Implement super

[andreabergia]

This is a huge PR that me and @0xe worked on for a while. We couldn't really figure out a way to make this a nice set of commits for easy review, so we ended up squashing everything because keeping the history wasn't really helpful. Some additional details are implemented as separated PRs stacked on top of this, but this is the smallest PR we could come up with that was coherent.
It is a bit complicated to review I think, sorry about that.

This implements the super operator - which can actually be used outside of classes and will do something that intuitively is "refer to the prototype". The actual details are rather complicated; the MDN page is very clear and detailed. Be sure to read that page carefully before reviewing this.

This PR is stacked on top of #1734 and also includes changes from #1740. It will need to be rebased once #1740 gets merged in. The following PRs are stacked on top of this one:

• Add support for super inside eval #1736
• Handle super.__proto__, which has a special implementation #1737
• Handle super.x++ and similar #1738
• Handle delete super.x by throwing an error #1739
• Allow super in default arguments #1741

We propose to merge these stacked PR into this one and merge this one onto master, if accepted.

Parser changes

super, per the spec, should be allowed only inside methods (and class constructors, which are not part of this PR). A method is something that is written with the shorthand syntax:

o = {
  aValidMethod() { ... }
}

Note that the following is not a method:

o = {
  notAMethod: function() { ... } // Normal function call, or arrow functions
}

The changes in the parser mostly relate to keeping track of a flag insideMethod and handling the super token properly, allowing it only in methods. Using super() as a method call is forbidden at the moment - this will need to be changed when classes are implemented, because it needs to be allowed in constructors.

IR Factory

Most of the changes are done to set a property SUPER_PROPERTY_ACCESS on the IR nodes whenever we encounter a super reference; i.e. if we have a reference to super.x, a node GETPROP is created (as for any other property access), but we store the SUPER_PROPERTY_ACCESS flag on it. There's a bit of complication for handling stuff like super.x = expr but the logic is the same - we record that the SETPROP on the left is on super.

Finally, we mark every function that uses super as "requires activation".

Function objects

Every function now stores a property called "home object", following the ECMAScript spec. This is a hidden property of functions that, for methods, is is recorded as the object where the method is declared. For non methods, it is set to null. Thus, for the following JS:

var o = {
  method() {},
  notAMethod: function() {},
}
function freeFunction() {}

we record that method has a [[HomeObject]] set to o, whereas the other functions have it empty (null).

This is done by emitting a new bytecode/new instructions in the JVM bytecode whenever we are initializing a method. To do this, the changes done in #1734 are necessary, because we need to create the object o before we create the closure that represents the method.

Interpreter and java bytecode

The actual logic is implemented in the same way in the interpreter and the compiled classes. The token SUPER will push the "super" object (i.e. the home object's prototype) on the stack, similar to what THIS would do. Then, unfortunately, every kind of property access or method call needs to have special handling - we cannot reuse the logic for (say) GETPROP but we need to have a new token GETPROP_SUPER. There is quite a bit of duplication with the existing tokens, but we figured that this is worthwhile because it doesn't modify the (vastly more common) case of normal property access, and therefore it doesn't make it slower.
We have created various new tokens/bytecodes for the interpreter, and invokedynamic cases for the compiled classes.
The semantics of super access are basically "resolve property on the super object, then access it using the this object", which intuitively means that doing something like super.f() would resolve the f function in the prototype, but then call it with the current this object. An useful analogy is to think about normal virtual calls in other languages - although the semantics are not really the same, because JS is complicated. 🙂 The same idea also applies to getter or setters - they are resolved on the super object, but called with the current this.

Function activation

We mentioned earlier that we mark every method that uses super as "requires activation". The approach we ended up with is to store the current function's home object in the activation record (the NativeCall). The reason for this, rather than just looking it up in the current function, has to do with lambda functions defined inside a method: they need to capture the super, per the ECMAScript spec.

var o = {
  method() {
    return () => super.foo;
  }
}

We have done this by storing the captured home object in the activation. We have looked at what other engines do (v8, jsc, quickjs) and they all seem to be doing something similar, even if the implementation greatly differs between all of them.

Tests

We have implemented a lot of tests in a new class SuperTest, using junit5's nested classes to organize them. We pass most test262 cases except for those related to eval (fixed in #1736). All other test262 cases that do not pass use either class or spread syntax, which are not supported.

Not implemented

We have not added support for all XML stuff.
Also, if super.x is a property stored in the ExternalArrayData, it might not work correctly - we have not tested it.

[gbrail]

Wow -- this is really big, and I appreciate the attention to detail. I want to understand it better, since you're adding a bunch of new types of operations in the runtime, so give me (and a few others) a week or so to think carefully about it, but this is really cool and I'm looking forward to having it!

[rbri]

@andreabergia @0xe another great step forward, great work.

Will do the usual test with HtmlUnit over the weekend (had to do a release of HtmlUnit before).

Many, many thanks for all the hard work...

[gbrail]

Just so you know where I am on this:

1. Awesome work, love the detailed documentation, thank you!
2. Is there a way that we can get away without adding "withsuper" versions of a bunch of major operations, since the majority of the code path is actually the same? So far I'm concluding "no," but I'd appreciate a bit more time with the code.
3. Should any of the operations actually be in "AbstractEcmaObjectOperations"? I'm also concluding "no."

Thanks and we'll get this in to the product soon!

[gbrail]

I had a chance to look this over more and read the description -- I think that this is a good approach for implementing this.

Can you please rebase? There were one or two places where I could probably get it right but I'd rather that you all make doubly sure. Thanks!

[andreabergia]

I had a chance to look this over more and read the description -- I think that this is a good approach for implementing this.

Can you please rebase? There were one or two places where I could probably get it right but I'd rather that you all make doubly sure. Thanks!

Rebased.

[andreabergia]

@gbrail I would suggest approving this, and then checking out the related PRs that are stacked on top of this (#1736, #1737, #1738, #1739, #1741), so that we can merge them all in this branch in some coherent order before merging it to master, since they will likely all conflict with each other.

[gbrail]

I think this is a good approach and I'm happy to merge it.

It sounds like you'd prefer to merge the five or six other PRs either into this one or into a new PR -- I'm happy either way, just let me know when that is ready. I had a few comments on the other ones but only one was non-optional.

It'd probably help to have marked some of those PRs as "draft" while we go through this but FWIW I don't always look at drafts!

[rbri]

@andreabergia, @0xe sorry for not doing the smoke test so far, but there was not really enough time and because of this stacked commits it was complicated to merge into something testable.
Will to the test as soon as the code is on head.

[andreabergia]

Merged onto this #1737, #1739

[andreabergia]

Merged also #1741 onto this

[gbrail]

Looks like progress -- how many other PRs do you want to include in this one before we look at it one more time and merge it? It's looking really close.

[andreabergia]

Merged also #1736 onto this one.

@gbrail the only one left is #1738

[gbrail]

Thanks -- let me know when you've merged the last one, or if you want me to try. It looks like this one also might conflict with a few other PRs you wrote, so I'm going to hold off on those until we finish this.

[andreabergia]

@gbrail I haven't merged it just because it was not approved by you yet 😊
Conflicts won't be a problem, we'll handle them.

[gbrail]

Thanks for all the work on this! Since I was looking at code coverage for something else, I looked here too, and I saw a few things -- mostly minor, but definitely not new behavior -- that aren't covered by the existing tests.

Can you please take a look at these and see if there are ways that you could hit these few edge cases so that we can have excellent code coverage for all this new code? With those small exceptions, this stuff is very well covered by both new and existing tests.

[gbrail]

I'm looking at code coverage in a few places and I sese that this operation isn't covered by the existing test cases.

[andreabergia]

Removed completely that case because it can never happen!

The reason is that functions with super will always use activation, and Optimizer will not optimize functions that do. Therefore, we will never hit a case of having both properties ISNUMBER_PROP and SUPER_PROPERTY_ACCESS at the same time.
This means that, if we have a super access, we will not have an extra-optimized path for integer properties and we will go to the generic "element" case, but we think it's fine. We're talking about accessing things like super[0] cases here, not something that should be very common.

We haven't added any assertion or check that both properties are not true at the same time because, in any case, the generic "getelem" case can handle integer/double, so even if the optimizer changes, this won't break - it might be slower than for non-super access, but it is correct.

[gbrail]

This operation is not covered by code coverage.

[andreabergia]

Removed (see above)

[gbrail]

Code coverage is not reaching this new code.

[andreabergia]

Removed (see above)

[gbrail]

Code coverage is not reaching this new code.

[andreabergia]

Removed (see above)

[gbrail]

Code coverage is not reaching this new code.

[andreabergia]

Removed (see above)

[gbrail]

We never get here in code coverage either, which makes me wonder whether this is really needed, since I've seen bugs before where the confusion between NOT_FOUND and Undefined creeps in.

[andreabergia]

Added coverage for this

[gbrail]

We don't get here in code coverage either, which is a pretty minor use case, but still...

[andreabergia]

Added coverage for this (and similar for setSuperIndex which had the same issue)

[gbrail]

This seems important but isn't covered by the existing tests.

[andreabergia]

We agree. But, as discussed by comment, I cannot imagine how that line would ever be hit - the super token should only be allowed inside methods, which will always have a home object set, and all the activations stuff
should work correctly and make the home object accessible. Otherwise, we get syntax errors before we reach the interpreter.

So, this is a case of where we implemented the spec word by word, but we can't imagine that this will ever happen given the actual implementation of the interpreter.

[andreabergia]

Merged also the last PR, #1738 onto this one

[andreabergia]

Rebased on top of #1752 because we discovered a problem when adding tests 🙂

Also, thanks a lot @gbrail for the in-depth review!

[gbrail]

OK -- this looks good. Thanks for all the hard work!