[webkit-changes] [204422] trunk

Fri, 12 Aug 2016 14:38:30 -0700

Title: [204422] trunk
Revision
204422
Author
[email protected]
Date
2016-08-12 14:38:26 -0700 (Fri, 12 Aug 2016)

Log Message

ASSERTION FAILED: : line >= firstLine in BytecodeGenerator::emitExpressionInfo.
https://bugs.webkit.org/show_bug.cgi?id=160535
<rdar://problem/27328151>
Source/_javascript_Core:

        
Patch by Pranjal Jumde <[email protected]> on 2016-08-12
Reviewed by Saam Barati.

lineNumber from the savePoint was not being restored before calling next() causing discrepancy in the offset and line for the token

* parser/Parser.h:
(JSC::Parser::restoreLexerState):

LayoutTests:


Patch by Pranjal Jumde <[email protected]> on 2016-08-12
Reviewed by Saam Barati.

lineNumber from the savePoint was not being restored before calling next() causing discrepancy in the offset and line for the token

* js/multiline-function-crash-expected.txt: Added.
* js/multiline-function-crash.html: Added.
* js/script-tests/multiline-function-crash.js: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (204421 => 204422)


--- trunk/LayoutTests/ChangeLog	2016-08-12 21:24:40 UTC (rev 204421)
+++ trunk/LayoutTests/ChangeLog	2016-08-12 21:38:26 UTC (rev 204422)
@@ -1,3 +1,17 @@
+2016-08-12  Pranjal Jumde  <[email protected]>
+
+        ASSERTION FAILED: : line >= firstLine in BytecodeGenerator::emitExpressionInfo.
+        https://bugs.webkit.org/show_bug.cgi?id=160535
+        <rdar://problem/27328151>
+
+        Reviewed by Saam Barati.
+
+        lineNumber from the savePoint was not being restored before calling next() causing discrepancy in the offset and line for the token
+
+        * js/multiline-function-crash-expected.txt: Added.
+        * js/multiline-function-crash.html: Added.
+        * js/script-tests/multiline-function-crash.js: Added.
+
 2016-08-12  Ryan Haddad  <[email protected]>
 
         Unreviewed, rolling out r204416.

Added: trunk/LayoutTests/js/multiline-function-crash-expected.txt (0 => 204422)


--- trunk/LayoutTests/js/multiline-function-crash-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/js/multiline-function-crash-expected.txt	2016-08-12 21:38:26 UTC (rev 204422)
@@ -0,0 +1,9 @@
+Offset and lineNumber of the savePoint needs to restored before calling next(). Test passes if there is no crash in debug builds.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

Added: trunk/LayoutTests/js/multiline-function-crash.html (0 => 204422)


--- trunk/LayoutTests/js/multiline-function-crash.html	                        (rev 0)
+++ trunk/LayoutTests/js/multiline-function-crash.html	2016-08-12 21:38:26 UTC (rev 204422)
@@ -0,0 +1,10 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src=""
+</head>
+<body>
+<script src=""
+<script src=""
+</body>
+</html>

Added: trunk/LayoutTests/js/script-tests/multiline-function-crash.js (0 => 204422)


--- trunk/LayoutTests/js/script-tests/multiline-function-crash.js	                        (rev 0)
+++ trunk/LayoutTests/js/script-tests/multiline-function-crash.js	2016-08-12 21:38:26 UTC (rev 204422)
@@ -0,0 +1,5 @@
+description(
+"Offset and lineNumber of the savePoint needs to restored before calling next(). Test passes if there is no crash in debug builds.");
+
+((x = (function(){ return debug;})()
+, y) => [])();

Modified: trunk/Source/_javascript_Core/ChangeLog (204421 => 204422)


--- trunk/Source/_javascript_Core/ChangeLog	2016-08-12 21:24:40 UTC (rev 204421)
+++ trunk/Source/_javascript_Core/ChangeLog	2016-08-12 21:38:26 UTC (rev 204422)
@@ -1,3 +1,16 @@
+2016-08-12  Pranjal Jumde  <[email protected]>
+
+        ASSERTION FAILED: : line >= firstLine in BytecodeGenerator::emitExpressionInfo.
+        https://bugs.webkit.org/show_bug.cgi?id=160535
+        <rdar://problem/27328151>
+        
+        Reviewed by Saam Barati.
+
+        lineNumber from the savePoint was not being restored before calling next() causing discrepancy in the offset and line for the token
+
+        * parser/Parser.h:
+        (JSC::Parser::restoreLexerState):
+
 2016-08-12  Skachkov Oleksandr  <[email protected]>
 
         [ES2016] Implement Object.entries

Modified: trunk/Source/_javascript_Core/parser/Parser.h (204421 => 204422)


--- trunk/Source/_javascript_Core/parser/Parser.h	2016-08-12 21:24:40 UTC (rev 204421)
+++ trunk/Source/_javascript_Core/parser/Parser.h	2016-08-12 21:38:26 UTC (rev 204422)
@@ -1507,9 +1507,9 @@
     {
         // setOffset clears lexer errors.
         m_lexer->setOffset(lexerState.startOffset, lexerState.oldLineStartOffset);
+        m_lexer->setLineNumber(lexerState.oldLineNumber);
         next();
         m_lexer->setLastLineNumber(lexerState.oldLastLineNumber);
-        m_lexer->setLineNumber(lexerState.oldLineNumber);
     }
 
     struct SavePoint {

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to