LGTM. On Fri, Jan 23, 2009 at 1:11 PM, <[email protected]> wrote: > Reviewers: Kasper Lund, > > Description: > Make sure that eval and try-catch introduced context extension objects > act as if they have no properties in their prototype chains. > > This fixes V8 issue 193: > > http://code.google.com/p/v8/issues/detail?id=193. > > Please review this at http://codereview.chromium.org/18709 > > SVN Base: http://v8.googlecode.com/svn/branches/bleeding_edge/ > > Affected files: > M src/contexts.cc > A test/mjsunit/regress/regress-193.js > > > Index: test/mjsunit/regress/regress-193.js > =================================================================== > --- test/mjsunit/regress/regress-193.js (revision 0) > +++ test/mjsunit/regress/regress-193.js (revision 0) > @@ -0,0 +1,44 @@ > +// Copyright 2009 the V8 project authors. All rights reserved. > +// Redistribution and use in source and binary forms, with or without > +// modification, are permitted provided that the following conditions are > +// met: > +// > +// * Redistributions of source code must retain the above copyright > +// notice, this list of conditions and the following disclaimer. > +// * Redistributions in binary form must reproduce the above > +// copyright notice, this list of conditions and the following > +// disclaimer in the documentation and/or other materials provided > +// with the distribution. > +// * Neither the name of Google Inc. nor the names of its > +// contributors may be used to endorse or promote products derived > +// from this software without specific prior written permission. > +// > +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR > +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT > +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, > +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT > +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, > +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY > +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT > +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE > +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. > + > +// Test that context extension objects do not have a constructor > +// property. > + > +// See http://code.google.com/p/v8/issues/detail?id=193. > + > +function f() { > + return eval("var x; constructor"); > +} > + > +// It should be ok to call the constructor function returned by f. > +f()(); > + > +// The call to f should get the constructor of the receiver which is > +// the constructor of the global object. > +assertEquals(constructor, f()); > + > + > Index: src/contexts.cc > =================================================================== > --- src/contexts.cc (revision 1131) > +++ src/contexts.cc (working copy) > @@ -94,7 +94,11 @@ > // check extension/with object > if (context->has_extension()) { > Handle<JSObject> extension = Handle<JSObject>(context->extension()); > - if ((flags & FOLLOW_PROTOTYPE_CHAIN) == 0) { > + // Context extension objects needs to behave as if they have no > + // prototype. So even if we want to follow prototype chains, we > + // need to only do a local lookup for context extension objects. > + if ((flags & FOLLOW_PROTOTYPE_CHAIN) == 0 || > + extension->IsJSContextExtensionObject()) { > *attributes = extension->GetLocalPropertyAttribute(*name); > } else { > *attributes = extension->GetPropertyAttribute(*name); > > >
--~--~---------~--~----~------------~-------~--~----~ v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev -~----------~----~----~----~------~----~------~--~---
