Bug 258766
| Summary: | JSC doesn't throw TypeError when call Uint8Array without new | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | YuHao Hu <yuhao.6218> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | mark.lam, webkit-bug-importer, ysuzuki |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Local Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
YuHao Hu
git commit id: 8cdb27dae2a958f4ad5ff00f4900a7c235835247
```
function opt(f) {
try{
return f(Uint8Array);
}catch(e){
print(e)
}
}
print(opt(opt))
print(opt(opt))
```
run args:
WebKitBuild/Debug/bin/jsc --useConcurrentJIT=0 --jitPolicyScale=0.001 test.js
program output:
TypeError: calling Uint8Array constructor without new is invalid
undefined
0,0,0
expected output:
TypeError: calling Uint8Array constructor without new is invalid
undefined
TypeError: calling Uint8Array constructor without new is invalid
undefined
At the last call to the `opt` function, `f` is `UInt8Array`. The engine need to throw an exception instead of creating the array object.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/111952807>
YuHao Hu
seems this bug has been fixed