Status: Assigned
Owner: [email protected]
CC: [email protected], [email protected],
[email protected], [email protected], [email protected]
Labels: Type-Bug Priority-Medium HW-All OS-All ES5 Harmony TurboFan
Crankshaft Area-Language
New issue 4413 by [email protected]: Call sequence is inconsistent and
almost always wrong
https://code.google.com/p/v8/issues/detail?id=4413
The current implementation of ES6
- 7.3.12 Call(F, V, [argumentsList])
- 9.2.1 [[Call]] ( thisArgument, argumentsList)
- 9.2.1.2 OrdinaryCallBindThis ( F, calleeContext, thisArgument )
is smeared all over the code base, and almost every (partial)
implementation of the call sequence suffers from one or several of the
following problems:
1. The receiver for sloppy mode functions is not properly converted if it's
a primitive.
2. The ToObject conversion for the sloppy receiver is executed in the
caller context instead of the callee context (cross context leak of
the %ObjectPrototype%).
3. The wrong global proxy is used for the sloppy receiver.
4. The TypeError for "classConstructor" calls is thrown in the wrong
context (callee context instead of caller context).
5. [[Call]] for proxies is completely wrong (I think everyone is aware of
this).
6. [[Call]] for bound functions is semi-correct; I think it's not
observably wrong, but at the very least it is inefficient and hairy.
Most of these bugs are due to the inconsistent implementation of the call
sequence: Sometimes the caller does the conversion of sloppy receivers,
sometimes the callee does the conversion (although only turning undefined
into the global proxy, ignoring null and other primitives), sometimes
neither of both, and sometimes both. There's no visible overall strategy,
so we should fix that.
One of the places were it is completely obvious, that it's broken is the
use of %_CallFunction in our JS builtins. It looks like no one is aware
what %_CallFunction really does, so we should remove that ASAP and maybe
provide a sane %_Call instead, which does the right thing under the hood.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
