[v8-dev] Fix some bugs in Function.prototype.bind implementation. (issue2878057)

Tue, 27 Jul 2010 01:48:31 -0700 

Reviewers: William Hesse, Rico,

Message:
CC: ricow

Description:
Fix some bugs in Function.prototype.bind implementation.
Correctly handle not passing thisArg.
Fixes to NewObjectFromBound to use correct argument count, not leak memory,
and handle constructors that throw exceptions.

Please review this at http://codereview.chromium.org/2878057/show

Affected files:
  M src/runtime.cc
  M src/v8natives.js


Index: src/runtime.cc
diff --git a/src/runtime.cc b/src/runtime.cc
index a6924a0ff362250918b8af2b6b1b3eb77087faee..4063a0fc7d751aa86c4fd47ab46b2e1e9d05bcf9 100644 
--- a/src/runtime.cc
+++ b/src/runtime.cc
@@ -6757,17 +6757,23 @@ static Object* Runtime_NewObjectFromBound(Arguments args) { 
   CONVERT_ARG_CHECKED(JSFunction, function, 0);
   CONVERT_ARG_CHECKED(JSArray, params, 1);

+  RUNTIME_ASSERT(params->HasFastElements());
   FixedArray* fixed = FixedArray::cast(params->elements());

-  bool exception = false;
-  Object*** param_data = NewArray<Object**>(fixed->length());
-  for (int i = 0; i < fixed->length();  i++) {
+  int fixed_length = Smi::cast(params->length())->value();
+  SmartPointer<Object**> param_data(NewArray<Object**>(fixed_length));
+  for (int i = 0; i < fixed_length; i++) {
     Handle<Object> val = Handle<Object>(fixed->get(i));
     param_data[i] = val.location();
   }

+  bool exception = false;
   Handle<Object> result = Execution::New(
-      function, fixed->length(), param_data, &exception);
+      function, fixed_length, *param_data, &exception);
+  if (exception) {
+      return Failure::Exception();
+  }
+  ASSERT(!result.is_null());
   return *result;
 }

Index: src/v8natives.js
diff --git a/src/v8natives.js b/src/v8natives.js
index 18e56c38ef5ada19a43fa4ef0da68530cc0deeaf..6eb13719638a9359fb30e3361e660b990e2fc8cb 100644 
--- a/src/v8natives.js
+++ b/src/v8natives.js
@@ -1105,7 +1105,7 @@ function FunctionBind(this_arg) { // Length is 1.
       throw new $TypeError('Bind must be called on a function');
   }
   // this_arg is not an argument that should be bound.
-  var argc_bound = %_ArgumentsLength() - 1;
+  var argc_bound = (%_ArgumentsLength() || 1) - 1;
   if (argc_bound > 0) {
     var bound_args = new $Array(argc_bound);
     for(var i = 0; i < argc_bound; i++) {


--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev

Reply via email to