Revision: 3512 Author: [email protected] Date: Tue Dec 22 01:48:55 2009 Log: Check for undefined in the binary operation stub when convertion to int32 for bitops. undefined converts to zero in ToInt32 conversions.
Review URL: http://codereview.chromium.org/508020 http://code.google.com/p/v8/source/detail?r=3512 Added: /branches/bleeding_edge/test/mjsunit/bitwise-operations-undefined.js Modified: /branches/bleeding_edge/src/ia32/codegen-ia32.cc ======================================= --- /dev/null +++ /branches/bleeding_edge/test/mjsunit/bitwise-operations-undefined.js Tue Dec 22 01:48:55 2009 @@ -0,0 +1,49 @@ +// Copyright 2009 the V8 project authors. All rights reserved. +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following +// disclaimer in the documentation and/or other materials provided +// with the distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived +// from this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +// Test bitwise operations with undefined. + +function testUndefinedLeftHandSide() { + assertEquals(undefined | 1, 1); + assertEquals(undefined & 1, 0); + assertEquals(undefined ^ 1, 1); + assertEquals(undefined << 1, 0); + assertEquals(undefined >> 1, 0); + assertEquals(undefined >>> 1, 0); +} + +function testUndefinedRightHandSide() { + assertEquals(1 | undefined, 1); + assertEquals(1 & undefined, 0); + assertEquals(1 ^ undefined, 1); + assertEquals(1 << undefined, 1); + assertEquals(1 >> undefined, 1); + assertEquals(1 >>> undefined, 1); +} + +testUndefinedLeftHandSide(); +testUndefinedRightHandSide(); ======================================= --- /branches/bleeding_edge/src/ia32/codegen-ia32.cc Mon Dec 21 07:09:26 2009 +++ /branches/bleeding_edge/src/ia32/codegen-ia32.cc Tue Dec 22 01:48:55 2009 @@ -7553,18 +7553,26 @@ bool use_sse3, Label* conversion_failure) { // Check float operands. - Label arg1_is_object, arg2_is_object, load_arg2; - Label done; + Label arg1_is_object, check_undefined_arg1; + Label arg2_is_object, check_undefined_arg2; + Label load_arg2, done; __ test(edx, Immediate(kSmiTagMask)); __ j(not_zero, &arg1_is_object); __ SmiUntag(edx); __ jmp(&load_arg2); + // If the argument is undefined it converts to zero (ECMA-262, section 9.5). + __ bind(&check_undefined_arg1); + __ cmp(edx, Factory::undefined_value()); + __ j(not_equal, conversion_failure); + __ mov(edx, Immediate(0)); + __ jmp(&load_arg2); + __ bind(&arg1_is_object); __ mov(ebx, FieldOperand(edx, HeapObject::kMapOffset)); __ cmp(ebx, Factory::heap_number_map()); - __ j(not_equal, conversion_failure); + __ j(not_equal, &check_undefined_arg1); // Get the untagged integer version of the edx heap number in ecx. IntegerConvert(masm, edx, use_sse3, conversion_failure); __ mov(edx, ecx); @@ -7578,10 +7586,17 @@ __ mov(ecx, eax); __ jmp(&done); + // If the argument is undefined it converts to zero (ECMA-262, section 9.5). + __ bind(&check_undefined_arg2); + __ cmp(eax, Factory::undefined_value()); + __ j(not_equal, conversion_failure); + __ mov(ecx, Immediate(0)); + __ jmp(&done); + __ bind(&arg2_is_object); __ mov(ebx, FieldOperand(eax, HeapObject::kMapOffset)); __ cmp(ebx, Factory::heap_number_map()); - __ j(not_equal, conversion_failure); + __ j(not_equal, &check_undefined_arg2); // Get the untagged integer version of the eax heap number in ecx. IntegerConvert(masm, eax, use_sse3, conversion_failure); __ bind(&done); -- v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev
