Changeset 202487 in webkit


Ignore:
Timestamp:
Jun 27, 2016 9:48:31 AM (8 years ago)
Author:
keith_miller@apple.com
Message:

DFGByteCodeParsing does not handle calling the Object constructor with no arguments correctly
https://bugs.webkit.org/show_bug.cgi?id=159117
<rdar://problem/26996781>

Reviewed by Saam Barati.

DFGByteCodeParsing always assumed there would be an argument to the Object constructor.
This is clearly not always the case and we should be able to handle it.

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleConstantInternalFunction):

  • tests/stress/indirect-call-object-constructor-with-no-arguments.js: Added.

(let.foo.Object.test):

Location:
trunk/Source/JavaScriptCore
Files:
1 added
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/JavaScriptCore/ChangeLog

    r202463 r202487  
     12016-06-25  Keith Miller  <keith_miller@apple.com>
     2
     3        DFGByteCodeParsing does not handle calling the Object constructor with no arguments correctly
     4        https://bugs.webkit.org/show_bug.cgi?id=159117
     5        <rdar://problem/26996781>
     6
     7        Reviewed by Saam Barati.
     8
     9        DFGByteCodeParsing always assumed there would be an argument to the Object constructor.
     10        This is clearly not always the case and we should be able to handle it.
     11
     12        * dfg/DFGByteCodeParser.cpp:
     13        (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
     14        * tests/stress/indirect-call-object-constructor-with-no-arguments.js: Added.
     15        (let.foo.Object.test):
     16
    1172016-06-24  Filip Pizlo  <fpizlo@apple.com>
    218
  • trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp

    r202435 r202487  
    26912691        insertChecks();
    26922692
    2693         Node* result = addToGraph(CallObjectConstructor, get(virtualRegisterForArgument(1, registerOffset)));
     2693        Node* result;
     2694        if (argumentCountIncludingThis <= 1)
     2695            result = addToGraph(NewObject, OpInfo(function->globalObject()->objectStructureForObjectConstructor()));
     2696        else
     2697            result = addToGraph(CallObjectConstructor, get(virtualRegisterForArgument(1, registerOffset)));
    26942698        set(VirtualRegister(resultOperand), result);
    26952699        return true;
Note: See TracChangeset for help on using the changeset viewer.