Merge branch 'gl2engine-new-shaders' into graphics-master

Conflicts: src/gui/painting/qpaintengine_raster.cpp
author: Tom Cooksey <thomas.cooksey@nokia.com> 2009-05-06 11:05:02 (GMT)
committer: Tom Cooksey <thomas.cooksey@nokia.com> 2009-05-06 11:05:02 (GMT)
commit: 6395cd6d6ccbf0c15f77ef3061a0bac7189c575b (patch)
tree: 1322b249c2c935394a491c4dbfe531e6b97ab580 /src/3rdparty/webkit/JavaScriptCore
parent: ae3c71bcc588f4b11158cb943c7dd453f066efc6 (diff)
parent: 7d6281973f8b0a5b53e63952f0d03624e6020454 (diff)
download: Qt-6395cd6d6ccbf0c15f77ef3061a0bac7189c575b.zip
Qt-6395cd6d6ccbf0c15f77ef3061a0bac7189c575b.tar.gz
Qt-6395cd6d6ccbf0c15f77ef3061a0bac7189c575b.tar.bz2
6 files changed, 67 insertions, 5 deletions
diff --git a/src/3rdparty/webkit/JavaScriptCore/ChangeLog b/src/3rdparty/webkit/JavaScriptCore/ChangeLog
index fe85bb9..3321570 100644
--- a/src/3rdparty/webkit/JavaScriptCore/ChangeLog
+++ b/src/3rdparty/webkit/JavaScriptCore/ChangeLog
@@ -1,3 +1,60 @@
+2009-01-22  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        <rdar://problem/6516853> (r39682-r39736) JSFunFuzz: crash on "(function(){({ x2: x }), })()"
+        <https://bugs.webkit.org/show_bug.cgi?id=23479>
+
+        Automatic semicolon insertion was resulting in this being accepted in the initial
+        nodeless parsing, but subsequent reparsing for code generation would fail, leading
+        to a crash.  The solution is to ensure that reparsing a function performs parsing
+        in the same state as the initial parse.  We do this by modifying the saved source
+        ranges to include rather than exclude the opening and closing braces.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::reparseForExceptionInfoIfNecessary): add an assertion for successful recompile
+        * parser/Lexer.h:
+        (JSC::Lexer::sourceCode): include rather than exclude braces.
+        * parser/Nodes.h:
+        (JSC::FunctionBodyNode::toSourceString):  No need to append braces anymore.
+
+2009-01-21  Alexey Proskuryakov  <ap@webkit.org>
+
+        Suggested by Oliver Hunt. Reviewed by Oliver Hunt.
+
+        https://bugs.webkit.org/show_bug.cgi?id=23456
+        Function argument names leak
+
+        * parser/Nodes.cpp: (JSC::FunctionBodyNode::~FunctionBodyNode): Destruct parameter names.
+
+2009-01-22  Beth Dakin  <bdakin@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Fix for https://bugs.webkit.org/show_bug.cgi?id=23461 LayoutTests/
+        fast/js/numeric-conversion.html is broken, and corresponding 
+        <rdar://problem/6514842>
+
+        The basic problem here is that parseInt(Infinity) should be NaN, 
+        but we were returning 0. NaN matches Safari 3.2.1 and Firefox.
+
+        * runtime/JSGlobalObjectFunctions.cpp:
+        (JSC::globalFuncParseInt):
+
+2009-01-13  Beth Dakin  <bdakin@apple.com>
+
+        Reviewed by Darin Adler and Oliver Hunt.
+
+        <rdar://problem/6489314> REGRESSION: Business widget's front side 
+        fails to render correctly when flipping widget
+
+        The problem here is that parseInt was parsing NaN as 0. This patch 
+        corrects that by parsing NaN as NaN. This matches our old behavior 
+        and Firefox. 
+
+        * runtime/JSGlobalObjectFunctions.cpp:
+        (JSC::globalFuncParseInt):
+
 2009-02-13  Adam Treat  <adam.treat@torchmobile.com>
 
         Reviewed by George Staikos.
diff --git a/src/3rdparty/webkit/JavaScriptCore/bytecode/CodeBlock.cpp b/src/3rdparty/webkit/JavaScriptCore/bytecode/CodeBlock.cpp
index 91fb1c0..9207c8a 100644
--- a/src/3rdparty/webkit/JavaScriptCore/bytecode/CodeBlock.cpp
+++ b/src/3rdparty/webkit/JavaScriptCore/bytecode/CodeBlock.cpp
@@ -1397,6 +1397,7 @@ void CodeBlock::reparseForExceptionInfoIfNecessary(CallFrame* callFrame)
         case FunctionCode: {
             FunctionBodyNode* ownerFunctionBodyNode = static_cast<FunctionBodyNode*>(m_ownerNode);
             RefPtr<FunctionBodyNode> newFunctionBody = m_globalData->parser->reparse<FunctionBodyNode>(m_globalData, ownerFunctionBodyNode);
+            ASSERT(newFunctionBody);
             newFunctionBody->finishParsing(ownerFunctionBodyNode->copyParameters(), ownerFunctionBodyNode->parameterCount());
             CodeBlock& newCodeBlock = newFunctionBody->bytecodeForExceptionInfoReparse(scopeChain);
             ASSERT(newCodeBlock.m_exceptionInfo);
diff --git a/src/3rdparty/webkit/JavaScriptCore/parser/Lexer.h b/src/3rdparty/webkit/JavaScriptCore/parser/Lexer.h
index cb553af..afcf09f 100644
--- a/src/3rdparty/webkit/JavaScriptCore/parser/Lexer.h
+++ b/src/3rdparty/webkit/JavaScriptCore/parser/Lexer.h
@@ -88,7 +88,7 @@ namespace JSC {
         bool sawError() const { return m_error; }
 
         void clear();
-        SourceCode sourceCode(int openBrace, int closeBrace, int firstLine) { return SourceCode(m_source->provider(), openBrace + 1, closeBrace, firstLine); }
+        SourceCode sourceCode(int openBrace, int closeBrace, int firstLine) { return SourceCode(m_source->provider(), openBrace, closeBrace + 1, firstLine); }
 
     private:
         friend class JSGlobalData;
diff --git a/src/3rdparty/webkit/JavaScriptCore/parser/Nodes.cpp b/src/3rdparty/webkit/JavaScriptCore/parser/Nodes.cpp
index bdc5d2f..201af28 100644
--- a/src/3rdparty/webkit/JavaScriptCore/parser/Nodes.cpp
+++ b/src/3rdparty/webkit/JavaScriptCore/parser/Nodes.cpp
@@ -2552,6 +2552,8 @@ FunctionBodyNode::FunctionBodyNode(JSGlobalData* globalData, SourceElements* chi
 FunctionBodyNode::~FunctionBodyNode()
 {
     ASSERT(!m_refCount);
+    for (size_t i = 0; i < m_parameterCount; ++i)
+        m_parameters[i].~Identifier();
     fastFree(m_parameters);
 }
 
diff --git a/src/3rdparty/webkit/JavaScriptCore/parser/Nodes.h b/src/3rdparty/webkit/JavaScriptCore/parser/Nodes.h
index f8512f7..20885c3 100644
--- a/src/3rdparty/webkit/JavaScriptCore/parser/Nodes.h
+++ b/src/3rdparty/webkit/JavaScriptCore/parser/Nodes.h
@@ -2205,7 +2205,7 @@ namespace JSC {
         void finishParsing(const SourceCode&, ParameterNode*);
         void finishParsing(Identifier* parameters, size_t parameterCount);
         
-        UString toSourceString() const JSC_FAST_CALL { return UString("{") + source().toString() + UString("}"); }
+        UString toSourceString() const JSC_FAST_CALL { return source().toString(); }
 
         // These objects are ref/deref'd a lot in the scope chain, so this is a faster ref/deref.
         // If the virtual machine changes so this doesn't happen as much we can change back.
diff --git a/src/3rdparty/webkit/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp b/src/3rdparty/webkit/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
index f12d2f3..ecdddcf 100644
--- a/src/3rdparty/webkit/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
+++ b/src/3rdparty/webkit/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
@@ -302,9 +302,11 @@ JSValuePtr globalFuncParseInt(ExecState* exec, JSObject*, JSValuePtr, const ArgL
         if (JSImmediate::isImmediate(value))
             return value;
         double d = value->uncheckedGetNumber();
-        if (!isfinite(d))
-            return JSImmediate::zeroImmediate();
-        return jsNumber(exec, floor(d));
+        if (isfinite(d))
+            return jsNumber(exec, floor(d));
+        if (isnan(d) || isinf(d))
+            return jsNaN(&exec->globalData());
+        return JSImmediate::zeroImmediate();
     }
 
     return jsNumber(exec, parseInt(value->toString(exec), radix));
author	Tom Cooksey <thomas.cooksey@nokia.com>	2009-05-06 11:05:02 (GMT)
committer	Tom Cooksey <thomas.cooksey@nokia.com>	2009-05-06 11:05:02 (GMT)
commit	6395cd6d6ccbf0c15f77ef3061a0bac7189c575b (patch)
tree	1322b249c2c935394a491c4dbfe531e6b97ab580 /src/3rdparty/webkit/JavaScriptCore
parent	ae3c71bcc588f4b11158cb943c7dd453f066efc6 (diff)
parent	7d6281973f8b0a5b53e63952f0d03624e6020454 (diff)
download	Qt-6395cd6d6ccbf0c15f77ef3061a0bac7189c575b.zip Qt-6395cd6d6ccbf0c15f77ef3061a0bac7189c575b.tar.gz Qt-6395cd6d6ccbf0c15f77ef3061a0bac7189c575b.tar.bz2