Reviewers: Kasper Lund, Description: Fix bug in function context slot lookup. There were two problems: we read at the wrong index in the scope information and we forgot to add Context::MIN_CONTEXT_SLOTS to the index.
This fixes issue 24. Please review this at http://codereview.chromium.org/1938 Affected files: M src/codegen-ia32.cc M src/scopeinfo.cc A test/mjsunit/with-function-expression.js Index: test/mjsunit/with-function-expression.js =================================================================== --- test/mjsunit/with-function-expression.js (revision 0) +++ test/mjsunit/with-function-expression.js (revision 0) @@ -0,0 +1,36 @@ +// Copyright 2008 the V8 project authors. All rights reserved. +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following +// disclaimer in the documentation and/or other materials provided +// with the distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived +// from this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +var source = "(function x() { with({}) { return '' + x; } })()"; + +// Don't throw exceptions. +assertDoesNotThrow(source); + +// Check that the return value is a function. Use regexp to avoid +// depending on the exact printing of the function. +var regexp = /function/; +var res = assertTrue(eval(source).match(regexp) == 'function'); Index: src/scopeinfo.cc =================================================================== --- src/scopeinfo.cc (revision 267) +++ src/scopeinfo.cc (working copy) @@ -484,10 +484,13 @@ ASSERT(name->IsSymbol()); if (code->sinfo_size() > 0) { Object** p = &Memory::Object_at(code->sinfo_start()); - if (*p++ == name) { - int n; - ReadInt(p, &n); // n = number of context slots - return n -1; // the function context slot is the last entry + if (*p == name) { + p = ContextEntriesAddr(code); + int n; // number of context slots + ReadInt(p, &n); + ASSERT(n != 0); + // The function context slot is the last entry. + return n + Context::MIN_CONTEXT_SLOTS - 1; } } return -1; Index: src/codegen-ia32.cc =================================================================== --- src/codegen-ia32.cc (revision 267) +++ src/codegen-ia32.cc (working copy) @@ -918,7 +918,6 @@ Scope* scope, Reference* ref, InitState init_state) { - Comment cmnt(masm, "[ Store to VariableProxy"); Variable* node = var(); --~--~---------~--~----~------------~-------~--~----~ v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev -~----------~----~----~----~------~----~------~--~---
