Bug 19359

Summary: JavaScriptCore behaves differently from FF2/3 and IE when handling context in catch statement
Product: WebKit Reporter: Feng Qian <ian.eng.webkit>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: ggaren, oliver, zwarich
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: OS X 10.5   
URL: http://wiki.ecmascript.org/doku.php?id=es3.1:catch_clause_context_specification

Feng Qian
Reported 2008-06-02 09:31:25 PDT
The link describes the behaviors of FF and IE, and here is the example code: function foo() { this.x = 11; } x = "global.x"; try { throw foo; } catch(e) { print(x) // Should print "global.x" e(); print(x) // Should add x to e // (Both IE and Firefox modify the global x) } print(x); // Should print "global.x". IE and Firefox both print 11 Although the spec says the last print statement should print 'global.x', but FF (>1.5) and IE print out '11'. According to Brendan Eich, ES4 will follow IE behavior. Should KJS change its implementation? I don't know any broken websites due to this.
Attachments
Geoffrey Garen
Comment 1 2008-06-02 13:51:16 PDT
Is this reduction missing a definition of e()?
Sam Weinig
Comment 2 2008-06-02 13:57:48 PDT
I don't think so. 'e' is the name of the exception thrown. it should be the same as calling foo() I guess.
Oliver Hunt
Comment 3 2008-06-02 14:18:34 PDT
throw foo; results in foo being set as the exception value e. I'm not sure how we can mimic the firefox/ie behaviour as it makes no sense in the context of the spec. Afaict the only way you could hope to achieve the behaviour that they have would be to not introduce the requisite dynamic scope, but then i'm not sure what would happen if you had a with block inside a catch.
Oliver Hunt
Comment 4 2008-06-28 03:13:17 PDT
Okay, this issue is just that ie/firefox are using an activation rather than a real object (which contradicts the specs, but hey) -- I say we match their behaviour. Not only does it help compatibility (in a bizarre edge case at least) but it makes it possible to actually optimise in a catch block, something that was not technically possible before. Possibly worth test the behaviour of this as well though try { throw foo; } catch(e) { with ({}) { print(x) // Should print "global.x" e(); print(x) // Should add x to e // (Both IE and Firefox modify the global x) } }
Oliver Hunt
Comment 5 2008-08-03 02:58:37 PDT
Committing to http://svn.webkit.org/repository/webkit/trunk ... M JavaScriptCore/ChangeLog M JavaScriptCore/VM/CodeBlock.cpp M JavaScriptCore/VM/CodeGenerator.cpp M JavaScriptCore/VM/CodeGenerator.h M JavaScriptCore/VM/Machine.cpp M JavaScriptCore/VM/Opcode.h M JavaScriptCore/kjs/JSStaticScopeObject.cpp M JavaScriptCore/kjs/JSStaticScopeObject.h M JavaScriptCore/kjs/nodes.cpp M LayoutTests/ChangeLog A LayoutTests/fast/js/resources/static-scope-object.js A LayoutTests/fast/js/static-scope-object-expected.txt A LayoutTests/fast/js/static-scope-object.html Committed r35533
Note You need to log in before you can comment on or make changes to this bug.