2011-01-14 Oliver Hunt <oliver@apple.com>
authoroliver@apple.com <oliver@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 15 Jan 2011 01:22:58 +0000 (01:22 +0000)
committeroliver@apple.com <oliver@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 15 Jan 2011 01:22:58 +0000 (01:22 +0000)
commite86821fb2316bbf1113120d72aac30b1d25b2828
treee49018cfff0ca765bd4d31f41245fb8c8d97a7c1
parent822dd8501a0c4df331828389002b9ddad2f331e3
2011-01-14  Oliver Hunt  <oliver@apple.com>

        Reviewed by Gavin Barraclough.

        [jsfunfuzz] parser doesn't enforce continue restrictions correctly.
        https://bugs.webkit.org/show_bug.cgi?id=52493

        Add a few tests for continue to cover the cases where continue
        isn't syntactically valid.

        * fast/js/js-continue-break-restrictions-expected.txt: Added.
        * fast/js/js-continue-break-restrictions.html: Added.
        * fast/js/script-tests/js-continue-break-restrictions.js: Added.
2011-01-14  Oliver Hunt  <oliver@apple.com>

        Reviewed by Gavin Barraclough.

        [jsfunfuzz] parser doesn't enforce continue restrictions correctly.
        https://bugs.webkit.org/show_bug.cgi?id=52493

        This patch reworks handling of break, continue and label statements
        to correctly handle all the valid and invalid cases.  Previously certain
        errors would be missed by the parser in strict mode, but the bytecode
        generator needed to handle those cases for non-strict code so nothing
        failed, it simply became non-standard behaviour.

        Now that we treat break and continue errors as early faults in non-strict
        mode as well that safety net has been removed so the parser bugs result in
        crashes at codegen time.

        * parser/JSParser.cpp:
        (JSC::JSParser::ScopeLabelInfo::ScopeLabelInfo):
        (JSC::JSParser::next):
        (JSC::JSParser::nextTokenIsColon):
        (JSC::JSParser::continueIsValid):
            Continue is only valid in loops so we can't use breakIsValid()
        (JSC::JSParser::pushLabel):
            We now track whether the label is for a loop (and is therefore a
            valid target for continue.
        (JSC::JSParser::popLabel):
        (JSC::JSParser::getLabel):
            Replace hasLabel with getLabel so that we can validate the target
            when parsing continue statements.
        (JSC::JSParser::Scope::continueIsValid):
        (JSC::JSParser::Scope::pushLabel):
        (JSC::JSParser::Scope::getLabel):
        (JSC::JSParser::JSParser):
        (JSC::JSParser::parseBreakStatement):
        (JSC::JSParser::parseContinueStatement):
        (JSC::LabelInfo::LabelInfo):
        (JSC::JSParser::parseExpressionOrLabelStatement):
            Consecutive labels now get handled iteratively so that we can determine
            whether they're valid targets for continue.
        * parser/Lexer.cpp:
        (JSC::Lexer::nextTokenIsColon):
        * parser/Lexer.h:
        (JSC::Lexer::setOffset):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@75852 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/js/js-continue-break-restrictions-expected.txt [new file with mode: 0644]
LayoutTests/fast/js/js-continue-break-restrictions.html [new file with mode: 0644]
LayoutTests/fast/js/script-tests/js-continue-break-restrictions.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/parser/JSParser.cpp
Source/JavaScriptCore/parser/Lexer.cpp
Source/JavaScriptCore/parser/Lexer.h