Closed
Bug 415922
Opened 16 years ago
Closed 16 years ago
Exception from within JSNewEnumerateOp on JSENUMERATE_NEXT not supported
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
VERIFIED
FIXED
People
(Reporter: joachim.kuebart, Assigned: crowderbt)
Details
Attachments
(2 files, 3 obsolete files)
354 bytes,
text/plain
|
Details | |
4.91 KB,
patch
|
crowderbt
:
review+
crowderbt
:
approval1.9+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 1.1.4322) Build Identifier: current CVS If a JSClass's implementation of JSNewEnumerateOp throws an exception from the JSENUMERATE_NEXT operation, the exception is swallowed (culprit: jsiter.c:CallEnumeratorNext()). This is not reproducible with a stock SpiderMonkey because the built-in js_EnumerateOp never throws on JSENUMERATE_NEXT. Reproducible: Always Steps to Reproduce: 1. Patch jsshell with the provided provoke.diff which adds a JSNewEnumerateOp to the object "it" that throws an exception upon JSENUMERATE_NEXT. 2. Run the "function f() { for (k in it) return k }". 3. Also try in a SpiderMonkey compiled with DEBUG_NOT_THROWING defined. Actual Results: Because the exception is swallowed the function f() unexpectedly returns [object It] when run in a jsshell modified by provoke.diff. Worse, when "return k" is replaced by "print(k)", the iteration never terminates. When SpiderMonkey is compiled with DEBUG_NOT_THROWING defined, the example stops with an JS_ASSERT in JSOP_SETRVAL at the "return" in the function f() above. Expected Results: The exception thrown from within the iterator should be promoted to the running script. The code in question seems to have been introduced in bug 354982.
Reporter | ||
Comment 1•16 years ago
|
||
This patch is _not_ for submission! It modifies the jsshell in a way only useful to provoke the error this bug documents. However, this modification is supposed to represent legitimate use of SpiderMonkey by an embedding in the wild.
Reporter | ||
Comment 2•16 years ago
|
||
Modify CallEnumeratorNext() to return JS_FALSE instead of JS_TRUE after an exception inside a JSNewEnumerateOp. This patch fixes the described problem.
Updated•16 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 3•16 years ago
|
||
Comment on attachment 301665 [details] [diff] [review] Fix CallEnumeratorNext() to not swallow exceptions. Wow, easy fix -- thanks, Joachim. BTW, I gave you canconfirm and editbugs bugzilla privileges so your new bugs will be NEW, not UNCONFIRMED. /be
Attachment #301665 -
Flags: review+
Attachment #301665 -
Flags: approval1.9+
Comment 4•16 years ago
|
||
Brian, can you get this in and also integrate the its_new_enumerate (with indentation nitpicking) for testing? Thanks, /be
Assignee: general → crowder
Flags: blocking1.9+
Reporter | ||
Comment 5•16 years ago
|
||
This patch is an improved version of the one in comment 1. It adds a property "enum_fail" to the "it" object, allowing scripts to configure the behaviour of "its" iterator.
Attachment #301664 -
Attachment is obsolete: true
Reporter | ||
Comment 6•16 years ago
|
||
Using the patch to jsshell from comment 5, this is an automatic test script.
Reporter | ||
Comment 7•16 years ago
|
||
(In reply to comment #3) > (From update of attachment 301665 [details] [diff] [review]) > Wow, easy fix -- thanks, Joachim. BTW, I gave you canconfirm and editbugs > bugzilla privileges so your new bugs will be NEW, not UNCONFIRMED. > /be Thanks for the privilege! Joachim
Reporter | ||
Updated•16 years ago
|
Attachment #301687 -
Attachment mime type: application/octet-stream → text/plain
Assignee | ||
Comment 8•16 years ago
|
||
Carrying over r/a+ since the jsiter.c change remains identical to the original patch. js.c (NPOTB) changes are mostly whitespace, though I did rephrase the its_setProperty routine a bit.
Attachment #301665 -
Attachment is obsolete: true
Attachment #301686 -
Attachment is obsolete: true
Attachment #301963 -
Flags: review+
Attachment #301963 -
Flags: approval1.9+
Assignee | ||
Comment 9•16 years ago
|
||
landed the attachment from comment #8: jsiter.c: 3.84 js.c: 3.191
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Comment 10•16 years ago
|
||
/cvsroot/mozilla/js/tests/public-failures.txt,v <-- public-failures.txt new revision: 1.40; previous revision: 1.39 /cvsroot/mozilla/js/tests/js1_7/iterable/regress-415922.js,v <-- regress-415922.js initial revision: 1.1
Flags: in-testsuite+
Flags: in-litmus-
You need to log in
before you can comment on or make changes to this bug.
Description
•