Fix errors in construction of bound Proxies. Fixes:

rhuanjl · rhuanjl · commit e4e50ff7c514 · 2018-05-15T10:31:23.000+01:00
1. Constructing bound Proxy would call construct trap twice 2. Reflect.construct in construct trap of bound Proxy would attempt to construct "this" #4918 3. Constructing bound functions (or Proxies) would ignore newTarget Add text cases for these points and some related issues that would break if certain other fixes for these issues were used.
diff --git a/lib/Runtime/Library/BoundFunction.cpp b/lib/Runtime/Library/BoundFunction.cpp
@@ -127,7 +127,7 @@ namespace Js
         }
 
         BoundFunction *boundFunction = (BoundFunction *) function;
-        Var targetFunction = boundFunction->targetFunction;
+        RecyclableObject *targetFunction = boundFunction->targetFunction;
 
         //
         // var o = new boundFunction()
@@ -136,16 +136,25 @@ namespace Js
         Var newVarInstance = nullptr;
         if (callInfo.Flags & CallFlags_New)
         {
-          if (JavascriptProxy::Is(targetFunction))
-          {
-            JavascriptProxy* proxy = JavascriptProxy::FromVar(targetFunction);
-            Arguments proxyArgs(CallInfo(CallFlags_New, 1), &targetFunction);
-            args.Values[0] = newVarInstance = proxy->ConstructorTrap(proxyArgs, scriptContext, 0);
-          }
-          else
-          {
-            args.Values[0] = newVarInstance = JavascriptOperators::NewScObjectNoCtor(targetFunction, scriptContext);
-          }
+            if (args.HasNewTarget())
+            {
+                // target has an overriden new target make a new object from the newTarget
+                Var newTargetVar = args.GetNewTarget();
+                AssertOrFailFastMsg(JavascriptOperators::IsConstructor(newTargetVar), "newTarget must be a constructor");
+                RecyclableObject* newTarget = RecyclableObject::UnsafeFromVar(newTargetVar);
+                args.Values[0] = newVarInstance = JavascriptOperators::CreateFromConstructor(newTarget, scriptContext);
+            }
+            else if (!JavascriptProxy::Is(targetFunction))
+            {
+                // no new target and target is not a proxy can make a new object in a "normal" way
+                args.Values[0] = newVarInstance = JavascriptOperators::CreateFromConstructor(targetFunction, scriptContext);
+            }
+            else
+            {
+                // target is a proxy without an overriden new target
+                // give nullptr - FunctionCallTrap will make a new object
+                args.Values[0] = newVarInstance;
+            }
         }
 
         Js::Arguments actualArgs = args;
@@ -206,9 +215,8 @@ namespace Js
             }
         }
 
-        RecyclableObject* actualFunction = RecyclableObject::FromVar(targetFunction);
         // Number of arguments are allowed to be more than Constants::MaxAllowedArgs in runtime. Need to use the larger argcount logic for this call.
-        Var aReturnValue = JavascriptFunction::CallFunction<true>(actualFunction, actualFunction->GetEntryPoint(), actualArgs, /* useLargeArgCount */ true);
+        Var aReturnValue = JavascriptFunction::CallFunction<true>(targetFunction, targetFunction->GetEntryPoint(), actualArgs, /* useLargeArgCount */ true);
 
         //
         // [[Construct]] and call returned a non-object
diff --git a/test/UnitTestFramework/UnitTestFramework.js b/test/UnitTestFramework/UnitTestFramework.js
@@ -26,6 +26,7 @@
 //     example: testRunner.LoadModule(source, 'samethread', false);
 //
 //   How to use assert:
+//     assert.strictEqual(expected, actual, "those two should be strictly equal (i.e. === comparison)");
 //     assert.areEqual(expected, actual, "those two should be equal (i.e. deep equality of objects using ===)");
 //     assert.areNotEqual(expected, actual, "those two should NOT be equal");
 //     assert.areAlmostEqual(expected, actual, "those two should be almost equal, numerically (allows difference by epsilon)");
@@ -407,6 +408,10 @@ var assert = function assert() {
     }
 
     return {
+        strictEqual: function strictEqual(expected, actual, message) {
+            validate(expected === actual, "strictEqual", message);
+        },
+
         areEqual: function areEqual(expected, actual, message) {
             /// <summary>
             /// IMPORTANT: NaN compares equal.<br/>
diff --git a/test/es6/boundConstruction.js b/test/es6/boundConstruction.js
@@ -0,0 +1,108 @@
+//-------------------------------------------------------------------------------------------------------
+// Copyright (C) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE.txt file in the project root for full license information.
+//-------------------------------------------------------------------------------------------------------
+
+WScript.LoadScriptFile("..\\UnitTestFramework\\UnitTestFramework.js");
+
+//setup code
+let constructionCount = 0;
+let functionCallCount = 0;
+function a(arg1, arg2) {
+    this[arg1] = arg2;
+    ++functionCallCount;
+}
+
+const trapped = new Proxy(a, {
+    construct: function (x, y, z) {
+        ++constructionCount;
+        return Reflect.construct(x, y, z);
+    }
+});
+
+const noTrap = new Proxy(a, {});
+
+const boundObject = {};
+
+const boundFunc = a.bind(boundObject, "prop-name");
+
+const boundTrapped = trapped.bind(boundObject, "prop-name");
+const boundUnTrapped = noTrap.bind(boundObject, "prop-name");
+
+const tests = [
+    {
+        name : "Construct trapped bound proxy with new",
+        body : function() {
+            constructionCount = 0;
+            functionCallCount = 0;
+            const obj = new boundTrapped("prop-value");
+            assert.areNotEqual(boundObject, obj, "bound function should ignore bound this when constructing");
+            assert.areEqual("prop-value", obj["prop-name"], "bound function should keep bound arguments when constructing");
+            assert.areEqual(1, constructionCount, "bound proxy should be constructed once");
+            assert.areEqual(1, functionCallCount, "bound proxy function should be called once");
+            assert.strictEqual(a.prototype, obj.__proto__, "constructed object should be instance of original function");
+        }
+    },
+    {
+        name : "Construct trapped bound proxy with Reflect",
+        body : function() {
+            class newTarget {}
+            constructionCount = 0;
+            functionCallCount = 0;
+            const obj = Reflect.construct(boundTrapped, ["prop-value-2"], newTarget);
+            assert.areNotEqual(boundObject, obj, "bound function should ignore bound this when constructing");
+            assert.strictEqual(newTarget.prototype, obj.__proto__, "bound function should use explicit newTarget if provided");
+            assert.areEqual("prop-value-2", obj["prop-name"], "bound function should keep bound arguments when constructing");
+            assert.areEqual(1, constructionCount, "bound proxy should be constructed once");
+            assert.areEqual(1, functionCallCount, "bound proxy function should be called once");
+        }
+    },
+    {
+        name : "Construct bound proxy with new",
+        body : function() {
+            functionCallCount = 0;
+            const obj = new boundUnTrapped("prop-value");
+            assert.areNotEqual(boundObject, obj, "bound function should ignore bound this when constructing");
+            assert.areEqual("prop-value", obj["prop-name"], "bound function should keep bound arguments when constructing");
+            assert.areEqual(1, functionCallCount, "bound proxy function should be called once");
+            assert.strictEqual(a.prototype, obj.__proto__, "constructed object should be instance of original function");
+        }
+    },
+    {
+        name : "Construct bound proxy with Reflect",
+        body : function() {
+            class newTarget {}
+            functionCallCount = 0;
+            const obj = Reflect.construct(boundUnTrapped, ["prop-value-2"], newTarget);
+            assert.areNotEqual(boundObject, obj, "bound function should ignore bound this when constructing");
+            assert.strictEqual(newTarget.prototype, obj.__proto__, "bound function should use explicit newTarget if provided");
+            assert.areEqual("prop-value-2", obj["prop-name"], "bound function should keep bound arguments when constructing");
+            assert.areEqual(1, functionCallCount, "bound proxy function should be called once");
+        }
+    },
+    {
+        name : "Construct bound function with Reflect",
+        body : function() {
+            class newTarget {}
+            functionCallCount = 0;
+            const obj = Reflect.construct(boundFunc, ["prop-value-2"], newTarget);
+            assert.areNotEqual(boundObject, obj, "bound function should ignore bound this when constructing");
+            assert.strictEqual(newTarget.prototype, obj.__proto__, "bound function should use explicit newTarget if provided");
+            assert.areEqual("prop-value-2", obj["prop-name"], "bound function should keep bound arguments when constructing");
+            assert.areEqual(1, functionCallCount, "bound function should be called once");
+        }
+    },
+    {
+        name : "Construct bound function with new",
+        body : function() {
+            functionCallCount = 0;
+            const obj = new boundFunc("prop-value-2");
+            assert.areNotEqual(boundObject, obj, "bound function should ignore bound this when constructing");
+            assert.strictEqual(a.prototype, obj.__proto__, "bound function should use explicit newTarget if provided");
+            assert.areEqual("prop-value-2", obj["prop-name"], "bound function should keep bound arguments when constructing");
+            assert.areEqual(1, functionCallCount, "bound function should be called once");
+        }
+    }
+];
+
+testRunner.runTests(tests, { verbose: WScript.Arguments[0] != "summary" }); 
diff --git a/test/es6/proxytest9.baseline b/test/es6/proxytest9.baseline
@@ -77,9 +77,6 @@ constructor trap
 constructor trap
 get trap prototype
 constructor trap
-constructor trap
-get trap prototype
-constructor trap
 true
 get trap m
 def
diff --git a/test/es6/rlexe.xml b/test/es6/rlexe.xml
@@ -567,6 +567,12 @@
       <compile-flags>-ES6Classes -args summary -endargs</compile-flags>
     </default>
   </test>
+  <test>
+    <default>
+      <files>boundConstruction.js</files>
+      <compile-flags>-args summary -endargs</compile-flags>
+    </default>
+  </test>
   <test>
     <default>
       <files>CrossContextSpreadfunctionCall.js</files>
