Changeset 38148 in webkit for trunk/JavaScriptCore/VM/Machine.cpp


Ignore:
Timestamp:
Nov 5, 2008, 7:26:30 PM (17 years ago)
Author:
[email protected]
Message:

JavaScriptCore:

2008-11-05 Gavin Barraclough <[email protected]>

Reviewed by Maciej Stachowiak.

https://bugs.webkit.org/show_bug.cgi?id=22094

Fix for bug where the callee incorrectly recieves the caller's lexical
global object as this, rather than its own. Implementation closely
follows the spec, passing jsNull, checking in the callee and replacing
with the global object where necessary.

  • VM/CTI.cpp: (JSC::CTI::compileOpCall):
  • VM/Machine.cpp: (JSC::Machine::cti_op_call_NotJSFunction): (JSC::Machine::cti_op_call_eval):
  • runtime/JSCell.h: (JSC::JSValue::toThisObject):
  • runtime/JSImmediate.cpp: (JSC::JSImmediate::toThisObject):
  • runtime/JSImmediate.h:

LayoutTests:

2008-11-05 Gavin Barraclough <[email protected]>

Reviewed by Maciej Stachowiak.

Previosly the test 'cross-site-this' checked that the second level deep method called
across frames recieved the correct this pointer, when no base object is provided.


Test updated so that it check that the code in the child frame, and both the first
and second functions called in the parent frame recieve the correct this values.

  • fast/frames/cross-site-this.html:
  • fast/frames/resources/cross-site-this-helper.html:
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/VM/Machine.cpp

    r38137 r38148  
    48194819        {
    48204820            SamplingTool::HostCallRecord callRecord(CTI_SAMPLER);
    4821             returnValue = callData.native.function(callFrame, asObject(funcVal), argv[0].jsValue(callFrame), argList);
     4821
     4822            // All host methods should be calling toThisObject, but this is not presently the case.
     4823            JSValue* thisValue = argv[0].jsValue(callFrame);
     4824            if (thisValue == jsNull())
     4825                thisValue = callFrame->globalThisValue();
     4826
     4827            returnValue = callData.native.function(callFrame, asObject(funcVal), thisValue, argList);
    48224828        }
    48234829        ARG_setCallFrame(previousCallFrame);
     
    56455651
    56465652    if (baseVal == scopeChain->globalObject() && funcVal == scopeChain->globalObject()->evalFunction()) {
    5647         JSObject* thisObject = asObject(callFrame[codeBlock->thisRegister].jsValue(callFrame));
     5653        JSObject* thisObject = callFrame[codeBlock->thisRegister].jsValue(callFrame)->toThisObject(callFrame);
    56485654        JSValue* exceptionValue = noValue();
    56495655        JSValue* result = machine->callEval(callFrame, thisObject, scopeChain, registerFile, registerOffset - RegisterFile::CallFrameHeaderSize - argCount, argCount, exceptionValue);
Note: See TracChangeset for help on using the changeset viewer.