Closed
Bug 449978
Opened 16 years ago
Closed 16 years ago
TM: trace some more builtins for string-validate-input
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: sayrer, Assigned: sayrer)
Details
Attachments
(1 file)
9.12 KB,
patch
|
shaver
:
review+
|
Details | Diff | Splinter Review |
Adding Math.floor and String.charAt helps, though we still bail on most loops because of failing to trace LT/GT with string operands. before: recorder: started(38), aborted(38), completed(0), different header(12), trees trashed(38), slot promoted(0), unstable loop variable(0) monitor: triggered(0), exits (0), type mismatch(0), global mismatch(0) after: recorder: started(33), aborted(30), completed(3), different header(13), trees trashed(31), slot promoted(1), unstable loop variable(1) monitor: triggered(7999), exits (4000), type mismatch(3998), global mismatch(1)
Assignee | ||
Comment 1•16 years ago
|
||
Attachment #333120 -
Flags: review?(shaver)
Assignee | ||
Updated•16 years ago
|
Attachment #333120 -
Attachment is patch: true
Attachment #333120 -
Attachment mime type: application/octet-stream → text/plain
Comment on attachment 333120 [details] [diff] [review] add Math.floor and String.charAt to knownNatives >+JSString* FASTCALL >+builtin_String_p_charAt(JSContext* cx, JSString* str, jsint i) >+{ >+ return builtin_String_getelem(cx, str, i); > } Might as well just use builtin_String_getelem here, save a bit of code size.
Attachment #333120 -
Flags: review?(shaver) → review+
Comment on attachment 333120 [details] [diff] [review] add Math.floor and String.charAt to knownNatives > { js_math_sin, F_Math_sin, "", "d", INFALLIBLE, }, > { js_math_cos, F_Math_cos, "", "d", INFALLIBLE, }, > { js_math_pow, F_Math_pow, "", "dd", INFALLIBLE, }, > { js_math_sqrt, F_Math_sqrt, "", "d", INFALLIBLE, }, >+ { js_math_floor, F_Math_floor, "", "d", INFALLIBLE, }, > { js_str_substring, F_String_p_substring, "TC", "ii", FAIL_NULL, }, > { js_str_substring, F_String_p_substring_1, "TC", "i", FAIL_NULL, }, > { js_str_fromCharCode, F_String_fromCharCode, "C", "i", FAIL_NULL, }, > { js_str_charCodeAt, F_String_p_charCodeAt, "T", "i", FAIL_NEG, }, >- { js_math_random, F_Math_random, "R", "", INFALLIBLE, } >+ { js_str_charAt, F_String_p_charAt, "C", "i", FAIL_NULL, }, >+ { js_math_random, F_Math_random, "R", "", INFALLIBLE, }, > }; Missed this until Rob mentioned a crash: String_p_charAt wants "TC", "i", I think -- like js_str_substring_1 -- since it wants to see (JSContext, JSString (this), jsint).
Assignee | ||
Updated•16 years ago
|
Assignee: general → sayrer
Assignee | ||
Updated•16 years ago
|
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 4•16 years ago
|
||
http://hg.mozilla.org/index.cgi/tracemonkey/rev/ce02fcaa233d
Updated•16 years ago
|
Flags: in-testsuite-
Flags: in-litmus-
You need to log in
before you can comment on or make changes to this bug.
Description
•