Closed
Bug 192105
Opened 22 years ago
Closed 22 years ago
instanceof to check if function is a constructor is broken when optimization >= 1
Categories
(Rhino Graveyard :: Compiler, defect)
Tracking
(Not tracked)
VERIFIED
FIXED
1.5R5
People
(Reporter: user, Assigned: norrisboyd)
Details
(Whiteboard: [QA note: verify interactively, as in Comment #3])
Attachments
(2 files)
|
136 bytes,
application/x-javascript
|
Details | |
|
3.50 KB,
patch
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003
Build Identifier: Rhino CVS 2003-01-04
With optimization set to 1 or higher instanceof inside a function to test if the
function is called as a constructor or not returns false if the function is
called as constructor from some other function.
Reproducible: Always
Steps to Reproduce:
Run the following attached test case with rhino shell with optimization set to 1.
Actual Results:
The test case prints FAILED
Expected Results:
It should print OK
The test case ecma_3/Exceptions/regress-181914.js from the js test suite fails
with an infinite recursion for exactly this reason, just run it via jsDriver.pl
with the engine set to rhino9.
|
Reporter | |
Comment 1•22 years ago
|
||
|
|
Reporter | |
Comment 2•22 years ago
|
||
Since the bug is present in Rhino 1.5R3, the fix should wait until 1.5R4 is
released.
|
||
Comment 3•22 years ago
|
||
Testcase added to JS testsuite:
mozilla/js/tests/js1_5/Object/regress-192105.js
This passes in SpiderMonkey and in Rhino when optimization < 1.
But, as Igor reported, it fails if Rhino optimization is set >=1:
java org.mozilla.javascript.tools.shell.Main -opt 1
-f mozilla/js/tests/js1_5/shell.js
-f mozilla/js/tests/js1_5/Object/regress-192105.js
FAILED!: [reported from test()] Section 3 of test -
FAILED!: [reported from test()] Expected value 'true', Actual value 'false'
FAILED!: [reported from test()]
FAILED!: [reported from test()] Section 5 of test -
FAILED!: [reported from test()] Expected value 'true', Actual value 'false'
FAILED!: [reported from test()]
FAILED!: [reported from test()] Section 7 of test -
FAILED!: [reported from test()] Expected value 'true', Actual value 'false'
Sections 3, 5, and 7 are precisely those which test if the
function is called as constructor from some other function -
Whiteboard: [QA note: verify interactively, as in Comment #3]
|
|
Reporter | |
Comment 4•22 years ago
|
||
The reason for the bug is that emitDirectConstructor generates code to call
setPrototype twice instead of setPrototype/setParentScope pair during new JS
object construction. The fix replaces that setup by a single call to
BaseFunction.createObject which is used by Interpreter as well.
|
|
Reporter | |
Comment 5•22 years ago
|
||
I commited the fix
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
|
|
||
Comment 6•22 years ago
|
||
Verified FIXED.
The above testcase now passes in the Rhino shell.
I tested optimization levels -1, 0, 1, and 9.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•