Skip to site navigation (Press enter)

[webkit-changes] [161437] trunk

rgabor Tue, 07 Jan 2014 11:08:04 -0800

Title: [161437] trunk

Revision: 161437
Author: rga...@webkit.org
Date: 2014-01-07 11:10:51 -0800 (Tue, 07 Jan 2014)

Log Message

pushFinallyContext saves wrong m_labelScopes size
https://bugs.webkit.org/show_bug.cgi?id=124529


Remove free label scopes before saving finally context.

Reviewed by Geoffrey Garen.

Source/_javascript_Core:

* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::pushFinallyContext):

LayoutTests:

* js/script-tests/try-return-finally-break.js: Added.
(foo):
* js/try-return-finally-break-expected.txt: Added.
* js/try-return-finally-break.html: Added.

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp

Added Paths

trunk/LayoutTests/js/script-tests/try-return-finally-break.js
trunk/LayoutTests/js/try-return-finally-break-expected.txt
trunk/LayoutTests/js/try-return-finally-break.html

Diff

Modified: trunk/LayoutTests/ChangeLog (161436 => 161437)


--- trunk/LayoutTests/ChangeLog	2014-01-07 18:59:32 UTC (rev 161436)
+++ trunk/LayoutTests/ChangeLog	2014-01-07 19:10:51 UTC (rev 161437)
@@ -1,3 +1,17 @@
+2014-01-07  Gabor Rapcsanyi  <rga...@webkit.org>
+
+        pushFinallyContext saves wrong m_labelScopes size
+        https://bugs.webkit.org/show_bug.cgi?id=124529
+
+        Remove free label scopes before saving finally context.
+
+        Reviewed by Geoffrey Garen.
+
+        * js/script-tests/try-return-finally-break.js: Added.
+        (foo):
+        * js/try-return-finally-break-expected.txt: Added.
+        * js/try-return-finally-break.html: Added.
+
 2014-01-07  Bear Travis  <betra...@adobe.com>
 
         [CSS Shapes] Change default value from 'auto' to 'none'

Added: trunk/LayoutTests/js/script-tests/try-return-finally-break.js (0 => 161437)


--- trunk/LayoutTests/js/script-tests/try-return-finally-break.js	                        (rev 0)
+++ trunk/LayoutTests/js/script-tests/try-return-finally-break.js	2014-01-07 19:10:51 UTC (rev 161437)
@@ -0,0 +1,21 @@
+description(
+"Tests what would happen if you have a break in the finally block. The correct outcome is for this test to not crash during bytecompilation."
+);
+
+function foo() {
+    do {
+        do {} while (false);
+
+        try {
+            do {
+                return null;
+            } while (false);
+        } finally {
+            break;
+        }
+    } while (false);
+}
+
+foo();
+testPassed("It worked.");
+

Added: trunk/LayoutTests/js/try-return-finally-break-expected.txt (0 => 161437)


--- trunk/LayoutTests/js/try-return-finally-break-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/js/try-return-finally-break-expected.txt	2014-01-07 19:10:51 UTC (rev 161437)
@@ -0,0 +1,10 @@
+Tests what would happen if you have a break in the finally block. The correct outcome is for this test to not crash during bytecompilation.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS It worked.
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

Added: trunk/LayoutTests/js/try-return-finally-break.html (0 => 161437)


--- trunk/LayoutTests/js/try-return-finally-break.html	                        (rev 0)
+++ trunk/LayoutTests/js/try-return-finally-break.html	2014-01-07 19:10:51 UTC (rev 161437)
@@ -0,0 +1,10 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src=""
+</head>
+<body>
+<script src=""
+<script src=""
+</body>
+</html>

Modified: trunk/Source/_javascript_Core/ChangeLog (161436 => 161437)


--- trunk/Source/_javascript_Core/ChangeLog	2014-01-07 18:59:32 UTC (rev 161436)
+++ trunk/Source/_javascript_Core/ChangeLog	2014-01-07 19:10:51 UTC (rev 161437)
@@ -1,3 +1,15 @@
+2014-01-07  Gabor Rapcsanyi  <rga...@webkit.org>
+
+        pushFinallyContext saves wrong m_labelScopes size
+        https://bugs.webkit.org/show_bug.cgi?id=124529
+
+        Remove free label scopes before saving finally context.
+
+        Reviewed by Geoffrey Garen.
+
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::pushFinallyContext):
+
 2014-01-06  Mark Hahnenberg  <mhahnenb...@apple.com>
 
         Heap::collect shouldn't be responsible for sweeping

Modified: trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp (161436 => 161437)


--- trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp	2014-01-07 18:59:32 UTC (rev 161436)
+++ trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp	2014-01-07 19:10:51 UTC (rev 161437)
@@ -1954,6 +1954,10 @@
 
 void BytecodeGenerator::pushFinallyContext(StatementNode* finallyBlock)
 {
+    // Reclaim free label scopes.
+    while (m_labelScopes.size() && !m_labelScopes.last().refCount())
+        m_labelScopes.removeLast();
+
     ControlFlowContext scope;
     scope.isFinallyBlock = true;
     FinallyContext context = {

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes