<https://bugs.webkit.org/show_bug.cgi?id=23062>
Reviewed by Gavin Barraclough.
This was caused by the expression information for the initial resolve of
eval not being emitted. If this resolve was the first instruction that
could throw an exception the information search would fail leading to an
assertion failure. If it was not the first throwable opcode the wrong
expression information would used.
Fix is simply to emit the expression info.
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@39533
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2008-12-31 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ [jsfunfuzz] Computed exception offset wrong when first instruction is attempt to resolve deleted eval
+ <https://bugs.webkit.org/show_bug.cgi?id=23062>
+
+ This was caused by the expression information for the initial resolve of
+ eval not being emitted. If this resolve was the first instruction that
+ could throw an exception the information search would fail leading to an
+ assertion failure. If it was not the first throwable opcode the wrong
+ expression information would used.
+
+ Fix is simply to emit the expression info.
+
+ * parser/Nodes.cpp:
+ (JSC::EvalFunctionCallNode::emitBytecode):
+
2008-12-31 Cameron Zwarich <cwzwarich@uwaterloo.ca>
Reviewed by Oliver Hunt.
2008-12-31 Cameron Zwarich <cwzwarich@uwaterloo.ca>
Reviewed by Oliver Hunt.
{
RefPtr<RegisterID> func = generator.tempDestination(dst);
RefPtr<RegisterID> thisRegister = generator.newTemporary();
{
RefPtr<RegisterID> func = generator.tempDestination(dst);
RefPtr<RegisterID> thisRegister = generator.newTemporary();
+ generator.emitExpressionInfo(divot() - startOffset() + 4, 4, 0);
generator.emitResolveWithBase(thisRegister.get(), func.get(), generator.propertyNames().eval);
return generator.emitCallEval(generator.finalDestination(dst, func.get()), func.get(), thisRegister.get(), m_args.get(), divot(), startOffset(), endOffset());
}
generator.emitResolveWithBase(thisRegister.get(), func.get(), generator.propertyNames().eval);
return generator.emitCallEval(generator.finalDestination(dst, func.get()), func.get(), thisRegister.get(), m_args.get(), divot(), startOffset(), endOffset());
}
+2008-12-31 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ [jsfunfuzz] Computed exception offset wrong when first instruction is attempt to resolve deleted eval
+ <https://bugs.webkit.org/show_bug.cgi?id=23062>
+
+ Add an additional line number test to ensure we get the correct exception information when
+ resolve of 'eval' fails.
+
+ * fast/js/exception-linenums-expected.txt:
+ * fast/js/resources/exception-linenums.js:
+
2008-12-31 Cameron Zwarich <cwzwarich@uwaterloo.ca>
Reviewed by Oliver Hunt.
2008-12-31 Cameron Zwarich <cwzwarich@uwaterloo.ca>
Reviewed by Oliver Hunt.
PASS e.line is 42
PASS typeof e.sourceURL is "string"
PASS e.line is 5
PASS e.line is 42
PASS typeof e.sourceURL is "string"
PASS e.line is 5
+PASS typeof e.sourceURL is "string"
+PASS e.line is 64
PASS successfullyParsed is true
TEST COMPLETE
PASS successfullyParsed is true
TEST COMPLETE
shouldBe("typeof e.sourceURL", '"string"');
shouldBe("e.line", '5');
shouldBe("typeof e.sourceURL", '"string"');
shouldBe("e.line", '5');
+realEval = eval;
+delete eval;
+(function(){
+ try {
+ eval("");
+ } catch(exception) {
+ e = exception;
+ }
+})();
+eval = realEval;
+shouldBe("typeof e.sourceURL", '"string"');
+shouldBe("e.line", '64');
+
var successfullyParsed = true;
var successfullyParsed = true;
git://git.webkit.org / WebKit-https.git / commitdiff