RESOLVED FIXED 157082
Modernize Intl constructors; using InternalFunction::createSubclassStructure 
https://bugs.webkit.org/show_bug.cgi?id=157082
Summary Modernize Intl constructors; using InternalFunction::createSubclassStructure
André Bargull
Reported 2016-04-27 10:28:56 PDT
SVN: rev200124 Build with: perl Tools/Scripts/build-jsc --gtk --debug The following test case triggers this assertion error: --- ASSERTION FAILED: prototype --- Test case: --- Reflect.construct(Intl.Collator, [], new Proxy(function(){},{})) --- Stack trace: --- #0 0x00007ffff6e289ac in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:322 #1 0x00007ffff6c5b30d in JSC::JSObject::setPrototypeDirect (this=0x7fffaedabf30, vm=..., prototype=...) at ../../Source/JavaScriptCore/runtime/JSObject.cpp:1320 #2 0x00007ffff6c5b6e4 in JSC::JSObject::setPrototypeWithCycleCheck (this=0x7fffaedabf30, vm=..., exec=0x7fffffffc800, prototype=..., shouldThrowIfCantSet=false) at ../../Source/JavaScriptCore/runtime/JSObject.cpp:1373 #3 0x00007ffff6c5b782 in JSC::JSObject::setPrototype (object=0x7fffaedabf30, exec=0x7fffffffc800, prototype=..., shouldThrowIfCantSet=false) at ../../Source/JavaScriptCore/runtime/JSObject.cpp:1379 #4 0x00007ffff6c5b7f2 in JSC::JSObject::setPrototype (this=0x7fffaedabf30, vm=..., exec=0x7fffffffc800, prototype=..., shouldThrowIfCantSet=false) at ../../Source/JavaScriptCore/runtime/JSObject.cpp:1389 #5 0x00007ffff6bc3f37 in JSC::constructIntlCollator (state=0x7fffffffc800) at ../../Source/JavaScriptCore/runtime/IntlCollatorConstructor.cpp:100 #6 0x00007ffff6a2da0a in vmEntryToNative () at ../../Source/JavaScriptCore/heap/Strong.h:85 #7 0x00007ffff6998ae5 in JSC::Interpreter::executeConstruct (this=0x7ffff0def058, callFrame=0x7fffffffcae0, constructor=0x7fffaeddef20, constructType=<incomplete type>, constructData=..., args=..., newTarget=...) at ../../Source/JavaScriptCore/interpreter/Interpreter.cpp:1090 #8 0x00007ffff6b8a3ac in JSC::construct (exec=0x7fffffffcae0, constructorObject=..., constructType=<incomplete type>, constructData=..., args=..., newTarget=...) at ../../Source/JavaScriptCore/runtime/ConstructData.cpp:52 #9 0x00007ffff6cfbbd8 in JSC::reflectObjectConstruct (exec=0x7fffffffcae0) at ../../Source/JavaScriptCore/runtime/ReflectObject.cpp:130 #10 0x00007fffb0bff028 in ?? () #11 0x00007fffffffcb60 in ?? () #12 0x00007ffff6a33818 in llint_entry () from /home/andre/svn/webkit/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18 Backtrace stopped: frame did not save the PC ---
Attachments
Patch (28.06 KB, patch)
2016-05-15 11:05 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (31.90 KB, patch)
2016-05-15 11:12 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2016-05-15 09:18:41 PDT
<rdar://problem/26290096>
Yusuke Suzuki
Comment 2 2016-05-15 09:19:45 PDT
getDirect may return empty for non-existing property. We should check whether the given "prototype" value is non-empty. But, more preferable way is using InternalFunction::createSubclassStructure.
Yusuke Suzuki
Comment 3 2016-05-15 11:05:03 PDT
Created attachment 278971 [details] Patch
Yusuke Suzuki
Comment 4 2016-05-15 11:12:56 PDT
Created attachment 278973 [details] Patch
Yusuke Suzuki
Comment 5 2016-05-15 13:49:15 PDT
Comment on attachment 278973 [details] Patch Thanks!
WebKit Commit Bot
Comment 6 2016-05-15 14:10:33 PDT
Comment on attachment 278973 [details] Patch Clearing flags on attachment: 278973 Committed r200928: <http://trac.webkit.org/changeset/200928>
WebKit Commit Bot
Comment 7 2016-05-15 14:10:37 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.