review.tizen.org Git - platform/upstream/v8.git/commit

Fix stack corruption when calling non-function.

Fix for issue 603.

Revision r3484 removed the property name from the call stack for
call ICs. When a non-function was called via a call IC and
Function.prototype.call, an extra value was left on the stack that the
caller could not know to clean up.

Fix is to change the JS builtin used for calling non-functions. It
now gets the callee as receiver, rather than iterating stack frames
and finding it on the expression stack of its JS caller.

Review URL: http://codereview.chromium.org/604064

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3882 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

author	kmillikin@chromium.org <kmillikin@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
	Wed, 17 Feb 2010 08:26:50 +0000 (08:26 +0000)
committer	kmillikin@chromium.org <kmillikin@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
	Wed, 17 Feb 2010 08:26:50 +0000 (08:26 +0000)
commit	3c0d77f32e7a955d81ce0b50b1cb5f797847c14e
tree	a658c38ee263c225b896226407d6f273b98a1f1f	tree \| snapshot
parent	a48a7bf6ff4778138741daf1a962d0296d9d4e6b	commit \| diff

src/arm/builtins-arm.cc		diff \| blob \| history
src/arm/codegen-arm.cc		diff \| blob \| history
src/ia32/builtins-ia32.cc		diff \| blob \| history
src/ia32/codegen-ia32.cc		diff \| blob \| history
src/runtime.cc		diff \| blob \| history
src/runtime.h		diff \| blob \| history
src/runtime.js		diff \| blob \| history
src/x64/builtins-x64.cc		diff \| blob \| history
src/x64/codegen-x64.cc		diff \| blob \| history
test/mjsunit/regress/regress-603.js	[new file with mode: 0644]	blob