diff options
| author | Simon Hausmann <simon.hausmann@qt.io> | 2018-08-03 15:42:17 +0200 |
|---|---|---|
| committer | Lars Knoll <lars.knoll@qt.io> | 2018-08-03 19:11:20 +0000 |
| commit | 037af615b0c936ba3d8dc4abc13b12082737437a (patch) | |
| tree | 6007fd4c7235cf83a255546109e5269a4675fefa /src/qml/jit | |
| parent | 0b6461e8187e3c6dfdfe9fbe6373bf615a1d5319 (diff) | |
Fix language/expressions/class/scope-name-lex-close.js crashing with the JIT
With a reduced test case like this:
var C = 'outside';
var cls = class C {
method() {
return C;
}
};
cls.prototype
the class expression is expected to return the reference to the class in
the accumulator, so that the cls = assignment can store it. Between that
we have to deal with the {} block, a ControlFlowBlock instances in the
code generator. That one will - among other things - issue a PopContext
instruction after the class creation instruction. With the JIT that
clobbers the accumulator unfortunately, causing a bogus value being
stored in the global object under "cls". Consequently the lookup for
"cls" crashes.
Change-Id: I6056b352f9d8f42fa65afe4aefcd233c3ccf31ab
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Diffstat (limited to 'src/qml/jit')
| -rw-r--r-- | src/qml/jit/qv4assembler.cpp | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/qml/jit/qv4assembler.cpp b/src/qml/jit/qv4assembler.cpp index 7d668950d7..efd226539e 100644 --- a/src/qml/jit/qv4assembler.cpp +++ b/src/qml/jit/qv4assembler.cpp @@ -2245,8 +2245,8 @@ void Assembler::popContext() Heap::CallContext ctx; Q_UNUSED(ctx) pasm()->loadPointerFromValue(regAddr(CallData::Context), PlatformAssembler::ScratchRegister); - pasm()->loadAccumulator(Address(PlatformAssembler::ScratchRegister, ctx.outer.offset)); - pasm()->storeAccumulator(regAddr(CallData::Context)); + pasm()->loadPtr(Address(PlatformAssembler::ScratchRegister, ctx.outer.offset), PlatformAssembler::ScratchRegister); + pasm()->storeHeapObject(PlatformAssembler::ScratchRegister, regAddr(CallData::Context)); } void Assembler::ret() |