Bug 198976 - Promise constructor should check argument before [[Construct]]
Summary: Promise constructor should check argument before [[Construct]]
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: All All
: P2 Minor
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2019-06-18 13:47 PDT by Alexey Shvayka
Modified: 2019-08-16 13:10 PDT (History)
13 users (show)

See Also:

Attachments
Patch (4.21 KB, patch)
2019-06-18 13:52 PDT, Alexey Shvayka 		no flags Details | Formatted Diff | Diff
Patch (4.14 KB, patch)
2019-06-18 16:12 PDT, Alexey Shvayka 		no flags Details | Formatted Diff | Diff
Patch (5.84 KB, patch)
2019-06-19 01:19 PDT, Alexey Shvayka 		no flags Details | Formatted Diff | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexey Shvayka 2019-06-18 13:47:05 PDT 
Because "prototype" lookup is observable.
Comment 1 Alexey Shvayka 2019-06-18 13:52:31 PDT 
Created attachment 372377 [details]
Patch
Comment 2 Alexey Shvayka 2019-06-18 16:12:37 PDT 
Created attachment 372401 [details]
Patch
Comment 3 EWS Watchlist 2019-06-18 18:17:55 PDT 
Comment on attachment 372401 [details]
Patch

Attachment 372401 [details] did not pass jsc-ews (mac):
Output: https://webkit-queues.webkit.org/results/12514283

New failing tests:
stress/create-subclass-structure-may-throw-exception-when-getting-prototype.js.no-llint
stress/create-subclass-structure-might-throw.js.ftl-no-cjit-b3o0
stress/create-subclass-structure-might-throw.js.ftl-no-cjit-small-pool
stress/create-subclass-structure-might-throw.js.no-ftl
stress/create-subclass-structure-may-throw-exception-when-getting-prototype.js.ftl-eager
stress/create-subclass-structure-may-throw-exception-when-getting-prototype.js.ftl-no-cjit-no-put-stack-validate
stress/create-subclass-structure-may-throw-exception-when-getting-prototype.js.ftl-no-cjit-no-inline-validate
stress/create-subclass-structure-may-throw-exception-when-getting-prototype.js.ftl-no-cjit-b3o0
stress/create-subclass-structure-may-throw-exception-when-getting-prototype.js.mini-mode
stress/create-subclass-structure-might-throw.js.dfg-eager
stress/create-subclass-structure-may-throw-exception-when-getting-prototype.js.no-cjit-collect-continuously
stress/create-subclass-structure-might-throw.js.no-llint
stress/create-subclass-structure-might-throw.js.ftl-eager-no-cjit
stress/create-subclass-structure-might-throw.js.dfg-maximal-flush-validate-no-cjit
stress/create-subclass-structure-may-throw-exception-when-getting-prototype.js.ftl-no-cjit-small-pool
stress/create-subclass-structure-may-throw-exception-when-getting-prototype.js.default
stress/create-subclass-structure-might-throw.js.dfg-eager-no-cjit-validate
stress/create-subclass-structure-may-throw-exception-when-getting-prototype.js.ftl-eager-no-cjit
stress/create-subclass-structure-may-throw-exception-when-getting-prototype.js.dfg-eager-no-cjit-validate
stress/create-subclass-structure-might-throw.js.default
stress/create-subclass-structure-might-throw.js.bytecode-cache
stress/create-subclass-structure-might-throw.js.ftl-eager
stress/create-subclass-structure-may-throw-exception-when-getting-prototype.js.dfg-maximal-flush-validate-no-cjit
stress/create-subclass-structure-may-throw-exception-when-getting-prototype.js.bytecode-cache
stress/create-subclass-structure-may-throw-exception-when-getting-prototype.js.no-ftl
stress/create-subclass-structure-may-throw-exception-when-getting-prototype.js.no-cjit-validate-phases
stress/create-subclass-structure-might-throw.js.no-cjit-collect-continuously
stress/create-subclass-structure-might-throw.js.no-cjit-validate-phases
stress/create-subclass-structure-might-throw.js.ftl-eager-no-cjit-b3o1
stress/create-subclass-structure-may-throw-exception-when-getting-prototype.js.ftl-eager-no-cjit-b3o1
stress/create-subclass-structure-might-throw.js.ftl-no-cjit-no-inline-validate
stress/create-subclass-structure-may-throw-exception-when-getting-prototype.js.dfg-eager
stress/create-subclass-structure-might-throw.js.mini-mode
stress/create-subclass-structure-might-throw.js.ftl-no-cjit-validate-sampling-profiler
stress/create-subclass-structure-may-throw-exception-when-getting-prototype.js.ftl-no-cjit-validate-sampling-profiler
stress/create-subclass-structure-might-throw.js.ftl-no-cjit-no-put-stack-validate
apiTests
Comment 4 jsc-armv7 EWS 2019-06-18 20:24:26 PDT 
Comment on attachment 372401 [details]
Patch

Attachment 372401 [details] did not pass jsc-armv7-ews (jsc-only):
Output: https://webkit-queues.webkit.org/results/12515198

New failing tests:
stress/create-subclass-structure-may-throw-exception-when-getting-prototype.js.dfg-eager-no-cjit-validate
stress/create-subclass-structure-may-throw-exception-when-getting-prototype.js.no-llint
stress/create-subclass-structure-may-throw-exception-when-getting-prototype.js.mini-mode
stress/create-subclass-structure-might-throw.js.dfg-eager
stress/create-subclass-structure-may-throw-exception-when-getting-prototype.js.no-cjit-collect-continuously
stress/create-subclass-structure-might-throw.js.no-cjit-validate-phases
stress/create-subclass-structure-might-throw.js.no-llint
stress/create-subclass-structure-may-throw-exception-when-getting-prototype.js.dfg-eager
stress/create-subclass-structure-may-throw-exception-when-getting-prototype.js.dfg-maximal-flush-validate-no-cjit
stress/create-subclass-structure-might-throw.js.mini-mode
stress/create-subclass-structure-might-throw.js.no-cjit-collect-continuously
stress/create-subclass-structure-may-throw-exception-when-getting-prototype.js.default
stress/create-subclass-structure-might-throw.js.default
stress/create-subclass-structure-might-throw.js.dfg-eager-no-cjit-validate
stress/create-subclass-structure-may-throw-exception-when-getting-prototype.js.no-cjit-validate-phases
stress/create-subclass-structure-might-throw.js.dfg-maximal-flush-validate-no-cjit
apiTests
Comment 5 Alexey Shvayka 2019-06-19 01:19:28 PDT 
Created attachment 372443 [details]
Patch

Adjust tests.
Comment 6 Ross Kirsling 2019-08-16 12:57:49 PDT 
Comment on attachment 372443 [details]
Patch

Nice! You seem to be really good at finding this "slightly-off" cases. :D
Comment 7 WebKit Commit Bot 2019-08-16 13:09:44 PDT 
Comment on attachment 372443 [details]
Patch

Clearing flags on attachment: 372443

Committed r248787: <https://trac.webkit.org/changeset/248787>
Comment 8 WebKit Commit Bot 2019-08-16 13:09:46 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 9 Radar WebKit Bug Importer 2019-08-16 13:10:18 PDT 
<rdar://problem/54404112>