From e98a39819211dd8401dd18668a5e0ca8fe2ac025 Mon Sep 17 00:00:00 2001 From: Robert Fancsik Date: Mon, 25 May 2020 16:31:50 +0200 Subject: [PATCH] Fix lazy property listing for [[Enumerate]] This patch fixes #3784. JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik frobert@inf.u-szeged.hu --- jerry-core/ecma/operations/ecma-objects.c | 19 +++++------ .../es2015/regression-test-issue-3784.js | 32 +++++++++++++++++++ 2 files changed, 40 insertions(+), 11 deletions(-) create mode 100644 tests/jerry/es2015/regression-test-issue-3784.js diff --git a/jerry-core/ecma/operations/ecma-objects.c b/jerry-core/ecma/operations/ecma-objects.c index 7f7e3b5c92..374bf30da3 100644 --- a/jerry-core/ecma/operations/ecma-objects.c +++ b/jerry-core/ecma/operations/ecma-objects.c @@ -2061,8 +2061,6 @@ ecma_op_object_get_property_names (ecma_object_t *obj_p, /**< object */ ecma_collection_t *ret_p = ecma_new_collection (); ecma_collection_t *skipped_non_enumerable_p = ecma_new_collection (); - const ecma_object_type_t type = ecma_get_object_type (obj_p); - const bool obj_is_builtin = ecma_get_object_is_builtin (obj_p); const bool is_enumerable_only = (opts & ECMA_LIST_ENUMERABLE) != 0; const bool is_array_indices_only = (opts & ECMA_LIST_ARRAY_INDICES) != 0; const bool is_with_prototype_chain = (opts & ECMA_LIST_PROTOTYPE) != 0; @@ -2077,10 +2075,10 @@ ecma_op_object_get_property_names (ecma_object_t *obj_p, /**< object */ memset (names_hashes_bitmap, 0, names_hashes_bitmap_size * sizeof (names_hashes_bitmap[0])); - ecma_object_t *prototype_chain_iter_p = obj_p; - while (true) { + const ecma_object_type_t type = ecma_get_object_type (obj_p); + const bool obj_is_builtin = ecma_get_object_is_builtin (obj_p); ecma_length_t string_named_properties_count = 0; ecma_length_t array_index_named_properties_count = 0; #if ENABLED (JERRY_ES2015) @@ -2232,14 +2230,14 @@ ecma_op_object_get_property_names (ecma_object_t *obj_p, /**< object */ } } - jmem_cpointer_t prop_iter_cp = prototype_chain_iter_p->u1.property_list_cp; + jmem_cpointer_t prop_iter_cp = obj_p->u1.property_list_cp; - if (ecma_op_object_is_fast_array (prototype_chain_iter_p) && prop_iter_cp != JMEM_CP_NULL) + if (ecma_op_object_is_fast_array (obj_p) && prop_iter_cp != JMEM_CP_NULL) { - ecma_extended_object_t *ext_obj_p = (ecma_extended_object_t *) prototype_chain_iter_p; + ecma_extended_object_t *ext_obj_p = (ecma_extended_object_t *) obj_p; uint32_t length = ext_obj_p->u.array.length; - array_index_named_properties_count = length - ecma_fast_array_get_hole_count (prototype_chain_iter_p); + array_index_named_properties_count = length - ecma_fast_array_get_hole_count (obj_p); ecma_value_t *values_p = ECMA_GET_NON_NULL_POINTER (ecma_value_t, prop_iter_cp); @@ -2571,13 +2569,12 @@ ecma_op_object_get_property_names (ecma_object_t *obj_p, /**< object */ JMEM_FINALIZE_LOCAL_ARRAY (names_p); - if (!is_with_prototype_chain || prototype_chain_iter_p->u2.prototype_cp == JMEM_CP_NULL) + if (!is_with_prototype_chain || obj_p->u2.prototype_cp == JMEM_CP_NULL) { break; } - prototype_chain_iter_p = ECMA_GET_NON_NULL_POINTER (ecma_object_t, - prototype_chain_iter_p->u2.prototype_cp); + obj_p = ECMA_GET_NON_NULL_POINTER (ecma_object_t, obj_p->u2.prototype_cp); } ecma_collection_free (skipped_non_enumerable_p); diff --git a/tests/jerry/es2015/regression-test-issue-3784.js b/tests/jerry/es2015/regression-test-issue-3784.js new file mode 100644 index 0000000000..f3f905e364 --- /dev/null +++ b/tests/jerry/es2015/regression-test-issue-3784.js @@ -0,0 +1,32 @@ +// Copyright JS Foundation and other contributors, http://js.foundation +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +var expected = ['0', '1', '2', '3', '4', '5']; +var actual = []; + +var v1 = typeof 13.37; +var v3 = Object(v1); +var v5 = [13.37,13.37]; +var v6 = [v5]; +v3.__proto__ = v6; + +for (var v7 in v3) { + actual.push(v7); +} + +assert(actual.length === expected.length); + +for (var i = 0; i < actual.length; i++) { + assert(actual[i] === expected[i]); +}