Bug 157082 - Modernize Intl constructors; using InternalFunction::createSubclassStructure
Summary: Modernize Intl constructors; using InternalFunction::createSubclassStructure
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Local Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Yusuke Suzuki
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2016-04-27 10:28 PDT by André Bargull
Modified: 2016-05-15 14:10 PDT (History)
8 users (show)

See Also:

Attachments
Patch (28.06 KB, patch)
2016-05-15 11:05 PDT, Yusuke Suzuki 		no flags Details | Formatted Diff | Diff
Patch (31.90 KB, patch)
2016-05-15 11:12 PDT, Yusuke Suzuki 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description André Bargull 2016-04-27 10:28:56 PDT 
SVN: rev200124
Build with: perl Tools/Scripts/build-jsc --gtk --debug


The following test case triggers this assertion error:
---
ASSERTION FAILED: prototype
---


Test case:
---
Reflect.construct(Intl.Collator, [], new Proxy(function(){},{}))
---


Stack trace:
---
#0  0x00007ffff6e289ac in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:322
#1  0x00007ffff6c5b30d in JSC::JSObject::setPrototypeDirect (this=0x7fffaedabf30, vm=..., prototype=...) at ../../Source/JavaScriptCore/runtime/JSObject.cpp:1320
#2  0x00007ffff6c5b6e4 in JSC::JSObject::setPrototypeWithCycleCheck (this=0x7fffaedabf30, vm=..., exec=0x7fffffffc800, prototype=..., shouldThrowIfCantSet=false)
    at ../../Source/JavaScriptCore/runtime/JSObject.cpp:1373
#3  0x00007ffff6c5b782 in JSC::JSObject::setPrototype (object=0x7fffaedabf30, exec=0x7fffffffc800, prototype=..., shouldThrowIfCantSet=false) at ../../Source/JavaScriptCore/runtime/JSObject.cpp:1379
#4  0x00007ffff6c5b7f2 in JSC::JSObject::setPrototype (this=0x7fffaedabf30, vm=..., exec=0x7fffffffc800, prototype=..., shouldThrowIfCantSet=false)
    at ../../Source/JavaScriptCore/runtime/JSObject.cpp:1389
#5  0x00007ffff6bc3f37 in JSC::constructIntlCollator (state=0x7fffffffc800) at ../../Source/JavaScriptCore/runtime/IntlCollatorConstructor.cpp:100
#6  0x00007ffff6a2da0a in vmEntryToNative () at ../../Source/JavaScriptCore/heap/Strong.h:85
#7  0x00007ffff6998ae5 in JSC::Interpreter::executeConstruct (this=0x7ffff0def058, callFrame=0x7fffffffcae0, constructor=0x7fffaeddef20, constructType=<incomplete type>, constructData=..., args=..., 
    newTarget=...) at ../../Source/JavaScriptCore/interpreter/Interpreter.cpp:1090
#8  0x00007ffff6b8a3ac in JSC::construct (exec=0x7fffffffcae0, constructorObject=..., constructType=<incomplete type>, constructData=..., args=..., newTarget=...)
    at ../../Source/JavaScriptCore/runtime/ConstructData.cpp:52
#9  0x00007ffff6cfbbd8 in JSC::reflectObjectConstruct (exec=0x7fffffffcae0) at ../../Source/JavaScriptCore/runtime/ReflectObject.cpp:130
#10 0x00007fffb0bff028 in ?? ()
#11 0x00007fffffffcb60 in ?? ()
#12 0x00007ffff6a33818 in llint_entry () from /home/andre/svn/webkit/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18
Backtrace stopped: frame did not save the PC
---
Comment 1 Radar WebKit Bug Importer 2016-05-15 09:18:41 PDT 
<rdar://problem/26290096>
Comment 2 Yusuke Suzuki 2016-05-15 09:19:45 PDT 
getDirect may return empty for non-existing property.
We should check whether the given "prototype" value is non-empty.

But, more preferable way is using InternalFunction::createSubclassStructure.
Comment 3 Yusuke Suzuki 2016-05-15 11:05:03 PDT 
Created attachment 278971 [details]
Patch
Comment 4 Yusuke Suzuki 2016-05-15 11:12:56 PDT 
Created attachment 278973 [details]
Patch
Comment 5 Yusuke Suzuki 2016-05-15 13:49:15 PDT 
Comment on attachment 278973 [details]
Patch

Thanks!
Comment 6 WebKit Commit Bot 2016-05-15 14:10:33 PDT 
Comment on attachment 278973 [details]
Patch

Clearing flags on attachment: 278973

Committed r200928: <http://trac.webkit.org/changeset/200928>
Comment 7 WebKit Commit Bot 2016-05-15 14:10:37 PDT 
All reviewed patches have been landed.  Closing bug.