delta/qt5/qtwebkit.git/Source/JavaScriptCore/bytecompiler, branch old/5.1 code.qt.io: qt/qtwebkit.git Incorrect inequality for checking whether a statement is within bounds of a handler 2013-03-26T16:49:19+00:00 Filip Pizlo fpizlo@apple.com 2013-03-21T17:05:01+00:00 9c05c146dbd30c46b86a7e1e6665df93e01cd426 https://bugs.webkit.org/show_bug.cgi?id=104313 <rdar://problem/12808934> Reviewed by Geoffrey Garen. Source/JavaScriptCore: The most relevant change is in handlerForBytecodeOffset(), which fixes the inequality used for checking whether a handler is pertinent to the current instruction. '<' is correct, but '<=' isn't, since the 'end' is not inclusive. Also found, and addressed, a benign goof in how the finally inliner works: sometimes we will have end > start. This falls out naturally from how the inliner works and how we pop scopes in the bytecompiler, but it's sufficiently surprising that, to avoid any future confusion, I added a comment and some code to prune those handlers out. Because of how the handler resolution works, these handlers would have been skipped anyway. Also made various fixes to debugging code, which was necessary for tracking this down. * bytecode/CodeBlock.cpp: (JSC::CodeBlock::dumpBytecode): (JSC::CodeBlock::handlerForBytecodeOffset): * bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::generate): * bytecompiler/Label.h: (JSC::Label::bind): * interpreter/Interpreter.cpp: (JSC::Interpreter::throwException): * llint/LLIntExceptions.cpp: (JSC::LLInt::interpreterThrowInCaller): (JSC::LLInt::returnToThrow): (JSC::LLInt::callToThrow): * llint/LLIntSlowPaths.cpp: (JSC::LLInt::LLINT_SLOW_PATH_DECL): (JSC::LLInt::handleHostCall): LayoutTests: * fast/js/jsc-test-list: * fast/js/script-tests/try-catch-try-try-catch-try-finally-return-catch-finally.js: Added. (foo): * fast/js/try-catch-try-try-catch-try-finally-return-catch-finally-expected.txt: Added. * fast/js/try-catch-try-try-catch-try-finally-return-catch-finally.html: Added. Change-Id: Ic199b40daa2f8be3fb4dd01a762323d7309dfb47 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@136927 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com> 
https://bugs.webkit.org/show_bug.cgi?id=104313
<rdar://problem/12808934>

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

The most relevant change is in handlerForBytecodeOffset(), which fixes the inequality
used for checking whether a handler is pertinent to the current instruction. '<' is
correct, but '<=' isn't, since the 'end' is not inclusive.

Also found, and addressed, a benign goof in how the finally inliner works: sometimes
we will have end > start. This falls out naturally from how the inliner works and how
we pop scopes in the bytecompiler, but it's sufficiently surprising that, to avoid any
future confusion, I added a comment and some code to prune those handlers out. Because
of how the handler resolution works, these handlers would have been skipped anyway.

Also made various fixes to debugging code, which was necessary for tracking this down.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::handlerForBytecodeOffset):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::generate):
* bytecompiler/Label.h:
(JSC::Label::bind):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::throwException):
* llint/LLIntExceptions.cpp:
(JSC::LLInt::interpreterThrowInCaller):
(JSC::LLInt::returnToThrow):
(JSC::LLInt::callToThrow):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
(JSC::LLInt::handleHostCall):

LayoutTests:

* fast/js/jsc-test-list:
* fast/js/script-tests/try-catch-try-try-catch-try-finally-return-catch-finally.js: Added.
(foo):
* fast/js/try-catch-try-try-catch-try-finally-return-catch-finally-expected.txt: Added.
* fast/js/try-catch-try-try-catch-try-finally-return-catch-finally.html: Added.

Change-Id: Ic199b40daa2f8be3fb4dd01a762323d7309dfb47
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@136927 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
Imported WebKit commit c60cfe0fc09efd257aa0111d7b133b02deb8a63e (http://svn.webkit.org/repository/webkit/trunk@136119) 2012-11-29T11:18:57+00:00 Simon Hausmann simon.hausmann@digia.com 2012-11-29T11:18:48+00:00 4c01d0526ba4dd8cff0c0ff22a6f0ab5eb973064 New snapshot that includes the fix for installing the QtWebProcess into libexec Change-Id: I01344e079cbdac5678c4cba6ffcc05f4597cf0d7 Reviewed-by: Simon Hausmann <simon.hausmann@digia.com> 
New snapshot that includes the fix for installing the QtWebProcess into libexec

Change-Id: I01344e079cbdac5678c4cba6ffcc05f4597cf0d7
Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
Imported WebKit commit e89504fa9195b2063b2530961d4b73dd08de3242 (http://svn.webkit.org/repository/webkit/trunk@135485) 2012-11-22T08:10:13+00:00 Simon Hausmann simon.hausmann@digia.com 2012-11-22T08:09:45+00:00 470286ecfe79d59df14944e5b5d34630fc739391 Change-Id: I03774e5ac79721c13ffa30d152537a74d0b12e66 Reviewed-by: Simon Hausmann <simon.hausmann@digia.com> 
Change-Id: I03774e5ac79721c13ffa30d152537a74d0b12e66
Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
Imported WebKit commit e2c32e2f53e02d388e70b9db88b91d8d9d28fc84 (http://svn.webkit.org/repository/webkit/trunk@133952) 2012-11-09T11:16:06+00:00 Simon Hausmann simon.hausmann@digia.com 2012-11-09T11:15:52+00:00 de4f791e30be4e4239b381c11745ffa4d87ddb8b Revert back to an older snapshot that should build on ARM 
Revert back to an older snapshot that should build on ARM
Imported WebKit commit 7bcdfab9a40db7d16b4b95bb77d78b8a59c9e701 (http://svn.webkit.org/repository/webkit/trunk@134025) 2012-11-09T08:42:44+00:00 Simon Hausmann simon.hausmann@digia.com 2012-11-09T08:42:44+00:00 a59391482883479a9b28a6f1ace6d1ebd08a7ecd New snapshot with numerious build fixes, including MSVC 2012 and ARM Thumb-2. 
New snapshot with numerious build fixes, including MSVC 2012 and ARM Thumb-2.
Imported WebKit commit 20271caf2e2c016d5cef40184cddeefeac4f1876 (http://svn.webkit.org/repository/webkit/trunk@133733) 2012-11-07T10:22:47+00:00 Simon Hausmann simon.hausmann@digia.com 2012-11-07T10:22:47+00:00 cfd86b747d32ac22246a1aa908eaa720c63a88c1 New snapshot that contains all previous fixes as well as build fix for latest QtMultimedia API changes. 
New snapshot that contains all previous fixes as well as build fix for latest QtMultimedia API changes.
Imported WebKit commit 302e7806bff028bd1167a1ec7c86a1ee00ecfb49 (http://svn.webkit.org/repository/webkit/trunk@132067) 2012-10-22T13:40:17+00:00 Simon Hausmann simon.hausmann@digia.com 2012-10-22T13:40:17+00:00 43a42f108af6bcbd91f2672731c3047c26213af1 New snapshot that fixes build without QtWidgets 
New snapshot that fixes build without QtWidgets
Imported WebKit commit 795dcd25a9649fccaf1c9b685f6e2ffedaf7e620 (http://svn.webkit.org/repository/webkit/trunk@131718) 2012-10-18T08:55:06+00:00 Simon Hausmann simon.hausmann@digia.com 2012-10-18T08:55:06+00:00 ee4c86d1990a9e26277a6948e7027ad8d525ebfa New snapshot that includes the return of -fkeep-memory at link time to reduce memory pressure as well as modularized documentation 
New snapshot that includes the return of -fkeep-memory at link time
to reduce memory pressure as well as modularized documentation
Imported WebKit commit cf4f8fc6f19b0629f51860cb2d4b25e139d07e00 (http://svn.webkit.org/repository/webkit/trunk@131592) 2012-10-17T14:21:14+00:00 Simon Hausmann simon.hausmann@digia.com 2012-10-17T14:21:14+00:00 8995b83bcbfbb68245f779b64e5517627c6cc6ea New snapshot that includes the build fixes for Mac OS X 10.6 and earlier as well as the previously cherry-picked changes 
New snapshot that includes the build fixes for Mac OS X 10.6 and earlier as well
as the previously cherry-picked changes
Revert "Imported WebKit commit 0dc6cd75e1d4836eaffbb520be96fac4847cc9d2 (http://svn.webkit.org/repository/webkit/trunk@131300)" 2012-10-16T12:57:30+00:00 Simon Hausmann simon.hausmann@digia.com 2012-10-16T12:56:46+00:00 b297e0fa5c217c9467033b7c8b46891a52870120 This reverts commit 5466563f4b5b6b86523e3f89bb7f77e5b5270c78. Caused OOM issues on some CI machines :( 
This reverts commit 5466563f4b5b6b86523e3f89bb7f77e5b5270c78.

Caused OOM issues on some CI machines :(