WebKit Bugzilla
Attachment 372343 Details for
Bug 198969
: MaybeParseAsGeneratorForScope sometimes loses track of its scope ref
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-198969-20190618094607.patch (text/plain), 4.29 KB, created by
Keith Miller
on 2019-06-18 09:46:10 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Keith Miller
Created:
2019-06-18 09:46:10 PDT
Size:
4.29 KB
patch
obsolete
>Subversion Revision: 246398 >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index cf1d33d3e557be82a160ff82ec061e08b9e3690a..1722c60a2de551b47e016334a7ca05874983223b 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,21 @@ >+2019-06-18 Keith Miller <keith_miller@apple.com> >+ >+ MaybeParseAsGeneratorForScope sometimes loses track of its scope ref >+ https://bugs.webkit.org/show_bug.cgi?id=198969 >+ <rdar://problem/51620714> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Sometimes if the parser has enough nested scopes >+ MaybeParseAsGeneratorForScope can lose track of the ScopeRef it >+ should be tracking. This is because the parser sometimes relocates >+ its ScopeRefs. To fix this MaybeParseAsGeneratorForScope should >+ hold the scope ref it's watching. >+ >+ * parser/Parser.cpp: >+ (JSC::Scope::MaybeParseAsGeneratorForScope::MaybeParseAsGeneratorForScope): >+ (JSC::Scope::MaybeParseAsGeneratorForScope::~MaybeParseAsGeneratorForScope): >+ > 2019-06-12 Yusuke Suzuki <ysuzuki@apple.com> > > [JSC] Polymorphic call stub's slow path should restore callee saves before performing tail call >diff --git a/Source/JavaScriptCore/parser/Parser.cpp b/Source/JavaScriptCore/parser/Parser.cpp >index 45ac90801ec032e3271b2861fc287d39fa35ae9b..d898a78e49f5aacb1bb3051d88585489a3b793e4 100644 >--- a/Source/JavaScriptCore/parser/Parser.cpp >+++ b/Source/JavaScriptCore/parser/Parser.cpp >@@ -173,10 +173,23 @@ Parser<LexerType>::Parser(VM* vm, const SourceCode& source, JSParserBuiltinMode > next(); > } > >-class Scope::MaybeParseAsGeneratorForScope : public SetForScope<bool> { >+class Scope::MaybeParseAsGeneratorForScope { > public: > MaybeParseAsGeneratorForScope(ScopeRef& scope, bool shouldParseAsGenerator) >- : SetForScope<bool>(scope->m_isGenerator, shouldParseAsGenerator) { } >+ : m_scope(scope) >+ , m_oldValue(scope->m_isGenerator) >+ { >+ m_scope->m_isGenerator = shouldParseAsGenerator; >+ } >+ >+ ~MaybeParseAsGeneratorForScope() >+ { >+ m_scope->m_isGenerator = m_oldValue; >+ } >+ >+private: >+ ScopeRef m_scope; >+ bool m_oldValue; > }; > > struct DepthManager : private SetForScope<int> { >diff --git a/JSTests/ChangeLog b/JSTests/ChangeLog >index 14b2539ee26ccbee4a402c7b07ffc10001636c5e..470e1cb3bd098711776598f6e26b8b75d6b5deff 100644 >--- a/JSTests/ChangeLog >+++ b/JSTests/ChangeLog >@@ -1,3 +1,14 @@ >+2019-06-18 Keith Miller <keith_miller@apple.com> >+ >+ MaybeParseAsGeneratorForScope sometimes loses track of its scope ref >+ https://bugs.webkit.org/show_bug.cgi?id=198969 >+ <rdar://problem/51620714> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * stress/nested-yield-in-arrow-function-should-be-a-syntax-error.js: Added. >+ (catch): >+ > 2019-06-12 Yusuke Suzuki <ysuzuki@apple.com> > > [JSC] Polymorphic call stub's slow path should restore callee saves before performing tail call >diff --git a/JSTests/stress/nested-yield-in-arrow-function-should-be-a-syntax-error.js b/JSTests/stress/nested-yield-in-arrow-function-should-be-a-syntax-error.js >new file mode 100644 >index 0000000000000000000000000000000000000000..61f79545f1dca5ed5b46bdfdd97d6090e926cb05 >--- /dev/null >+++ b/JSTests/stress/nested-yield-in-arrow-function-should-be-a-syntax-error.js >@@ -0,0 +1,10 @@ >+let passed = false; >+try { >+ new Function("\nfor (let a of (function*() { \n for (var b of (function*() { \n for (var c of (function*() { \n for (var d of (function*() {\n for (var e of (function*() { \n for (var f of (function*() {\n for (var g of (x = (yield * 2)) => (1)) {\n }\n })()) {\n }\n })()) {\n }\n })()) {\n }\n })()) {\n }\n })()) {\n }\n})()) {\n}\n"); >+} catch (e) { >+ if (e instanceof SyntaxError) >+ passed = true; >+} finally { >+ if (passed !== true) >+ throw new Error("Test did not throw a Syntax Error as expected"); >+}
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=372343">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 198969
: 372343