From 5f8de423f190bbb79a62f804151bc24824fa32d8 Mon Sep 17 00:00:00 2001 From: "Matt A. Tobin" Date: Fri, 2 Feb 2018 04:16:08 -0500 Subject: Add m-esr52 at 52.6.0 --- .../Object/clear-dictionary-accessor-getset.js | 55 ++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 js/src/tests/ecma_5/Object/clear-dictionary-accessor-getset.js (limited to 'js/src/tests/ecma_5/Object/clear-dictionary-accessor-getset.js') diff --git a/js/src/tests/ecma_5/Object/clear-dictionary-accessor-getset.js b/js/src/tests/ecma_5/Object/clear-dictionary-accessor-getset.js new file mode 100644 index 000000000..f0d9e11ca --- /dev/null +++ b/js/src/tests/ecma_5/Object/clear-dictionary-accessor-getset.js @@ -0,0 +1,55 @@ +/* + * Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/licenses/publicdomain/ + */ + +var gTestfile = "clear-dictionary-accessor-getset.js"; +var BUGNUMBER = 1082662; +var summary = + "Properly handle GC of a dictionary accessor property whose [[Get]] or " + + "[[Set]] has been changed to |undefined|"; + +print(BUGNUMBER + ": " + summary); + +/************** + * BEGIN TEST * + **************/ + +function test(field) +{ + var prop = "[[" + field[0].toUpperCase() + field.substring(1) + "]]"; + print("Testing for GC crashes after setting " + prop + " to undefined..."); + + function inner() + { + // Create an object with an accessor property. + var obj = { x: 42, get y() {}, set y(v) {} }; + + // 1) convert it to dictionary mode, in the process 2) creating a new + // version of that accessor property whose [[Get]] and [[Set]] are objects + // that trigger post barriers. + delete obj.x; + + var desc = {}; + desc[field] = undefined; + + // Overwrite [[field]] with undefined. Note #1 above is necessary so this + // is an actual *overwrite*, and not (possibly) a shape-tree fork that + // doesn't overwrite. + Object.defineProperty(obj, "y", desc); + + } + + inner(); + gc(); // In unfixed code, this crashes trying to mark a null [[field]]. +} + +test("get"); +test("set"); + +/******************************************************************************/ + +if (typeof reportCompare === "function") + reportCompare(true, true); + +print("Tests complete"); -- cgit v1.2.3