<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[182034] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/182034">182034</a></dd>
<dt>Author</dt> <dd>ggaren@apple.com</dd>
<dt>Date</dt> <dd>2015-03-26 16:12:39 -0700 (Thu, 26 Mar 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>Assertion firing in JavaScriptCore/parser/parser.h for statesman.com site
https://bugs.webkit.org/show_bug.cgi?id=142974
Reviewed by Joseph Pecoraro.
Source/JavaScriptCore:
This patch does two things:
(1) Restore JavaScriptCore's sanitization of line and column numbers to
one-based values.
We need this because WebCore sometimes provides huge negative column
numbers.
(2) Solve the attribute event listener line numbering problem a different
way: Rather than offseting all line numbers by -1 in an attribute event
listener in order to arrange for a custom result, instead use an explicit
feature for saying "all errors in this code should map to this line number".
* bytecode/UnlinkedCodeBlock.cpp:
(JSC::UnlinkedFunctionExecutable::link):
(JSC::UnlinkedFunctionExecutable::fromGlobalCode):
* bytecode/UnlinkedCodeBlock.h:
* interpreter/Interpreter.cpp:
(JSC::StackFrame::computeLineAndColumn):
(JSC::GetStackTraceFunctor::operator()):
* interpreter/Interpreter.h:
* interpreter/StackVisitor.cpp:
(JSC::StackVisitor::Frame::computeLineAndColumn):
* parser/ParserError.h:
(JSC::ParserError::toErrorObject): Plumb through an override line number.
When a function has an override line number, all syntax and runtime
errors in the function will map to it. This is useful for attribute event
listeners.
* parser/SourceCode.h:
(JSC::SourceCode::SourceCode): Restore the old sanitization of line and
column numbers to one-based integers. It was kind of a hack to remove this.
* runtime/Executable.cpp:
(JSC::ScriptExecutable::ScriptExecutable):
(JSC::FunctionExecutable::fromGlobalCode):
* runtime/Executable.h:
(JSC::ScriptExecutable::setOverrideLineNo):
(JSC::ScriptExecutable::hasOverrideLineNo):
(JSC::ScriptExecutable::overrideLineNo):
* runtime/FunctionConstructor.cpp:
(JSC::constructFunctionSkippingEvalEnabledCheck):
* runtime/FunctionConstructor.h: Plumb through an override line number.
Source/WebCore:
* bindings/js/JSLazyEventListener.cpp:
(WebCore::JSLazyEventListener::initializeJSFunction): Use the new override
line number API to guarantee that errors will map to the .html file locations
that we like.
* bindings/js/ScriptController.cpp:
(WebCore::ScriptController::eventHandlerPosition): Added a FIXME to cover
some cases where our line and column numbers are still nonsense.
LayoutTests:
No test covering this ASSERT because I couldn't design a way to reproduce
it after trying for a few hours. Simply loading the original ASSERTing
content from disk is not enough to reproduce this bug.
* fast/profiler/dead-time-expected.txt:
* fast/profiler/inline-event-handler-expected.txt:
* fast/profiler/stop-profiling-after-setTimeout-expected.txt: These are
progressions, where we used to get the line number wrong.
* fast/dom/attribute-event-listener-errors-expected.txt: Added.
* fast/dom/attribute-event-listener-errors.html: Added. This test covers
a subtle way in which the new mechanism for attribute event listener
line numbers is more accurate than the old one.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkLayoutTestsfastprofilerdeadtimeexpectedtxt">trunk/LayoutTests/fast/profiler/dead-time-expected.txt</a></li>
<li><a href="#trunkLayoutTestsfastprofilerinlineeventhandlerexpectedtxt">trunk/LayoutTests/fast/profiler/inline-event-handler-expected.txt</a></li>
<li><a href="#trunkLayoutTestsfastprofilerstopprofilingaftersetTimeoutexpectedtxt">trunk/LayoutTests/fast/profiler/stop-profiling-after-setTimeout-expected.txt</a></li>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeUnlinkedCodeBlockcpp">trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeUnlinkedCodeBlockh">trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreinterpreterInterpretercpp">trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreinterpreterInterpreterh">trunk/Source/JavaScriptCore/interpreter/Interpreter.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreinterpreterStackVisitorcpp">trunk/Source/JavaScriptCore/interpreter/StackVisitor.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreparserParserErrorh">trunk/Source/JavaScriptCore/parser/ParserError.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreparserSourceCodeh">trunk/Source/JavaScriptCore/parser/SourceCode.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeExecutablecpp">trunk/Source/JavaScriptCore/runtime/Executable.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeExecutableh">trunk/Source/JavaScriptCore/runtime/Executable.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeFunctionConstructorcpp">trunk/Source/JavaScriptCore/runtime/FunctionConstructor.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeFunctionConstructorh">trunk/Source/JavaScriptCore/runtime/FunctionConstructor.h</a></li>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCorebindingsjsJSLazyEventListenercpp">trunk/Source/WebCore/bindings/js/JSLazyEventListener.cpp</a></li>
<li><a href="#trunkSourceWebCorebindingsjsScriptControllercpp">trunk/Source/WebCore/bindings/js/ScriptController.cpp</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsfastdomattributeeventlistenererrorsexpectedtxt">trunk/LayoutTests/fast/dom/attribute-event-listener-errors-expected.txt</a></li>
<li><a href="#trunkLayoutTestsfastdomattributeeventlistenererrorshtml">trunk/LayoutTests/fast/dom/attribute-event-listener-errors.html</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (182033 => 182034)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog 2015-03-26 23:06:27 UTC (rev 182033)
+++ trunk/LayoutTests/ChangeLog 2015-03-26 23:12:39 UTC (rev 182034)
</span><span class="lines">@@ -1,3 +1,24 @@
</span><ins>+2015-03-26 Geoffrey Garen <ggaren@apple.com>
+
+ Assertion firing in JavaScriptCore/parser/parser.h for statesman.com site
+ https://bugs.webkit.org/show_bug.cgi?id=142974
+
+ Reviewed by Joseph Pecoraro.
+
+ No test covering this ASSERT because I couldn't design a way to reproduce
+ it after trying for a few hours. Simply loading the original ASSERTing
+ content from disk is not enough to reproduce this bug.
+
+ * fast/profiler/dead-time-expected.txt:
+ * fast/profiler/inline-event-handler-expected.txt:
+ * fast/profiler/stop-profiling-after-setTimeout-expected.txt: These are
+ progressions, where we used to get the line number wrong.
+
+ * fast/dom/attribute-event-listener-errors-expected.txt: Added.
+ * fast/dom/attribute-event-listener-errors.html: Added. This test covers
+ a subtle way in which the new mechanism for attribute event listener
+ line numbers is more accurate than the old one.
+
</ins><span class="cx"> 2015-03-26 Brady Eidson <beidson@apple.com>
</span><span class="cx">
</span><span class="cx"> Apply ContentExtension actions after redirects.
</span></span></pre></div>
<a id="trunkLayoutTestsfastdomattributeeventlistenererrorsexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/fast/dom/attribute-event-listener-errors-expected.txt (0 => 182034)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/fast/dom/attribute-event-listener-errors-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/dom/attribute-event-listener-errors-expected.txt 2015-03-26 23:12:39 UTC (rev 182034)
</span><span class="lines">@@ -0,0 +1,4 @@
</span><ins>+CONSOLE MESSAGE: line 4: ReferenceError: Can't find variable: error
+CONSOLE MESSAGE: line 5: SyntaxError: Invalid character: '@'
+This test verifies that an attribute event listener error shows the right line number even if the attribute contains newlines.
+
</ins></span></pre></div>
<a id="trunkLayoutTestsfastdomattributeeventlistenererrorshtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/fast/dom/attribute-event-listener-errors.html (0 => 182034)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/fast/dom/attribute-event-listener-errors.html (rev 0)
+++ trunk/LayoutTests/fast/dom/attribute-event-listener-errors.html 2015-03-26 23:12:39 UTC (rev 182034)
</span><span class="lines">@@ -0,0 +1,15 @@
</span><ins>+<body>
+ <pre>This test verifies that an attribute event listener error shows the right line number even if the attribute contains newlines.</pre>
+
+ <button id ="1" onclick="&#10;&#10;&#10;error()"></button>
+ <button id ="2" onclick="&#10;&#10;&#10;$@_."></button>
+
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+
+document.getElementById("1").click();
+document.getElementById("2").click();
+</script>
+
+</body>
</ins></span></pre></div>
<a id="trunkLayoutTestsfastprofilerdeadtimeexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/fast/profiler/dead-time-expected.txt (182033 => 182034)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/fast/profiler/dead-time-expected.txt 2015-03-26 23:06:27 UTC (rev 182033)
+++ trunk/LayoutTests/fast/profiler/dead-time-expected.txt 2015-03-26 23:12:39 UTC (rev 182034)
</span><span class="lines">@@ -4,7 +4,7 @@
</span><span class="cx">
</span><span class="cx"> Profile title: Dead time in profile.
</span><span class="cx"> Thread_1 (no file) (line 0:0)
</span><del>- onload dead-time.html (line 20:52)
</del><ins>+ onload dead-time.html (line 21:52)
</ins><span class="cx"> startTest dead-time.html (line 13:1)
</span><span class="cx"> setTimeout (no file) (line 0:0)
</span><span class="cx"> (program) dead-time.html (line 1:1)
</span></span></pre></div>
<a id="trunkLayoutTestsfastprofilerinlineeventhandlerexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/fast/profiler/inline-event-handler-expected.txt (182033 => 182034)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/fast/profiler/inline-event-handler-expected.txt 2015-03-26 23:06:27 UTC (rev 182033)
+++ trunk/LayoutTests/fast/profiler/inline-event-handler-expected.txt 2015-03-26 23:12:39 UTC (rev 182034)
</span><span class="lines">@@ -7,7 +7,7 @@
</span><span class="cx"> startTest inline-event-handler.html (line 11:1)
</span><span class="cx"> getElementById (no file) (line 0:0)
</span><span class="cx"> click (no file) (line 0:0)
</span><del>- onclick inline-event-handler.html (line 30:135)
</del><ins>+ onclick inline-event-handler.html (line 31:135)
</ins><span class="cx"> eventListener inline-event-handler.html (line 17:26)
</span><span class="cx"> anonymousFunction profiler-test-JS-resources.js (line 29:37)
</span><span class="cx"> insertNewText profiler-test-JS-resources.js (line 17:26)
</span></span></pre></div>
<a id="trunkLayoutTestsfastprofilerstopprofilingaftersetTimeoutexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/fast/profiler/stop-profiling-after-setTimeout-expected.txt (182033 => 182034)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/fast/profiler/stop-profiling-after-setTimeout-expected.txt 2015-03-26 23:06:27 UTC (rev 182033)
+++ trunk/LayoutTests/fast/profiler/stop-profiling-after-setTimeout-expected.txt 2015-03-26 23:12:39 UTC (rev 182034)
</span><span class="lines">@@ -4,7 +4,7 @@
</span><span class="cx">
</span><span class="cx"> Profile title: Stop profiling from a timeout
</span><span class="cx"> Thread_1 (no file) (line 0:0)
</span><del>- onload stop-profiling-after-setTimeout.html (line 20:52)
</del><ins>+ onload stop-profiling-after-setTimeout.html (line 21:52)
</ins><span class="cx"> startTest stop-profiling-after-setTimeout.html (line 13:1)
</span><span class="cx"> setTimeout (no file) (line 0:0)
</span><span class="cx"> (program) stop-profiling-after-setTimeout.html (line 1:1)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (182033 => 182034)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2015-03-26 23:06:27 UTC (rev 182033)
+++ trunk/Source/JavaScriptCore/ChangeLog 2015-03-26 23:12:39 UTC (rev 182034)
</span><span class="lines">@@ -1,3 +1,54 @@
</span><ins>+2015-03-26 Geoffrey Garen <ggaren@apple.com>
+
+ Assertion firing in JavaScriptCore/parser/parser.h for statesman.com site
+ https://bugs.webkit.org/show_bug.cgi?id=142974
+
+ Reviewed by Joseph Pecoraro.
+
+ This patch does two things:
+
+ (1) Restore JavaScriptCore's sanitization of line and column numbers to
+ one-based values.
+
+ We need this because WebCore sometimes provides huge negative column
+ numbers.
+
+ (2) Solve the attribute event listener line numbering problem a different
+ way: Rather than offseting all line numbers by -1 in an attribute event
+ listener in order to arrange for a custom result, instead use an explicit
+ feature for saying "all errors in this code should map to this line number".
+
+ * bytecode/UnlinkedCodeBlock.cpp:
+ (JSC::UnlinkedFunctionExecutable::link):
+ (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
+ * bytecode/UnlinkedCodeBlock.h:
+ * interpreter/Interpreter.cpp:
+ (JSC::StackFrame::computeLineAndColumn):
+ (JSC::GetStackTraceFunctor::operator()):
+ * interpreter/Interpreter.h:
+ * interpreter/StackVisitor.cpp:
+ (JSC::StackVisitor::Frame::computeLineAndColumn):
+ * parser/ParserError.h:
+ (JSC::ParserError::toErrorObject): Plumb through an override line number.
+ When a function has an override line number, all syntax and runtime
+ errors in the function will map to it. This is useful for attribute event
+ listeners.
+
+ * parser/SourceCode.h:
+ (JSC::SourceCode::SourceCode): Restore the old sanitization of line and
+ column numbers to one-based integers. It was kind of a hack to remove this.
+
+ * runtime/Executable.cpp:
+ (JSC::ScriptExecutable::ScriptExecutable):
+ (JSC::FunctionExecutable::fromGlobalCode):
+ * runtime/Executable.h:
+ (JSC::ScriptExecutable::setOverrideLineNo):
+ (JSC::ScriptExecutable::hasOverrideLineNo):
+ (JSC::ScriptExecutable::overrideLineNo):
+ * runtime/FunctionConstructor.cpp:
+ (JSC::constructFunctionSkippingEvalEnabledCheck):
+ * runtime/FunctionConstructor.h: Plumb through an override line number.
+
</ins><span class="cx"> 2015-03-26 Filip Pizlo <fpizlo@apple.com>
</span><span class="cx">
</span><span class="cx"> If we're in code for accessing scoped arguments, we should probably check if the object is a scoped arguments rather than checking if it's a direct arguments.
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeUnlinkedCodeBlockcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp (182033 => 182034)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp 2015-03-26 23:06:27 UTC (rev 182033)
+++ trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp 2015-03-26 23:12:39 UTC (rev 182034)
</span><span class="lines">@@ -132,7 +132,7 @@
</span><span class="cx"> visitor.append(&thisObject->m_symbolTableForConstruct);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-FunctionExecutable* UnlinkedFunctionExecutable::link(VM& vm, const SourceCode& ownerSource)
</del><ins>+FunctionExecutable* UnlinkedFunctionExecutable::link(VM& vm, const SourceCode& ownerSource, int overrideLineNo)
</ins><span class="cx"> {
</span><span class="cx"> SourceCode source = m_sourceOverride ? SourceCode(m_sourceOverride) : ownerSource;
</span><span class="cx"> unsigned firstLine = source.firstLine() + m_firstLineOffset;
</span><span class="lines">@@ -145,10 +145,15 @@
</span><span class="cx"> unsigned endColumn = m_unlinkedBodyEndColumn + (endColumnIsOnStartLine ? startColumn : 1);
</span><span class="cx">
</span><span class="cx"> SourceCode code(source.provider(), startOffset, startOffset + m_sourceLength, firstLine, startColumn);
</span><del>- return FunctionExecutable::create(vm, code, this, firstLine, firstLine + m_lineCount, startColumn, endColumn);
</del><ins>+ FunctionExecutable* result = FunctionExecutable::create(vm, code, this, firstLine, firstLine + m_lineCount, startColumn, endColumn);
+ if (overrideLineNo != -1)
+ result->setOverrideLineNo(overrideLineNo);
+ return result;
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-UnlinkedFunctionExecutable* UnlinkedFunctionExecutable::fromGlobalCode(const Identifier& name, ExecState& exec, const SourceCode& source, JSObject*& exception)
</del><ins>+UnlinkedFunctionExecutable* UnlinkedFunctionExecutable::fromGlobalCode(
+ const Identifier& name, ExecState& exec, const SourceCode& source,
+ JSObject*& exception, int overrideLineNo)
</ins><span class="cx"> {
</span><span class="cx"> ParserError error;
</span><span class="cx"> VM& vm = exec.vm();
</span><span class="lines">@@ -160,7 +165,7 @@
</span><span class="cx"> globalObject.debugger()->sourceParsed(&exec, source.provider(), error.line(), error.message());
</span><span class="cx">
</span><span class="cx"> if (error.isValid()) {
</span><del>- exception = error.toErrorObject(&globalObject, source);
</del><ins>+ exception = error.toErrorObject(&globalObject, source, overrideLineNo);
</ins><span class="cx"> return nullptr;
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeUnlinkedCodeBlockh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h (182033 => 182034)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h 2015-03-26 23:06:27 UTC (rev 182033)
+++ trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h 2015-03-26 23:12:39 UTC (rev 182034)
</span><span class="lines">@@ -136,9 +136,11 @@
</span><span class="cx"> VM&, const SourceCode&, CodeSpecializationKind, DebuggerMode, ProfilerMode,
</span><span class="cx"> ParserError&);
</span><span class="cx">
</span><del>- static UnlinkedFunctionExecutable* fromGlobalCode(const Identifier&, ExecState&, const SourceCode&, JSObject*& exception);
</del><ins>+ static UnlinkedFunctionExecutable* fromGlobalCode(
+ const Identifier&, ExecState&, const SourceCode&, JSObject*& exception,
+ int overrideLineNo);
</ins><span class="cx">
</span><del>- FunctionExecutable* link(VM&, const SourceCode&);
</del><ins>+ FunctionExecutable* link(VM&, const SourceCode&, int overrideLineNo = -1);
</ins><span class="cx">
</span><span class="cx"> void clearCodeForRecompilation()
</span><span class="cx"> {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreinterpreterInterpretercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp (182033 => 182034)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp 2015-03-26 23:06:27 UTC (rev 182033)
+++ trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp 2015-03-26 23:12:39 UTC (rev 182034)
</span><span class="lines">@@ -440,6 +440,9 @@
</span><span class="cx">
</span><span class="cx"> line = divotLine + lineOffset;
</span><span class="cx"> column = divotColumn + (divotLine ? 1 : firstLineColumnOffset);
</span><ins>+
+ if (executable->hasOverrideLineNo())
+ line = executable->overrideLineNo();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void StackFrame::expressionInfo(int& divot, int& startOffset, int& endOffset, unsigned& line, unsigned& column)
</span><span class="lines">@@ -490,7 +493,7 @@
</span><span class="cx"> StackFrame s = {
</span><span class="cx"> Strong<JSObject>(vm, visitor->callee()),
</span><span class="cx"> getStackFrameCodeType(visitor),
</span><del>- Strong<ExecutableBase>(vm, codeBlock->ownerExecutable()),
</del><ins>+ Strong<ScriptExecutable>(vm, codeBlock->ownerExecutable()),
</ins><span class="cx"> Strong<UnlinkedCodeBlock>(vm, codeBlock->unlinkedCodeBlock()),
</span><span class="cx"> codeBlock->source(),
</span><span class="cx"> codeBlock->ownerExecutable()->lineNo(),
</span><span class="lines">@@ -501,7 +504,7 @@
</span><span class="cx"> };
</span><span class="cx"> m_results.append(s);
</span><span class="cx"> } else {
</span><del>- StackFrame s = { Strong<JSObject>(vm, visitor->callee()), StackFrameNativeCode, Strong<ExecutableBase>(), Strong<UnlinkedCodeBlock>(), 0, 0, 0, 0, 0, String()};
</del><ins>+ StackFrame s = { Strong<JSObject>(vm, visitor->callee()), StackFrameNativeCode, Strong<ScriptExecutable>(), Strong<UnlinkedCodeBlock>(), 0, 0, 0, 0, 0, String()};
</ins><span class="cx"> m_results.append(s);
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreinterpreterInterpreterh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/interpreter/Interpreter.h (182033 => 182034)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/interpreter/Interpreter.h 2015-03-26 23:06:27 UTC (rev 182033)
+++ trunk/Source/JavaScriptCore/interpreter/Interpreter.h 2015-03-26 23:12:39 UTC (rev 182034)
</span><span class="lines">@@ -81,7 +81,7 @@
</span><span class="cx"> struct StackFrame {
</span><span class="cx"> Strong<JSObject> callee;
</span><span class="cx"> StackFrameCodeType codeType;
</span><del>- Strong<ExecutableBase> executable;
</del><ins>+ Strong<ScriptExecutable> executable;
</ins><span class="cx"> Strong<UnlinkedCodeBlock> codeBlock;
</span><span class="cx"> RefPtr<SourceProvider> code;
</span><span class="cx"> int lineOffset;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreinterpreterStackVisitorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/interpreter/StackVisitor.cpp (182033 => 182034)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/interpreter/StackVisitor.cpp 2015-03-26 23:06:27 UTC (rev 182033)
+++ trunk/Source/JavaScriptCore/interpreter/StackVisitor.cpp 2015-03-26 23:12:39 UTC (rev 182034)
</span><span class="lines">@@ -293,6 +293,9 @@
</span><span class="cx">
</span><span class="cx"> line = divotLine + codeBlock->ownerExecutable()->lineNo();
</span><span class="cx"> column = divotColumn + (divotLine ? 1 : codeBlock->firstLineColumnOffset());
</span><ins>+
+ if (codeBlock->ownerExecutable()->hasOverrideLineNo())
+ line = codeBlock->ownerExecutable()->overrideLineNo();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void StackVisitor::Frame::retrieveExpressionInfo(int& divot, int& startOffset, int& endOffset, unsigned& line, unsigned& column)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreparserParserErrorh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/parser/ParserError.h (182033 => 182034)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/parser/ParserError.h 2015-03-26 23:06:27 UTC (rev 182033)
+++ trunk/Source/JavaScriptCore/parser/ParserError.h 2015-03-26 23:12:39 UTC (rev 182034)
</span><span class="lines">@@ -85,13 +85,18 @@
</span><span class="cx"> const String& message() const { return m_message; }
</span><span class="cx"> int line() const { return m_line; }
</span><span class="cx">
</span><del>- JSObject* toErrorObject(JSGlobalObject* globalObject, const SourceCode& source)
</del><ins>+ JSObject* toErrorObject(
+ JSGlobalObject* globalObject, const SourceCode& source,
+ int overrideLineNo = -1)
</ins><span class="cx"> {
</span><span class="cx"> switch (m_type) {
</span><span class="cx"> case ErrorNone:
</span><span class="cx"> return nullptr;
</span><span class="cx"> case SyntaxError:
</span><del>- return addErrorInfo(globalObject->globalExec(), createSyntaxError(globalObject, m_message), m_line, source);
</del><ins>+ return addErrorInfo(
+ globalObject->globalExec(),
+ createSyntaxError(globalObject, m_message),
+ overrideLineNo == -1 ? m_line : overrideLineNo, source);
</ins><span class="cx"> case EvalError:
</span><span class="cx"> return createSyntaxError(globalObject, m_message);
</span><span class="cx"> case StackOverflow: {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreparserSourceCodeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/parser/SourceCode.h (182033 => 182034)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/parser/SourceCode.h 2015-03-26 23:06:27 UTC (rev 182033)
+++ trunk/Source/JavaScriptCore/parser/SourceCode.h 2015-03-26 23:12:39 UTC (rev 182034)
</span><span class="lines">@@ -63,8 +63,8 @@
</span><span class="cx"> : m_provider(provider)
</span><span class="cx"> , m_startChar(0)
</span><span class="cx"> , m_endChar(m_provider->source().length())
</span><del>- , m_firstLine(std::max(firstLine, 0))
- , m_startColumn(std::max(startColumn, 0))
</del><ins>+ , m_firstLine(std::max(firstLine, 1))
+ , m_startColumn(std::max(startColumn, 1))
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -72,8 +72,8 @@
</span><span class="cx"> : m_provider(provider)
</span><span class="cx"> , m_startChar(start)
</span><span class="cx"> , m_endChar(end)
</span><del>- , m_firstLine(std::max(firstLine, 0))
- , m_startColumn(std::max(startColumn, 0))
</del><ins>+ , m_firstLine(std::max(firstLine, 1))
+ , m_startColumn(std::max(startColumn, 1))
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeExecutablecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/Executable.cpp (182033 => 182034)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/Executable.cpp 2015-03-26 23:06:27 UTC (rev 182033)
+++ trunk/Source/JavaScriptCore/runtime/Executable.cpp 2015-03-26 23:12:39 UTC (rev 182034)
</span><span class="lines">@@ -100,6 +100,7 @@
</span><span class="cx"> , m_hasCapturedVariables(false)
</span><span class="cx"> , m_neverInline(false)
</span><span class="cx"> , m_didTryToEnterInLoop(false)
</span><ins>+ , m_overrideLineNo(-1)
</ins><span class="cx"> , m_firstLine(-1)
</span><span class="cx"> , m_lastLine(-1)
</span><span class="cx"> , m_startColumn(UINT_MAX)
</span><span class="lines">@@ -608,12 +609,17 @@
</span><span class="cx"> #endif
</span><span class="cx"> }
</span><span class="cx">
</span><del>-FunctionExecutable* FunctionExecutable::fromGlobalCode(const Identifier& name, ExecState& exec, const SourceCode& source, JSObject*& exception)
</del><ins>+FunctionExecutable* FunctionExecutable::fromGlobalCode(
+ const Identifier& name, ExecState& exec, const SourceCode& source,
+ JSObject*& exception, int overrideLineNo)
</ins><span class="cx"> {
</span><del>- UnlinkedFunctionExecutable* unlinkedExecutable = UnlinkedFunctionExecutable::fromGlobalCode(name, exec, source, exception);
</del><ins>+ UnlinkedFunctionExecutable* unlinkedExecutable =
+ UnlinkedFunctionExecutable::fromGlobalCode(
+ name, exec, source, exception, overrideLineNo);
</ins><span class="cx"> if (!unlinkedExecutable)
</span><span class="cx"> return nullptr;
</span><del>- return unlinkedExecutable->link(exec.vm(), source);
</del><ins>+
+ return unlinkedExecutable->link(exec.vm(), source, overrideLineNo);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void ExecutableBase::dump(PrintStream& out) const
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeExecutableh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/Executable.h (182033 => 182034)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/Executable.h 2015-03-26 23:06:27 UTC (rev 182033)
+++ trunk/Source/JavaScriptCore/runtime/Executable.h 2015-03-26 23:12:39 UTC (rev 182034)
</span><span class="lines">@@ -358,6 +358,9 @@
</span><span class="cx"> intptr_t sourceID() const { return m_source.providerID(); }
</span><span class="cx"> const String& sourceURL() const { return m_source.provider()->url(); }
</span><span class="cx"> int lineNo() const { return m_firstLine; }
</span><ins>+ void setOverrideLineNo(int overrideLineNo) { m_overrideLineNo = overrideLineNo; }
+ bool hasOverrideLineNo() const { return m_overrideLineNo != -1; }
+ int overrideLineNo() const { return m_overrideLineNo; }
</ins><span class="cx"> int lastLine() const { return m_lastLine; }
</span><span class="cx"> unsigned startColumn() const { return m_startColumn; }
</span><span class="cx"> unsigned endColumn() const { return m_endColumn; }
</span><span class="lines">@@ -429,6 +432,7 @@
</span><span class="cx"> bool m_hasCapturedVariables;
</span><span class="cx"> bool m_neverInline;
</span><span class="cx"> bool m_didTryToEnterInLoop;
</span><ins>+ int m_overrideLineNo;
</ins><span class="cx"> int m_firstLine;
</span><span class="cx"> int m_lastLine;
</span><span class="cx"> unsigned m_startColumn;
</span><span class="lines">@@ -549,7 +553,9 @@
</span><span class="cx"> executable->finishCreation(vm);
</span><span class="cx"> return executable;
</span><span class="cx"> }
</span><del>- static FunctionExecutable* fromGlobalCode(const Identifier& name, ExecState&, const SourceCode&, JSObject*& exception);
</del><ins>+ static FunctionExecutable* fromGlobalCode(
+ const Identifier& name, ExecState&, const SourceCode&,
+ JSObject*& exception, int overrideLineNo);
</ins><span class="cx">
</span><span class="cx"> static void destroy(JSCell*);
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeFunctionConstructorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/FunctionConstructor.cpp (182033 => 182034)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/FunctionConstructor.cpp 2015-03-26 23:06:27 UTC (rev 182033)
+++ trunk/Source/JavaScriptCore/runtime/FunctionConstructor.cpp 2015-03-26 23:12:39 UTC (rev 182034)
</span><span class="lines">@@ -86,7 +86,10 @@
</span><span class="cx"> return constructFunctionSkippingEvalEnabledCheck(exec, globalObject, args, functionName, sourceURL, position);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-JSObject* constructFunctionSkippingEvalEnabledCheck(ExecState* exec, JSGlobalObject* globalObject, const ArgList& args, const Identifier& functionName, const String& sourceURL, const TextPosition& position)
</del><ins>+JSObject* constructFunctionSkippingEvalEnabledCheck(
+ ExecState* exec, JSGlobalObject* globalObject, const ArgList& args,
+ const Identifier& functionName, const String& sourceURL,
+ const TextPosition& position, int overrideLineNo)
</ins><span class="cx"> {
</span><span class="cx"> // How we stringify functions is sometimes important for web compatibility.
</span><span class="cx"> // See https://bugs.webkit.org/show_bug.cgi?id=24350.
</span><span class="lines">@@ -113,7 +116,7 @@
</span><span class="cx">
</span><span class="cx"> SourceCode source = makeSource(program, sourceURL, position);
</span><span class="cx"> JSObject* exception = nullptr;
</span><del>- FunctionExecutable* function = FunctionExecutable::fromGlobalCode(functionName, *exec, source, exception);
</del><ins>+ FunctionExecutable* function = FunctionExecutable::fromGlobalCode(functionName, *exec, source, exception, overrideLineNo);
</ins><span class="cx"> if (!function) {
</span><span class="cx"> ASSERT(exception);
</span><span class="cx"> return exec->vm().throwException(exec, exception);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeFunctionConstructorh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/FunctionConstructor.h (182033 => 182034)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/FunctionConstructor.h 2015-03-26 23:06:27 UTC (rev 182033)
+++ trunk/Source/JavaScriptCore/runtime/FunctionConstructor.h 2015-03-26 23:12:39 UTC (rev 182034)
</span><span class="lines">@@ -59,7 +59,9 @@
</span><span class="cx"> JSObject* constructFunction(ExecState*, JSGlobalObject*, const ArgList&, const Identifier& functionName, const String& sourceURL, const WTF::TextPosition&);
</span><span class="cx"> JSObject* constructFunction(ExecState*, JSGlobalObject*, const ArgList&);
</span><span class="cx">
</span><del>-JS_EXPORT_PRIVATE JSObject* constructFunctionSkippingEvalEnabledCheck(ExecState*, JSGlobalObject*, const ArgList&, const Identifier&, const String&, const WTF::TextPosition&);
</del><ins>+JS_EXPORT_PRIVATE JSObject* constructFunctionSkippingEvalEnabledCheck(
+ ExecState*, JSGlobalObject*, const ArgList&, const Identifier&,
+ const String&, const WTF::TextPosition&, int overrideLineNo = -1);
</ins><span class="cx">
</span><span class="cx"> } // namespace JSC
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (182033 => 182034)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog 2015-03-26 23:06:27 UTC (rev 182033)
+++ trunk/Source/WebCore/ChangeLog 2015-03-26 23:12:39 UTC (rev 182034)
</span><span class="lines">@@ -1,3 +1,19 @@
</span><ins>+2015-03-26 Geoffrey Garen <ggaren@apple.com>
+
+ Assertion firing in JavaScriptCore/parser/parser.h for statesman.com site
+ https://bugs.webkit.org/show_bug.cgi?id=142974
+
+ Reviewed by Joseph Pecoraro.
+
+ * bindings/js/JSLazyEventListener.cpp:
+ (WebCore::JSLazyEventListener::initializeJSFunction): Use the new override
+ line number API to guarantee that errors will map to the .html file locations
+ that we like.
+
+ * bindings/js/ScriptController.cpp:
+ (WebCore::ScriptController::eventHandlerPosition): Added a FIXME to cover
+ some cases where our line and column numbers are still nonsense.
+
</ins><span class="cx"> 2015-03-26 Beth Dakin <bdakin@apple.com>
</span><span class="cx">
</span><span class="cx"> Relevant repainted objects callback is inaccurate and inconsistent for PDF
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsJSLazyEventListenercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/JSLazyEventListener.cpp (182033 => 182034)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/JSLazyEventListener.cpp 2015-03-26 23:06:27 UTC (rev 182033)
+++ trunk/Source/WebCore/bindings/js/JSLazyEventListener.cpp 2015-03-26 23:12:39 UTC (rev 182034)
</span><span class="lines">@@ -24,6 +24,7 @@
</span><span class="cx"> #include "Frame.h"
</span><span class="cx"> #include "JSNode.h"
</span><span class="cx"> #include "ScriptController.h"
</span><ins>+#include <runtime/Executable.h>
</ins><span class="cx"> #include <runtime/FunctionConstructor.h>
</span><span class="cx"> #include <runtime/IdentifierInlines.h>
</span><span class="cx"> #include <wtf/NeverDestroyed.h>
</span><span class="lines">@@ -103,15 +104,13 @@
</span><span class="cx"> args.append(jsNontrivialString(exec, m_eventParameterName));
</span><span class="cx"> args.append(jsStringWithCache(exec, m_code));
</span><span class="cx">
</span><del>- // Move our text position backward one line. Creating an anonymous function
- // will add a line for a function declaration, but we want our line number
- // to match up with where the attribute was declared.
- TextPosition position(
- OrdinalNumber::fromOneBasedInt(
- m_position.m_line.oneBasedInt() - 1), m_position.m_column);
</del><ins>+ // We want all errors to refer back to the line on which our attribute was
+ // declared, regardless of any newlines in our JavaScript source text.
+ int overrideLineNo = m_position.m_line.oneBasedInt();
+
</ins><span class="cx"> JSObject* jsFunction = constructFunctionSkippingEvalEnabledCheck(
</span><span class="cx"> exec, exec->lexicalGlobalObject(), args, Identifier(exec, m_functionName),
</span><del>- m_sourceURL, position);
</del><ins>+ m_sourceURL, m_position, overrideLineNo);
</ins><span class="cx">
</span><span class="cx"> if (exec->hadException()) {
</span><span class="cx"> reportCurrentException(exec);
</span><span class="lines">@@ -120,6 +119,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> JSFunction* listenerAsFunction = jsCast<JSFunction*>(jsFunction);
</span><ins>+
</ins><span class="cx"> if (m_originalNode) {
</span><span class="cx"> if (!wrapper()) {
</span><span class="cx"> // Ensure that 'node' has a JavaScript wrapper to mark the event listener we're creating.
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsScriptControllercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/ScriptController.cpp (182033 => 182034)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/ScriptController.cpp 2015-03-26 23:06:27 UTC (rev 182033)
+++ trunk/Source/WebCore/bindings/js/ScriptController.cpp 2015-03-26 23:12:39 UTC (rev 182034)
</span><span class="lines">@@ -274,6 +274,11 @@
</span><span class="cx">
</span><span class="cx"> TextPosition ScriptController::eventHandlerPosition() const
</span><span class="cx"> {
</span><ins>+ // FIXME: If we are not currently parsing, we should use our current location
+ // in JavaScript, to cover cases like "element.setAttribute('click', ...)".
+
+ // FIXME: This location maps to the end of the HTML tag, and not to the
+ // exact column number belonging to the event handler attribute.
</ins><span class="cx"> ScriptableDocumentParser* parser = m_frame.document()->scriptableDocumentParser();
</span><span class="cx"> if (parser)
</span><span class="cx"> return parser->textPosition();
</span></span></pre>
</div>
</div>
</body>
</html>