Changeset 154902 in webkit for trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp

Timestamp:

Aug 30, 2013, 11:30:41 AM (12 years ago)

Author:

[email protected]

Message:

Make JSValue bool conversion less dangerous
​https://bugs.webkit.org/show_bug.cgi?id=120505

Reviewed by Darin Adler.

Source/JavaScriptCore:

Replaces JSValue::operator bool() with a operator UnspecifiedBoolType* as
we do elsewhere. Then fix the places where terrible type coercion was
happening. All of the changes made had no fundamental behavioural impact
as they were coercion results that were ignored (returning undefined
after an exception).

• dfg/DFGOperations.cpp:
• interpreter/CallFrame.h:

(JSC::ExecState::hadException):

• runtime/JSCJSValue.h:
• runtime/JSCJSValueInlines.h:

(JSC::JSValue::operator UnspecifiedBoolType*):

• runtime/JSGlobalObjectFunctions.cpp:

(JSC::globalFuncEval):

• runtime/PropertyDescriptor.cpp:

(JSC::PropertyDescriptor::equalTo)

Source/WTF:

Make LIKELY and UNLIKELY macros coerce to bool before
passing to expect.

• wtf/Compiler.h:

File:

• trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp (modified) (2 diffs)

trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp

@@ -678 +678 @@
     if (!base->isObject()) {
         vm->throwException(exec, createInvalidParameterError(exec, "in", base));
-        return jsUndefined();
+        return JSValue::encode(jsUndefined());
     }
     
@@ -705 +705 @@
     if (!base->isObject()) {
         vm->throwException(exec, createInvalidParameterError(exec, "in", base));
-        return jsUndefined();
+        return JSValue::encode(jsUndefined());
     }