wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Back out 88145df4191a, 42408569a696, and 2108d51be2e7 (Bug 719841, Bug 678086, and Bug 695922) for tp crashes on a CLOSED TREE

Browse Source
This commit is contained in:
Phil Ringnalda 2012-01-27 14:22:10 -08:00
parent 37c1301be5
commit 44050661bf
9 changed files with 30 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
js/src/frontend/Parser.cpp
View File

@ -1294,7 +1294,8 @@ Parser::functionArguments(TreeContext &funtc, FunctionBox *funbox, ParseNode **l
rhs->pn_cookie.set(funtc.staticLevel, slot);
rhs->pn_dflags |= PND_BOUND;
ParseNode *item = new_<BinaryNode>(PNK_ASSIGN, JSOP_NOP, lhs->pn_pos, lhs, rhs);
ParseNode *item =
ParseNode::newBinaryOrAppend(PNK_ASSIGN, JSOP_NOP, lhs, rhs, &funtc);
if (!item)
return false;
if (!list) {
@ -6909,7 +6910,6 @@ Parser::primaryExpr(TokenKind tt, JSBool afterDot)
for (;;) {
JSAtom *atom;
TokenKind ltok = tokenStream.getToken(TSF_KEYWORD_IS_NAME);
TokenPtr begin = tokenStream.currentToken().pos.begin;
switch (ltok) {
case TOK_NUMBER:
pn3 = NullaryNode::create(PNK_NUMBER, tc);
@ -6976,10 +6976,7 @@ Parser::primaryExpr(TokenKind tt, JSBool afterDot)
/* NB: Getter function in { get x(){} } is unnamed. */
pn2 = functionDef(NULL, op == JSOP_GETTER ? Getter : Setter, Expression);
if (!pn2)
return NULL;
TokenPos pos = {begin, pn2->pn_pos.end};
pn2 = new_<BinaryNode>(PNK_COLON, op, pos, pn3, pn2);
pn2 = ParseNode::newBinaryOrAppend(PNK_COLON, op, pn3, pn2, tc);
goto skip;
}
case TOK_STRING: {
@ -7041,10 +7038,7 @@ Parser::primaryExpr(TokenKind tt, JSBool afterDot)
return NULL;
}
{
TokenPos pos = {begin, pnval->pn_pos.end};
pn2 = new_<BinaryNode>(PNK_COLON, op, pos, pn3, pnval);
}
pn2 = ParseNode::newBinaryOrAppend(PNK_COLON, op, pn3, pnval, tc);
skip:
if (!pn2)
return NULL;

10
js/src/frontend/TokenStream.h
View File

@ -262,16 +262,18 @@ struct TokenPos {
TokenPtr end; /* index 1 past last char, last line */
static TokenPos make(const TokenPtr &begin, const TokenPtr &end) {
JS_ASSERT(begin <= end);
// Assertions temporarily disabled by jorendorff. See bug 695922.
//JS_ASSERT(begin <= end);
TokenPos pos = {begin, end};
return pos;
}
/* Return a TokenPos that covers left, right, and anything in between. */
static TokenPos box(const TokenPos &left, const TokenPos &right) {
JS_ASSERT(left.begin <= left.end);
JS_ASSERT(left.end <= right.begin);
JS_ASSERT(right.begin <= right.end);
// Assertions temporarily disabled by jorendorff. See bug 695922.
//JS_ASSERT(left.begin <= left.end);
//JS_ASSERT(left.end <= right.begin);
//JS_ASSERT(right.begin <= right.end);
TokenPos pos = {left.begin, right.end};
return pos;
}

9
js/src/jit-test/tests/debug/Debugger-getNewestFrame-03.js
View File

@ -1,9 +0,0 @@
// Debugger.prototype.getNewestFrame() ignores dummy frames.
// See bug 678086.
var g = newGlobal('new-compartment');
g.f = function () { return dbg.getNewestFrame(); };
var dbg = new Debugger;
var gw = dbg.addDebuggee(g);
var fw = gw.getOwnPropertyDescriptor("f").value;
assertEq(fw.call().return, null);

3
js/src/jsinfer.cpp
View File

@ -5669,9 +5669,6 @@ JSObject::splicePrototype(JSContext *cx, JSObject *proto)
*/
JS_ASSERT_IF(cx->typeInferenceEnabled(), hasSingletonType());
/* Inner objects may not appear on prototype chains. */
JS_ASSERT_IF(proto, !proto->getClass()->ext.outerObject);
/*
* Force type instantiation when splicing lazy types. This may fail,
* in which case inference will be disabled for the compartment.

3
js/src/jsinferinlines.h
View File

@ -1159,9 +1159,6 @@ inline TypeObject::TypeObject(JSObject *proto, bool function, bool unknown)
{
PodZero(this);
/* Inner objects may not appear on prototype chains. */
JS_ASSERT_IF(proto, !proto->getClass()->ext.outerObject);
this->proto = proto;
if (function)

4
js/src/jsinterp.cpp
View File

@ -1014,6 +1014,10 @@ EnterWith(JSContext *cx, jsint stackIndex)
if (!parent)
return JS_FALSE;
OBJ_TO_INNER_OBJECT(cx, obj);
if (!obj)
return JS_FALSE;
JSObject *withobj = WithObject::create(cx, fp, *obj, *parent,
sp + stackIndex - fp->base());
if (!withobj)

17
js/src/jsobj.cpp
View File

@ -186,15 +186,26 @@ obj_setProto(JSContext *cx, JSObject *obj, jsid id, JSBool strict, Value *vp)
}
if (!vp->isObjectOrNull())
return true;
return JS_TRUE;
JSObject *pobj = vp->toObjectOrNull();
if (pobj) {
/*
* Innerize pobj here to avoid sticking unwanted properties on the
* outer object. This ensures that any with statements only grant
* access to the inner object.
*/
OBJ_TO_INNER_OBJECT(cx, pobj);
if (!pobj)
return JS_FALSE;
}
uintN attrs;
id = ATOM_TO_JSID(cx->runtime->atomState.protoAtom);
if (!CheckAccess(cx, obj, id, JSAccessMode(JSACC_PROTO|JSACC_WRITE), vp, &attrs))
return false;
return JS_FALSE;
return SetProto(cx, obj, pobj, true);
return SetProto(cx, obj, pobj, JS_TRUE);
}
#else /* !JS_HAS_OBJ_PROTO_PROP */

2
js/src/vm/Debugger.cpp
View File

@ -2560,7 +2560,7 @@ DebuggerFrame_getOlder(JSContext *cx, uintN argc, Value *vp)
THIS_FRAME(cx, argc, vp, "get this", args, thisobj, thisfp);
Debugger *dbg = Debugger::fromChildJSObject(thisobj);
for (StackFrame *fp = thisfp->prev(); fp; fp = fp->prev()) {
if (dbg->observesFrame(fp))
if (!fp->isDummyFrame() && dbg->observesFrame(fp))
return dbg->getScriptFrame(cx, fp, vp);
}
args.rval().setNull();

2
js/src/vm/Debugger.h
View File

@ -483,7 +483,7 @@ Debugger::observesGlobal(GlobalObject *global) const
bool
Debugger::observesFrame(StackFrame *fp) const
{
return !fp->isDummyFrame() && observesGlobal(&fp->scopeChain().global());
return observesGlobal(&fp->scopeChain().global());
}
JSTrapStatus