Closed Bug 33391 Opened 25 years ago Closed 25 years ago

arguments.callee broken for joined function objects

Categories

(Core :: JavaScript Engine, defect, P3)

defect

Tracking

()

RESOLVED FIXED

People

(Reporter: brendan, Assigned: brendan)

References

()

Details

(Keywords: js1.5)

Attachments

(6 files)

See the news thread for test case and diagnosis. Patch coming up. /be
This is a backward incompatibility. It should be fixed for js1.5. /be
Keywords: js1.5
Attached patch proposed fix (deleted) — Splinter Review
Adding tvollmer@hyperwave.com -- Till, can you try the attached patch and see whether it helps your multi-threaded function prototype object problems? Thanks, /be
Further patch to jsinterp.c coming up -- it turns out that fp->argv may be non-null but fp->argv[-2] is not valid, in the unlikely case that not enough actual args were passed to a function, *and* the stack arena in which those arguments were pushed as operands of JSOP_CALL or JSOP_NEW does not contain enough contiguous space for the missing args and "extra" (local GC root) stack slots needed by the function. In that case, js_Invoke copies the args, but not argv[-2] or argv[-1]. D'oh! Norris, I think this accounts for the erratic fp->argv[-2] behavior you saw when testing your first patch for http://bugzilla.mozilla.org/show_bug.cgi?id=34364 (although I don't see why qualifying the fp->argv non-null test with fp->fun would help). Otherwise, inspection of js/src/*.c grepping for 'argv = ' finds no way for argv to be set such that argv[-2] would not be the callee object. /be
Assignee: rogerl → brendan
Adding jband, my best code-buddy lately. /be
Status: NEW → ASSIGNED
If it's guaranteed to be contiguous, why didn't I assert? Urgh, revised final patch coming right up. /be
The next-to-last patch was flailing hard, trying to get back the surplus slots it gave up in the vain hope of avoiding allocating a new arena. The final patch doesn't even mess with surplus measurement if the call needs more contiguous argv space than fits in the current arena. /be
Need a test-case, generated JS with functions having 1..largeN stack depth and 1..largeM parameters, called with missing actual args! /be
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: