summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--third_party/WebKit/JavaScriptCore/ChangeLog13
-rw-r--r--third_party/WebKit/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp2
-rw-r--r--third_party/WebKit/LayoutTests/ChangeLog16
-rw-r--r--third_party/WebKit/LayoutTests/fast/js/global-resolve-through-eval-expected.txt11
-rw-r--r--third_party/WebKit/LayoutTests/fast/js/global-resolve-through-eval.html13
-rw-r--r--third_party/WebKit/LayoutTests/fast/js/script-tests/global-resolve-through-eval.js12
6 files changed, 66 insertions, 1 deletions
diff --git a/third_party/WebKit/JavaScriptCore/ChangeLog b/third_party/WebKit/JavaScriptCore/ChangeLog
index e74f942..1c64496 100644
--- a/third_party/WebKit/JavaScriptCore/ChangeLog
+++ b/third_party/WebKit/JavaScriptCore/ChangeLog
@@ -1,5 +1,18 @@
2010-05-07 Oliver Hunt <oliver@apple.com>
+ Reviewed by Gavin Barraclough.
+
+ Optimize access to the global object from a function that uses eval
+ https://bugs.webkit.org/show_bug.cgi?id=38644
+
+ Fix bug where cross scope access to a global var (vs. property) would
+ be allowed without checking for intervening dynamic scopes.
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitResolve):
+
+2010-05-07 Oliver Hunt <oliver@apple.com>
+
32-bit buildfix.
Macro expansion I stab at thee!
diff --git a/third_party/WebKit/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp b/third_party/WebKit/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
index 0597860..36b6c5d 100644
--- a/third_party/WebKit/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
+++ b/third_party/WebKit/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
@@ -1082,7 +1082,7 @@ RegisterID* BytecodeGenerator::emitResolve(RegisterID* dst, const Identifier& pr
#endif
}
- if (index != missingSymbolMarker() && !forceGlobalResolve) {
+ if (index != missingSymbolMarker() && !forceGlobalResolve && !requiresDynamicChecks) {
// Directly index the property lookup across multiple scopes.
return emitGetScopedVar(dst, depth, index, globalObject);
}
diff --git a/third_party/WebKit/LayoutTests/ChangeLog b/third_party/WebKit/LayoutTests/ChangeLog
index 50489ea..48e64a9 100644
--- a/third_party/WebKit/LayoutTests/ChangeLog
+++ b/third_party/WebKit/LayoutTests/ChangeLog
@@ -1,3 +1,19 @@
+2010-05-07 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Optimize access to the global object from a function that uses eval
+ https://bugs.webkit.org/show_bug.cgi?id=38644
+
+ Add test case to ensure we don't incorrectly allow dynamic scopes
+ to be skipped when doing direct var access.
+
+ * fast/js/global-resolve-through-eval-expected.txt: Added.
+ * fast/js/global-resolve-through-eval.html: Added.
+ * fast/js/script-tests/global-resolve-through-eval.js: Added.
+ (accessGlobal):
+ (accessLocal):
+
2010-05-06 Dirk Pranke <dpranke@chromium.org>
Reviewed by Alexey Proskuryakov.
diff --git a/third_party/WebKit/LayoutTests/fast/js/global-resolve-through-eval-expected.txt b/third_party/WebKit/LayoutTests/fast/js/global-resolve-through-eval-expected.txt
new file mode 100644
index 0000000..5cd442a
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/fast/js/global-resolve-through-eval-expected.txt
@@ -0,0 +1,11 @@
+Make sure we do a correct property resolution of a global object property when contained by eval.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS accessGlobal() is true
+PASS accessLocal() is true
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/third_party/WebKit/LayoutTests/fast/js/global-resolve-through-eval.html b/third_party/WebKit/LayoutTests/fast/js/global-resolve-through-eval.html
new file mode 100644
index 0000000..c3ce1e3
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/fast/js/global-resolve-through-eval.html
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<link rel="stylesheet" href="resources/js-test-style.css">
+<script src="resources/js-test-pre.js"></script>
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+<script src="script-tests/global-resolve-through-eval.js"></script>
+<script src="resources/js-test-post.js"></script>
+</body>
+</html>
diff --git a/third_party/WebKit/LayoutTests/fast/js/script-tests/global-resolve-through-eval.js b/third_party/WebKit/LayoutTests/fast/js/script-tests/global-resolve-through-eval.js
new file mode 100644
index 0000000..f8a2cf1
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/fast/js/script-tests/global-resolve-through-eval.js
@@ -0,0 +1,12 @@
+description("Make sure we do a correct property resolution of a global object property when contained by eval.");
+
+var pass = false;
+
+var accessGlobal = (function() { return eval("var pass=true; (function(){ return pass; })"); })();
+var accessLocal = (function() { var pass = false; return (function() { return eval("var pass=true; (function(){ return pass; })"); })(); })();
+
+shouldBeTrue("accessGlobal()");
+shouldBeTrue("accessLocal()");
+
+
+var successfullyParsed = true;
generated by cgit v1.1 at 2025-04-01 23:44:06 +0000