Commit 6b5d98b0 authored by oliver@apple.com's avatar oliver@apple.com
Browse files

2011-01-18 Oliver Hunt <oliver@apple.com>

        Reviewed by Gavin Barraclough.

        [jsfunfuzz] Assertion asking activation for arguments when arguments is overridden
        https://bugs.webkit.org/show_bug.cgi?id=52690

        Add a few more tests.

        * fast/js/function-dot-arguments-expected.txt:
        * fast/js/script-tests/function-dot-arguments.js:
        (overwroteArgumentsInDynamicScope1):
        (overwroteArgumentsInDynamicScope2):
        (overwroteArgumentsInDynamicScope3):
2011-01-18  Oliver Hunt  <oliver@apple.com>

        Reviewed by Gavin Barraclough.

        [jsfunfuzz] Assertion asking activation for arguments when arguments is overridden
        https://bugs.webkit.org/show_bug.cgi?id=52690

        Clean up code to retrieve arguments from activation and function objects.
        Remove the incorrect assertion from JSActivation's argumentsGetter.

        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::retrieveArguments):
        * runtime/JSActivation.cpp:
        (JSC::JSActivation::argumentsGetter):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@76090 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 0e7ea9b0
2011-01-18 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
[jsfunfuzz] Assertion asking activation for arguments when arguments is overridden
https://bugs.webkit.org/show_bug.cgi?id=52690
Add a few more tests.
* fast/js/function-dot-arguments-expected.txt:
* fast/js/script-tests/function-dot-arguments.js:
(overwroteArgumentsInDynamicScope1):
(overwroteArgumentsInDynamicScope2):
(overwroteArgumentsInDynamicScope3):
2011-01-18 Dmitry Titov <dimich@chromium.org>
 
[Chromium] Not reviewed, adding pixel expectations for new test.
......
......@@ -37,6 +37,9 @@ PASS argumentsNotLiveWrite1(0, 2, 3) is 0
PASS argumentsNotLiveWrite2(1, 0, 3) is 0
PASS argumentsNotLiveWrite3(1, 2, 0) is 0
PASS argumentsIdentity() is true
PASS overwroteArgumentsInDynamicScope1() is true
PASS overwroteArgumentsInDynamicScope2() is true
PASS overwroteArgumentsInDynamicScope3() is true
PASS successfullyParsed is true
TEST COMPLETE
......
......@@ -305,4 +305,22 @@ function argumentsIdentity()
}
shouldBeTrue("argumentsIdentity()");
function overwroteArgumentsInDynamicScope1() {
eval("arguments = true");
return arguments;
}
function overwroteArgumentsInDynamicScope2() {
arguments = true;
return eval("arguments");
}
function overwroteArgumentsInDynamicScope3() {
eval("arguments = true");
return overwroteArgumentsInDynamicScope3.arguments;
}
shouldBeTrue("overwroteArgumentsInDynamicScope1()");
shouldBeTrue("overwroteArgumentsInDynamicScope2()");
shouldBeTrue("overwroteArgumentsInDynamicScope3()");
var successfullyParsed = true;
2011-01-18 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
[jsfunfuzz] Assertion asking activation for arguments when arguments is overridden
https://bugs.webkit.org/show_bug.cgi?id=52690
Clean up code to retrieve arguments from activation and function objects.
Remove the incorrect assertion from JSActivation's argumentsGetter.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::retrieveArguments):
* runtime/JSActivation.cpp:
(JSC::JSActivation::argumentsGetter):
2011-01-18 Geoffrey Garen <ggaren@apple.com>
 
Reviewed by Darin Adler.
......
......@@ -4802,12 +4802,13 @@ JSValue Interpreter::retrieveArguments(CallFrame* callFrame, JSFunction* functio
if (codeBlock->usesArguments()) {
ASSERT(codeBlock->codeType() == FunctionCode);
int argumentsRegister = codeBlock->argumentsRegister();
if (!functionCallFrame->r(argumentsRegister).jsValue()) {
JSValue arguments = JSValue(new (callFrame) Arguments(functionCallFrame));
functionCallFrame->r(argumentsRegister) = arguments;
functionCallFrame->r(unmodifiedArgumentsRegister(argumentsRegister)) = arguments;
}
return functionCallFrame->r(argumentsRegister).jsValue();
int realArgumentsRegister = unmodifiedArgumentsRegister(argumentsRegister);
if (JSValue arguments = functionCallFrame->uncheckedR(argumentsRegister).jsValue())
return arguments;
JSValue arguments = JSValue(new (callFrame) Arguments(functionCallFrame));
functionCallFrame->r(argumentsRegister) = arguments;
functionCallFrame->r(realArgumentsRegister) = arguments;
return arguments;
}
Arguments* arguments = new (functionCallFrame) Arguments(functionCallFrame);
......
......@@ -203,14 +203,16 @@ JSValue JSActivation::argumentsGetter(ExecState*, JSValue slotBase, const Identi
JSActivation* activation = asActivation(slotBase);
CallFrame* callFrame = CallFrame::create(activation->d()->registers);
int argumentsRegister = activation->d()->functionExecutable->generatedBytecode().argumentsRegister();
if (!callFrame->uncheckedR(argumentsRegister).jsValue()) {
JSValue arguments = JSValue(new (callFrame) Arguments(callFrame));
callFrame->uncheckedR(argumentsRegister) = arguments;
callFrame->uncheckedR(unmodifiedArgumentsRegister(argumentsRegister)) = arguments;
}
if (JSValue arguments = callFrame->uncheckedR(argumentsRegister).jsValue())
return arguments;
int realArgumentsRegister = unmodifiedArgumentsRegister(argumentsRegister);
ASSERT(callFrame->uncheckedR(argumentsRegister).jsValue().inherits(&Arguments::info));
return callFrame->uncheckedR(argumentsRegister).jsValue();
JSValue arguments = JSValue(new (callFrame) Arguments(callFrame));
callFrame->uncheckedR(argumentsRegister) = arguments;
callFrame->uncheckedR(realArgumentsRegister) = arguments;
ASSERT(callFrame->uncheckedR(realArgumentsRegister).jsValue().inherits(&Arguments::info));
return callFrame->uncheckedR(realArgumentsRegister).jsValue();
}
// These two functions serve the purpose of isolating the common case from a
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment