignee: | Saam Barati <saam> | ||||||||
Status: | RESOLVED FIXED | ||||||||||
Severity: | Normal | CC: | commit-queue, mark.lam, msaboff, saam | ||||||||
Priority: | P2 | ||||||||||
Version: | WebKit Nightly Build | ||||||||||
Hardware: | Unspecified | ||||||||||
OS: | Unspecified | ||||||||||
Attachments: |
|
Created attachment 282456 [details]
patch
Comment on attachment 282456 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=282456&action=review > Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:554 > + } else if (functionNode->usesThis() || codeBlock->usesEval() || isThisUsedInInnerArrowFunction() || functionNode->usesSuperProperty()) { Can you tell if we are inside an object literal vs a class? If so, maybe we should only emit the to_this if we are in an object literal. Otherwise file a bug? Comment on attachment 282456 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=282456&action=review >> Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:554 >> + } else if (functionNode->usesThis() || codeBlock->usesEval() || isThisUsedInInnerArrowFunction() || functionNode->usesSuperProperty()) { > > Can you tell if we are inside an object literal vs a class? If so, maybe we should only emit the to_this if we are in an object literal. Otherwise file a bug? Or even better, only do it if the code is strict. non-strict* (In reply to comment #4) > non-strict* I lied about the only case that matters is non-strict to strict. Both directions matter. Whenever strictness of callee vs caller are different, there will be user observable effects. (In reply to comment #5) > (In reply to comment #4) > > non-strict* > > I lied about the only case that matters is non-strict to > strict. Both directions matter. Whenever strictness of callee > vs caller are different, there will be user observable effects. I'll add a test for this. (In reply to comment #2) > Comment on attachment 282456 [details] > patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=282456&action=review > > > Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:554 > > + } else if (functionNode->usesThis() || codeBlock->usesEval() || isThisUsedInInnerArrowFunction() || functionNode->usesSuperProperty()) { > > Can you tell if we are inside an object literal vs a class? If so, maybe we > should only emit the to_this if we are in an object literal. Otherwise file > a bug? After thinking about it more, I don't think this is sound. You don't know if you're definitely calling a strict method, even if you're in a class because you can muck with the super class' prototype after it's been constructed. I'll verify that this is correct by adding a test. (In reply to comment #5) > (In reply to comment #4) > > non-strict* > > I lied about the only case that matters is non-strict to > strict. Both directions matter. Whenever strictness of callee > vs caller are different, there will be user observable effects. Actually, I think I'm wrong. We only care if the caller is not-strict. If the caller is strict, and callee is not strict, we don't need to to_this for a super property access. (In reply to comment #7) > (In reply to comment #2) > > Comment on attachment 282456 [details] > > patch > > > > View in context: > > https://bugs.webkit.org/attachment.cgi?id=282456&action=review > > > > > Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:554 > > > + } else if (functionNode->usesThis() || codeBlock->usesEval() || isThisUsedInInnerArrowFunction() || functionNode->usesSuperProperty()) { > > > > Can you tell if we are inside an object literal vs a class? If so, maybe we > > should only emit the to_this if we are in an object literal. Otherwise file > > a bug? > > After thinking about it more, I don't think this is sound. > You don't know if you're definitely calling a strict method, > even if you're in a class because you can muck with the super > class' prototype after it's been constructed. I'll verify > that this is correct by adding a test. This is sound, given my previous comment that strict to not-strict doesn't need to to_this for super property access. Created attachment 282472 [details]
patch
Attachment 282472 [details] did not pass style-queue:
ERROR: Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:554: One line control clauses should not use braces. [whitespace/braces] [4]
Total errors found: 1 in 5 files
If any of these errors are false positives, please file a bug against check-webkit-style.
Comment on attachment 282472 [details]
patch
r=me
Comment on attachment 282472 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=282472&action=review > Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:552 > } else if (constructorKind() != ConstructorKind::None) { You should get rid of these braces though. landed in: http://trac.webkit.org/changeset/202710 |
Created attachment 282281 [details] bad test case. run the attached test and it will throw an exception, which it should not.