Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (96437 => 96438)
--- trunk/Source/_javascript_Core/ChangeLog 2011-09-30 23:30:59 UTC (rev 96437)
+++ trunk/Source/_javascript_Core/ChangeLog 2011-09-30 23:54:44 UTC (rev 96438)
@@ -1,5 +1,30 @@
2011-09-30 Gavin Barraclough <barraclo...@apple.com>
+ StringRecursionChecker should not work in terms of EncodedJSValue
+ https://bugs.webkit.org/show_bug.cgi?id=69188
+
+ Reviewed by Oliver Hunt.
+
+ 0 is not the empty value on 32_64.
+ Code that casts literals to EncodedJSValues may be unsafe if we change our internal representation.
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncToString):
+ (JSC::arrayProtoFuncToLocaleString):
+ (JSC::arrayProtoFuncJoin):
+ * runtime/ErrorPrototype.cpp:
+ (JSC::errorProtoFuncToString):
+ * runtime/RegExpPrototype.cpp:
+ (JSC::regExpProtoFuncToString):
+ * runtime/StringRecursionChecker.cpp:
+ (JSC::StringRecursionChecker::throwStackOverflowError):
+ (JSC::StringRecursionChecker::emptyString):
+ * runtime/StringRecursionChecker.h:
+ (JSC::StringRecursionChecker::performCheck):
+ (JSC::StringRecursionChecker::earlyReturnValue):
+
+2011-09-30 Gavin Barraclough <barraclo...@apple.com>
+
DFG JIT, Branch on integer can always be a 32-bit compare.
https://bugs.webkit.org/show_bug.cgi?id=69174
Modified: trunk/Source/_javascript_Core/runtime/ArrayPrototype.cpp (96437 => 96438)
--- trunk/Source/_javascript_Core/runtime/ArrayPrototype.cpp 2011-09-30 23:30:59 UTC (rev 96437)
+++ trunk/Source/_javascript_Core/runtime/ArrayPrototype.cpp 2011-09-30 23:54:44 UTC (rev 96438)
@@ -180,8 +180,8 @@
return JSValue::encode(jsUndefined());
StringRecursionChecker checker(exec, thisObj);
- if (EncodedJSValue earlyReturnValue = checker.earlyReturnValue())
- return earlyReturnValue;
+ if (JSValue earlyReturnValue = checker.earlyReturnValue())
+ return JSValue::encode(earlyReturnValue);
unsigned totalSize = length ? length - 1 : 0;
#if OS(SYMBIAN)
@@ -243,8 +243,8 @@
return JSValue::encode(jsUndefined());
StringRecursionChecker checker(exec, thisObj);
- if (EncodedJSValue earlyReturnValue = checker.earlyReturnValue())
- return earlyReturnValue;
+ if (JSValue earlyReturnValue = checker.earlyReturnValue())
+ return JSValue::encode(earlyReturnValue);
JSStringBuilder strBuffer;
for (unsigned k = 0; k < length; k++) {
@@ -277,8 +277,8 @@
return JSValue::encode(jsUndefined());
StringRecursionChecker checker(exec, thisObj);
- if (EncodedJSValue earlyReturnValue = checker.earlyReturnValue())
- return earlyReturnValue;
+ if (JSValue earlyReturnValue = checker.earlyReturnValue())
+ return JSValue::encode(earlyReturnValue);
JSStringBuilder strBuffer;
Modified: trunk/Source/_javascript_Core/runtime/ErrorPrototype.cpp (96437 => 96438)
--- trunk/Source/_javascript_Core/runtime/ErrorPrototype.cpp 2011-09-30 23:30:59 UTC (rev 96437)
+++ trunk/Source/_javascript_Core/runtime/ErrorPrototype.cpp 2011-09-30 23:54:44 UTC (rev 96438)
@@ -79,8 +79,8 @@
JSObject* thisObj = exec->hostThisValue().toThisObject(exec);
StringRecursionChecker checker(exec, thisObj);
- if (EncodedJSValue earlyReturnValue = checker.earlyReturnValue())
- return earlyReturnValue;
+ if (JSValue earlyReturnValue = checker.earlyReturnValue())
+ return JSValue::encode(earlyReturnValue);
JSValue name = thisObj->get(exec, exec->propertyNames().name);
JSValue message = thisObj->get(exec, exec->propertyNames().message);
Modified: trunk/Source/_javascript_Core/runtime/RegExpPrototype.cpp (96437 => 96438)
--- trunk/Source/_javascript_Core/runtime/RegExpPrototype.cpp 2011-09-30 23:30:59 UTC (rev 96437)
+++ trunk/Source/_javascript_Core/runtime/RegExpPrototype.cpp 2011-09-30 23:54:44 UTC (rev 96438)
@@ -142,8 +142,8 @@
RegExpObject* thisObject = asRegExpObject(thisValue);
StringRecursionChecker checker(exec, thisObject);
- if (EncodedJSValue earlyReturnValue = checker.earlyReturnValue())
- return earlyReturnValue;
+ if (JSValue earlyReturnValue = checker.earlyReturnValue())
+ return JSValue::encode(earlyReturnValue);
char postfix[5] = { '/', 0, 0, 0, 0 };
int index = 1;
Modified: trunk/Source/_javascript_Core/runtime/StringRecursionChecker.cpp (96437 => 96438)
--- trunk/Source/_javascript_Core/runtime/StringRecursionChecker.cpp 2011-09-30 23:30:59 UTC (rev 96437)
+++ trunk/Source/_javascript_Core/runtime/StringRecursionChecker.cpp 2011-09-30 23:54:44 UTC (rev 96438)
@@ -25,14 +25,14 @@
namespace JSC {
-EncodedJSValue StringRecursionChecker::throwStackOverflowError()
+JSValue StringRecursionChecker::throwStackOverflowError()
{
- return throwVMError(m_exec, createStackOverflowError(m_exec));
+ return throwError(m_exec, createStackOverflowError(m_exec));
}
-EncodedJSValue StringRecursionChecker::emptyString()
+JSValue StringRecursionChecker::emptyString()
{
- return JSValue::encode(jsEmptyString(m_exec));
+ return jsEmptyString(m_exec);
}
}
Modified: trunk/Source/_javascript_Core/runtime/StringRecursionChecker.h (96437 => 96438)
--- trunk/Source/_javascript_Core/runtime/StringRecursionChecker.h 2011-09-30 23:30:59 UTC (rev 96437)
+++ trunk/Source/_javascript_Core/runtime/StringRecursionChecker.h 2011-09-30 23:54:44 UTC (rev 96438)
@@ -31,19 +31,19 @@
StringRecursionChecker(ExecState*, JSObject* thisObject);
~StringRecursionChecker();
- EncodedJSValue earlyReturnValue() const; // 0 if everything is OK, value to return for failure cases
+ JSValue earlyReturnValue() const; // 0 if everything is OK, value to return for failure cases
private:
- EncodedJSValue throwStackOverflowError();
- EncodedJSValue emptyString();
- EncodedJSValue performCheck();
+ JSValue throwStackOverflowError();
+ JSValue emptyString();
+ JSValue performCheck();
ExecState* m_exec;
JSObject* m_thisObject;
- EncodedJSValue m_earlyReturnValue;
+ JSValue m_earlyReturnValue;
};
-inline EncodedJSValue StringRecursionChecker::performCheck()
+inline JSValue StringRecursionChecker::performCheck()
{
int size = m_exec->globalData().stringRecursionCheckVisitedObjects.size();
if (size >= MaxSmallThreadReentryDepth && size >= m_exec->globalData().maxReentryDepth)
@@ -51,7 +51,7 @@
bool alreadyVisited = !m_exec->globalData().stringRecursionCheckVisitedObjects.add(m_thisObject).second;
if (alreadyVisited)
return emptyString(); // Return empty string to avoid infinite recursion.
- return 0; // Indicate success.
+ return JSValue(); // Indicate success.
}
inline StringRecursionChecker::StringRecursionChecker(ExecState* exec, JSObject* thisObject)
@@ -61,7 +61,7 @@
{
}
-inline EncodedJSValue StringRecursionChecker::earlyReturnValue() const
+inline JSValue StringRecursionChecker::earlyReturnValue() const
{
return m_earlyReturnValue;
}