Array constructor failed to enter it's function execution context.

This becomes visible if an exception is thrown by the constructor. We do this on "new Array(3.5)", throwing a RangeError. BUG= Review URL: https://codereview.chromium.org/1483053004 Cr-Commit-Position: refs/heads/master@{#32476}

Array constructor failed to enter it's function execution context.
This becomes visible if an exception is thrown by the constructor. We do this on "new Array(3.5)", throwing a RangeError. BUG= Review URL: https://codereview.chromium.org/1483053004 Cr-Commit-Position: refs/heads/master@{#32476}
d2f78c6b · mvstanton · Commit bot · f4d40515 · d2f78c6b · d2f78c6b
Commit d2f78c6b authored Dec 01, 2015 by mvstanton Committed by Commit bot Dec 01, 2015
7 changed files
--- a/src/arm/code-stubs-arm.cc
+++ b/src/arm/code-stubs-arm.cc
@@ -4801,6 +4801,9 @@ void ArrayConstructorStub::Generate(MacroAssembler* masm) {
    __ AssertUndefinedOrAllocationSite(r2, r4);
  }

+  // Enter the context of the Array function.
+  __ ldr(cp, FieldMemOperand(r1, JSFunction::kContextOffset));
+
  Label subclassing;
  __ cmp(r3, r1);
  __ b(ne, &subclassing);

--- a/src/arm64/code-stubs-arm64.cc
+++ b/src/arm64/code-stubs-arm64.cc
@@ -5193,6 +5193,9 @@ void ArrayConstructorStub::Generate(MacroAssembler* masm) {
    __ AssertUndefinedOrAllocationSite(allocation_site, x10);
  }

+  // Enter the context of the Array function.
+  __ Ldr(cp, FieldMemOperand(x1, JSFunction::kContextOffset));
+
  Label subclassing;
  __ Cmp(new_target, constructor);
  __ B(ne, &subclassing);

--- a/src/ia32/code-stubs-ia32.cc
+++ b/src/ia32/code-stubs-ia32.cc
@@ -4984,6 +4984,9 @@ void ArrayConstructorStub::Generate(MacroAssembler* masm) {

  Label subclassing;

+  // Enter the context of the Array function.
+  __ mov(esi, FieldOperand(edi, JSFunction::kContextOffset));
+
  __ cmp(edx, edi);
  __ j(not_equal, &subclassing);


--- a/src/mips/code-stubs-mips.cc
+++ b/src/mips/code-stubs-mips.cc
@@ -5019,6 +5019,9 @@ void ArrayConstructorStub::Generate(MacroAssembler* masm) {
    __ AssertUndefinedOrAllocationSite(a2, t0);
  }

+  // Enter the context of the Array function.
+  __ lw(cp, FieldMemOperand(a1, JSFunction::kContextOffset));
+
  Label subclassing;
  __ Branch(&subclassing, ne, a1, Operand(a3));


--- a/src/mips64/code-stubs-mips64.cc
+++ b/src/mips64/code-stubs-mips64.cc
@@ -5045,6 +5045,9 @@ void ArrayConstructorStub::Generate(MacroAssembler* masm) {
    __ AssertUndefinedOrAllocationSite(a2, a4);
  }

+  // Enter the context of the Array function.
+  __ ld(cp, FieldMemOperand(a1, JSFunction::kContextOffset));
+
  Label subclassing;
  __ Branch(&subclassing, ne, a1, Operand(a3));


--- a/src/x64/code-stubs-x64.cc
+++ b/src/x64/code-stubs-x64.cc
@@ -4708,6 +4708,9 @@ void ArrayConstructorStub::Generate(MacroAssembler* masm) {
    __ AssertUndefinedOrAllocationSite(rbx);
  }

+  // Enter the context of the Array function.
+  __ movp(rsi, FieldOperand(rdi, JSFunction::kContextOffset));
+
  Label subclassing;
  __ cmpp(rdi, rdx);
  __ j(not_equal, &subclassing);

--- a/test/mjsunit/array-constructor.js
+++ b/test/mjsunit/array-constructor.js
@@ -25,7 +25,6 @@
 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

-
 var loop_count = 5


@@ -117,3 +116,23 @@ for (var i = 0; i < loop_count; i++) {

 assertThrows('new Array(3.14)');
 assertThrows('Array(2.72)');
+
+// Make sure that throws occur in the context of the Array function.
+var b = Realm.create();
+var bArray = Realm.eval(b, "Array");
+var bError = Realm.eval(b, "RangeError");
+
+function verifier(array, error) {
+  try {
+    new array(3.14);
+  } catch(e) {
+    return e.__proto__ === error.__proto__;
+  }
+  assertTrue(false);  // should never get here.
+}
+
+
+assertTrue(verifier(Array, RangeError()));
+assertTrue(verifier(bArray, bError()));
+assertFalse(verifier(Array, bError()));
+assertFalse(verifier(bArray, RangeError()));