[v8-dev] Re: Parser: Fix crash on stack overflow when lazy-parsing arrow functions (issue 1023483003 by aperez@igalia.com)

[aperez]

On 2015/03/19 11:00:26, marja wrote:
https://codereview.chromium.org/1023483003/diff/1/src/parser.cc
File src/parser.cc (right):

https://codereview.chromium.org/1023483003/diff/1/src/parser.cc#newcode1149
src/parser.cc:1149: // Scanning must end at the same position that was
recorded
Hmm, this seems very indirect. Can't we know in a more direct way whether  
a
stack overflow has happened?

That would be checking for Token::ILLEGAL and/or “stack_overflow_” in more
places
of the parser, or coming up with some systematic way handling those  
situations
(more on this below).

The good thing of checking that parsing end where it's suppossed to be is  
that
it will catch all stack overflow issues, either existing or future, despite  
how
the parser behaves, and regardless of which intermediate valid parse is done
(because we always know that the end of the input *must* be reached).

And why do we have ok == true in case of the stack overflow? Isn't that  
weird?
So we manage to parse a partial body successfully, but then... there  
should be
some part which reads the invalid token produced by the stack overflow and
sets
ok to false. What's up with that?

The code which first detects the stack overflow is in the scanner, which  
does
not have access to the “ok” flag. The parser itself checks for stack  
overflow
in some places, but it looks to me that most of those places were added to
cover some specific test cases that have been found to make the parser  
crash,
and the whole handling of stack overflow doesn't seem very systematic to  
me...

So, the idea of this patch is to solve the particular case in which arrow
functions with a concise body end up being parsed as a valid expression
before the end of the input is reached, and get this crasher bug solved.
Ideally later the handling of stack overflows should be rethought in such
a way that they are always detected independently of how the parser works
(TBH, using Token::ILLEGAL to signal stack overflows looks like a kludge to
me, provided that there is a “stack_overflow_” flag already...)

https://codereview.chromium.org/1023483003/

--
--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev
--- 
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.