[v8-dev] [v8] r12459 committed - Back port r12439 and r12442 to the 3.9 branch:...

Thu, 06 Sep 2012 01:21:07 -0700 

Revision: 12459
Author:   [email protected]
Date:     Thu Sep  6 01:20:40 2012
Log:      Back port r12439 and r12442 to the 3.9 branch:
Fix some corner cases in skipping native methods using caller.
Fix binding in new Function().
Review URL: https://chromiumcodereview.appspot.com/10919117
http://code.google.com/p/v8/source/detail?r=12459

Added:
 /branches/3.9/test/mjsunit/new-function.js
 /branches/3.9/test/mjsunit/regress/regress-145201.js
Modified:
 /branches/3.9/src/accessors.cc
 /branches/3.9/src/v8natives.js
 /branches/3.9/src/version.cc

=======================================
--- /dev/null
+++ /branches/3.9/test/mjsunit/new-function.js  Thu Sep  6 01:20:40 2012
@@ -0,0 +1,34 @@
+// Copyright 2012 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+//       notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer in the documentation and/or other materials provided
+//       with the distribution.
+//     * Neither the name of Google Inc. nor the names of its
+//       contributors may be used to endorse or promote products derived
+//       from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+var x;
+try {
+  Function("}), x = this, (function() {");
+} catch(e) {
+  print("Caught " + e);
+}
+assertTrue(x == "[object global]");
=======================================
--- /dev/null
+++ /branches/3.9/test/mjsunit/regress/regress-145201.js Thu Sep 6 01:20:40 2012 
@@ -0,0 +1,107 @@
+// Copyright 2012 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+//       notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer in the documentation and/or other materials provided
+//       with the distribution.
+//     * Neither the name of Google Inc. nor the names of its
+//       contributors may be used to endorse or promote products derived
+//       from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Fix some corner cases in skipping native methods using caller.
+var net = [];
+
+
+var x = 0;
+
+function collect () {
+  function item(operator) {
+    binary(operator, 1, false);
+    binary(operator, 1, true);
+    binary(operator, '{}', false);
+    binary(operator, '{}', true);
+    binary(operator, '"x"', false);
+    binary(operator, '"x"', true);
+    unary(operator, "");
+  }
+
+  function unary(op, after) {
+    // Capture:
+    try {
+      eval(op + " custom " + after);
+    } catch(e) {
+    }
+  }
+
+  function binary(op, other_side, inverted) {
+    // Capture:
+    try {
+      if (inverted) {
+        eval("custom " + op + " " + other_side);
+      } else {
+        eval(other_side + " " + op + " custom");
+      }
+    } catch(e) {
+    }
+  }
+
+  function catcher() {
+    var caller = catcher.caller;
+    if (/native/i.test(caller) || /ADD/.test(caller)) {
+      net[caller] = 0;
+    }
+  }
+
+  var custom = Object.create(null, {
+    toString: { value: catcher },
+    length: { get: catcher }
+  });
+
+  item('^');
+  item('~');
+  item('<<');
+  item('<');
+  item('==');
+  item('>>>');
+  item('>>');
+  item('|');
+  item('-');
+  item('*');
+  item('&');
+  item('%');
+  item('+');
+  item('in');
+  item('instanceof');
+  unary('{}[', ']');
+  unary('delete {}[', ']');
+  unary('(function() {}).apply(null, ', ')');
+}
+
+collect();
+collect();
+collect();
+
+var keys = 0;
+for (var key in net) {
+  print(key);
+  keys++;
+}
+
+assertTrue(keys == 0);
=======================================
--- /branches/3.9/src/accessors.cc      Wed Feb  1 02:48:36 2012
+++ /branches/3.9/src/accessors.cc      Thu Sep  6 01:20:40 2012
@@ -755,6 +755,9 @@
     caller = potential_caller;
     potential_caller = it.next();
   }
+  if (!caller->shared()->native() && potential_caller != NULL) {
+    caller = potential_caller;
+  }
   // If caller is bound, return null. This is compatible with JSC, and
   // allows us to make bound functions use the strict function map
   // and its associated throwing caller and arguments.
=======================================
--- /branches/3.9/src/v8natives.js      Fri Mar  9 02:52:05 2012
+++ /branches/3.9/src/v8natives.js      Thu Sep  6 01:20:40 2012
@@ -1654,7 +1654,9 @@

   // The call to SetNewFunctionAttributes will ensure the prototype
   // property of the resulting function is enumerable (ECMA262, 15.3.5.2).
-  var f = %CompileString(source)();
+  var global_receiver = %GlobalReceiver(global);
+  var f = %_CallFunction(global_receiver, %CompileString(source));
+
   %FunctionMarkNameShouldPrintAsAnonymous(f);
   return %SetNewFunctionAttributes(f);
 }
=======================================
--- /branches/3.9/src/version.cc        Fri Aug 17 05:29:37 2012
+++ /branches/3.9/src/version.cc        Thu Sep  6 01:20:40 2012
@@ -35,7 +35,7 @@
 #define MAJOR_VERSION     3
 #define MINOR_VERSION     9
 #define BUILD_NUMBER      24
-#define PATCH_LEVEL       32
+#define PATCH_LEVEL       33
 // Use 1 for candidates and 0 otherwise.
 // (Boolean macro values are not supported by all preprocessors.)
 #define IS_CANDIDATE_VERSION 0

--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev

Reply via email to