RESOLVED FIXED 17932
"ASSERTION FAILED: type != Continue" with do/while and try/finally 
https://bugs.webkit.org/show_bug.cgi?id=17932
Summary "ASSERTION FAILED: type != Continue" with do/while and try/finally
Jesse Ruderman
Reported 2008-03-18 18:38:47 PDT
This script: do try { continue; } finally { } while (0); triggers an assertion failure in a Debug ToT testksj: ASSERTION FAILED: type != Continue (/Users/jruderman/WebKit/JavaScriptCore/kjs/ExecState.h:117 void KJS::ExecState::setCompletionType(KJS::ComplType)) The script doesn't seem to cause any problems in a Release (as opposed to Debug) build.
Attachments
Test cases (4.42 KB, patch)
2008-06-08 21:42 PDT, Cameron Zwarich (cpst) 		oliver: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mark Rowe (bdash)
Comment 1 2008-03-18 18:59:45 PDT
<rdar://problem/5806712>
Mark Rowe (bdash)
Comment 2 2008-03-18 21:56:30 PDT
TryNode::execute saves the current completion type before executing the "finally" block, and then uses setCompletionType to restore it afterwards: if (m_finallyBlock) { ComplType savedCompletionType = exec->completionType(); JSValue* finallyResult = m_finallyBlock->execute(exec); if (exec->completionType() != Normal) result = finallyResult; else exec->setCompletionType(savedCompletionType); } setCompletionType is implemented thusly: // Only for use in the implementation of execute(). void setCompletionType(ComplType type) { ASSERT(type != Break); ASSERT(type != Continue); m_completionType = type; } I suspect that this could lead to an actual bug in a release build if a targeted break or continue was used inside the "finally" block, as the target is not saved and restored.
Mark Rowe (bdash)
Comment 3 2008-03-18 22:20:08 PDT
Yup, the following code behaves differently in JSCore vs SpiderMonkey: do { try { print('continuing outer loop'); continue; } finally { innerLoop: while (1) { print('breaking out of innerLoop'); break innerLoop; } } } while (1); JSCore prints: continuing outer loop breaking out of innerLoop and then exits. SpiderMonkey prints: continuing outer loop breaking out of innerLoop continuing outer loop breaking out of innerLoop continuing outer loop breaking out of innerLoop [.. and so on ..] When the outer DoWhileNode checks exec->breakOrContinueTarget(), the target is still set to "innerLoop" from the break statement within the "finally" block.
Cameron Zwarich (cpst)
Comment 4 2008-06-07 21:21:24 PDT
This is fixed by SquirrelFish. I will write a layout test for this bug and some similar issues that came up during SquirrelFish development.
Cameron Zwarich (cpst)
Comment 5 2008-06-08 21:42:39 PDT
Created attachment 21588 [details] Test cases Here are some test cases so we can close this bug.
Oliver Hunt
Comment 6 2008-06-08 21:43:44 PDT
Comment on attachment 21588 [details] Test cases r=me
Cameron Zwarich (cpst)
Comment 7 2008-06-08 21:49:01 PDT
Landed in r34461.
Note You need to log in before you can comment on or make changes to this bug.