Changeset 202487 in webkit
- Timestamp:
- Jun 27, 2016 9:48:31 AM (8 years ago)
- Location:
- trunk/Source/JavaScriptCore
- Files:
-
- 1 added
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/ChangeLog
r202463 r202487 1 2016-06-25 Keith Miller <keith_miller@apple.com> 2 3 DFGByteCodeParsing does not handle calling the Object constructor with no arguments correctly 4 https://bugs.webkit.org/show_bug.cgi?id=159117 5 <rdar://problem/26996781> 6 7 Reviewed by Saam Barati. 8 9 DFGByteCodeParsing always assumed there would be an argument to the Object constructor. 10 This is clearly not always the case and we should be able to handle it. 11 12 * dfg/DFGByteCodeParser.cpp: 13 (JSC::DFG::ByteCodeParser::handleConstantInternalFunction): 14 * tests/stress/indirect-call-object-constructor-with-no-arguments.js: Added. 15 (let.foo.Object.test): 16 1 17 2016-06-24 Filip Pizlo <fpizlo@apple.com> 2 18 -
trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
r202435 r202487 2691 2691 insertChecks(); 2692 2692 2693 Node* result = addToGraph(CallObjectConstructor, get(virtualRegisterForArgument(1, registerOffset))); 2693 Node* result; 2694 if (argumentCountIncludingThis <= 1) 2695 result = addToGraph(NewObject, OpInfo(function->globalObject()->objectStructureForObjectConstructor())); 2696 else 2697 result = addToGraph(CallObjectConstructor, get(virtualRegisterForArgument(1, registerOffset))); 2694 2698 set(VirtualRegister(resultOperand), result); 2695 2699 return true;
Note: See TracChangeset
for help on using the changeset viewer.