Fix issue 124 by computing the receiver correctly when...

src/runtime.cc

 // Copyright 2006-2008 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 456 matching lines @@
       static_cast<PropertyAttributes>(Smi::cast(args[2])->value());
   ASSERT(mode == READ_ONLY || mode == NONE);
   Handle<Object> initial_value(args[3]);
 
   // Declarations are always done in the function context.
   context = Handle<Context>(context->fcontext());
 
   int index;
   PropertyAttributes attributes;
   ContextLookupFlags flags = DONT_FOLLOW_CHAINS;
-  Handle<Object> context_obj =
+  Handle<Object> holder =
       context->Lookup(name, flags, &index, &attributes);
 
   if (attributes != ABSENT) {
     // The name was declared before; check for conflicting
     // re-declarations: This is similar to the code in parser.cc in
     // the AstBuildingParser::Declare function.
     if (((attributes & READ_ONLY) != 0) || (mode == READ_ONLY)) {
       // Functions are not read-only.
       ASSERT(mode != READ_ONLY || initial_value->IsTheHole());
       const char* type = ((attributes & READ_ONLY) != 0) ? "const" : "var";
       return ThrowRedeclarationError(type, name);
     }
 
     // Initialize it if necessary.
     if (*initial_value != NULL) {
       if (index >= 0) {
         // The variable or constant context slot should always be in
         // the function context; not in any outer context nor in the
         // arguments object.
-        ASSERT(context_obj.is_identical_to(context));
+        ASSERT(holder.is_identical_to(context));
         if (((attributes & READ_ONLY) == 0) ||
             context->get(index)->IsTheHole()) {
           context->set(index, *initial_value);
         }
       } else {
         // Slow case: The property is not in the FixedArray part of the context.
-        Handle<JSObject> context_ext = Handle<JSObject>::cast(context_obj);
+        Handle<JSObject> context_ext = Handle<JSObject>::cast(holder);
         SetProperty(context_ext, name, initial_value, mode);
       }
     }
 
   } else {
     // The property is not in the function context. It needs to be
     // "declared" in the function context's extension context, or in the
     // global context.
     Handle<JSObject> context_ext;
     if (context->extension() != NULL) {
@@ skipping 180 matching lines @@
   ASSERT(!value->IsTheHole());
   CONVERT_ARG_CHECKED(Context, context, 1);
   Handle<String> name(String::cast(args[2]));
 
   // Initializations are always done in the function context.
   context = Handle<Context>(context->fcontext());
 
   int index;
   PropertyAttributes attributes;
   ContextLookupFlags flags = DONT_FOLLOW_CHAINS;
-  Handle<Object> context_obj =
+  Handle<Object> holder =
       context->Lookup(name, flags, &index, &attributes);
 
   // The property should always be present. It is always declared
   // before being initialized through DeclareContextSlot.
   ASSERT(attributes != ABSENT && (attributes & READ_ONLY) != 0);
 
   // If the slot is in the context, we set it but only if it hasn't
   // been set before.
   if (index >= 0) {
     // The constant context slot should always be in the function
     // context; not in any outer context nor in the arguments object.
-    ASSERT(context_obj.is_identical_to(context));
+    ASSERT(holder.is_identical_to(context));
     if (context->get(index)->IsTheHole()) {
       context->set(index, *value);
     }
     return *value;
   }
 
   // Otherwise, the slot must be in a JS object extension.
-  Handle<JSObject> context_ext(JSObject::cast(*context_obj));
+  Handle<JSObject> context_ext(JSObject::cast(*holder));
 
   // We must initialize the value only if it wasn't initialized
   // before, e.g. for const declarations in a loop. The property has
   // the hole value if it wasn't initialized yet. NOTE: We cannot use
   // GetProperty() to get the current value as it 'unholes' the value.
   LookupResult lookup;
   context_ext->LocalLookupRealNamedProperty(*name, &lookup);
   ASSERT(lookup.IsProperty());  // the property was declared
   ASSERT(lookup.IsReadOnly());  // and it was declared as read-only
 
@@ skipping 2558 matching lines @@
 static Object* Runtime_LookupContext(Arguments args) {
   HandleScope scope;
   ASSERT(args.length() == 2);
 
   CONVERT_ARG_CHECKED(Context, context, 0);
   CONVERT_ARG_CHECKED(String, name, 1);
 
   int index;
   PropertyAttributes attributes;
   ContextLookupFlags flags = FOLLOW_CHAINS;
-  Handle<Object> context_obj =
+  Handle<Object> holder =
       context->Lookup(name, flags, &index, &attributes);
 
-  if (index < 0 && *context_obj != NULL) {
-    ASSERT(context_obj->IsJSObject());
-    return *context_obj;
+  if (index < 0 && *holder != NULL) {
+    ASSERT(holder->IsJSObject());
+    return *holder;
   }
 
   // No intermediate context found. Use global object by default.
   return Top::context()->global();
 }
 
 
 // A mechanism to return pairs of Object*'s. This is somewhat
 // compiler-dependent as it assumes that a 64-bit value (a long long)
 // is returned via two registers (edx:eax on ia32). Both the ia32 and
 // arm platform support this; it is mostly an issue of "coaxing" the
 // compiler to do the right thing.
 //
 // TODO(1236026): This is a non-portable hack that should be removed.
 typedef uint64_t ObjPair;
 ObjPair MakePair(Object* x, Object* y) {
   return reinterpret_cast<uint32_t>(x) |
          (reinterpret_cast<ObjPair>(y) << 32);
 }
 
 
 static Object* Unhole(Object* x, PropertyAttributes attributes) {
   ASSERT(!x->IsTheHole() || (attributes & READ_ONLY) != 0);
   USE(attributes);
   return x->IsTheHole() ? Heap::undefined_value() : x;
 }
 
 
+static Object* ComputeContextSlotReceiver(Object* holder) {
+  // If the "property" we were looking for is a local variable or an
+  // argument in a context, the receiver is the global object; see
+  // ECMA-262, 3rd., 10.1.6 and 10.2.3.
+  HeapObject* object = HeapObject::cast(holder);
+  Context* top = Top::context();
+  if (holder->IsContext()) return top->global()->global_receiver();
+
+  // TODO(xxx): Find a better - and faster way - of checking for
+  // arguments and context extension objects. This kinda sucks.
+  JSFunction* context_extension_function =
+      top->global_context()->context_extension_function();
+  JSObject* arguments_boilerplate =
+      top->global_context()->arguments_boilerplate();
+  JSFunction* arguments_function =
+      JSFunction::cast(arguments_boilerplate->map()->constructor());
+  // If the holder is an arguments object or a context extension then the
+  // receiver is also the global object;
+  Object* constructor = HeapObject::cast(holder)->map()->constructor();
+  if (constructor == context_extension_function ||
+      constructor == arguments_function) {
+    return Top::context()->global()->global_receiver();
+  }
+
+  // If the holder is a global object, we have to be careful to wrap
+  // it in its proxy if necessary.
+  if (object->IsGlobalObject()) {
+    return GlobalObject::cast(object)->global_receiver();
+  } else {
+    return object;
+  }
+}
+
+
 static ObjPair LoadContextSlotHelper(Arguments args, bool throw_error) {
   HandleScope scope;
   ASSERT(args.length() == 2);
 
   if (!args[0]->IsContext()) return MakePair(IllegalOperation(), NULL);
   Handle<Context> context = args.at<Context>(0);
   Handle<String> name(String::cast(args[1]));
 
   int index;
   PropertyAttributes attributes;
   ContextLookupFlags flags = FOLLOW_CHAINS;
-  Handle<Object> context_obj =
+  Handle<Object> holder =
       context->Lookup(name, flags, &index, &attributes);
 
   if (index >= 0) {
-    if (context_obj->IsContext()) {
-      // The context is an Execution context, and the "property" we were looking
-      // for is a local variable in that context. According to ECMA-262, 3rd.,
-      // 10.1.6 and 10.2.3, the receiver is the global object.
-      return MakePair(
-          Unhole(Handle<Context>::cast(context_obj)->get(index), attributes),
-          Top::context()->global());
+    Handle<Object> receiver =
+        Handle<Object>(ComputeContextSlotReceiver(*holder));
+    Handle<Object> value;
+    if (holder->IsContext()) {
+      value = Handle<Object>(Context::cast(*holder)->get(index));
     } else {
-      return MakePair(
-          Unhole(Handle<JSObject>::cast(context_obj)->GetElement(index),
-                 attributes),
-          *context_obj);
+      // Arguments object.
+      value = Handle<Object>(JSObject::cast(*holder)->GetElement(index));
     }
+    return MakePair(Unhole(*value, attributes), *receiver);
   }
 
-  if (*context_obj != NULL) {
-    ASSERT(Handle<JSObject>::cast(context_obj)->HasProperty(*name));
-    // Note: As of 5/29/2008, GetProperty does the "unholing" and so this call
-    // here is redundant. We left it anyway, to be explicit; also it's not clear
-    // why GetProperty should do the unholing in the first place.
+  if (*holder != NULL) {
+    ASSERT(Handle<JSObject>::cast(holder)->HasProperty(*name));
+    // Note: As of 5/29/2008, GetProperty does the "unholing" and so
+    // this call here is redundant. We left it anyway, to be explicit;
+    // also it's not clear why GetProperty should do the unholing in
+    // the first place.
     return MakePair(
-        Unhole(Handle<JSObject>::cast(context_obj)->GetProperty(*name),
+        Unhole(Handle<JSObject>::cast(holder)->GetProperty(*name),
                attributes),
-        *context_obj);
+        ComputeContextSlotReceiver(*holder));
   }
 
   if (throw_error) {
     // The property doesn't exist - throw exception.
     Handle<Object> reference_error =
         Factory::NewReferenceError("not_defined", HandleVector(&name, 1));
     return MakePair(Top::Throw(*reference_error), NULL);
   } else {
     // The property doesn't exist - return undefined
     return MakePair(Heap::undefined_value(), Heap::undefined_value());
@@ skipping 15 matching lines @@
   HandleScope scope;
   ASSERT(args.length() == 3);
 
   Handle<Object> value(args[0]);
   CONVERT_ARG_CHECKED(Context, context, 1);
   CONVERT_ARG_CHECKED(String, name, 2);
 
   int index;
   PropertyAttributes attributes;
   ContextLookupFlags flags = FOLLOW_CHAINS;
-  Handle<Object> context_obj =
+  Handle<Object> holder =
       context->Lookup(name, flags, &index, &attributes);
 
   if (index >= 0) {
-    if (context_obj->IsContext()) {
+    if (holder->IsContext()) {
       // Ignore if read_only variable.
       if ((attributes & READ_ONLY) == 0) {
-        Handle<Context>::cast(context_obj)->set(index, *value);
+        Handle<Context>::cast(holder)->set(index, *value);
       }
     } else {
       ASSERT((attributes & READ_ONLY) == 0);
       Object* result =
-          Handle<JSObject>::cast(context_obj)->SetElement(index, *value);
+          Handle<JSObject>::cast(holder)->SetElement(index, *value);
       USE(result);
       ASSERT(!result->IsFailure());
     }
     return *value;
   }
 
   // Slow case: The property is not in a FixedArray context.
   // It is either in an JSObject extension context or it was not found.
   Handle<JSObject> context_ext;
 
-  if (*context_obj != NULL) {
+  if (*holder != NULL) {
     // The property exists in the extension context.
-    context_ext = Handle<JSObject>::cast(context_obj);
+    context_ext = Handle<JSObject>::cast(holder);
   } else {
     // The property was not found. It needs to be stored in the global context.
     ASSERT(attributes == ABSENT);
     attributes = NONE;
     context_ext = Handle<JSObject>(Top::context()->global());
   }
 
   // Set the property, but ignore if read_only variable.
   if ((attributes & READ_ONLY) == 0) {
     Handle<Object> set = SetProperty(context_ext, name, value, attributes);
@@ skipping 2002 matching lines @@
 
 void Runtime::PerformGC(Object* result) {
   Failure* failure = Failure::cast(result);
   // Try to do a garbage collection; ignore it if it fails. The C
   // entry stub will throw an out-of-memory exception in that case.
   Heap::CollectGarbage(failure->requested(), failure->allocation_space());
 }
 
 
 } }  // namespace v8::internal