Ignore:
Timestamp:
Jan 14, 2011, 5:22:58 PM (14 years ago)
Author:
[email protected]
Message:

2011-01-14 Oliver Hunt <[email protected]>

Reviewed by Gavin Barraclough.

[jsfunfuzz] parser doesn't enforce continue restrictions correctly.
https://bugs.webkit.org/show_bug.cgi?id=52493

Add a few tests for continue to cover the cases where continue
isn't syntactically valid.

  • fast/js/js-continue-break-restrictions-expected.txt: Added.
  • fast/js/js-continue-break-restrictions.html: Added.
  • fast/js/script-tests/js-continue-break-restrictions.js: Added.

2011-01-14 Oliver Hunt <[email protected]>

Reviewed by Gavin Barraclough.

[jsfunfuzz] parser doesn't enforce continue restrictions correctly.
https://bugs.webkit.org/show_bug.cgi?id=52493

This patch reworks handling of break, continue and label statements
to correctly handle all the valid and invalid cases. Previously certain
errors would be missed by the parser in strict mode, but the bytecode
generator needed to handle those cases for non-strict code so nothing
failed, it simply became non-standard behaviour.

Now that we treat break and continue errors as early faults in non-strict
mode as well that safety net has been removed so the parser bugs result in
crashes at codegen time.

  • parser/JSParser.cpp: (JSC::JSParser::ScopeLabelInfo::ScopeLabelInfo): (JSC::JSParser::next): (JSC::JSParser::nextTokenIsColon): (JSC::JSParser::continueIsValid):

Continue is only valid in loops so we can't use breakIsValid()

(JSC::JSParser::pushLabel):

We now track whether the label is for a loop (and is therefore a
valid target for continue.

(JSC::JSParser::popLabel):
(JSC::JSParser::getLabel):

Replace hasLabel with getLabel so that we can validate the target
when parsing continue statements.

(JSC::JSParser::Scope::continueIsValid):
(JSC::JSParser::Scope::pushLabel):
(JSC::JSParser::Scope::getLabel):
(JSC::JSParser::JSParser):
(JSC::JSParser::parseBreakStatement):
(JSC::JSParser::parseContinueStatement):
(JSC::LabelInfo::LabelInfo):
(JSC::JSParser::parseExpressionOrLabelStatement):

Consecutive labels now get handled iteratively so that we can determine
whether they're valid targets for continue.

  • parser/Lexer.cpp: (JSC::Lexer::nextTokenIsColon):
  • parser/Lexer.h: (JSC::Lexer::setOffset):
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/parser/Lexer.h

    r69516 r75852  
    5454        enum LexType { IdentifyReservedWords, IgnoreReservedWords };
    5555        JSTokenType lex(JSTokenData* lvalp, JSTokenInfo* llocp, LexType, bool strictMode);
     56        bool nextTokenIsColon();
    5657        int lineNumber() const { return m_lineNumber; }
    5758        void setLastLineNumber(int lastLineNumber) { m_lastLineNumber = lastLineNumber; }
     
    6869        void setOffset(int offset)
    6970        {
     71            m_error = 0;
    7072            m_code = m_codeStart + offset;
    7173            m_current = *m_code;
Note: See TracChangeset for help on using the changeset viewer.