Revision: 12460
Author: [email protected]
Date: Thu Sep 6 01:20:59 2012
Log: Back port r12439 and r12442 to the 3.8 branch:
Fix some corner cases in skipping native methods using caller.
Fix binding in new Function().
Review URL: https://chromiumcodereview.appspot.com/10912118
http://code.google.com/p/v8/source/detail?r=12460
Added:
/branches/3.8/test/mjsunit/new-function.js
/branches/3.8/test/mjsunit/regress/regress-145201.js
Modified:
/branches/3.8/src/accessors.cc
/branches/3.8/src/v8natives.js
/branches/3.8/src/version.cc
=======================================
--- /dev/null
+++ /branches/3.8/test/mjsunit/new-function.js Thu Sep 6 01:20:59 2012
@@ -0,0 +1,34 @@
+// Copyright 2012 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following
+// disclaimer in the documentation and/or other materials provided
+// with the distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+var x;
+try {
+ Function("}), x = this, (function() {");
+} catch(e) {
+ print("Caught " + e);
+}
+assertTrue(x == "[object global]");
=======================================
--- /dev/null
+++ /branches/3.8/test/mjsunit/regress/regress-145201.js Thu Sep 6
01:20:59 2012
@@ -0,0 +1,107 @@
+// Copyright 2012 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following
+// disclaimer in the documentation and/or other materials provided
+// with the distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Fix some corner cases in skipping native methods using caller.
+var net = [];
+
+
+var x = 0;
+
+function collect () {
+ function item(operator) {
+ binary(operator, 1, false);
+ binary(operator, 1, true);
+ binary(operator, '{}', false);
+ binary(operator, '{}', true);
+ binary(operator, '"x"', false);
+ binary(operator, '"x"', true);
+ unary(operator, "");
+ }
+
+ function unary(op, after) {
+ // Capture:
+ try {
+ eval(op + " custom " + after);
+ } catch(e) {
+ }
+ }
+
+ function binary(op, other_side, inverted) {
+ // Capture:
+ try {
+ if (inverted) {
+ eval("custom " + op + " " + other_side);
+ } else {
+ eval(other_side + " " + op + " custom");
+ }
+ } catch(e) {
+ }
+ }
+
+ function catcher() {
+ var caller = catcher.caller;
+ if (/native/i.test(caller) || /ADD/.test(caller)) {
+ net[caller] = 0;
+ }
+ }
+
+ var custom = Object.create(null, {
+ toString: { value: catcher },
+ length: { get: catcher }
+ });
+
+ item('^');
+ item('~');
+ item('<<');
+ item('<');
+ item('==');
+ item('>>>');
+ item('>>');
+ item('|');
+ item('-');
+ item('*');
+ item('&');
+ item('%');
+ item('+');
+ item('in');
+ item('instanceof');
+ unary('{}[', ']');
+ unary('delete {}[', ']');
+ unary('(function() {}).apply(null, ', ')');
+}
+
+collect();
+collect();
+collect();
+
+var keys = 0;
+for (var key in net) {
+ print(key);
+ keys++;
+}
+
+assertTrue(keys == 0);
=======================================
--- /branches/3.8/src/accessors.cc Wed Jan 25 23:37:54 2012
+++ /branches/3.8/src/accessors.cc Thu Sep 6 01:20:59 2012
@@ -765,6 +765,9 @@
caller = potential_caller;
potential_caller = it.next();
}
+ if (!caller->shared()->native() && potential_caller != NULL) {
+ caller = potential_caller;
+ }
// If caller is bound, return null. This is compatible with JSC, and
// allows us to make bound functions use the strict function map
// and its associated throwing caller and arguments.
=======================================
--- /branches/3.8/src/v8natives.js Tue Dec 13 00:07:27 2011
+++ /branches/3.8/src/v8natives.js Thu Sep 6 01:20:59 2012
@@ -1635,7 +1635,9 @@
// The call to SetNewFunctionAttributes will ensure the prototype
// property of the resulting function is enumerable (ECMA262, 15.3.5.2).
- var f = %CompileString(source)();
+ var global_receiver = %GlobalReceiver(global);
+ var f = %_CallFunction(global_receiver, %CompileString(source));
+
%FunctionMarkNameShouldPrintAsAnonymous(f);
return %SetNewFunctionAttributes(f);
}
=======================================
--- /branches/3.8/src/version.cc Fri Aug 17 06:07:21 2012
+++ /branches/3.8/src/version.cc Thu Sep 6 01:20:59 2012
@@ -35,7 +35,7 @@
#define MAJOR_VERSION 3
#define MINOR_VERSION 8
#define BUILD_NUMBER 9
-#define PATCH_LEVEL 27
+#define PATCH_LEVEL 28
// Use 1 for candidates and 0 otherwise.
// (Boolean macro values are not supported by all preprocessors.)
#define IS_CANDIDATE_VERSION 0
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
