Ignore:
Timestamp:
Feb 16, 2011, 11:31:16 AM (14 years ago)
Author:
[email protected]
Message:

2011-02-16 Oliver Hunt <[email protected]>

Reviewed by Geoff Garen.

Incorrect handling of global writes in dynamic contexts
https://bugs.webkit.org/show_bug.cgi?id=49383

Add a few tests to ensure that global writes are actually
allowed inside dynamic scopes.

  • fast/js/basic-strict-mode-expected.txt:
  • fast/js/script-tests/basic-strict-mode.js:

2011-02-16 Oliver Hunt <[email protected]>

Reviewed by Geoff Garen.

Incorrect handling of global writes in dynamic contexts
https://bugs.webkit.org/show_bug.cgi?id=49383

  • interpreter/Interpreter.cpp: (JSC::Interpreter::privateExecute): Can't use the existing callframe to return an uncaught exception as by definition that callframe has already been torn down.
  • parser/ASTBuilder.h: (JSC::ASTBuilder::ASTBuilder): (JSC::ASTBuilder::varDeclarations): (JSC::ASTBuilder::funcDeclarations): (JSC::ASTBuilder::features): (JSC::ASTBuilder::numConstants): (JSC::ASTBuilder::createFuncDeclStatement): (JSC::ASTBuilder::addVar): (JSC::ASTBuilder::incConstants): (JSC::ASTBuilder::usesThis): (JSC::ASTBuilder::usesCatch): (JSC::ASTBuilder::usesClosures): (JSC::ASTBuilder::usesArguments): (JSC::ASTBuilder::usesAssignment): (JSC::ASTBuilder::usesWith): (JSC::ASTBuilder::usesEval): Don't need a vector of scopes in the ASTBuilder
  • runtime/Operations.h: (JSC::resolveBase): In strict mode the optimisation that we use to skip a lookup on the global object is incorrect and lead to us always disallowing global writes when we needed to do a dynamic slot lookup. Now the strict mode path actually checks for the property.
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/runtime/Operations.h

    r77151 r78727  
    473473        while (true) {
    474474            base = iter->get();
    475             if (next == end)
    476                 return isStrictPut ? JSValue() : base;
     475            if (next == end) {
     476                if (isStrictPut && !base->getPropertySlot(callFrame, property, slot))
     477                    return JSValue();
     478                return base;
     479            }
    477480            if (base->getPropertySlot(callFrame, property, slot))
    478481                return base;
Note: See TracChangeset for help on using the changeset viewer.