[v8-dev] Fixed key enumeration for non-strict arguments. (issue7321009)

Fri, 08 Jul 2011 00:21:36 -0700 

Reviewers: Kevin Millikin,

Message:
When the parameter_map contains holes which are not filled up by the associated number dictionary, the resulting array of keys might contain undefined values. 

This fixes above issue. However I am unsure whether it maintains correct
ordering of keys in all cases.

The issue can be triggered by ietestcenter 15.2.3.6-4-297-1 which is part of
test262.

Description:
Fixed key enumeration for non-strict arguments.


The bug can be triggered by ietestcenter 15.2.3.6-4-297-1 where the  
parameter

map array contains holes.


Please review this at http://codereview.chromium.org/7321009/

SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge

Affected files:
  M src/objects.cc


Index: src/objects.cc
diff --git a/src/objects.cc b/src/objects.cc

index  
6242198ec33e9f0e1f022c9ebef5bcadd42fef00..b6a36def148e4694d3fba2356591b180f1748819  
100644

--- a/src/objects.cc
+++ b/src/objects.cc

@@ -9512,23 +9512,24 @@ int JSObject::GetLocalElementKeys(FixedArray*  
storage,

     }
     case NON_STRICT_ARGUMENTS_ELEMENTS: {
       FixedArray* parameter_map = FixedArray::cast(elements());
+      FixedArray* arguments = FixedArray::cast(parameter_map->get(1));
+      if (arguments->IsDictionary()) {
+        NumberDictionary* dictionary = NumberDictionary::cast(arguments);
+        if (storage != NULL) dictionary->CopyKeysTo(storage, filter);
+        counter += dictionary->NumberOfElementsFilterAttributes(filter);
+      }
       int length = parameter_map->length();
       for (int i = 2; i < length; ++i) {
         if (!parameter_map->get(i)->IsTheHole()) {
-          if (storage != NULL) storage->set(i - 2, Smi::FromInt(i - 2));
+          if (storage != NULL) storage->set(counter, Smi::FromInt(i - 2));
           ++counter;
         }
       }
-      FixedArray* arguments = FixedArray::cast(parameter_map->get(1));
-      if (arguments->IsDictionary()) {
-        NumberDictionary* dictionary = NumberDictionary::cast(arguments);
-        if (storage != NULL) dictionary->CopyKeysTo(storage, filter);
-        counter += dictionary->NumberOfElementsFilterAttributes(filter);
-      } else {
+      if (!arguments->IsDictionary()) {
         int length = arguments->length();
         for (int i = 0; i < length; ++i) {
           if (!arguments->get(i)->IsTheHole()) {
-            if (storage != NULL) storage->set(i, Smi::FromInt(i));
+            if (storage != NULL) storage->set(counter, Smi::FromInt(i));
             ++counter;
           }
         }


--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev














    











					Reply via email to