Commit 84c256c3 authored by fpizlo@apple.com's avatar fpizlo@apple.com
Browse files

Nested try/finally should not confuse the finally unpopper in...

Nested try/finally should not confuse the finally unpopper in BytecodeGenerator::emitComplexJumpScopes
https://bugs.webkit.org/show_bug.cgi?id=97508
<rdar://problem/12361132>

Reviewed by Sam Weinig.

Source/JavaScriptCore: 

We're reusing some vector for multiple iterations of a loop, but we were forgetting to clear its
contents from one iteration to the next. Hence if you did multiple iterations of finally unpopping
(like in a nested try/finally and a jump out of both of them) then you'd get a corrupted try
context stack afterwards.

* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitComplexJumpScopes):

LayoutTests: 

* fast/js/jsc-test-list:
* fast/js/script-tests/try-try-return-finally-finally.js: Added.
(foo):
* fast/js/try-try-return-finally-finally-expected.txt: Added.
* fast/js/try-try-return-finally-finally.html: Added.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129440 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 60e82368
2012-09-24 Filip Pizlo <fpizlo@apple.com>
Nested try/finally should not confuse the finally unpopper in BytecodeGenerator::emitComplexJumpScopes
https://bugs.webkit.org/show_bug.cgi?id=97508
<rdar://problem/12361132>
Reviewed by Sam Weinig.
* fast/js/jsc-test-list:
* fast/js/script-tests/try-try-return-finally-finally.js: Added.
(foo):
* fast/js/try-try-return-finally-finally-expected.txt: Added.
* fast/js/try-try-return-finally-finally.html: Added.
2012-09-24 Nikhil Bansal <n.bansal@samsung.com>
 
[EFL][WK2] TestRunner needs touch events support.
......@@ -318,6 +318,7 @@ fast/js/toString-for-var-decl
fast/js/toString-number-dot-expr
fast/js/toString-prefix-postfix-preserve-parens
fast/js/toString-recursion
fast/js/try-try-return-finally-finally
fast/js/typeof-codegen-crash
fast/js/typeof-constant-string
fast/js/unexpected-constant-crash
......
description(
"Tests what would happen if you have nested try-finally's with interesting control statements nested within them. The correct outcome is for this test to not crash during bytecompilation."
);
function foo() {
try{
while(a){
try{
if(b){return}
}finally{
c();
}
if(d){return}
}
}finally{
e();
}
}
try {
foo();
} catch (e) {
testPassed("It worked.");
}
Tests what would happen if you have nested try-finally's with interesting control statements nested within them. The correct outcome is for this test to not crash during bytecompilation.
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
PASS It worked.
PASS successfullyParsed is true
TEST COMPLETE
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<html>
<head>
<script src="resources/js-test-pre.js"></script>
</head>
<body>
<script src="script-tests/try-try-return-finally-finally.js"></script>
<script src="resources/js-test-post.js"></script>
</body>
</html>
2012-09-24 Filip Pizlo <fpizlo@apple.com>
Nested try/finally should not confuse the finally unpopper in BytecodeGenerator::emitComplexJumpScopes
https://bugs.webkit.org/show_bug.cgi?id=97508
<rdar://problem/12361132>
Reviewed by Sam Weinig.
We're reusing some vector for multiple iterations of a loop, but we were forgetting to clear its
contents from one iteration to the next. Hence if you did multiple iterations of finally unpopping
(like in a nested try/finally and a jump out of both of them) then you'd get a corrupted try
context stack afterwards.
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitComplexJumpScopes):
2012-09-24 Filip Pizlo <fpizlo@apple.com>
 
ValueToInt32 bool case does bad things to registers
......
......@@ -2483,6 +2483,7 @@ PassRefPtr<Label> BytecodeGenerator::emitComplexJumpScopes(Label* target, Contro
context.start = afterFinally;
m_tryContextStack.append(context);
}
poppedTryContexts.clear();
}
if (flipLabelScopes)
m_labelScopes = savedLabelScopes;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment