Reviewers: Mads Ager,
Message:
Mads,
may you have a look?
I've added three bailout checks, but managed to test only the last one. I
can
hit the path of first check, but cannot make it fail. And I cannot hit the
path
of the second check. In any event, those bailouts shouldn't hurt (me
thinks)
Description:
1) Return failure if any of property sets failed;
2) We cannot assert the declared property will go to the extension in the
presence of callbacks and interceptors.
BUG=1119
TEST=test/mjsunit/regress/regress-1119.js
Please review this at http://codereview.chromium.org/6454011/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files:
M src/runtime.cc
A test/mjsunit/regress/regress-1119.js
Index: src/runtime.cc
diff --git a/src/runtime.cc b/src/runtime.cc
index
3e38d388d8c9607a6cb9f4b066129c5ea2f247fb..1993f4dda7a96d6dd23cae35c88cc9bfae3bd20c
100644
--- a/src/runtime.cc
+++ b/src/runtime.cc
@@ -1143,12 +1143,15 @@ static MaybeObject*
Runtime_DeclareContextSlot(Arguments args) {
} else {
// The holder is an arguments object.
Handle<JSObject> arguments(Handle<JSObject>::cast(holder));
- SetElement(arguments, index, initial_value);
+ Handle<Object> result = SetElement(arguments, index,
initial_value);
+ if (result.is_null()) return Failure::Exception();
}
} else {
// Slow case: The property is not in the FixedArray part of the
context.
Handle<JSObject> context_ext = Handle<JSObject>::cast(holder);
- SetProperty(context_ext, name, initial_value, mode);
+ Handle<Object> result =
+ SetProperty(context_ext, name, initial_value, mode);
+ if (result.is_null()) return Failure::Exception();
}
}
@@ -1175,8 +1178,8 @@ static MaybeObject*
Runtime_DeclareContextSlot(Arguments args) {
ASSERT(!context_ext->HasLocalProperty(*name));
Handle<Object> value(Heap::undefined_value());
if (*initial_value != NULL) value = initial_value;
- SetProperty(context_ext, name, value, mode);
- ASSERT(context_ext->GetLocalPropertyAttribute(*name) == mode);
+ Handle<Object> result = SetProperty(context_ext, name, value, mode);
+ if (result.is_null()) return Failure::Exception();
}
return Heap::undefined_value();
Index: test/mjsunit/regress/regress-1119.js
diff --git a/test/mjsunit/regress/regress-1119.js
b/test/mjsunit/regress/regress-1119.js
new file mode 100644
index
0000000000000000000000000000000000000000..484893c95b8289a5283cac7fe6ab0a2ff22a696f
--- /dev/null
+++ b/test/mjsunit/regress/regress-1119.js
@@ -0,0 +1,45 @@
+// Copyright 2011 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following
+// disclaimer in the documentation and/or other materials provided
+// with the distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Test runtime declaration of properties with var which are intercepted
+// by JS accessors.
+
+__proto__.__defineSetter__("x", function() { hasBeenInvoked = true; });
+__proto__.__defineSetter__("y", function() { throw 'exception'; });
+
+var hasBeenInvoked = false;
+eval("try { } catch (e) { var x = false; }");
+assertTrue(hasBeenInvoked);
+
+var exception;
+try {
+ eval("try { } catch (e) { var y = false; }");
+ assertUnreachable();
+} catch (e) {
+ exception = e;
+}
+assertEquals('exception', exception);
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
