1e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke// Copyright 2009 the V8 project authors. All rights reserved.
2e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke// Redistribution and use in source and binary forms, with or without
3e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke// modification, are permitted provided that the following conditions are
4e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke// met:
5e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke//
6e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke//     * Redistributions of source code must retain the above copyright
7e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke//       notice, this list of conditions and the following disclaimer.
8e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke//     * Redistributions in binary form must reproduce the above
9e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke//       copyright notice, this list of conditions and the following
10e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke//       disclaimer in the documentation and/or other materials provided
11e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke//       with the distribution.
12e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke//     * Neither the name of Google Inc. nor the names of its
13e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke//       contributors may be used to endorse or promote products derived
14e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke//       from this software without specific prior written permission.
15e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke//
16e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
17e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
18e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
19e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
20e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
21e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
22e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
26e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke
28e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke// See: http://code.google.com/p/v8/issues/detail?id=545
29e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke// and: http://code.google.com/p/chromium/issues/detail?id=28353
30e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke
31e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke// The "this" variable proxy was reused. If context annotations differ between
32e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke// uses, this can cause a use in a value context to assume a test context. Since
33e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke// it has no true/false labels set, it causes a null-pointer dereference and
34e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke// segmentation fault.
35e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke
36e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke// Code should not crash:
37e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke
38e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke// Original bug report by Robert Swiecki (wrapped to not throw):
39e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarketry {
40e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke new IsPrimitive(load())?this.join():String('
').charCodeAt((!this>Math));
41e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke} catch (e) {}
42e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke
43e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke// Shorter examples:
44e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke
45e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarkethis + !this;
46e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarke
47e46be819fca9468a0cd4e74859ce0f778eb8ca60Leon Clarkethis + (this ? 1 : 2);
48