-
oliver@apple.com authored
Reviewed by Gavin Barraclough. [jsfunfuzz] parser doesn't enforce continue restrictions correctly. https://bugs.webkit.org/show_bug.cgi?id=52493 Add a few tests for continue to cover the cases where continue isn't syntactically valid. * fast/js/js-continue-break-restrictions-expected.txt: Added. * fast/js/js-continue-break-restrictions.html: Added. * fast/js/script-tests/js-continue-break-restrictions.js: Added. 2011-01-14 Oliver Hunt <oliver@apple.com> Reviewed by Gavin Barraclough. [jsfunfuzz] parser doesn't enforce continue restrictions correctly. https://bugs.webkit.org/show_bug.cgi?id=52493 This patch reworks handling of break, continue and label statements to correctly handle all the valid and invalid cases. Previously certain errors would be missed by the parser in strict mode, but the bytecode generator needed to handle those cases for non-strict code so nothing failed, it simply became non-standard behaviour. Now that we treat break and continue errors as early faults in non-strict mode as well that safety net has been removed so the parser bugs result in crashes at codegen time. * parser/JSParser.cpp: (JSC::JSParser::ScopeLabelInfo::ScopeLabelInfo): (JSC::JSParser::next): (JSC::JSParser::nextTokenIsColon): (JSC::JSParser::continueIsValid): Continue is only valid in loops so we can't use breakIsValid() (JSC::JSParser::pushLabel): We now track whether the label is for a loop (and is therefore a valid target for continue. (JSC::JSParser::popLabel): (JSC::JSParser::getLabel): Replace hasLabel with getLabel so that we can validate the target when parsing continue statements. (JSC::JSParser::Scope::continueIsValid): (JSC::JSParser::Scope::pushLabel): (JSC::JSParser::Scope::getLabel): (JSC::JSParser::JSParser): (JSC::JSParser::parseBreakStatement): (JSC::JSParser::parseContinueStatement): (JSC::LabelInfo::LabelInfo): (JSC::JSParser::parseExpressionOrLabelStatement): Consecutive labels now get handled iteratively so that we can determine whether they're valid targets for continue. * parser/Lexer.cpp: (JSC::Lexer::nextTokenIsColon): * parser/Lexer.h: (JSC::Lexer::setOffset): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@75852 268f45cc-cd09-0410-ab3c-d52691b4dbfc
1a6a9f7b