Ignore:
Timestamp:
Feb 16, 2011, 11:31:16 AM (14 years ago)
Author:
[email protected]
Message:

2011-02-16 Oliver Hunt <[email protected]>

Reviewed by Geoff Garen.

Incorrect handling of global writes in dynamic contexts
https://bugs.webkit.org/show_bug.cgi?id=49383

Add a few tests to ensure that global writes are actually
allowed inside dynamic scopes.

  • fast/js/basic-strict-mode-expected.txt:
  • fast/js/script-tests/basic-strict-mode.js:

2011-02-16 Oliver Hunt <[email protected]>

Reviewed by Geoff Garen.

Incorrect handling of global writes in dynamic contexts
https://bugs.webkit.org/show_bug.cgi?id=49383

  • interpreter/Interpreter.cpp: (JSC::Interpreter::privateExecute): Can't use the existing callframe to return an uncaught exception as by definition that callframe has already been torn down.
  • parser/ASTBuilder.h: (JSC::ASTBuilder::ASTBuilder): (JSC::ASTBuilder::varDeclarations): (JSC::ASTBuilder::funcDeclarations): (JSC::ASTBuilder::features): (JSC::ASTBuilder::numConstants): (JSC::ASTBuilder::createFuncDeclStatement): (JSC::ASTBuilder::addVar): (JSC::ASTBuilder::incConstants): (JSC::ASTBuilder::usesThis): (JSC::ASTBuilder::usesCatch): (JSC::ASTBuilder::usesClosures): (JSC::ASTBuilder::usesArguments): (JSC::ASTBuilder::usesAssignment): (JSC::ASTBuilder::usesWith): (JSC::ASTBuilder::usesEval): Don't need a vector of scopes in the ASTBuilder
  • runtime/Operations.h: (JSC::resolveBase): In strict mode the optimisation that we use to skip a lookup on the global object is incorrect and lead to us always disallowing global writes when we needed to do a dynamic slot lookup. Now the strict mode path actually checks for the property.
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp

    r78634 r78727  
    24502450    }
    24512451    DEFINE_OPCODE(op_resolve_base) {
    2452         /* resolve_base dst(r) property(id)
     2452        /* resolve_base dst(r) property(id) isStrict(bool)
    24532453
    24542454           Searches the scope chain for an object containing
    24552455           identifier property, and if one is found, writes it to
    2456            register dst. If none is found, the outermost scope (which
    2457            will be the global object) is stored in register dst.
     2456           register dst. If none is found and isStrict is false, the
     2457           outermost scope (which will be the global object) is
     2458           stored in register dst.
    24582459        */
    24592460        resolveBase(callFrame, vPC);
     2461        CHECK_FOR_EXCEPTION();
    24602462
    24612463        vPC += OPCODE_LENGTH(op_resolve_base);
     
    47774779            exceptionValue = createInterruptedExecutionException(globalData);
    47784780        }
     4781        JSGlobalObject* globalObject = callFrame->lexicalGlobalObject();
    47794782        handler = throwException(callFrame, exceptionValue, vPC - codeBlock->instructions().begin());
    4780         if (!handler)
    4781             return throwError(callFrame, exceptionValue);
     4783        if (!handler) {
     4784            // Can't use the callframe at this point as the scopechain, etc have
     4785            // been released.
     4786            return throwError(globalObject->globalExec(), exceptionValue);
     4787        }
    47824788
    47834789        codeBlock = callFrame->codeBlock();
Note: See TracChangeset for help on using the changeset viewer.