2008-07-01 Cameron Zwarich <cwzwarich@uwaterloo.ca>
authorcwzwarich@webkit.org <cwzwarich@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 2 Jul 2008 01:08:30 +0000 (01:08 +0000)
committercwzwarich@webkit.org <cwzwarich@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 2 Jul 2008 01:08:30 +0000 (01:08 +0000)
        Reviewed by Darin.

        Bug 19844: JavaScript Switch statement modifies "this"
        <https://bugs.webkit.org/show_bug.cgi?id=19844>

        Use a temporary when generating code for switch clauses to avoid
        overwriting 'this' or a local variable.

        JavaScriptCore:

        * kjs/nodes.cpp:
        (KJS::CaseBlockNode::emitCodeForBlock):

        LayoutTests:

        * fast/js/codegen-temporaries-expected.txt:
        * fast/js/resources/codegen-temporaries.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@34940 268f45cc-cd09-0410-ab3c-d52691b4dbfc

JavaScriptCore/ChangeLog
JavaScriptCore/kjs/nodes.cpp
LayoutTests/ChangeLog
LayoutTests/fast/js/codegen-temporaries-expected.txt
LayoutTests/fast/js/resources/codegen-temporaries.js

index 8e193cd4fa39d063e4747cf664d101d8619ccd9c..8441d39863f44ba2f3331cba39f894bc6e7b8891 100644 (file)
@@ -1,3 +1,16 @@
+2008-07-01  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Darin.
+
+        Bug 19844: JavaScript Switch statement modifies "this"
+        <https://bugs.webkit.org/show_bug.cgi?id=19844>
+
+        Use a temporary when generating code for switch clauses to avoid
+        overwriting 'this' or a local variable.
+
+        * kjs/nodes.cpp:
+        (KJS::CaseBlockNode::emitCodeForBlock):
+
 2008-07-01  Christian Dywan  <christian@twotoasts.de>
 
         Gtk+ build fix.
index 349c01b6e534c14647c8f372401051c59f51bb89..c216245b1c6603972d72d2ce4ffee49d8a108bf8 100644 (file)
@@ -1509,17 +1509,19 @@ RegisterID* CaseBlockNode::emitCodeForBlock(CodeGenerator& generator, RegisterID
 
     // Setup jumps
     for (ClauseListNode* list = m_list1.get(); list; list = list->getNext()) {
-        RegisterID* clauseVal = generator.emitNode(list->getClause()->expr());
-        generator.emitBinaryOp(op_stricteq, clauseVal, clauseVal, switchExpression);
+        RefPtr<RegisterID> clauseVal = generator.newTemporary();
+        generator.emitNode(clauseVal.get(), list->getClause()->expr());
+        generator.emitBinaryOp(op_stricteq, clauseVal.get(), clauseVal.get(), switchExpression);
         labelVector.append(generator.newLabel());
-        generator.emitJumpIfTrue(clauseVal, labelVector[labelVector.size() - 1].get());
+        generator.emitJumpIfTrue(clauseVal.get(), labelVector[labelVector.size() - 1].get());
     }
 
     for (ClauseListNode* list = m_list2.get(); list; list = list->getNext()) {
-        RegisterID* clauseVal = generator.emitNode(list->getClause()->expr());
-        generator.emitBinaryOp(op_stricteq, clauseVal, clauseVal, switchExpression);
+        RefPtr<RegisterID> clauseVal = generator.newTemporary();
+        generator.emitNode(clauseVal.get(), list->getClause()->expr());
+        generator.emitBinaryOp(op_stricteq, clauseVal.get(), clauseVal.get(), switchExpression);
         labelVector.append(generator.newLabel());
-        generator.emitJumpIfTrue(clauseVal, labelVector[labelVector.size() - 1].get());
+        generator.emitJumpIfTrue(clauseVal.get(), labelVector[labelVector.size() - 1].get());
     }
 
     RefPtr<LabelID> defaultLabel;
index b23a30ba0edbfa9924c7a7092bd9e390ed1b5ae0..ee46330452b215f28ed4af15d619da3ab3c0db1e 100644 (file)
@@ -1,3 +1,15 @@
+2008-07-01  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Darin.
+
+        Tests for:
+
+        Bug 19844: JavaScript Switch statement modifies "this"
+        <https://bugs.webkit.org/show_bug.cgi?id=19844>
+
+        * fast/js/codegen-temporaries-expected.txt:
+        * fast/js/resources/codegen-temporaries.js:
+
 2008-07-01  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
 
         Reviewed by Brady Eidson.
index 16078bdd00d6b715ad5b0efb860533db2bcf554b..43ad3f855da4ac60a0baa1f82aba2140845b7510 100644 (file)
@@ -105,6 +105,9 @@ PASS bitor_test3() is 3
 PASS bitxor_test1() is 3
 PASS bitxor_test2() is 3
 PASS bitxor_test3() is 3
+PASS switch_test1() is true
+PASS switch_test2() is true
+PASS switch_test3() is true
 PASS successfullyParsed is true
 
 TEST COMPLETE
index dc185a0959b03de6872fdc85d8077f5bcf5bd6a3..fe4630ed398ee086f8aeea2c8b71f4bc3fa3e75e 100644 (file)
@@ -854,4 +854,62 @@ function bitxor_test3()
 
 shouldBe("bitxor_test3()", "3");
 
+function switch_test1_helper(a, b)
+{
+    switch (a) {
+    case b:
+        break;
+    default:
+        break;
+    }
+    
+    return b;
+}
+
+function switch_test1()
+{
+    return switch_test1_helper(0, 1) == 1;
+}
+
+shouldBeTrue("switch_test1()");
+
+function switch_test2_helper(a, b)
+{
+    var c = b;
+    switch (a) {
+    case c:
+        break;
+    default:
+        break;
+    }
+    
+    return c;
+}
+
+function switch_test2()
+{
+    return switch_test2_helper(0, 1) == 1;
+}
+
+shouldBeTrue("switch_test2()");
+
+function switch_test3_helper(a)
+{
+    switch (a) {
+    case this:
+        break;
+    default:
+        break;
+    }
+    
+    return this;
+}
+
+function switch_test3()
+{
+    return this == switch_test3_helper.call(this, 0);
+}
+
+shouldBeTrue("switch_test3()");
+
 var successfullyParsed = true;