Changeset 62456 in webkit for trunk/JavaScriptCore/interpreter

Timestamp:

Jul 3, 2010, 4:49:59 PM (15 years ago)

Author:

Darin Adler

Message:

2010-07-03 Yong Li <​[email protected]>

Reviewed by Darin Adler.

Make Arguments::MaxArguments clamping work for numbers >= 0x80000000 in
the interpreter as well as the JIT.

​https://bugs.webkit.org/show_bug.cgi?id=41351
rdar://problem/8142141

• interpreter/Interpreter.cpp: (JSC::Interpreter::privateExecute): Fix signed integer overflow problem in op_load_varargs handling. 0xFFFFFFFF was read as -1.

2010-07-03 Darin Adler <Darin Adler>

Added test cases for edge cases in apply function on arrays.
​https://bugs.webkit.org/show_bug.cgi?id=41351

• fast/js/function-apply-expected.txt: Updated to expect success.
• fast/js/script-tests/function-apply.js: Added test cases.

File:

• trunk/JavaScriptCore/interpreter/Interpreter.cpp (modified) (5 diffs)

trunk/JavaScriptCore/interpreter/Interpreter.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
+ * Copyright (C) 2008, 2009, 2010 Apple Inc. All rights reserved.
  * Copyright (C) 2008 Cameron Zwarich <[email protected]>
  *
@@ -3694 +3694 @@
         
         JSValue arguments = callFrame->r(argsOffset).jsValue();
-        int32_t argCount = 0;
+        uint32_t argCount = 0;
         if (!arguments) {
             argCount = (uint32_t)(callFrame->argumentCount());
-            argCount = min(argCount, static_cast<int32_t>(Arguments::MaxArguments));
+            argCount = min<uint32_t>(argCount, Arguments::MaxArguments);
             int32_t sizeDelta = argsOffset + argCount + RegisterFile::CallFrameHeaderSize;
             Register* newEnd = callFrame->registers() + sizeDelta;
@@ -3724 +3724 @@
                 Arguments* args = asArguments(arguments);
                 argCount = args->numProvidedArguments(callFrame);
-                argCount = min(argCount, static_cast<int32_t>(Arguments::MaxArguments));
+                argCount = min<uint32_t>(argCount, Arguments::MaxArguments);
                 int32_t sizeDelta = argsOffset + argCount + RegisterFile::CallFrameHeaderSize;
                 Register* newEnd = callFrame->registers() + sizeDelta;
@@ -3735 +3735 @@
                 JSArray* array = asArray(arguments);
                 argCount = array->length();
-                argCount = min(argCount, static_cast<int32_t>(Arguments::MaxArguments));
+                argCount = min<uint32_t>(argCount, Arguments::MaxArguments);
                 int32_t sizeDelta = argsOffset + argCount + RegisterFile::CallFrameHeaderSize;
                 Register* newEnd = callFrame->registers() + sizeDelta;
@@ -3746 +3746 @@
                 JSObject* argObject = asObject(arguments);
                 argCount = argObject->get(callFrame, callFrame->propertyNames().length).toUInt32(callFrame);
-                argCount = min(argCount, static_cast<int32_t>(Arguments::MaxArguments));
+                argCount = min<uint32_t>(argCount, Arguments::MaxArguments);
                 int32_t sizeDelta = argsOffset + argCount + RegisterFile::CallFrameHeaderSize;
                 Register* newEnd = callFrame->registers() + sizeDelta;