RESOLVED FIXED 142527
"this" should be in TDZ until super is called in the constructor of a derived class 
https://bugs.webkit.org/show_bug.cgi?id=142527
Summary "this" should be in TDZ until super is called in the constructor of a derived...
Ryosuke Niwa
Reported 2015-03-10 00:43:01 PDT
Implement TDZ as an op-code and use it in the class implementation.
Attachments
Adds TDZ in LLint and Baseline JIT (21.57 KB, patch)
2015-03-10 02:57 PDT, Ryosuke Niwa 		no flags
DetailsFormatted DiffDiff
Added a missing @skip (21.58 KB, patch)
2015-03-10 02:58 PDT, Ryosuke Niwa 		fpizlo: review-
DetailsFormatted DiffDiff
WIP including DFG (31.34 KB, patch)
2015-03-11 14:28 PDT, Filip Pizlo 		no flags
DetailsFormatted DiffDiff
all done (32.53 KB, patch)
2015-03-11 14:55 PDT, Filip Pizlo 		no flags
DetailsFormatted DiffDiff
Updated change log (38.88 KB, patch)
2015-03-12 00:06 PDT, Ryosuke Niwa 		no flags
DetailsFormatted DiffDiff
Benchmark results (52.00 KB, text/plain)
2015-03-12 00:08 PDT, Ryosuke Niwa 		no flags
Details
Benchmark results (52.63 KB, text/plain)
2015-03-12 00:38 PDT, Ryosuke Niwa 		no flags
Details
Fixed 32-bit build (38.88 KB, patch)
2015-03-12 00:42 PDT, Ryosuke Niwa 		no flags
DetailsFormatted DiffDiff
Show Obsolete (6) View All Add attachment proposed patch, testcase, etc.
Ryosuke Niwa
Comment 1 2015-03-10 02:57:13 PDT
Created attachment 248323 [details] Adds TDZ in LLint and Baseline JIT
Ryosuke Niwa
Comment 2 2015-03-10 02:58:42 PDT
Created attachment 248324 [details] Added a missing @skip
Filip Pizlo
Comment 3 2015-03-10 09:19:24 PDT
Comment on attachment 248324 [details] Added a missing @skip You should add this opcode to the DFG and FTL as part of this patch. It's not hard to do, and we should stop this bad habit of not adding new things to the optimizing JITs immediately.
Ryosuke Niwa
Comment 4 2015-03-10 10:09:49 PDT
Okay, but I literally have no idea what I'm supposed to do in DFG and FTL. I think I need to send this bug to someone in JSC team in that case...
Radar WebKit Bug Importer
Comment 5 2015-03-10 21:59:41 PDT
<rdar://problem/20117192>
Filip Pizlo
Comment 6 2015-03-11 14:28:04 PDT
Created attachment 248449 [details] WIP including DFG
Filip Pizlo
Comment 7 2015-03-11 14:55:18 PDT
Created attachment 248453 [details] all done
Ryosuke Niwa
Comment 8 2015-03-12 00:06:24 PDT
Created attachment 248496 [details] Updated change log
Ryosuke Niwa
Comment 9 2015-03-12 00:08:23 PDT
Created attachment 248497 [details] Benchmark results I've ran relevant benchmarks with this patch applied. It doesn't seem to be a regression or progression at r181424.
Ryosuke Niwa
Comment 10 2015-03-12 00:38:42 PDT
Created attachment 248498 [details] Benchmark results Oops, the previous benchmark result was wrong. I wasn't turning on ES6_CLASS_SYNTAX. I've re-measured it and I still don't see any progression or regression.
Ryosuke Niwa
Comment 11 2015-03-12 00:42:07 PDT
Created attachment 248499 [details] Fixed 32-bit build
Ryosuke Niwa
Comment 12 2015-03-12 08:20:07 PDT
Comment on attachment 248499 [details] Fixed 32-bit build View in context: https://bugs.webkit.org/attachment.cgi?id=248499&action=review > Source/JavaScriptCore/ChangeLog:63 > + (JSC::DFG::SpeculativeJIT::compile): Speculative the operand to be not empty. OSR exit if the speculation fails. Speculate* > Source/JavaScriptCore/ChangeLog:70 > + (JSC::FTL::LowerDFGToLLVM::compileCheckNotEmpty): OSR exit with "TDZFailure" if the operand is not empty. if the operand *is* empty.
Mark Hahnenberg
Comment 13 2015-03-12 12:10:48 PDT
Comment on attachment 248499 [details] Fixed 32-bit build View in context: https://bugs.webkit.org/attachment.cgi?id=248499&action=review > Source/JavaScriptCore/tests/stress/class-syntax-tdz.js:1 > +//@ skip Why are we skipping? Does this not mean what I think it means?
Ryosuke Niwa
Comment 14 2015-03-12 17:16:26 PDT
(In reply to comment #13) > Comment on attachment 248499 [details] > Fixed 32-bit build > > View in context: > https://bugs.webkit.org/attachment.cgi?id=248499&action=review > > > Source/JavaScriptCore/tests/stress/class-syntax-tdz.js:1 > > +//@ skip > > Why are we skipping? Does this not mean what I think it means? ES6 class syntax is disabled by default.
Mark Hahnenberg
Comment 15 2015-03-12 17:20:41 PDT
Comment on attachment 248499 [details] Fixed 32-bit build LGTM.
WebKit Commit Bot
Comment 16 2015-03-12 18:11:47 PDT
Comment on attachment 248499 [details] Fixed 32-bit build Clearing flags on attachment: 248499 Committed r181466: <http://trac.webkit.org/changeset/181466>
WebKit Commit Bot
Comment 17 2015-03-12 18:11:53 PDT
All reviewed patches have been landed. Closing bug.
Joseph Pecoraro
Comment 18 2015-03-12 20:09:01 PDT
Comment on attachment 248499 [details] Fixed 32-bit build View in context: https://bugs.webkit.org/attachment.cgi?id=248499&action=review > Source/JavaScriptCore/tests/stress/class-syntax-tdz.js:26 > + throw "Exception not thrown for an unitialized this at iteration " + i; Typo: "unitialized" => "uninitialized"! But doesn't really matter. Nice patch!
Note You need to log in before you can comment on or make changes to this bug.