From 69d9b2c326d40e0948205902432f963ed8fca321 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?D=C3=A1niel=20B=C3=A1tyai?= <daniel.batyai@h-lab.eu>
Date: Thu, 1 Oct 2020 11:21:00 +0200
Subject: [PATCH] Check that this binding is initialized before forming a super
 reference (#4255)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

JerryScript-DCO-1.0-Signed-off-by: Dániel Bátyai daniel.batyai@h-lab.eu
---
 jerry-core/vm/opcodes.c              | 11 +++++++++++
 tests/test262-es6-excludelist.xml    |  1 -
 tests/test262-esnext-excludelist.xml |  3 ---
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/jerry-core/vm/opcodes.c b/jerry-core/vm/opcodes.c
index 0b839f515..39a4ad4fd 100644
--- a/jerry-core/vm/opcodes.c
+++ b/jerry-core/vm/opcodes.c
@@ -1548,6 +1548,17 @@ opfunc_form_super_reference (ecma_value_t **vm_stack_top_p, /**< current vm stac
                              ecma_value_t prop_name, /**< property name to resolve */
                              uint8_t opcode) /**< current cbc opcode */
 {
+  if (CBC_FUNCTION_GET_TYPE (frame_ctx_p->shared_p->bytecode_header_p->status_flags) == CBC_FUNCTION_CONSTRUCTOR)
+  {
+    ecma_property_t *prop_p = ecma_op_get_this_property (frame_ctx_p->lex_env_p);
+
+    if (!ecma_op_this_binding_is_initialized (prop_p))
+    {
+      return ecma_raise_reference_error (ECMA_ERR_MSG ("Must call super constructor in derived class before "
+                                                       "accessing 'this' or returning from it."));
+    }
+  }
+
   ecma_value_t parent = ecma_op_resolve_super_base (frame_ctx_p->lex_env_p);
 
   if (ECMA_IS_VALUE_ERROR (parent))
diff --git a/tests/test262-es6-excludelist.xml b/tests/test262-es6-excludelist.xml
index 7ad1de832..1ea4f7d10 100644
--- a/tests/test262-es6-excludelist.xml
+++ b/tests/test262-es6-excludelist.xml
@@ -306,7 +306,6 @@
   <test id="language/line-terminators/S7.3_A2.4.js"><reason>No longer a SyntaxError in ES11</reason></test>
   <test id="language/literals/string/7.8.4-1-s.js"><reason></reason></test>
   <test id="language/module-code/export-unresolvable.js"><reason></reason></test>
-  <test id="language/statements/class/definition/this-access-restriction.js"><reason></reason></test>
   <test id="language/statements/class/definition/this-check-ordering.js"><reason></reason></test>
   <test id="language/statements/class/syntax/early-errors/class-body-static-method-get-propname-prototype.js"><reason></reason></test>
   <test id="language/statements/for-of/iterator-next-reference.js"><reason>ES2018 change: next method must be cached</reason></test>
diff --git a/tests/test262-esnext-excludelist.xml b/tests/test262-esnext-excludelist.xml
index 7f83a8841..b28c699c7 100644
--- a/tests/test262-esnext-excludelist.xml
+++ b/tests/test262-esnext-excludelist.xml
@@ -3754,11 +3754,9 @@
   <test id="language/expressions/super/call-spread-obj-spread-order.js"><reason></reason></test>
   <test id="language/expressions/super/call-spread-obj-symbol-property.js"><reason></reason></test>
   <test id="language/expressions/super/prop-dot-cls-ref-strict.js"><reason></reason></test>
-  <test id="language/expressions/super/prop-dot-cls-this-uninit.js"><reason></reason></test>
   <test id="language/expressions/super/prop-dot-obj-ref-non-strict.js"><reason></reason></test>
   <test id="language/expressions/super/prop-dot-obj-ref-strict.js"><reason></reason></test>
   <test id="language/expressions/super/prop-expr-cls-ref-strict.js"><reason></reason></test>
-  <test id="language/expressions/super/prop-expr-cls-this-uninit.js"><reason></reason></test>
   <test id="language/expressions/super/prop-expr-obj-key-err.js"><reason></reason></test>
   <test id="language/expressions/super/prop-expr-obj-ref-non-strict.js"><reason></reason></test>
   <test id="language/expressions/super/prop-expr-obj-ref-strict.js"><reason></reason></test>
@@ -4079,7 +4077,6 @@
   <test id="language/statements/class/class-name-ident-yield-escaped.js"><reason></reason></test>
   <test id="language/statements/class/class-name-ident-yield.js"><reason></reason></test>
   <test id="language/statements/class/constructor-inferred-observable-iteration.js"><reason></reason></test>
-  <test id="language/statements/class/definition/this-access-restriction.js"><reason></reason></test>
   <test id="language/statements/class/definition/this-check-ordering.js"><reason></reason></test>
   <test id="language/statements/class/dstr/async-gen-meth-ary-init-iter-no-close.js"><reason></reason></test>
   <test id="language/statements/class/dstr/async-gen-meth-ary-ptrn-rest-init-ary.js"><reason></reason></test>