Changeset 154902 in webkit for trunk/Source/JavaScriptCore/runtime/JSCJSValueInlines.h

Timestamp:

Aug 30, 2013, 11:30:41 AM (12 years ago)

Author:

[email protected]

Message:

Make JSValue bool conversion less dangerous
​https://bugs.webkit.org/show_bug.cgi?id=120505

Reviewed by Darin Adler.

Source/JavaScriptCore:

Replaces JSValue::operator bool() with a operator UnspecifiedBoolType* as
we do elsewhere. Then fix the places where terrible type coercion was
happening. All of the changes made had no fundamental behavioural impact
as they were coercion results that were ignored (returning undefined
after an exception).

• dfg/DFGOperations.cpp:
• interpreter/CallFrame.h:

(JSC::ExecState::hadException):

• runtime/JSCJSValue.h:
• runtime/JSCJSValueInlines.h:

(JSC::JSValue::operator UnspecifiedBoolType*):

• runtime/JSGlobalObjectFunctions.cpp:

(JSC::globalFuncEval):

• runtime/PropertyDescriptor.cpp:

(JSC::PropertyDescriptor::equalTo)

Source/WTF:

Make LIKELY and UNLIKELY macros coerce to bool before
passing to expect.

• wtf/Compiler.h:

File:

• trunk/Source/JavaScriptCore/runtime/JSCJSValueInlines.h (modified) (2 diffs)

trunk/Source/JavaScriptCore/runtime/JSCJSValueInlines.h

@@ -211 +211 @@
 }
 
-inline JSValue::operator bool() const
+inline JSValue::operator UnspecifiedBoolType*() const
 {
     ASSERT(tag() != DeletedValueTag);
-    return tag() != EmptyValueTag;
+    return tag() != EmptyValueTag ? reinterpret_cast<UnspecifiedBoolType*>(1) : 0;
 }
 
@@ -359 +359 @@
 }
 
-inline JSValue::operator bool() const
-{
-    return u.asInt64;
+inline JSValue::operator UnspecifiedBoolType*() const
+{
+    return u.asInt64 ? reinterpret_cast<UnspecifiedBoolType*>(1) : 0;
 }