[webkit-changes] [165306] trunk

Fri, 07 Mar 2014 17:13:29 -0800

Title: [165306] trunk
Revision
165306
Author
[email protected]
Date
2014-03-07 17:17:57 -0800 (Fri, 07 Mar 2014)

Log Message

Continue hangs when performing for-of over arguments
https://bugs.webkit.org/show_bug.cgi?id=129915

Reviewed by Geoffrey Garen.

Source/_javascript_Core:

Put the continue label in the right place

* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitEnumeration):

LayoutTests:

Add tests

* js/for-of-arguments-continue-hang-expected.txt: Added.
* js/for-of-arguments-continue-hang.html: Added.
* js/script-tests/for-of-arguments-continue-hang.js: Added.
(test):

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (165305 => 165306)


--- trunk/LayoutTests/ChangeLog	2014-03-08 01:17:08 UTC (rev 165305)
+++ trunk/LayoutTests/ChangeLog	2014-03-08 01:17:57 UTC (rev 165306)
@@ -1,3 +1,17 @@
+2014-03-07  Oliver Hunt  <[email protected]>
+
+        Continue hangs when performing for-of over arguments
+        https://bugs.webkit.org/show_bug.cgi?id=129915
+
+        Reviewed by Geoffrey Garen.
+
+        Add tests
+
+        * js/for-of-arguments-continue-hang-expected.txt: Added.
+        * js/for-of-arguments-continue-hang.html: Added.
+        * js/script-tests/for-of-arguments-continue-hang.js: Added.
+        (test):
+
 2014-03-07  Benjamin Poulain  <[email protected]>
 
         Traversal failure in a direct adjacent chain with tail backtracking lacks the path to clear the tail

Added: trunk/LayoutTests/js/for-of-arguments-continue-hang-expected.txt (0 => 165306)


--- trunk/LayoutTests/js/for-of-arguments-continue-hang-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/js/for-of-arguments-continue-hang-expected.txt	2014-03-08 01:17:57 UTC (rev 165306)
@@ -0,0 +1,13 @@
+This test makes sure we don't hang we use continue inside a for-of over arguments
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS test() is 0
+PASS test(1) is 1
+PASS test(1,2) is 2
+PASS test(1,2,3) is 3
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

Added: trunk/LayoutTests/js/for-of-arguments-continue-hang.html (0 => 165306)


--- trunk/LayoutTests/js/for-of-arguments-continue-hang.html	                        (rev 0)
+++ trunk/LayoutTests/js/for-of-arguments-continue-hang.html	2014-03-08 01:17:57 UTC (rev 165306)
@@ -0,0 +1,10 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src=""
+</head>
+<body>
+<script src=""
+<script src=""
+</body>
+</html>

Added: trunk/LayoutTests/js/script-tests/for-of-arguments-continue-hang.js (0 => 165306)


--- trunk/LayoutTests/js/script-tests/for-of-arguments-continue-hang.js	                        (rev 0)
+++ trunk/LayoutTests/js/script-tests/for-of-arguments-continue-hang.js	2014-03-08 01:17:57 UTC (rev 165306)
@@ -0,0 +1,15 @@
+description(
+"This test makes sure we don't hang we use continue inside a for-of over arguments"
+);
+
+function test() {
+	var count = 0;
+	for (var a of arguments)
+		count++;
+	return count;
+}
+
+shouldBe("test()", "0")
+shouldBe("test(1)", "1")
+shouldBe("test(1,2)", "2")
+shouldBe("test(1,2,3)", "3")

Modified: trunk/Source/_javascript_Core/ChangeLog (165305 => 165306)


--- trunk/Source/_javascript_Core/ChangeLog	2014-03-08 01:17:08 UTC (rev 165305)
+++ trunk/Source/_javascript_Core/ChangeLog	2014-03-08 01:17:57 UTC (rev 165306)
@@ -1,3 +1,15 @@
+2014-03-07  Oliver Hunt  <[email protected]>
+
+        Continue hangs when performing for-of over arguments
+        https://bugs.webkit.org/show_bug.cgi?id=129915
+
+        Reviewed by Geoffrey Garen.
+
+        Put the continue label in the right place
+
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitEnumeration):
+
 2014-03-07  [email protected]  <[email protected]>
 
         [Win64] Compile error after r165128.

Modified: trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp (165305 => 165306)


--- trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp	2014-03-08 01:17:08 UTC (rev 165305)
+++ trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp	2014-03-08 01:17:57 UTC (rev 165306)
@@ -2446,16 +2446,17 @@
         LabelScopePtr scope = newLabelScope(LabelScope::Loop);
         RefPtr<RegisterID> value = emitLoad(newTemporary(), jsUndefined());
         
-        emitJump(scope->continueTarget());
-        
+        RefPtr<Label> loopCondition = newLabel();
         RefPtr<Label> loopStart = newLabel();
+        emitJump(loopCondition.get());
         emitLabel(loopStart.get());
         emitLoopHint();
         emitGetArgumentByVal(value.get(), uncheckedRegisterForArguments(), index.get());
         callBack(*this, value.get());
+    
+        emitLabel(scope->continueTarget());
         emitInc(index.get());
-        emitLabel(scope->continueTarget());
-
+        emitLabel(loopCondition.get());
         RefPtr<RegisterID> length = emitGetArgumentsLength(newTemporary(), uncheckedRegisterForArguments());
         emitJumpIfTrue(emitEqualityOp(op_less, newTemporary(), index.get(), length.get()), loopStart.get());
         emitLabel(scope->breakTarget());

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to