Author: kmilli...@chromium.org Date: Mon Feb 2 04:05:13 2009 New Revision: 1203
Added: branches/bleeding_edge/test/mjsunit/regress/regress-220.js Modified: branches/bleeding_edge/src/codegen-arm.cc branches/bleeding_edge/src/codegen-ia32.cc Log: Fix for off-by-one when initializing a constant or function declaration that was not a slot. Review URL: http://codereview.chromium.org/19745 Modified: branches/bleeding_edge/src/codegen-arm.cc ============================================================================== --- branches/bleeding_edge/src/codegen-arm.cc (original) +++ branches/bleeding_edge/src/codegen-arm.cc Mon Feb 2 04:05:13 2009 @@ -1144,15 +1144,15 @@ } if (val != NULL) { - // Set initial value. - Reference target(this, node->proxy()); - ASSERT(target.is_slot()); - Load(val); - target.SetValue(NOT_CONST_INIT); - // Get rid of the assigned value (declarations are statements). It's - // safe to pop the value lying on top of the reference before unloading - // the reference itself (which preserves the top of stack) because we - // know it is a zero-sized reference. + { + // Set initial value. + Reference target(this, node->proxy()); + Load(val); + target.SetValue(NOT_CONST_INIT); + // The reference is removed from the stack (preserving TOS) when + // it goes out of scope. + } + // Get rid of the assigned value (declarations are statements). frame_->Pop(); } } Modified: branches/bleeding_edge/src/codegen-ia32.cc ============================================================================== --- branches/bleeding_edge/src/codegen-ia32.cc (original) +++ branches/bleeding_edge/src/codegen-ia32.cc Mon Feb 2 04:05:13 2009 @@ -1431,15 +1431,15 @@ } if (val != NULL) { - // Set initial value. - Reference target(this, node->proxy()); - ASSERT(target.is_slot()); - Load(val); - target.SetValue(NOT_CONST_INIT); - // Get rid of the assigned value (declarations are statements). It's - // safe to pop the value lying on top of the reference before unloading - // the reference itself (which preserves the top of stack) because we - // know that it is a zero-sized reference. + { + // Set initial value. + Reference target(this, node->proxy()); + Load(val); + target.SetValue(NOT_CONST_INIT); + // The reference is removed from the stack (preserving TOS) when + // it goes out of scope. + } + // Get rid of the assigned value (declarations are statements). frame_->Pop(); } } Added: branches/bleeding_edge/test/mjsunit/regress/regress-220.js ============================================================================== --- (empty file) +++ branches/bleeding_edge/test/mjsunit/regress/regress-220.js Mon Feb 2 04:05:13 2009 @@ -0,0 +1,31 @@ +// Copyright 2009 the V8 project authors. All rights reserved. +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following +// disclaimer in the documentation and/or other materials provided +// with the distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived +// from this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +function foo(f) { eval(f); } + +// Ensure that compiling a declaration of a function does not crash. +foo("function (x) { with ({x: []}) function x(){} }"); --~--~---------~--~----~------------~-------~--~----~ v8-dev mailing list v8-dev@googlegroups.com http://groups.google.com/group/v8-dev -~----------~----~----~----~------~----~------~--~---