8011357: Array.prototype.slice and Array.prototype.splice should not call user defined valueOf of start, end arguments more than once
Reviewed-by: lagergren, hannesw
--- a/nashorn/src/jdk/nashorn/internal/objects/NativeArray.java Tue Apr 02 23:01:10 2013 +0530
+++ b/nashorn/src/jdk/nashorn/internal/objects/NativeArray.java Wed Apr 03 11:41:42 2013 +0530
@@ -754,8 +754,9 @@
final Object obj = Global.toObject(self);
final ScriptObject sobj = (ScriptObject)obj;
final long len = JSType.toUint32(sobj.getLength());
- final long relativeStartUint32 = JSType.toUint32(start);
- final long relativeStart = JSType.toInteger(start);
+ final double startNum = JSType.toNumber(start);
+ final long relativeStartUint32 = JSType.toUint32(startNum);
+ final long relativeStart = JSType.toInteger(startNum);
long k = relativeStart < 0 ?
Math.max(len + relativeStart, 0) :
@@ -763,8 +764,9 @@
Math.max(relativeStartUint32, relativeStart),
len);
- final long relativeEndUint32 = end == ScriptRuntime.UNDEFINED ? len : JSType.toUint32(end);
- final long relativeEnd = end == ScriptRuntime.UNDEFINED ? len : JSType.toInteger(end);
+ final double endNum = (end == ScriptRuntime.UNDEFINED)? Double.NaN : JSType.toNumber(end);
+ final long relativeEndUint32 = (end == ScriptRuntime.UNDEFINED)? len : JSType.toUint32(endNum);
+ final long relativeEnd = (end == ScriptRuntime.UNDEFINED)? len : JSType.toInteger(endNum);
final long finale = relativeEnd < 0 ?
Math.max(len + relativeEnd, 0) :
@@ -895,8 +897,9 @@
final ScriptObject sobj = (ScriptObject)obj;
final boolean strict = Global.isStrict();
final long len = JSType.toUint32(sobj.getLength());
- final long relativeStartUint32 = JSType.toUint32(start);
- final long relativeStart = JSType.toInteger(start);
+ final double startNum = JSType.toNumber(start);
+ final long relativeStartUint32 = JSType.toUint32(startNum);
+ final long relativeStart = JSType.toInteger(startNum);
//TODO: workaround overflow of relativeStart for start > Integer.MAX_VALUE
final long actualStart = relativeStart < 0 ?
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/nashorn/test/script/basic/JDK-8011357.js Wed Apr 03 11:41:42 2013 +0530
@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * JDK-8011357: Array.prototype.slice and Array.prototype.splice should not call user defined valueOf of start, end arguments more than once
+ *
+ * @test
+ * @run
+ */
+
+var startValueOf = 0;
+var endValueOf = 0;
+
+[].slice(
+ {
+ valueOf: function() {
+ startValueOf++;
+ }
+ },
+ {
+ valueOf: function() {
+ endValueOf++;
+ }
+ }
+);
+
+if (startValueOf !== 1) {
+ fail("Array.prototype.slice should call valueOf on start arg once");
+}
+
+if (endValueOf !== 1) {
+ fail("Array.prototype.slice should call valueOf on end arg once");
+}
+
+startValueOf = 0;
+
+[].splice(
+ {
+ valueOf: function() {
+ startValueOf++;
+ }
+ }
+);
+
+if (startValueOf !== 1) {
+ fail("Array.prototype.splice should call valueOf on start arg once");
+}
+