Closed
Bug 33391
Opened 25 years ago
Closed 25 years ago
arguments.callee broken for joined function objects
Categories
(Core :: JavaScript Engine, defect, P3)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
People
(Reporter: brendan, Assigned: brendan)
References
()
Details
(Keywords: js1.5)
Attachments
(6 files)
(deleted),
patch
|
Details | Diff | Splinter Review | |
(deleted),
patch
|
Details | Diff | Splinter Review | |
(deleted),
patch
|
Details | Diff | Splinter Review | |
(deleted),
patch
|
Details | Diff | Splinter Review | |
(deleted),
patch
|
Details | Diff | Splinter Review | |
(deleted),
patch
|
Details | Diff | Splinter Review |
See the news thread for test case and diagnosis. Patch coming up.
/be
Assignee | ||
Comment 1•25 years ago
|
||
This is a backward incompatibility. It should be fixed for js1.5.
/be
Keywords: js1.5
Assignee | ||
Comment 2•25 years ago
|
||
Assignee | ||
Comment 3•25 years ago
|
||
Adding tvollmer@hyperwave.com -- Till, can you try the attached patch and see
whether it helps your multi-threaded function prototype object problems?
Thanks,
/be
Assignee | ||
Comment 4•25 years ago
|
||
Further patch to jsinterp.c coming up -- it turns out that fp->argv may be
non-null but fp->argv[-2] is not valid, in the unlikely case that not enough
actual args were passed to a function, *and* the stack arena in which those
arguments were pushed as operands of JSOP_CALL or JSOP_NEW does not contain
enough contiguous space for the missing args and "extra" (local GC root) stack
slots needed by the function. In that case, js_Invoke copies the args, but not
argv[-2] or argv[-1]. D'oh!
Norris, I think this accounts for the erratic fp->argv[-2] behavior you saw when
testing your first patch for http://bugzilla.mozilla.org/show_bug.cgi?id=34364
(although I don't see why qualifying the fp->argv non-null test with fp->fun
would help). Otherwise, inspection of js/src/*.c grepping for 'argv = ' finds
no way for argv to be set such that argv[-2] would not be the callee object.
/be
Assignee: rogerl → brendan
Assignee | ||
Comment 5•25 years ago
|
||
Assignee | ||
Comment 6•25 years ago
|
||
Adding jband, my best code-buddy lately.
/be
Status: NEW → ASSIGNED
Assignee | ||
Comment 7•25 years ago
|
||
Assignee | ||
Comment 8•25 years ago
|
||
Assignee | ||
Comment 9•25 years ago
|
||
If it's guaranteed to be contiguous, why didn't I assert? Urgh, revised final
patch coming right up.
/be
Assignee | ||
Comment 10•25 years ago
|
||
Assignee | ||
Comment 11•25 years ago
|
||
Assignee | ||
Comment 12•25 years ago
|
||
The next-to-last patch was flailing hard, trying to get back the surplus slots
it gave up in the vain hope of avoiding allocating a new arena. The final patch
doesn't even mess with surplus measurement if the call needs more contiguous
argv space than fits in the current arena.
/be
Assignee | ||
Comment 13•25 years ago
|
||
Need a test-case, generated JS with functions having 1..largeN stack depth and
1..largeM parameters, called with missing actual args!
/be
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•