[mtasc] MTASC Bug: Inline class instantiation from constructor reference

Wed Aug 10 14:53:03 CEST 2005

Hi Nicolas,

As promised, here's the stack corruption bug report. This was tested  
with MTASC 1.09 on OS X only, so I'd appreciate it if people could  
test this on other platforms.

I think I've found a stack corruption bug in MTASC. It only appears  
when instances of a class are created via a reference to the  
constructor function, and only where those instantiations happen  
'inline' rather than being assigned.

class ClassA {
     public function ClassA() {
         var testClass:Function = ClassC;
         var test = new testClass();
         this.someMethod(test);
     }

     private function someMethod(val:Object) : Void {
         // Do nothing
     }
}

class ClassB {
     public function ClassB() {
         var testClass:Function = ClassC;
         this.someMethod(new testClass());
     }

     private function someMethod(val:Object) : Void {
         // Do nothing
     }
}

class ClassC {
     public function ClassC() { }
}

In the constructor for ClassA, we get a reference to the ClassC  
constructor and then create an instance of that class, storing it in  
a local variable. Then we use that instance as an argument to an  
internal method. If we create an instance of ClassA and then test to  
see if it really is an instance of ClassA, like this...

var instanceA:ClassA = new ClassA();

trace("instanceA: " + (instanceA));
trace("instanceA instanceof ClassA: " + (instanceA instanceof ClassA));
trace("instanceA instanceof ClassB: " + (instanceA instanceof ClassB));

...we get...

instanceA: object [object]
instanceA instanceof ClassA: true
instanceA instanceof ClassB: false

... as the output, which is as expected.

However, in the constructor of ClassB we get a reference to the  
ClassC constructor and then try to create an instance of that class  
*inline* (i.e. without first storing it in a local variable) as a  
parameter of a call to an internal method. If we create an instance  
of ClassB and then test to see if it really is an instance of ClassB,  
like this...

var instanceB:ClassB = new ClassB();

trace("instanceB: " + (instanceB));
trace("instanceB instanceof ClassA: " + (instanceB instanceof ClassA));
trace("instanceB instanceof ClassB: " + (instanceB instanceof ClassB));

...we get...

instanceB: undefined
instanceB instanceof ClassA: false
instanceB instanceof ClassB: false

... which is definitely not expected. It seems the stack is being  
corrupted at some point.

The above classes and test application can be downloaded from here:

http://www.dynamicflash.com/misc/mtasc-bug.zip

Compile with:

mtasc -main Application.as -swf output.swf -header 200:200:12:FFFFFF

You'll need the LuminicBox FlashInspector console to view the output.

Cheers,

Steve

-- 
Steve Webster
Interactive Developer

Featurecreep Ltd.
www.featurecreep.com
14 Orchard Street, Bristol, BS1 5EH
0117 905 5047