[Webkit-unassigned] [Bug 40372] New: CodeGeneratorJS.pm incorrectly increments $paramIndex when a method is declared with [CallWith]

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jun 9 11:16:03 PDT 2010 

https://bugs.webkit.org/show_bug.cgi?id=40372

           Summary: CodeGeneratorJS.pm incorrectly increments $paramIndex
                    when a method is declared with [CallWith]
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: andreip at google.com
                CC: jorlow at chromium.org


CodeGeneratorJS.pm allows IDL methods to be declared with extended attribute [CallWith=SomeType]. This allows the bindings to insert an additional argument of type SomeType when calling the C++ implementation of the method. This means that the number of arguments passed to the C++ method may be larger than the number of arguments that were passed to the JS method.

For example, given the following IDL snippet:

[CallWith=ScriptExecutionContext] void foo(in DOMString bar);

The corresponding C++ method is

class SomeClass {
...
void foo(ScriptExecutionContext* context, String bar);
}

The extra parameter ('context') is generated by the bindings code.

Right now, the CodeGeneratorJS script uses a single variable to keep track of both number of arguments: the ones passed from JS and the ones that need to be passed to the C++ method. If a method uses [CallWith], this variable is incremented. Next time a JS argument needs to be extracted, the index will be off by 1. This wasn't detected so far because it appears that all the methods that use [CallWith] do not take any arguments.

However, in http://trac.webkit.org/changeset/60776/ a method was added that used both [CallWith] and also takes several other arguments. When adding layout tests I noticed that, on JSC, all the arguments passed to my method were off by 1. On V8, the behavior is correct.

The right solution seems to be use two counters: one for keeping track of the arguments read from the JS side and one for the actual number of arguments passed to the corresponding C++ method.

Patch and layout test coming.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list