fix some bugs

issue: https://gitee.com/openharmony/ark_js_runtime/issues/I56MV6?from=project-issue 1. variable used but not initialized, which causes gc bugs 2. taggedvalue used after gc, which causes gc bugs Signed-off-by: lukai <lukai25@huawei.com> Change-Id: I35814a58ab0cb1e0a296f0ed9c314d7b097eafa3
2024-10-07 08:03:29 +00:00 · 2022-05-10 10:28:26 +08:00 · 2022-05-10 10:28:26 +08:00 · 08e6ca6b6e
commit 08e6ca6b6e
parent 091537cc5c
5 changed files with 9 additions and 7 deletions
--- a/ecmascript/base/typed_array_helper.cpp
+++ b/ecmascript/base/typed_array_helper.cpp
@ -443,7 +443,7 @@ JSHandle<JSObject> TypedArrayHelper::AllocateTypedArrayBuffer(JSThread *thread,

 // es11 22.2.4.7 TypedArraySpeciesCreate ( exemplar, argumentList )
 JSHandle<JSObject> TypedArrayHelper::TypedArraySpeciesCreate(JSThread *thread, const JSHandle<JSObject> &obj,
-                                                             uint32_t argc, const JSTaggedType argv[])
+                                                             uint32_t argc, JSTaggedType argv[])
 {
    // 1. Assert: exemplar is an Object that has [[TypedArrayName]] and [[ContentType]] internal slots.
    // 2. Let defaultConstructor be the intrinsic object listed in column one of Table 61 for
@ -453,6 +453,7 @@ JSHandle<JSObject> TypedArrayHelper::TypedArraySpeciesCreate(JSThread *thread, c
    JSHandle<JSTaggedValue> thisConstructor = JSObject::SpeciesConstructor(thread, obj, defaultConstructor);
    RETURN_VALUE_IF_ABRUPT_COMPLETION(thread, JSHandle<JSObject>(thread, JSTaggedValue::Exception()));
    // 4. Let result be ? TypedArrayCreate(constructor, argumentList).
+    argv[0] = JSTypedArray::Cast(*obj)->GetViewedArrayBuffer().GetRawData();
    JSHandle<JSObject> result = TypedArrayHelper::TypedArrayCreate(thread, thisConstructor, argc, argv);
    RETURN_VALUE_IF_ABRUPT_COMPLETION(thread, JSHandle<JSObject>(thread, JSTaggedValue::Exception()));
    // 5. If result.[[ContentType]] ≠ exemplar.[[ContentType]], throw a TypeError exception.
--- a/ecmascript/base/typed_array_helper.h
+++ b/ecmascript/base/typed_array_helper.h
@ -34,7 +34,7 @@ public:
                                                 const JSHandle<JSTaggedValue> &constructorName,
                                                 const JSHandle<JSTaggedValue> &newTarget, int32_t length);
    static JSHandle<JSObject> TypedArraySpeciesCreate(JSThread *thread, const JSHandle<JSObject> &obj,
-                                                      uint32_t argc, const JSTaggedType argv[]);
+                                                      uint32_t argc, JSTaggedType argv[]);
    static JSHandle<JSObject> TypedArrayCreate(JSThread *thread, const JSHandle<JSTaggedValue> &constructor,
                                               uint32_t argc, const JSTaggedType argv[]);
    static JSTaggedValue ValidateTypedArray(JSThread *thread, const JSHandle<JSTaggedValue> &value);
--- a/ecmascript/builtins/builtins_typedarray.cpp
+++ b/ecmascript/builtins/builtins_typedarray.cpp
@ -1410,11 +1410,12 @@ JSTaggedValue BuiltinsTypedArray::Subarray(EcmaRuntimeCallInfo *argv)
    int32_t beginByteOffset = srcByteOffset + beginIndex * elementSize;
    // 21. Let argumentsList be «buffer, beginByteOffset, newLength».
    // 5. Let buffer be the value of O’s [[ViewedArrayBuffer]] internal slot.
-    JSTaggedValue buffer = JSTypedArray::Cast(*thisObj)->GetViewedArrayBuffer();
    // 22. Return Construct(constructor, argumentsList).
    const size_t argsLength = 3;
    JSTaggedType args[argsLength] = {
-        buffer.GetRawData(), JSTaggedValue(beginByteOffset).GetRawData(), JSTaggedValue(newLength).GetRawData()
+        JSTaggedValue::Undefined().GetRawData(),
+        JSTaggedValue(beginByteOffset).GetRawData(),
+        JSTaggedValue(newLength).GetRawData()
    };
    JSHandle<JSObject> newArr = TypedArrayHelper::TypedArraySpeciesCreate(thread, thisObj, argsLength, args);
    RETURN_EXCEPTION_IF_ABRUPT_COMPLETION(thread);
--- a/ecmascript/builtins/tests/builtins_typedarray_test.cpp
+++ b/ecmascript/builtins/tests/builtins_typedarray_test.cpp
@ -196,8 +196,8 @@ JSTypedArray *CreateTypedArrayFromList(JSThread *thread, const JSHandle<TaggedAr
    JSHandle<JSFunction> int8_array(env->GetInt8ArrayFunction());
    JSHandle<JSObject> globalObject(thread, env->GetGlobalObject());
    //  6 : test case
-    auto ecmaRuntimeCallInfo1 = TestHelper::CreateEcmaRuntimeCallInfo(thread, JSTaggedValue::Undefined(), 6);
-    ecmaRuntimeCallInfo1->SetNewTarget(JSTaggedValue(*int8_array));
+    auto ecmaRuntimeCallInfo1 = TestHelper::CreateEcmaRuntimeCallInfo(thread, JSTaggedValue(*int8_array), 6);
+    ecmaRuntimeCallInfo1->SetFunction(JSTaggedValue(*int8_array));
    ecmaRuntimeCallInfo1->SetThis(JSTaggedValue(*globalObject));
    ecmaRuntimeCallInfo1->SetCallArg(0, jsarray.GetTaggedValue());

--- a/ecmascript/mem/region.h
+++ b/ecmascript/mem/region.h
@ -59,7 +59,7 @@ enum RegionFlags {
 class Region {
 public:
    Region(Space *space, Heap *heap, uintptr_t allocateBase, uintptr_t begin, uintptr_t end, RegionFlags flags)
-        : space_(space), heap_(heap),
+        : flags_(0), space_(space), heap_(heap),
        allocateBase_(allocateBase),
        end_(end),
        highWaterMark_(end),