Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Don't build cross-eval upvars for heavyweight functions (bug 616762, …

…r=brendan, a=CLOSED TREE).
  • Loading branch information...
commit 709ae4505976d4a31182c451443bf68d43a32e54 1 parent 193aece
@dvander dvander authored
Showing with 47 additions and 0 deletions.
  1. +21 −0 js/src/jsemit.cpp
  2. +26 −0 js/src/trace-test/tests/basic/bug616762.js
View
21 js/src/jsemit.cpp
@@ -2241,6 +2241,27 @@ BindNameToSlot(JSContext *cx, JSCodeGenerator *cg, JSParseNode *pn)
return JS_TRUE;
/*
+ * It is illegal to add upvars to heavyweight functions (and
+ * unnecessary, since the optimization avoids creating call
+ * objects). Take the following code as an eval string:
+ *
+ * (function () {
+ * $(init);
+ * function init() {
+ * $();
+ * }
+ * })();
+ *
+ * The first instance of "$" cannot be an upvar, because the
+ * outermost lambda is on "init"'s scope chain, which escapes.
+ *
+ * A similar restriction exists for upvars which do not cross
+ * eval (see the end of BindNameToSlot and bug 616762).
+ */
+ if (cg->flags & TCF_FUN_HEAVYWEIGHT)
+ return JS_TRUE;
+
+ /*
* Generator functions may be resumed from any call stack, which
* defeats the display optimization to static link searching used
* by JSOP_{GET,CALL}UPVAR.
View
26 js/src/trace-test/tests/basic/bug616762.js
@@ -0,0 +1,26 @@
+// vim: set ts=4 sw=4 tw=99 et:
+document = {
+ ready: function (x) {
+ this.exec = x;
+ }
+};
+
+var $ = function (x) {
+ return document;
+};
+
+(function ($) {
+ eval("(function(){\n" +
+ " var Private={};\n" +
+ " $(document).ready(function(){\n" +
+ " init()\n" +
+ " });\n" +
+ " function init(){\n" +
+ " $(Private)\n" +
+ " };\n" +
+ "})();");
+})($);
+document.exec();
+
+// Don't crash or assert.
+
Please sign in to comment.
Something went wrong with that request. Please try again.