Skip to content
  • oliver@apple.com's avatar
    2011-01-14 Oliver Hunt <oliver@apple.com> · 1a6a9f7b
    oliver@apple.com authored
            Reviewed by Gavin Barraclough.
    
            [jsfunfuzz] parser doesn't enforce continue restrictions correctly.
            https://bugs.webkit.org/show_bug.cgi?id=52493
    
            Add a few tests for continue to cover the cases where continue
            isn't syntactically valid.
    
            * fast/js/js-continue-break-restrictions-expected.txt: Added.
            * fast/js/js-continue-break-restrictions.html: Added.
            * fast/js/script-tests/js-continue-break-restrictions.js: Added.
    2011-01-14  Oliver Hunt  <oliver@apple.com>
    
            Reviewed by Gavin Barraclough.
    
            [jsfunfuzz] parser doesn't enforce continue restrictions correctly.
            https://bugs.webkit.org/show_bug.cgi?id=52493
    
            This patch reworks handling of break, continue and label statements
            to correctly handle all the valid and invalid cases.  Previously certain
            errors would be missed by the parser in strict mode, but the bytecode
            generator needed to handle those cases for non-strict code so nothing
            failed, it simply became non-standard behaviour.
    
            Now that we treat break and continue errors as early faults in non-strict
            mode as well that safety net has been removed so the parser bugs result in
            crashes at codegen time.
    
            * parser/JSParser.cpp:
            (JSC::JSParser::ScopeLabelInfo::ScopeLabelInfo):
            (JSC::JSParser::next):
            (JSC::JSParser::nextTokenIsColon):
            (JSC::JSParser::continueIsValid):
                Continue is only valid in loops so we can't use breakIsValid()
            (JSC::JSParser::pushLabel):
                We now track whether the label is for a loop (and is therefore a
                valid target for continue.
            (JSC::JSParser::popLabel):
            (JSC::JSParser::getLabel):
                Replace hasLabel with getLabel so that we can validate the target
                when parsing continue statements.
            (JSC::JSParser::Scope::continueIsValid):
            (JSC::JSParser::Scope::pushLabel):
            (JSC::JSParser::Scope::getLabel):
            (JSC::JSParser::JSParser):
            (JSC::JSParser::parseBreakStatement):
            (JSC::JSParser::parseContinueStatement):
            (JSC::LabelInfo::LabelInfo):
            (JSC::JSParser::parseExpressionOrLabelStatement):
                Consecutive labels now get handled iteratively so that we can determine
                whether they're valid targets for continue.
            * parser/Lexer.cpp:
            (JSC::Lexer::nextTokenIsColon):
            * parser/Lexer.h:
            (JSC::Lexer::setOffset):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@75852 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    1a6a9f7b