Context Navigation

← Previous Changeset
Next Changeset →

Changeset 153073 in webkit

Timestamp:

Jul 23, 2013 5:56:52 PM (11 years ago)

Author:

mark.lam@apple.com

Message:

Added ExpressionRangeInfo for BinaryOpNodes that can throw exceptions
due to type coersion.
https://bugs.webkit.org/show_bug.cgi?id=116853.

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

bytecompiler/NodesCodegen.cpp:

(JSC::BinaryOpNode::emitBytecode):

Added expression info for the strcat and the general binary op cases. I did not add expression info for the "compare with null" case because that comparison cannot trigger type coersion, and hence it won't throw any exceptions and doesn't need the expression info.

LayoutTests:

Added the test case from bugzilla which exercises the general binary op
type coersion case, plus another for exercising the strcat case.

fast/js/line-column-numbers-expected.txt:
fast/js/line-column-numbers.html:
fast/js/script-tests/line-column-numbers.js:

Location:

trunk

Files:

: 6 edited

LayoutTests/ChangeLog (modified) (1 diff)
LayoutTests/fast/js/line-column-numbers-expected.txt (modified) (2 diffs)
LayoutTests/fast/js/line-column-numbers.html (modified) (2 diffs)
LayoutTests/fast/js/script-tests/line-column-numbers.js (modified) (1 diff)
Source/JavaScriptCore/ChangeLog (modified) (1 diff)
Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/LayoutTests/ChangeLog

-                      r153067
+                      r153073
+-07-23  Mark Lam  <mark.lam@apple.com>
+        Added ExpressionRangeInfo for BinaryOpNodes that can throw exceptions
+        due to type coersion.
+        https://bugs.webkit.org/show_bug.cgi?id=116853.
+        Reviewed by Geoffrey Garen.
+        Added the test case from bugzilla which exercises the general binary op
+        type coersion case, plus another for exercising the strcat case.
+        * fast/js/line-column-numbers-expected.txt:
+        * fast/js/line-column-numbers.html:
+        * fast/js/script-tests/line-column-numbers.js:
 -07-22  Ryosuke Niwa  <rniwa@webkit.org>

trunk/LayoutTests/fast/js/line-column-numbers-expected.txt

-                      r152494
+                      r153073
    global code at line-column-numbers.html:155:5
+--> Case 19 Stack Trace:
+   toString at line-column-numbers.html:170:26
+   toString at line-column-numbers.html:170:26
+   toString at line-column-numbers.html:170:26
+   toString at line-column-numbers.html:170:26
+   toString at line-column-numbers.html:170:26
+   toString at line-column-numbers.html:170:26
+   toString at line-column-numbers.html:170:26
+   toString at line-column-numbers.html:170:26
+   toString at line-column-numbers.html:170:26
+   toString at line-column-numbers.html:170:26
+   toString at line-column-numbers.html:170:26
+   toString at line-column-numbers.html:170:26
+   toString at line-column-numbers.html:170:26
+   toString at line-column-numbers.html:170:26
+   toString at line-column-numbers.html:170:26
+   toString at line-column-numbers.html:170:26
+   toString at line-column-numbers.html:170:26
+   toString at line-column-numbers.html:170:26
+   toString at line-column-numbers.html:170:26
+   toString at line-column-numbers.html:170:26
+--> Case 20 Stack Trace:
+   g at line-column-numbers.html:190:17
+   g at line-column-numbers.html:190:30
+   g at line-column-numbers.html:190:30
+   g at line-column-numbers.html:190:30
+   g at line-column-numbers.html:190:30
+   g at line-column-numbers.html:190:30
+   g at line-column-numbers.html:190:30
+   g at line-column-numbers.html:190:30
+   g at line-column-numbers.html:190:30
+   g at line-column-numbers.html:190:30
+   g at line-column-numbers.html:190:30
+   g at line-column-numbers.html:190:30
+   g at line-column-numbers.html:190:30
+   g at line-column-numbers.html:190:30
+   g at line-column-numbers.html:190:30
+   g at line-column-numbers.html:190:30
+   g at line-column-numbers.html:190:30
+   g at line-column-numbers.html:190:30
+   g at line-column-numbers.html:190:30
+   g at line-column-numbers.html:190:30
 --> Case 1 Stack Trace:
    global code at line-column-numbers.js:3:28
 …
    global code at line-column-numbers.js:96:5
+--> Case 19 Stack Trace:
+   toString at line-column-numbers.js:109:26
+   toString at line-column-numbers.js:109:26
+   toString at line-column-numbers.js:109:26
+   toString at line-column-numbers.js:109:26
+   toString at line-column-numbers.js:109:26
+   toString at line-column-numbers.js:109:26
+   toString at line-column-numbers.js:109:26
+   toString at line-column-numbers.js:109:26
+   toString at line-column-numbers.js:109:26
+   toString at line-column-numbers.js:109:26
+   toString at line-column-numbers.js:109:26
+   toString at line-column-numbers.js:109:26
+   toString at line-column-numbers.js:109:26
+   toString at line-column-numbers.js:109:26
+   toString at line-column-numbers.js:109:26
+   toString at line-column-numbers.js:109:26
+   toString at line-column-numbers.js:109:26
+   toString at line-column-numbers.js:109:26
+   toString at line-column-numbers.js:109:26
+   toString at line-column-numbers.js:109:26
+--> Case 20 Stack Trace:
+   g at line-column-numbers.js:127:17
+   g at line-column-numbers.js:127:30
+   g at line-column-numbers.js:127:30
+   g at line-column-numbers.js:127:30
+   g at line-column-numbers.js:127:30
+   g at line-column-numbers.js:127:30
+   g at line-column-numbers.js:127:30
+   g at line-column-numbers.js:127:30
+   g at line-column-numbers.js:127:30
+   g at line-column-numbers.js:127:30
+   g at line-column-numbers.js:127:30
+   g at line-column-numbers.js:127:30
+   g at line-column-numbers.js:127:30
+   g at line-column-numbers.js:127:30
+   g at line-column-numbers.js:127:30
+   g at line-column-numbers.js:127:30
+   g at line-column-numbers.js:127:30
+   g at line-column-numbers.js:127:30
+   g at line-column-numbers.js:127:30
+   g at line-column-numbers.js:127:30
 PASS successfullyParsed is true

trunk/LayoutTests/fast/js/line-column-numbers.html

-                      r152494
+                      r153073
     debug("--> Case " + testId + " Stack Trace:")
     stackTrace = stackTrace.split("\n");
     var length = Math.min(stackTrace.length, 100);
+    var length = Math.min(stackTrace.length, 20);
     for (var i = 0; i < length; i++) {
         var indexOfAt = stackTrace[i].indexOf('@')
 …
 </script>
+<!-- Case 19: Binary op with type coersion on strcat. -->
+<script>testId++;</script>
+<script>
+try {
+    testObj19 = {
+        toString: function() {
+            var result = ("Hello " + "World") + this;
+            b = 5;
+            return result;
+        },
+        run: function() {
+            return testObj19.toString();
+        }
+    };
+    testObj19.run();
+} catch(e) {
+    printStack(e.stack);
+}
+</script>
+<!-- Case 20: BinaryOp with type coersion on comparison. -->
+<script>testId++;</script>
+<script>
+try {
+    function test20() {
+        var f = function g() {
+            if (this != 10) f();
+        };
+        var a = f();
+    }
+    test20();
+} catch(e) {
+    printStack(e.stack);
+}
+</script>
 <!-- Now do it all over with a loaded script file. -->
 <script>testId = 0;</script>

trunk/LayoutTests/fast/js/script-tests/line-column-numbers.js

-                      r152494
+                      r153073
 "");
+// Case 19: Binary op with type coersion on strcat.
+testId++;
+try {
+    testObj19b = {
+        toString: function() {
+            var result = ("Hello " + "World") + this;
+            b19 = 5;
+            return result;
+        },
+        run: function() {
+            return testObj19b.toString();
+        }
+    };
+    testObj19b.run();
+} catch(e) {
+    printStack(e.stack);
+}
+// Case 20: BinaryOp with type coersion on comparison.
+testId++;
+try {
+    function test20b() {
+        var f = function g() {
+            if (this != 10) f();
+        };
+        var a = f();
+    }
+    test20b();
+} catch(e) {
+    printStack(e.stack);
+}
 successfullyParsed = true;

trunk/Source/JavaScriptCore/ChangeLog

-                      r153071
+                      r153073
+-07-23  Mark Lam  <mark.lam@apple.com>
+        Added ExpressionRangeInfo for BinaryOpNodes that can throw exceptions
+        due to type coersion.
+        https://bugs.webkit.org/show_bug.cgi?id=116853.
+        Reviewed by Geoffrey Garen.
+        * bytecompiler/NodesCodegen.cpp:
+        (JSC::BinaryOpNode::emitBytecode):
+        - Added expression info for the strcat and the general binary op cases.
+          I did not add expression info for the "compare with null" case because
+          that comparison cannot trigger type coersion, and hence it won't throw
+          any exceptions and doesn't need the expression info.
 -07-23  Mark Lam  <mark.lam@apple.com>

trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp

-                      r153071
+                      r153073
     OpcodeID opcodeID = this->opcodeID();
+    if (opcodeID == op_add && m_expr1->isAdd() && m_expr1->resultDescriptor().definitelyIsString())
+    if (opcodeID == op_add && m_expr1->isAdd() && m_expr1->resultDescriptor().definitelyIsString()) {
+        generator.emitExpressionInfo(startOffset(), 0, 0, lineNo(), lineStartOffset());
         return emitStrcat(generator, dst);
+    }
     if (opcodeID == op_neq) {
 …
     bool wasTypeof = generator.m_lastOpcodeID == op_typeof;
     RegisterID* src2 = generator.emitNode(right);
+    generator.emitExpressionInfo(startOffset(), 0, 0, lineNo(), lineStartOffset());
     if (wasTypeof && (opcodeID == op_neq || opcodeID == op_nstricteq)) {
         RefPtr<RegisterID> tmp = generator.tempDestination(dst);

Note: See TracChangeset for help on using the changeset viewer.