Bug 19359

Summary: JavaScriptCore behaves differently from FF2/3 and IE when handling context in catch statement
Product: WebKit Reporter: Feng Qian <ian.eng.webkit>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: ggaren, oliver, zwarich
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: OS X 10.5   
URL: http://wiki.ecmascript.org/doku.php?id=es3.1:catch_clause_context_specification

Description Feng Qian 2008-06-02 09:31:25 PDT
The link describes the behaviors of FF and IE, and here is the example code:
function foo() {
  this.x = 11;
}
 
x = "global.x";

try {
  throw foo;
} catch(e) {
  print(x) // Should print "global.x"
  e();
  print(x) // Should add x to e
           // (Both IE and Firefox modify the global x)
}

print(x);  // Should print "global.x". IE and Firefox both print 11

Although the spec says the last print statement should print 'global.x', but
FF (>1.5) and IE print out '11'. According to Brendan Eich, ES4 will follow IE behavior.

Should KJS change its implementation? I don't know any broken websites due to this.
Comment 1 Geoffrey Garen 2008-06-02 13:51:16 PDT
Is this reduction missing a definition of e()?
Comment 2 Sam Weinig 2008-06-02 13:57:48 PDT
I don't think so.  'e' is the name of the exception thrown.  it should be the same as calling foo() I guess. 
Comment 3 Oliver Hunt 2008-06-02 14:18:34 PDT
throw foo; results in foo being set as the exception value e.

I'm not sure how we can mimic the firefox/ie behaviour as it makes no sense in the context of the spec.  Afaict the only way you could hope to achieve the behaviour that they have would be to not introduce the requisite dynamic scope, but then i'm not sure what would happen if you had a with block inside a catch.
Comment 4 Oliver Hunt 2008-06-28 03:13:17 PDT
Okay, this issue is just that ie/firefox are using an activation rather than a real object (which contradicts the specs, but hey) -- I say we match their behaviour.  Not only does it help compatibility (in a bizarre edge case at least) but it makes it possible to actually optimise in a catch block, something that was not technically possible before.

Possibly worth test the behaviour of this as well though
try {
  throw foo;
} catch(e) {
  with ({}) {
    print(x) // Should print "global.x"
    e();
    print(x) // Should add x to e
              // (Both IE and Firefox modify the global x)
  }
}
Comment 5 Oliver Hunt 2008-08-03 02:58:37 PDT
Committing to http://svn.webkit.org/repository/webkit/trunk ...
	M	JavaScriptCore/ChangeLog
	M	JavaScriptCore/VM/CodeBlock.cpp
	M	JavaScriptCore/VM/CodeGenerator.cpp
	M	JavaScriptCore/VM/CodeGenerator.h
	M	JavaScriptCore/VM/Machine.cpp
	M	JavaScriptCore/VM/Opcode.h
	M	JavaScriptCore/kjs/JSStaticScopeObject.cpp
	M	JavaScriptCore/kjs/JSStaticScopeObject.h
	M	JavaScriptCore/kjs/nodes.cpp
	M	LayoutTests/ChangeLog
	A	LayoutTests/fast/js/resources/static-scope-object.js
	A	LayoutTests/fast/js/static-scope-object-expected.txt
	A	LayoutTests/fast/js/static-scope-object.html
Committed r35533