Changeset 129440 in webkit for trunk/Source/JavaScriptCore/bytecompiler

Timestamp:

Sep 24, 2012, 6:26:28 PM (13 years ago)

Author:

[email protected]

Message:

Nested try/finally should not confuse the finally unpopper in BytecodeGenerator::emitComplexJumpScopes
​https://bugs.webkit.org/show_bug.cgi?id=97508
<rdar://problem/12361132>

Reviewed by Sam Weinig.

Source/JavaScriptCore:

We're reusing some vector for multiple iterations of a loop, but we were forgetting to clear its
contents from one iteration to the next. Hence if you did multiple iterations of finally unpopping
(like in a nested try/finally and a jump out of both of them) then you'd get a corrupted try
context stack afterwards.

• bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitComplexJumpScopes):

LayoutTests:

• fast/js/jsc-test-list:
• fast/js/script-tests/try-try-return-finally-finally.js: Added.

(foo):

• fast/js/try-try-return-finally-finally-expected.txt: Added.
• fast/js/try-try-return-finally-finally.html: Added.

File:

• trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp (modified) (1 diff)

trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp

@@ -2484 +2484 @@
                     m_tryContextStack.append(context);
                 }
+                poppedTryContexts.clear();
             }
             if (flipLabelScopes)