Bug 19359 - JavaScriptCore behaves differently from FF2/3 and IE when handling context in catch statement
Summary: JavaScriptCore behaves differently from FF2/3 and IE when handling context in...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC OS X 10.5
: P2 Normal
Assignee: Nobody
URL: http://wiki.ecmascript.org/doku.php?i...
Keywords:
Depends on:
Blocks:
 
Reported: 2008-06-02 09:31 PDT by Feng Qian
Modified: 2008-08-03 02:58 PDT (History)
3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Feng Qian 2008-06-02 09:31:25 PDT 
The link describes the behaviors of FF and IE, and here is the example code:
function foo() {
  this.x = 11;
}
 
x = "global.x";

try {
  throw foo;
} catch(e) {
  print(x) // Should print "global.x"
  e();
  print(x) // Should add x to e
           // (Both IE and Firefox modify the global x)
}

print(x);  // Should print "global.x". IE and Firefox both print 11

Although the spec says the last print statement should print 'global.x', but
FF (>1.5) and IE print out '11'. According to Brendan Eich, ES4 will follow IE behavior.

Should KJS change its implementation? I don't know any broken websites due to this.
Comment 1 Geoffrey Garen 2008-06-02 13:51:16 PDT 
Is this reduction missing a definition of e()?
Comment 2 Sam Weinig 2008-06-02 13:57:48 PDT 
I don't think so.  'e' is the name of the exception thrown.  it should be the same as calling foo() I guess.
Comment 3 Oliver Hunt 2008-06-02 14:18:34 PDT 
throw foo; results in foo being set as the exception value e.

I'm not sure how we can mimic the firefox/ie behaviour as it makes no sense in the context of the spec.  Afaict the only way you could hope to achieve the behaviour that they have would be to not introduce the requisite dynamic scope, but then i'm not sure what would happen if you had a with block inside a catch.
Comment 4 Oliver Hunt 2008-06-28 03:13:17 PDT 
Okay, this issue is just that ie/firefox are using an activation rather than a real object (which contradicts the specs, but hey) -- I say we match their behaviour.  Not only does it help compatibility (in a bizarre edge case at least) but it makes it possible to actually optimise in a catch block, something that was not technically possible before.

Possibly worth test the behaviour of this as well though
try {
  throw foo;
} catch(e) {
  with ({}) {
    print(x) // Should print "global.x"
    e();
    print(x) // Should add x to e
              // (Both IE and Firefox modify the global x)
  }
}
Comment 5 Oliver Hunt 2008-08-03 02:58:37 PDT 
Committing to http://svn.webkit.org/repository/webkit/trunk ...
	M	JavaScriptCore/ChangeLog
	M	JavaScriptCore/VM/CodeBlock.cpp
	M	JavaScriptCore/VM/CodeGenerator.cpp
	M	JavaScriptCore/VM/CodeGenerator.h
	M	JavaScriptCore/VM/Machine.cpp
	M	JavaScriptCore/VM/Opcode.h
	M	JavaScriptCore/kjs/JSStaticScopeObject.cpp
	M	JavaScriptCore/kjs/JSStaticScopeObject.h
	M	JavaScriptCore/kjs/nodes.cpp
	M	LayoutTests/ChangeLog
	A	LayoutTests/fast/js/resources/static-scope-object.js
	A	LayoutTests/fast/js/static-scope-object-expected.txt
	A	LayoutTests/fast/js/static-scope-object.html
Committed r35533