[v8-dev] [v8 commit] r1203 - in branches/bleeding_edge: src test/mjsunit/regress

Mon, 02 Feb 2009 04:11:27 -0800 

Author: kmilli...@chromium.org
Date: Mon Feb  2 04:05:13 2009
New Revision: 1203

Added:
    branches/bleeding_edge/test/mjsunit/regress/regress-220.js
Modified:
    branches/bleeding_edge/src/codegen-arm.cc
    branches/bleeding_edge/src/codegen-ia32.cc

Log:
Fix for off-by-one when initializing a constant or function
declaration that was not a slot.
Review URL: http://codereview.chromium.org/19745

Modified: branches/bleeding_edge/src/codegen-arm.cc
==============================================================================
--- branches/bleeding_edge/src/codegen-arm.cc   (original)
+++ branches/bleeding_edge/src/codegen-arm.cc   Mon Feb  2 04:05:13 2009
@@ -1144,15 +1144,15 @@
    }

    if (val != NULL) {
-    // Set initial value.
-    Reference target(this, node->proxy());
-    ASSERT(target.is_slot());
-    Load(val);
-    target.SetValue(NOT_CONST_INIT);
-    // Get rid of the assigned value (declarations are statements).  It's
-    // safe to pop the value lying on top of the reference before unloading
-    // the reference itself (which preserves the top of stack) because we
-    // know it is a zero-sized reference.
+    {
+      // Set initial value.
+      Reference target(this, node->proxy());
+      Load(val);
+      target.SetValue(NOT_CONST_INIT);
+      // The reference is removed from the stack (preserving TOS) when
+      // it goes out of scope.
+    }
+    // Get rid of the assigned value (declarations are statements).
      frame_->Pop();
    }
  }

Modified: branches/bleeding_edge/src/codegen-ia32.cc
==============================================================================
--- branches/bleeding_edge/src/codegen-ia32.cc  (original)
+++ branches/bleeding_edge/src/codegen-ia32.cc  Mon Feb  2 04:05:13 2009
@@ -1431,15 +1431,15 @@
    }

    if (val != NULL) {
-    // Set initial value.
-    Reference target(this, node->proxy());
-    ASSERT(target.is_slot());
-    Load(val);
-    target.SetValue(NOT_CONST_INIT);
-    // Get rid of the assigned value (declarations are statements).  It's
-    // safe to pop the value lying on top of the reference before unloading
-    // the reference itself (which preserves the top of stack) because we
-    // know that it is a zero-sized reference.
+    {
+      // Set initial value.
+      Reference target(this, node->proxy());
+      Load(val);
+      target.SetValue(NOT_CONST_INIT);
+      // The reference is removed from the stack (preserving TOS) when
+      // it goes out of scope.
+    }
+    // Get rid of the assigned value (declarations are statements).
      frame_->Pop();
    }
  }

Added: branches/bleeding_edge/test/mjsunit/regress/regress-220.js
==============================================================================
--- (empty file)
+++ branches/bleeding_edge/test/mjsunit/regress/regress-220.js  Mon Feb  2  
04:05:13 2009
@@ -0,0 +1,31 @@
+// Copyright 2009 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+//       notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer in the documentation and/or other materials provided
+//       with the distribution.
+//     * Neither the name of Google Inc. nor the names of its
+//       contributors may be used to endorse or promote products derived
+//       from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+function foo(f) { eval(f); }
+
+// Ensure that compiling a declaration of a function does not crash.
+foo("function (x) { with ({x: []}) function x(){} }");

--~--~---------~--~----~------------~-------~--~----~
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev
-~----------~----~----~----~------~----~------~--~---

Reply via email to