Fix a bug in a corner case of direct eval detection.

The corner case is calling a function named 'eval' that is looked up at
runtime and found in a non-global context (but not an extension object).
The bug is that we used the function itself as the receiver rather than
using the global object.

R=ager@chromium.org
TEST=has been added to the eval mjsunit test

Review URL: http://codereview.chromium.org/6893057

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7696 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
parent cfb8d1c3
...@@ -8244,10 +8244,7 @@ RUNTIME_FUNCTION(ObjectPair, Runtime_ResolvePossiblyDirectEval) { ...@@ -8244,10 +8244,7 @@ RUNTIME_FUNCTION(ObjectPair, Runtime_ResolvePossiblyDirectEval) {
if (!context->IsGlobalContext()) { if (!context->IsGlobalContext()) {
// 'eval' is not bound in the global context. Just call the function // 'eval' is not bound in the global context. Just call the function
// with the given arguments. This is not necessarily the global eval. // with the given arguments. This is not necessarily the global eval.
if (receiver->IsContext()) { if (receiver->IsContext() || receiver->IsJSContextExtensionObject()) {
context = Handle<Context>::cast(receiver);
receiver = Handle<Object>(context->get(index), isolate);
} else if (receiver->IsJSContextExtensionObject()) {
receiver = Handle<JSObject>( receiver = Handle<JSObject>(
isolate->context()->global()->global_receiver(), isolate); isolate->context()->global()->global_receiver(), isolate);
} }
......
// Copyright 2008 the V8 project authors. All rights reserved. // Copyright 2011 the V8 project authors. All rights reserved.
// Redistribution and use in source and binary forms, with or without // Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are // modification, are permitted provided that the following conditions are
// met: // met:
...@@ -155,3 +155,12 @@ result = ...@@ -155,3 +155,12 @@ result =
return (function() { return eval(2); })(); return (function() { return eval(2); })();
})(); })();
assertEquals(4, result); assertEquals(4, result);
// Regression test: calling a function named eval found in a context that is
// not the global context should get the global object as receiver.
result =
(function () {
var eval = function (x) { return this; };
with ({}) { return eval('ignore'); }
})();
assertEquals(this, result);
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment