Created attachment 282281 [details] bad test case. run the attached test and it will throw an exception, which it should not.
Created attachment 282456 [details] patch
Comment on attachment 282456 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=282456&action=review > Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:554 > + } else if (functionNode->usesThis() || codeBlock->usesEval() || isThisUsedInInnerArrowFunction() || functionNode->usesSuperProperty()) { Can you tell if we are inside an object literal vs a class? If so, maybe we should only emit the to_this if we are in an object literal. Otherwise file a bug?
Comment on attachment 282456 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=282456&action=review >> Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:554 >> + } else if (functionNode->usesThis() || codeBlock->usesEval() || isThisUsedInInnerArrowFunction() || functionNode->usesSuperProperty()) { > > Can you tell if we are inside an object literal vs a class? If so, maybe we should only emit the to_this if we are in an object literal. Otherwise file a bug? Or even better, only do it if the code is strict.
non-strict*
(In reply to comment #4) > non-strict* I lied about the only case that matters is non-strict to strict. Both directions matter. Whenever strictness of callee vs caller are different, there will be user observable effects.
(In reply to comment #5) > (In reply to comment #4) > > non-strict* > > I lied about the only case that matters is non-strict to > strict. Both directions matter. Whenever strictness of callee > vs caller are different, there will be user observable effects. I'll add a test for this.
(In reply to comment #2) > Comment on attachment 282456 [details] > patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=282456&action=review > > > Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:554 > > + } else if (functionNode->usesThis() || codeBlock->usesEval() || isThisUsedInInnerArrowFunction() || functionNode->usesSuperProperty()) { > > Can you tell if we are inside an object literal vs a class? If so, maybe we > should only emit the to_this if we are in an object literal. Otherwise file > a bug? After thinking about it more, I don't think this is sound. You don't know if you're definitely calling a strict method, even if you're in a class because you can muck with the super class' prototype after it's been constructed. I'll verify that this is correct by adding a test.
(In reply to comment #5) > (In reply to comment #4) > > non-strict* > > I lied about the only case that matters is non-strict to > strict. Both directions matter. Whenever strictness of callee > vs caller are different, there will be user observable effects. Actually, I think I'm wrong. We only care if the caller is not-strict. If the caller is strict, and callee is not strict, we don't need to to_this for a super property access.
(In reply to comment #7) > (In reply to comment #2) > > Comment on attachment 282456 [details] > > patch > > > > View in context: > > https://bugs.webkit.org/attachment.cgi?id=282456&action=review > > > > > Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:554 > > > + } else if (functionNode->usesThis() || codeBlock->usesEval() || isThisUsedInInnerArrowFunction() || functionNode->usesSuperProperty()) { > > > > Can you tell if we are inside an object literal vs a class? If so, maybe we > > should only emit the to_this if we are in an object literal. Otherwise file > > a bug? > > After thinking about it more, I don't think this is sound. > You don't know if you're definitely calling a strict method, > even if you're in a class because you can muck with the super > class' prototype after it's been constructed. I'll verify > that this is correct by adding a test. This is sound, given my previous comment that strict to not-strict doesn't need to to_this for super property access.
Created attachment 282472 [details] patch
Attachment 282472 [details] did not pass style-queue: ERROR: Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:554: One line control clauses should not use braces. [whitespace/braces] [4] Total errors found: 1 in 5 files If any of these errors are false positives, please file a bug against check-webkit-style.
Comment on attachment 282472 [details] patch r=me
Comment on attachment 282472 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=282472&action=review > Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:552 > } else if (constructorKind() != ConstructorKind::None) { You should get rid of these braces though.
landed in: http://trac.webkit.org/changeset/202710