| Summary: | lexical scoping is broken with respect to "break" and "continue" | ||||||
|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Saam Barati <saam> | ||||
| Component: | JavaScriptCore | Assignee: | Saam Barati <saam> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | Normal | CC: | basile_clement, benjamin, commit-queue, fpizlo, ggaren, joepeck, mark.lam, mmirman, msaboff, oliver, simon.fraser, ysuzuki | ||||
| Priority: | P2 | ||||||
| Version: | 528+ (Nightly build) | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Bug Depends on: | 147070 | ||||||
| Bug Blocks: | 31813 | ||||||
| Attachments: |
|
||||||
|
Description
Saam Barati
2015-07-17 19:26:26 PDT
Created attachment 257027 [details]
patch
(In reply to comment #0) > There is some silliness in how byte code generator handles push/pop lexical > scope and prepareScopeForNextForLoopIteration. > This should be skipped. There is a silly mistake to always assume that > scopeRegister() will be the scope in which > we want to grab the parent scope of. This is fundamentally wrong. We want to > grab the parent of the corresponding > lexical scope. scopeRegister() just refers to scope stack top which is not > always what we want to pop from. This assessment is still correct. But it doesn't tell the whole story. This was a symptom, rather than the leading cause, of the problem this patch fixes. Comment on attachment 257027 [details] patch Clearing flags on attachment: 257027 Committed r186996: <http://trac.webkit.org/changeset/186996> All reviewed patches have been landed. Closing bug. This broke 11 tests: https://build.webkit.org/builders/Apple%20Mavericks%2032-bit%20JSC%20%28BuildAndTest%29/builds/11494 Re-opened since this is blocked by bug 147070 Fixed 32-bit tests. They were timing out. I made the test have fewer loop iterations. landed in: http://trac.webkit.org/changeset/187003 |