Bug 123506 - JavaScript parser bug
Summary: JavaScript parser bug
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac (Intel) OS X 10.8
: P2 Normal
Assignee: Oliver Hunt
URL: https://gist.github.com/mishoo/7230949
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2013-10-30 04:32 PDT by Mihai Bazon
Modified: 2013-11-01 01:00 PDT (History)
4 users (show)

See Also:

Attachments
Patch (15.42 KB, patch)
2013-10-31 21:56 PDT, Oliver Hunt 		mark.lam: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mihai Bazon 2013-10-30 04:32:33 PDT 
// fails with SyntaxError: Expected token ')'
( function(){ return this || eval('this'); }().x = "y" );

// fails with SyntaxError: Unexpected token '='
1, function(){ return this || eval('this'); }().x = "y";

//// weird that we get different error messages

//// The following all work.

// place the function call inside parens
( (function(){ return this || eval('this'); }()).x = "y" );
1, (function(){ return this || eval('this'); }()).x = "y";

// simplify the return expression, keep `then`
( function(){ return this; }().x = "y" );
1, function(){ return this; }().x = "y";

// keep `eval`
( function(){ return eval('this'); }().x = "y" );
1, function(){ return eval('this'); }().x = "y";

// place the return expression inside parens (!!)
( function(){ return ( this || eval('this') ); }().x = "y" );
1, function(){ return ( this || eval('this') ); }().x = "y";
Comment 1 Radar WebKit Bug Importer 2013-10-31 09:42:18 PDT 
<rdar://problem/15362517>
Comment 2 Oliver Hunt 2013-10-31 14:12:57 PDT 
Alas shipping safari has really broken error messages, trunk is much much better.  I suspect that the problem here is that we're not correctly resetting state after we finish parsing the function body
Comment 3 Oliver Hunt 2013-10-31 19:36:31 PDT 
(In reply to comment #0)
> // fails with SyntaxError: Expected token ')'
> ( function(){ return this || eval('this'); }().x = "y" );
This is incorrectly propagating parser state out of the function body.

> 
> // fails with SyntaxError: Unexpected token '='
> 1, function(){ return this || eval('this'); }().x = "y";

This is a correct failure.  The error message is just really bad
Comment 4 Oliver Hunt 2013-10-31 21:56:33 PDT 
Created attachment 215716 [details]
Patch
Comment 5 Mark Lam 2013-10-31 22:08:15 PDT 
Comment on attachment 215716 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=215716&action=review

r=me with the spaces clean up.

> Source/JavaScriptCore/parser/Parser.h:404
> -
> +    

Remove these blank spaces.
Comment 6 Oliver Hunt 2013-10-31 22:12:10 PDT 
Committed r158425: <http://trac.webkit.org/changeset/158425>
Comment 7 Mihai Bazon 2013-11-01 00:31:58 PDT 
>> // fails with SyntaxError: Unexpected token '='
>> 1, function(){ return this || eval('this'); }().x = "y";

> This is a correct failure.  The error message is just really bad

Nope, it's valid code.  It's just the assignment from the first line, in a sequence expression.  All other engines parse it correctly, also JS-based parsers (UglifyJS [1], Acorn [2] and Esprima [3]).

[1] https://github.com/mishoo/UglifyJS2
[2] https://github.com/marijnh/acorn
[3] http://esprima.org/
Comment 8 Oliver Hunt 2013-11-01 01:00:09 PDT 
(In reply to comment #7)
> >> // fails with SyntaxError: Unexpected token '='
> >> 1, function(){ return this || eval('this'); }().x = "y";
> 
> > This is a correct failure.  The error message is just really bad
> 

Oh, whoops i missed the 1, at the beginning (i interpreted it as an enumerated list) anyhow, both cases are fixed