diff options
Diffstat (limited to '')
-rw-r--r-- | js/src/jit-test/tests/arrays/bug1897150-1.js | 9 | ||||
-rw-r--r-- | js/src/jit-test/tests/arrays/bug1897150-2.js | 9 | ||||
-rw-r--r-- | js/src/jit/TrampolineNatives.cpp | 6 |
3 files changed, 24 insertions, 0 deletions
diff --git a/js/src/jit-test/tests/arrays/bug1897150-1.js b/js/src/jit-test/tests/arrays/bug1897150-1.js new file mode 100644 index 0000000000..d7a26fb41a --- /dev/null +++ b/js/src/jit-test/tests/arrays/bug1897150-1.js @@ -0,0 +1,9 @@ +var arr = [1,2,3,4] +var global = 1; + +var comparator = function(a, b) { + assertEq(this.global, 1); + return b - a; +} + +arr.sort(comparator); diff --git a/js/src/jit-test/tests/arrays/bug1897150-2.js b/js/src/jit-test/tests/arrays/bug1897150-2.js new file mode 100644 index 0000000000..53f78a8a45 --- /dev/null +++ b/js/src/jit-test/tests/arrays/bug1897150-2.js @@ -0,0 +1,9 @@ +var typedArr = Uint8Array.from([1,2,3,4]) +var global = 1; + +var comparator = function(a, b) { + assertEq(this.global, 1); + return b - a; +} + +typedArr.sort(comparator); diff --git a/js/src/jit/TrampolineNatives.cpp b/js/src/jit/TrampolineNatives.cpp index 0bde6d9985..e22023f8dd 100644 --- a/js/src/jit/TrampolineNatives.cpp +++ b/js/src/jit/TrampolineNatives.cpp @@ -86,6 +86,8 @@ uint32_t JitRuntime::generateArraySortTrampoline(MacroAssembler& masm) { -int32_t(FrameSize) + ArraySortData::offsetOfComparatorReturnValue(); constexpr int32_t DescriptorOffset = -int32_t(FrameSize) + ArraySortData::offsetOfDescriptor(); + constexpr int32_t ComparatorThisOffset = + -int32_t(FrameSize) + ArraySortData::offsetOfComparatorThis(); #ifdef JS_USE_LINK_REGISTER masm.pushReturnAddress(); @@ -146,6 +148,8 @@ uint32_t JitRuntime::generateArraySortTrampoline(MacroAssembler& masm) { Label callDone, jitCallFast, jitCallSlow; masm.bind(&jitCallFast); { + masm.storeValue(UndefinedValue(), + Address(FramePointer, ComparatorThisOffset)); masm.storePtr(ImmWord(jitCallDescriptor), Address(FramePointer, DescriptorOffset)); masm.loadPtr(Address(FramePointer, ComparatorOffset), temp0); @@ -155,6 +159,8 @@ uint32_t JitRuntime::generateArraySortTrampoline(MacroAssembler& masm) { } masm.bind(&jitCallSlow); { + masm.storeValue(UndefinedValue(), + Address(FramePointer, ComparatorThisOffset)); masm.storePtr(ImmWord(jitCallDescriptor), Address(FramePointer, DescriptorOffset)); masm.loadPtr(Address(FramePointer, ComparatorOffset), temp0); |