1. 25 Jan, 2011 1 commit
  2. 14 Jan, 2011 1 commit
    • oliver@apple.com's avatar
      2011-01-14 Oliver Hunt <oliver@apple.com> · 1a6a9f7b
      oliver@apple.com authored
              Reviewed by Gavin Barraclough.
      
              [jsfunfuzz] parser doesn't enforce continue restrictions correctly.
              https://bugs.webkit.org/show_bug.cgi?id=52493
      
              Add a few tests for continue to cover the cases where continue
              isn't syntactically valid.
      
              * fast/js/js-continue-break-restrictions-expected.txt: Added.
              * fast/js/js-continue-break-restrictions.html: Added.
              * fast/js/script-tests/js-continue-break-restrictions.js: Added.
      2011-01-14  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Gavin Barraclough.
      
              [jsfunfuzz] parser doesn't enforce continue restrictions correctly.
              https://bugs.webkit.org/show_bug.cgi?id=52493
      
              This patch reworks handling of break, continue and label statements
              to correctly handle all the valid and invalid cases.  Previously certain
              errors would be missed by the parser in strict mode, but the bytecode
              generator needed to handle those cases for non-strict code so nothing
              failed, it simply became non-standard behaviour.
      
              Now that we treat break and continue errors as early faults in non-strict
              mode as well that safety net has been removed so the parser bugs result in
              crashes at codegen time.
      
              * parser/JSParser.cpp:
              (JSC::JSParser::ScopeLabelInfo::ScopeLabelInfo):
              (JSC::JSParser::next):
              (JSC::JSParser::nextTokenIsColon):
              (JSC::JSParser::continueIsValid):
                  Continue is only valid in loops so we can't use breakIsValid()
              (JSC::JSParser::pushLabel):
                  We now track whether the label is for a loop (and is therefore a
                  valid target for continue.
              (JSC::JSParser::popLabel):
              (JSC::JSParser::getLabel):
                  Replace hasLabel with getLabel so that we can validate the target
                  when parsing continue statements.
              (JSC::JSParser::Scope::continueIsValid):
              (JSC::JSParser::Scope::pushLabel):
              (JSC::JSParser::Scope::getLabel):
              (JSC::JSParser::JSParser):
              (JSC::JSParser::parseBreakStatement):
              (JSC::JSParser::parseContinueStatement):
              (JSC::LabelInfo::LabelInfo):
              (JSC::JSParser::parseExpressionOrLabelStatement):
                  Consecutive labels now get handled iteratively so that we can determine
                  whether they're valid targets for continue.
              * parser/Lexer.cpp:
              (JSC::Lexer::nextTokenIsColon):
              * parser/Lexer.h:
              (JSC::Lexer::setOffset):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@75852 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1a6a9f7b