RESOLVED FIXED 155153
How we load new.target in arrow functions is broken 
https://bugs.webkit.org/show_bug.cgi?id=155153
Summary How we load new.target in arrow functions is broken
Saam Barati
Reported 2016-03-07 19:00:29 PST
function foo() { let arr = () => { if (false) { print(new.target); } else { print(new.target); } }; arr(); } new foo(); This prints undefined. It shouldn't. The reason is that we make a classic mistake where we emit code to load new.target once. Even if that code is behind a branch in byte code, we assume all uses can use that already loaded value. That's wrong. We either need to always emit the load from the scope for each new.target, or we need to emit the load at the function prologue before any uses of new.target. I think loading it from the scope is probably cleaner because the alternative punishes programs that never use new.target. That said, always loading it from the scope will punish programs that do the load in a loop.
Attachments
Patch (10.72 KB, patch)
2016-03-08 12:52 PST, GSkachkov 		no flags
DetailsFormatted DiffDiff
Patch (10.70 KB, patch)
2016-03-08 13:04 PST, GSkachkov 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews103 for mac-yosemite (857.10 KB, application/zip)
2016-03-08 13:51 PST, Build Bot 		no flags
Details
Archive of layout-test-results from ews107 for mac-yosemite-wk2 (820.11 KB, application/zip)
2016-03-08 13:56 PST, Build Bot 		no flags
Details
Archive of layout-test-results from ews114 for mac-yosemite (879.13 KB, application/zip)
2016-03-08 14:00 PST, Build Bot 		no flags
Details
Patch (10.67 KB, patch)
2016-03-08 23:27 PST, GSkachkov 		saam: review+
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
GSkachkov
Comment 1 2016-03-08 12:52:59 PST
Created attachment 273320 [details] Patch Patch
GSkachkov
Comment 2 2016-03-08 13:04:49 PST
Created attachment 273321 [details] Patch Fix merge issue
Build Bot
Comment 3 2016-03-08 13:51:46 PST
Comment on attachment 273321 [details] Patch Attachment 273321 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/943397 Number of test failures exceeded the failure limit.
Build Bot
Comment 4 2016-03-08 13:51:49 PST
Created attachment 273333 [details] Archive of layout-test-results from ews103 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews103 Port: mac-yosemite Platform: Mac OS X 10.10.5
Build Bot
Comment 5 2016-03-08 13:56:13 PST
Comment on attachment 273321 [details] Patch Attachment 273321 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/943414 Number of test failures exceeded the failure limit.
Build Bot
Comment 6 2016-03-08 13:56:15 PST
Created attachment 273337 [details] Archive of layout-test-results from ews107 for mac-yosemite-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews107 Port: mac-yosemite-wk2 Platform: Mac OS X 10.10.5
Build Bot
Comment 7 2016-03-08 14:00:23 PST
Comment on attachment 273321 [details] Patch Attachment 273321 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/943409 Number of test failures exceeded the failure limit.
Build Bot
Comment 8 2016-03-08 14:00:25 PST
Created attachment 273338 [details] Archive of layout-test-results from ews114 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews114 Port: mac-yosemite Platform: Mac OS X 10.10.5
GSkachkov
Comment 9 2016-03-08 23:27:03 PST
Created attachment 273400 [details] Patch Fix tests
Saam Barati
Comment 10 2016-03-09 10:30:41 PST
Comment on attachment 273400 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=273400&action=review > Source/JavaScriptCore/ChangeLog:8 > + Fixed not correct approach of caching new target. In current path was added code feature I think you mean "patch" instead of path > Source/JavaScriptCore/ChangeLog:9 > + flag that shows that current function is using new.target, so in initing of arrow function "so in initing of arrow function" => "when generating byte code for an arrow function"
GSkachkov
Comment 11 2016-03-10 07:44:15 PST
Committed 197928: <http://trac.webkit.org/changeset/197928>
GSkachkov
Comment 12 2016-03-10 07:44:45 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.