[v8-dev] Fix receiver for calls to strict-mode and builtin functions that are (issue7096004)

Tue, 31 May 2011 00:38:18 -0700 

Reviewers: Søren Gjesse,

Description:
Fix receiver for calls to strict-mode and builtin functions that are
potentially shadowed by eval.

[email protected]
TEST=mjsunit/regress/regress-124.js


Please review this at http://codereview.chromium.org/7096004/

SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge

Affected files:
  M src/arm/full-codegen-arm.cc
  M src/ia32/full-codegen-ia32.cc
  M src/x64/full-codegen-x64.cc
  M test/mjsunit/regress/regress-124.js
  M test/mjsunit/regress/regress-1365.js


Index: src/arm/full-codegen-arm.cc
diff --git a/src/arm/full-codegen-arm.cc b/src/arm/full-codegen-arm.cc
index 98e22686d2cbe8fe55545006f64c5cc3cde7eda1..298935a47c74016056f6dcc2837a1df69e250469 100644 
--- a/src/arm/full-codegen-arm.cc
+++ b/src/arm/full-codegen-arm.cc
@@ -2300,9 +2300,9 @@ void FullCodeGenerator::VisitCall(Call* expr) {
       __ bind(&done);
       // Push function.
       __ push(r0);
-      // Push global receiver.
-      __ ldr(r1, GlobalObjectOperand());
-      __ ldr(r1, FieldMemOperand(r1, GlobalObject::kGlobalReceiverOffset));
+      // The receiver is implicitly the global receiver. Indicate this
+      // by passing the hole to the call function stub.
+      __ LoadRoot(r1, Heap::kTheHoleValueRootIndex);
       __ push(r1);
       __ bind(&call);
     }
Index: src/ia32/full-codegen-ia32.cc
diff --git a/src/ia32/full-codegen-ia32.cc b/src/ia32/full-codegen-ia32.cc
index 2e0b722697c9c64a03651293e3465d83e7237e21..9abb428838baacd780c1c1ab6fd53dfbbd051c40 100644 
--- a/src/ia32/full-codegen-ia32.cc
+++ b/src/ia32/full-codegen-ia32.cc
@@ -2230,9 +2230,9 @@ void FullCodeGenerator::VisitCall(Call* expr) {
       __ bind(&done);
       // Push function.
       __ push(eax);
-      // Push global receiver.
-      __ mov(ebx, GlobalObjectOperand());
-      __ push(FieldOperand(ebx, GlobalObject::kGlobalReceiverOffset));
+      // The receiver is implicitly the global receiver. Indicate this
+      // by passing the hole to the call function stub.
+      __ push(Immediate(isolate()->factory()->the_hole_value()));
       __ bind(&call);
     }

Index: src/x64/full-codegen-x64.cc
diff --git a/src/x64/full-codegen-x64.cc b/src/x64/full-codegen-x64.cc
index e1bb4c04d97c6c3006837190d242544dfe4abd2f..2fb85a50b036692ec25006384352817e0d8dc105 100644 
--- a/src/x64/full-codegen-x64.cc
+++ b/src/x64/full-codegen-x64.cc
@@ -2206,9 +2206,9 @@ void FullCodeGenerator::VisitCall(Call* expr) {
       __ bind(&done);
       // Push function.
       __ push(rax);
-      // Push global receiver.
-      __ movq(rbx, GlobalObjectOperand());
-      __ push(FieldOperand(rbx, GlobalObject::kGlobalReceiverOffset));
+      // The receiver is implicitly the global receiver. Indicate this
+      // by passing the hole to the call function stub.
+      __ PushRoot(Heap::kTheHoleValueRootIndex);
       __ bind(&call);
     }

Index: test/mjsunit/regress/regress-124.js
diff --git a/test/mjsunit/regress/regress-124.js b/test/mjsunit/regress/regress-124.js index e0df6f54a4742837a686b989b360afd63b230a1f..119746797d0873a16930cb80fc7ae5620034907c 100644 
--- a/test/mjsunit/regress/regress-124.js
+++ b/test/mjsunit/regress/regress-124.js
@@ -37,13 +37,13 @@ assertEquals("[object Undefined]", eval("var f; toString()")); 

 function F(f) {
   assertEquals("[object global]", this.toString());
-  assertEquals("[object global]", toString());
+  assertEquals("[object Undefined]", toString());

   assertEquals("[object global]", eval("this.toString()"));
-  assertEquals("[object global]", eval("toString()"));
+  assertEquals("[object Undefined]", eval("toString()"));

   assertEquals("[object global]", eval("var f; this.toString()"));
-  assertEquals("[object global]", eval("var f; toString()"));
+  assertEquals("[object Undefined]", eval("var f; toString()"));

   assertEquals("[object Undefined]", eval("f()"));

Index: test/mjsunit/regress/regress-1365.js
diff --git a/test/mjsunit/regress/regress-1365.js b/test/mjsunit/regress/regress-1365.js index f19bdd0856051d8857cd0b10bf0393bc08cd1838..59290f9ebc7f1e51d7a420fab1b17a0629d27aad 100644 
--- a/test/mjsunit/regress/regress-1365.js
+++ b/test/mjsunit/regress/regress-1365.js
@@ -53,13 +53,30 @@ assertThrows(callGlobalHasOwnProperty);
 function CheckExceptionCallLocal() {
   var valueOf = Object.prototype.valueOf;
   var hasOwnProperty = Object.prototype.hasOwnProperty;
-  try { valueOf(); assertUnreachable(); } catch(e) { }
-  try { hasOwnProperty(); assertUnreachable(); } catch(e) { }
+  var exception = false;
+  try { valueOf(); } catch(e) { exception = true; }
+  assertTrue(exception);
+  exception = false;
+  try { hasOwnProperty(); } catch(e) { exception = true; }
+  assertTrue(exception);
 }
 CheckExceptionCallLocal();

 function CheckExceptionCallParameter(f) {
-  try { f(); assertUnreachable(); } catch(e) { }
+  var exception = false;
+  try { f(); } catch(e) { exception = true; }
+  assertTrue(exception);
 }
 CheckExceptionCallParameter(Object.prototype.valueOf);
 CheckExceptionCallParameter(Object.prototype.hasOwnProperty);
+
+function CheckPotentiallyShadowedByEval() {
+  var exception = false;
+  try {
+    eval("hasOwnProperty('x')");
+  } catch(e) {
+    exception = true;
+  }
+  assertTrue(exception);
+}
+CheckPotentiallyShadowedByEval();


--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev

Reply via email to