Diff
Modified: branches/safari-536.28-branch/LayoutTests/ChangeLog (134304 => 134305)
--- branches/safari-536.28-branch/LayoutTests/ChangeLog 2012-11-12 22:22:13 UTC (rev 134304)
+++ branches/safari-536.28-branch/LayoutTests/ChangeLog 2012-11-12 22:25:11 UTC (rev 134305)
@@ -1,5 +1,23 @@
2012-11-12 Lucas Forschler <[email protected]>
+ Merge r129440
+
+ 2012-09-24 Filip Pizlo <[email protected]>
+
+ Nested try/finally should not confuse the finally unpopper in BytecodeGenerator::emitComplexJumpScopes
+ https://bugs.webkit.org/show_bug.cgi?id=97508
+ <rdar://problem/12361132>
+
+ Reviewed by Sam Weinig.
+
+ * fast/js/jsc-test-list:
+ * fast/js/script-tests/try-try-return-finally-finally.js: Added.
+ (foo):
+ * fast/js/try-try-return-finally-finally-expected.txt: Added.
+ * fast/js/try-try-return-finally-finally.html: Added.
+
+2012-11-12 Lucas Forschler <[email protected]>
+
Merge r126718
2012-08-26 Filip Pizlo <[email protected]>
@@ -11375,3 +11393,4 @@
.
.
.
+.
Modified: branches/safari-536.28-branch/LayoutTests/fast/js/jsc-test-list (134304 => 134305)
--- branches/safari-536.28-branch/LayoutTests/fast/js/jsc-test-list 2012-11-12 22:22:13 UTC (rev 134304)
+++ branches/safari-536.28-branch/LayoutTests/fast/js/jsc-test-list 2012-11-12 22:25:11 UTC (rev 134305)
@@ -266,6 +266,7 @@
fast/js/toString-number-dot-expr
fast/js/toString-prefix-postfix-preserve-parens
fast/js/toString-recursion
+fast/js/try-try-return-finally-finally
fast/js/typeof-codegen-crash
fast/js/typeof-constant-string
fast/js/unexpected-constant-crash
Copied: branches/safari-536.28-branch/LayoutTests/fast/js/script-tests/try-try-return-finally-finally.js (from rev 129440, trunk/LayoutTests/fast/js/script-tests/try-try-return-finally-finally.js) (0 => 134305)
--- branches/safari-536.28-branch/LayoutTests/fast/js/script-tests/try-try-return-finally-finally.js (rev 0)
+++ branches/safari-536.28-branch/LayoutTests/fast/js/script-tests/try-try-return-finally-finally.js 2012-11-12 22:25:11 UTC (rev 134305)
@@ -0,0 +1,25 @@
+description(
+"Tests what would happen if you have nested try-finally's with interesting control statements nested within them. The correct outcome is for this test to not crash during bytecompilation."
+);
+
+function foo() {
+ try{
+ while(a){
+ try{
+ if(b){return}
+ }finally{
+ c();
+ }
+ if(d){return}
+ }
+ }finally{
+ e();
+ }
+}
+
+try {
+ foo();
+} catch (e) {
+ testPassed("It worked.");
+}
+
Copied: branches/safari-536.28-branch/LayoutTests/fast/js/try-try-return-finally-finally-expected.txt (from rev 129440, trunk/LayoutTests/fast/js/try-try-return-finally-finally-expected.txt) (0 => 134305)
--- branches/safari-536.28-branch/LayoutTests/fast/js/try-try-return-finally-finally-expected.txt (rev 0)
+++ branches/safari-536.28-branch/LayoutTests/fast/js/try-try-return-finally-finally-expected.txt 2012-11-12 22:25:11 UTC (rev 134305)
@@ -0,0 +1,10 @@
+Tests what would happen if you have nested try-finally's with interesting control statements nested within them. The correct outcome is for this test to not crash during bytecompilation.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS It worked.
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Copied: branches/safari-536.28-branch/LayoutTests/fast/js/try-try-return-finally-finally.html (from rev 129440, trunk/LayoutTests/fast/js/try-try-return-finally-finally.html) (0 => 134305)
--- branches/safari-536.28-branch/LayoutTests/fast/js/try-try-return-finally-finally.html (rev 0)
+++ branches/safari-536.28-branch/LayoutTests/fast/js/try-try-return-finally-finally.html 2012-11-12 22:25:11 UTC (rev 134305)
@@ -0,0 +1,10 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src=""
+</head>
+<body>
+<script src=""
+<script src=""
+</body>
+</html>
Modified: branches/safari-536.28-branch/Source/_javascript_Core/ChangeLog (134304 => 134305)
--- branches/safari-536.28-branch/Source/_javascript_Core/ChangeLog 2012-11-12 22:22:13 UTC (rev 134304)
+++ branches/safari-536.28-branch/Source/_javascript_Core/ChangeLog 2012-11-12 22:25:11 UTC (rev 134305)
@@ -1,5 +1,25 @@
2012-11-12 Lucas Forschler <[email protected]>
+ Merge r129440
+
+ 2012-09-24 Filip Pizlo <[email protected]>
+
+ Nested try/finally should not confuse the finally unpopper in BytecodeGenerator::emitComplexJumpScopes
+ https://bugs.webkit.org/show_bug.cgi?id=97508
+ <rdar://problem/12361132>
+
+ Reviewed by Sam Weinig.
+
+ We're reusing some vector for multiple iterations of a loop, but we were forgetting to clear its
+ contents from one iteration to the next. Hence if you did multiple iterations of finally unpopping
+ (like in a nested try/finally and a jump out of both of them) then you'd get a corrupted try
+ context stack afterwards.
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitComplexJumpScopes):
+
+2012-11-12 Lucas Forschler <[email protected]>
+
Merge r126718
2012-08-24 Filip Pizlo <[email protected]>
@@ -69299,3 +69319,4 @@
.
.
.
+.
Modified: branches/safari-536.28-branch/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp (134304 => 134305)
--- branches/safari-536.28-branch/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp 2012-11-12 22:22:13 UTC (rev 134304)
+++ branches/safari-536.28-branch/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp 2012-11-12 22:25:11 UTC (rev 134305)
@@ -2245,6 +2245,7 @@
context.start = afterFinally;
m_tryContextStack.append(context);
}
+ poppedTryContexts.clear();
}
if (flipLabelScopes)
m_labelScopes = savedLabelScopes;
