Issue 11558 in v8: [Bug] Function.prototype.apply was called on undefined, which is a undefined and not a function

[dwf… via monorail]

Status: Untriaged
Owner: ----
Type: Bug

New issue 11558 by dwf...@gmail.com: [Bug] Function.prototype.apply was called on undefined, which is a undefined and not a function
https://bugs.chromium.org/p/v8/issues/detail?id=11558

Please see https://stackoverflow.com/q/66609657/7881859

--
You received this message because:
1. The project was configured to send all issue notifications to this address

You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings

[s… via monorail]

Updates:
Components: Language
Labels: HW-All OS-All

Comment #1 on issue 11558 by sn...@chromium.org: [Bug] Function.prototype.apply was called on undefined, which is a undefined and not a function
https://bugs.chromium.org/p/v8/issues/detail?id=11558#c1

Some more info:

Input: `undefined?.(...[], 1)`
Output:
undefined?.(...[], 1)
^
TypeError: Function.prototype.apply was called on undefined, which is a undefined and not a function

[brai… via monorail]

Comment #2 on issue 11558 by brai...@gmail.com: [Bug] Function.prototype.apply was called on undefined, which is a undefined and not a function
https://bugs.chromium.org/p/v8/issues/detail?id=11558#c2

Copying over the test case from the reporters link:

const fn1 = undefined
const args = []
const fn2 = () => {}
const fn3 = () => {}

console.log(fn1?.(...args, fn2, fn3))

Instead of printing undefined, it prints:

console.log(fn1?.(...args, fn2, fn3))
^
TypeError: Function.prototype.apply was called on undefined, which is an undefined and not a function

[laura… via monorail]

Comment #3 on issue 11558 by laura...@gmail.com: [Bug] Function.prototype.apply was called on undefined, which is a undefined and not a function
https://bugs.chromium.org/p/v8/issues/detail?id=11558#c3

my network and server are being used by anonymous
Extensions

Locale: en-US
User Agent: Mozilla/5.0 (X11; CrOS x86_64 13729.45.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.82 Safari/537.36
Google Chrome: 89.0.4389.82
Startup type: Continue where you left off
Homepage: http://www..google.com/
Homepage is the New Tab page: Yes
Show Home button: No
Default search engine: www.google.com
Extensions: Web Store, Office Editing for Docs, Sheets & Slides, Audio Player, Play Store, eSpeakNG text-to-speech extension, Zip Archiver, Terminal, Volume Booster, Feedback, Chrome OS built-in text-to-speech extension, Files, Help, Mobile Activation, NCDLauncher, Video Player, Chrome OS XKB, Chrome Goodies, CryptoTokenExtension, Connectivity Diagnostics, JSON Editor, Chrome, Chrome PDF Viewer, __MSG_chos_inputtool_title__, Explore, Google Hangouts, Gallery, Chrome Web Store Payments, Wallpaper Picker, Settings, Gmail, Chrome Media Router, Image loader

[laura… via monorail]

Comment #4 on issue 11558 by laura...@gmail.com: [Bug] Function.prototype.apply was called on undefined, which is a undefined and not a function
https://bugs.chromium.org/p/v8/issues/detail?id=11558#c4

<body jsmodel="TvHxbe" jsaction="IVKTfe:.CLIENT;HiCeld:.CLIENT;KsNBn:.CLIENT;sbTXNb:.CLIENT;xjhTIf:.CLIENT;O2vyse:.CLIENT;Ez7VMc:.CLIENT;me3ike:.CLIENT;IrNywb:.CLIENT;Z94jBf:.CLIENT;A8708b:.CLIENT;YcfJ:.CLIENT;SIz2E:.CLIENT;Es1Dad:.CLIENT;cO7eI:.CLIENT;A6SDQe:.CLIENT;LjVEJd:.CLIENT;VM8bg:.CLIENT;hWT9Jb:.CLIENT;WCulWe:.CLIENT;NTJodf:.CLIENT;szjOR:.CLIENT;PY1zjf:.CLIENT;wnJTPd:.CLIENT;JL9QDc:.CLIENT;kWlxhc:.CLIENT;qGMTIf:.CLIENT"><style data-iml="1615580601678">.L3eUgb{display:flex;flex-direction:column;height:100%}.o3j99{flex-shrink:0;box-sizing:border-box}.n1xJcf{height:60px}.LLD4me{min-height:150px;max-height:290px;height:calc(100% - 560px)}.yr19Zb{min-height:92px}.ikrT4e{max-height:160px}.qarstb{flex-grow:1}</style><div class="L3eUgb" data-hveid="1"><div class="o3j99 n1xJcf Ne6nSd"><style data-iml="1615580601679">.Ne6nSd{display:flex;align-items:center;padding:6px}a.MV3Tnb{display:inline-block;padding:5px;margin:0 5px;color:#222}a.MV3Tnb:first-of-type{margin-left:15px}.LX3sZb{display:inline-block;flex-grow:1}</style><a class="MV3Tnb" href="https://about.google/?fg=1&amp;utm_source=google-US&amp;utm_medium=referral&amp;utm_campaign=hp-header" ping="/url?sa=t&amp;rct=j&amp;source=webhp&amp;url=https://about.google/%3Ffg%3D1%26utm_source%3Dgoogle-US%26utm_medium%3Dreferral%26utm_campaign%3Dhp-header&amp;ved=0ahUKEwijxv3WyqvvAhVRAqwKHY0DCSgQkNQCCAI">About</a><a class="MV3Tnb" href="https://store.google.com/US?utm_source=hp_header&amp;utm_medium=google_ooo&amp;utm_campaign=GS100042&amp;hl=en-US" ping="/url?sa=t&amp;rct=j&amp;source=webhp&amp;url=https://store.google.com/US%3Futm_source%3Dhp_header%26utm_medium%3Dgoogle_ooo%26utm_campaign%3DGS100042%26hl%3Den-US&amp;ved=0ahUKEwijxv3WyqvvAhVRAqwKHY0DCSgQpMwCCAM">Store</a><div class="LX3sZb"><div class="gb_qa gb_0d gb_Wa gb_ra" id="gb"><div class="gb_Xd gb_Ta gb_Jd" data-ogsr-up=""><div><div class="gb_9d gb_i gb_ng gb_eg" data-ogbl=""><div class="gb_h gb_i"><a class="gb_g" data-pid="23" href="https://mail.google.com/mail/&amp;ogbl" target="_top">Gmail</a></div><div class="gb_h gb_i"><a class="gb_g" data-pid="2" href="https://www.google.com/imghp?hl=en&amp;ogbl" target="_top">Images</a></div></div></div><div class="gb_Te"><div class="gb_Oc"><div class="gb_C gb_cd gb_i gb_Bf" data-ogsr-fb="true" data-ogsr-alt="" id="gbwa"><div class="gb_Af"><a class="gb_D" aria-label="Google apps" href="https://www.google.com/intl/en/about/products" aria-expanded="false" role="button" tabindex="0"><svg class="gb_We" focusable="false" viewBox="0 0 24 24"><path d="M6,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM12,20c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM6,20c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM6,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM12,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2

Attachments:
updater 95.5 KB

[jridg… via monorail]

Comment #5 on issue 11558 by jridg...@google.com: [Bug] Function.prototype.apply was called on undefined, which is a undefined and not a function
https://bugs.chromium.org/p/v8/issues/detail?id=11558#c5

A few additional test cases:

```
const fn = null;
const n = null;
const o = {};

// Fine
fn?.(...[]);
o?.toString(...[], 1);
o?.toString?.(...[], 1);
n?.method?.(...[], 1);

// Throws (must be any argument that follows a ...spread)
fn?.(...[], 1);
fn?.(...[], ...[]);
o.method?.(...[], 1);
// This one is most surprising!
n?.method(...[], 1);
```

[jridg… via monorail]

Updates:
Cc: jridg...@google.com

Comment #6 on issue 11558 by jridg...@google.com: [Bug] Function.prototype.apply was called on undefined, which is a undefined and not a function
https://bugs.chromium.org/p/v8/issues/detail?id=11558#c6

(No comment was entered for this change.)

[s… via monorail]

Updates:
Owner: s...@chromium.org

Comment #7 on issue 11558 by s...@chromium.org: [Bug] Function.prototype.apply was called on undefined, which is a undefined and not a function
https://bugs.chromium.org/p/v8/issues/detail?id=11558#c7

[Git Watcher via monorail]

Comment #8 on issue 11558 by Git Watcher: [Bug] Function.prototype.apply was called on undefined, which is a undefined and not a function
https://bugs.chromium.org/p/v8/issues/detail?id=11558#c8

The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8/+/fd75c97d3f56f0e4b8f2842c08b0f8d1c47bed00

commit fd75c97d3f56f0e4b8f2842c08b0f8d1c47bed00
Author: Shu-yu Guo <s...@chromium.org>
Date: Thu Mar 18 20:29:55 2021

[interpreter] Apply Reflect.apply transform in BytecodeGenerator

Calls with a spread expression in a non-final position get transformed
to calls to Reflect.apply. This transformation is currently done in
the parser, which does not compose well with other features (e.g.
direct eval checking, optional chaining).

Do this transform in the BytecodeGenerator instead.

Bug: v8:11573, v8:11558, v8:5690
Change-Id: I56c90a2036fe5b43e0897c57766f666bf72bc3a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2765783
Auto-Submit: Shu-yu Guo <s...@chromium.org>
Commit-Queue: Leszek Swirski <les...@chromium.org>
Reviewed-by: Ross McIlroy <rmci...@chromium.org>
Reviewed-by: Leszek Swirski <les...@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73534}

[modify] https://crrev.com/fd75c97d3f56f0e4b8f2842c08b0f8d1c47bed00/src/ast/ast.cc
[modify] https://crrev.com/fd75c97d3f56f0e4b8f2842c08b0f8d1c47bed00/src/ast/ast.h
[modify] https://crrev.com/fd75c97d3f56f0e4b8f2842c08b0f8d1c47bed00/src/interpreter/bytecode-generator.cc
[modify] https://crrev.com/fd75c97d3f56f0e4b8f2842c08b0f8d1c47bed00/src/parsing/parser-base.h
[modify] https://crrev.com/fd75c97d3f56f0e4b8f2842c08b0f8d1c47bed00/src/parsing/parser.cc
[modify] https://crrev.com/fd75c97d3f56f0e4b8f2842c08b0f8d1c47bed00/src/parsing/parser.h
[modify] https://crrev.com/fd75c97d3f56f0e4b8f2842c08b0f8d1c47bed00/src/parsing/preparser.h
[modify] https://crrev.com/fd75c97d3f56f0e4b8f2842c08b0f8d1c47bed00/test/cctest/interpreter/bytecode_expectations/CallAndSpread.golden
[add] https://crrev.com/fd75c97d3f56f0e4b8f2842c08b0f8d1c47bed00/test/mjsunit/regress/regress-11558.js
[modify] https://crrev.com/fd75c97d3f56f0e4b8f2842c08b0f8d1c47bed00/test/test262/test262.status

[s… via monorail]

Updates:
Status: Fixed

Comment #9 on issue 11558 by s...@chromium.org: [Bug] Function.prototype.apply was called on undefined, which is a undefined and not a function
https://bugs.chromium.org/p/v8/issues/detail?id=11558#c9

(No comment was entered for this change.)

[s… via monorail]

Updates:
Cc: s...@chromium.org ma...@chromium.org

Comment #11 on issue 11558 by s...@chromium.org: [Bug] Function.prototype.apply was called on undefined, which is a undefined and not a function
https://bugs.chromium.org/p/v8/issues/detail?id=11558#c11

Issue 11729 has been merged into this issue.