From 0dd884aca1fffcd94fbe55006c94363415aa0965 Mon Sep 17 00:00:00 2001 From: Ulf Hermann Date: Thu, 14 Mar 2019 10:42:19 +0100 Subject: Baseline JIT: Save accumulator in toInt32LhsAcc() toInt32LhsAcc convertes both the lhs and the accumulator to int32. If the accumulator is not saved, a GC run during the conversion of the lhs might trash its value. Fixes: QTBUG-74058 Change-Id: Ic42693061c7d483bb430d77bcc095de6ff9a6843 Reviewed-by: Simon Hausmann --- tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'tests/auto/qml/qqmlecmascript') diff --git a/tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp b/tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp index a67a503f82..f33f1d9125 100644 --- a/tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp +++ b/tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp @@ -365,6 +365,7 @@ private slots: void numberToStringWithRadix(); void tailCallWithArguments(); void deleteSparseInIteration(); + void saveAccumulatorBeforeToInt32(); private: // static void propertyVarWeakRefCallback(v8::Persistent object, void* parameter); @@ -8929,6 +8930,17 @@ void tst_qqmlecmascript::deleteSparseInIteration() QCOMPARE(value.property("2").toInt(), 4096); } +void tst_qqmlecmascript::saveAccumulatorBeforeToInt32() +{ + QJSEngine engine; + + // Infinite recursion produces a range error, but should not crash. + // Also, any GC runs in between should not trash the temporary results of "a+a". + const QJSValue value = engine.evaluate("function a(){a(a&a+a)}a()"); + QVERIFY(value.isError()); + QCOMPARE(value.toString(), QLatin1String("RangeError: Maximum call stack size exceeded.")); +} + QTEST_MAIN(tst_qqmlecmascript) #include "tst_qqmlecmascript.moc" -- cgit v1.2.3 From c9e6251cc8dfcf002f64b07e48dd68b7edd3f630 Mon Sep 17 00:00:00 2001 From: Simon Hausmann Date: Wed, 2 Jan 2019 16:09:56 +0100 Subject: Implement dummy QML lookups for "global" variables When resolving names in the context of QML bindings, we now direct runtime access to QQmlContextWrapper::resolveQmlPropertyLookupGetter. At the moment this does basically the same as Runtime::method_loadName, which we called earlier. However this now provides the opportunity to optimize lookups in the QML context in a central place. When performing a call on a scope or context object property, we also did not use a CallName() instruction - which would have gotten the thisObject wrong - but instead we use a dedicated CallScopeObjectProperty and CallContextObjectProperty instruction. These rely on identifying these properties at compile time, which goes away with lookups (and also doesn't work when using ahead-of-time compilation). Therefore the qml context property lookup is using a getPropertyAndBase style signature and Runtime::method_callQmlContextPropertyLookup uses that. For the tests to pass, some error expectations need adjusting. In particular the compile-time detection of write attempts to id objects is now delayed to the run-time. The old code path is still there and will be removed separately in the next commit (as it is massive). Task-number: QTBUG-69898 Change-Id: Iad1ff93d3758c4db984a7c2d003beee21ed2275c Reviewed-by: Ulf Hermann --- tests/auto/qml/qqmlecmascript/data/signalHandlers.qml | 2 ++ tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp | 10 +++++----- 2 files changed, 7 insertions(+), 5 deletions(-) (limited to 'tests/auto/qml/qqmlecmascript') diff --git a/tests/auto/qml/qqmlecmascript/data/signalHandlers.qml b/tests/auto/qml/qqmlecmascript/data/signalHandlers.qml index 14326bb9e6..a924519f0f 100644 --- a/tests/auto/qml/qqmlecmascript/data/signalHandlers.qml +++ b/tests/auto/qml/qqmlecmascript/data/signalHandlers.qml @@ -8,6 +8,8 @@ QtObject { signal testSignal onTestSignal: count++ + readonly property string scopeObjectAsString: this.toString() + property int funcCount: 0 function testFunction() { funcCount++; diff --git a/tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp b/tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp index f33f1d9125..d8784f4855 100644 --- a/tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp +++ b/tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp @@ -1609,7 +1609,7 @@ void tst_qqmlecmascript::aliasPropertyReset() // test that a manual write (of undefined) to a non-resettable property fails properly QUrl url = testFileUrl("aliasreset/aliasPropertyReset.error.1.qml"); - QString warning1 = url.toString() + QLatin1String(": Error: Cannot assign [undefined] to int"); + QString warning1 = url.toString() + QLatin1String(":15: Error: Cannot assign [undefined] to int"); QQmlComponent e1(&engine, url); object = e1.create(); QVERIFY(object != nullptr); @@ -6468,7 +6468,8 @@ void tst_qqmlecmascript::signalHandlers() QMetaObject::invokeMethod(o.data(), "testSignalHandlerCall"); QCOMPARE(o->property("count").toInt(), 1); - QCOMPARE(o->property("errorString").toString(), QLatin1String("TypeError: Property 'onTestSignal' of object [object Object] is not a function")); + QString scopeObjectAsString = o->property("scopeObjectAsString").toString(); + QCOMPARE(o->property("errorString").toString(), QString("TypeError: Property 'onTestSignal' of object %1 is not a function").arg(scopeObjectAsString)); QCOMPARE(o->property("funcCount").toInt(), 0); QMetaObject::invokeMethod(o.data(), "testSignalConnection"); @@ -8163,12 +8164,11 @@ void tst_qqmlecmascript::stackLimits() void tst_qqmlecmascript::idsAsLValues() { QQmlEngine engine; - QString err = QString(QLatin1String("%1:5 left-hand side of assignment operator is not an lvalue\n")).arg(testFileUrl("idAsLValue.qml").toString()); + QString err = QString(QLatin1String("%1:5: Error: left-hand side of assignment operator is not an lvalue")).arg(testFileUrl("idAsLValue.qml").toString()); QQmlComponent component(&engine, testFileUrl("idAsLValue.qml")); - QTest::ignoreMessage(QtWarningMsg, "QQmlComponent: Component is not ready"); + QTest::ignoreMessage(QtWarningMsg, qPrintable(err)); MyQmlObject *object = qobject_cast(component.create()); QVERIFY(!object); - QCOMPARE(component.errorString(), err); } void tst_qqmlecmascript::qtbug_34792() -- cgit v1.2.3