function foo() { let arr = () => { if (false) { print(new.target); } else { print(new.target); } }; arr(); } new foo(); This prints undefined. It shouldn't. The reason is that we make a classic mistake where we emit code to load new.target once. Even if that code is behind a branch in byte code, we assume all uses can use that already loaded value. That's wrong. We either need to always emit the load from the scope for each new.target, or we need to emit the load at the function prologue before any uses of new.target. I think loading it from the scope is probably cleaner because the alternative punishes programs that never use new.target. That said, always loading it from the scope will punish programs that do the load in a loop.
Created attachment 273320 [details] Patch Patch
Created attachment 273321 [details] Patch Fix merge issue
Comment on attachment 273321 [details] Patch Attachment 273321 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/943397 Number of test failures exceeded the failure limit.
Created attachment 273333 [details] Archive of layout-test-results from ews103 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews103 Port: mac-yosemite Platform: Mac OS X 10.10.5
Comment on attachment 273321 [details] Patch Attachment 273321 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/943414 Number of test failures exceeded the failure limit.
Created attachment 273337 [details] Archive of layout-test-results from ews107 for mac-yosemite-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews107 Port: mac-yosemite-wk2 Platform: Mac OS X 10.10.5
Comment on attachment 273321 [details] Patch Attachment 273321 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/943409 Number of test failures exceeded the failure limit.
Created attachment 273338 [details] Archive of layout-test-results from ews114 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews114 Port: mac-yosemite Platform: Mac OS X 10.10.5
Created attachment 273400 [details] Patch Fix tests
Comment on attachment 273400 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=273400&action=review > Source/JavaScriptCore/ChangeLog:8 > + Fixed not correct approach of caching new target. In current path was added code feature I think you mean "patch" instead of path > Source/JavaScriptCore/ChangeLog:9 > + flag that shows that current function is using new.target, so in initing of arrow function "so in initing of arrow function" => "when generating byte code for an arrow function"
Committed 197928: <http://trac.webkit.org/changeset/197928>
All reviewed patches have been landed. Closing bug.