diff options
| author | Erik Verbruggen <erik.verbruggen@qt.io> | 2019-02-06 10:32:31 +0100 |
|---|---|---|
| committer | Simon Hausmann <simon.hausmann@qt.io> | 2019-07-17 10:47:44 +0000 |
| commit | f3b1568d05d6c31137aae186d2928fef0faba9b1 (patch) | |
| tree | 8cb99d0e792b5d2378be51a68151e9bb62527d94 | |
| parent | 8f28229cec8ce8f52cefe760b86f3410786c201a (diff) | |
V4: Add label for loop in spread in ArrayPattern
This patch also rotates the loop back so that the condition is at the
top of the loop. It's a cherry-picked from commit
0282b89ec672e25a465a8e51bc74c7fd58a624b1.
Without explicitly setting the label, we get a default constructed
Label from labelForOffset in PlatformAssemblerCommon::link, which leads
to a jump into nirvana.
This issue arises only with backward jumps, as we fill in the
information for forward jump targets once we actually encounter the
target.
Fixes: QTBUG-77047
Change-Id: Id928831f90eace494adb1eb1190f674a6f033b20
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
| -rw-r--r-- | src/qml/compiler/qv4codegen.cpp | 3 | ||||
| -rw-r--r-- | tests/auto/qml/qjsengine/tst_qjsengine.cpp | 15 |
2 files changed, 17 insertions, 1 deletions
diff --git a/src/qml/compiler/qv4codegen.cpp b/src/qml/compiler/qv4codegen.cpp index 61e37ffd25..5acc64bd81 100644 --- a/src/qml/compiler/qv4codegen.cpp +++ b/src/qml/compiler/qv4codegen.cpp @@ -1191,12 +1191,13 @@ bool Codegen::visit(ArrayPattern *ast) ControlFlowLoop flow(this, &end, &in, cleanup); in.link(); + bytecodeGenerator->addLoopStart(in); iterator.loadInAccumulator(); Instruction::IteratorNext next; next.value = lhsValue.stackSlot(); next.done = iteratorDone.stackSlot(); bytecodeGenerator->addInstruction(next); - bytecodeGenerator->addTracingJumpInstruction(Instruction::JumpTrue()).link(end); + bytecodeGenerator->addJumpInstruction(Instruction::JumpTrue()).link(end); lhsValue.loadInAccumulator(); pushAccumulator(); diff --git a/tests/auto/qml/qjsengine/tst_qjsengine.cpp b/tests/auto/qml/qjsengine/tst_qjsengine.cpp index aeb29d3cd9..cd7796827d 100644 --- a/tests/auto/qml/qjsengine/tst_qjsengine.cpp +++ b/tests/auto/qml/qjsengine/tst_qjsengine.cpp @@ -239,6 +239,8 @@ private slots: void aggressiveGc(); void noAccumulatorInTemplateLiteral(); + void triggerBackwardJumpWithDestructuring(); + public: Q_INVOKABLE QJSValue throwingCppMethod1(); Q_INVOKABLE void throwingCppMethod2(); @@ -4691,6 +4693,19 @@ void tst_QJSEngine::noAccumulatorInTemplateLiteral() qputenv("QV4_MM_AGGRESSIVE_GC", origAggressiveGc); } +void tst_QJSEngine::triggerBackwardJumpWithDestructuring() +{ + QJSEngine engine; + auto value = engine.evaluate( + "function makeArray(n) { return [...Array(n).keys()]; }\n" + "for (let i=0;i<100;++i) {\n" + " let arr = makeArray(20)\n" + " arr.sort( (a, b) => b - a )\n" + "}" + ); + QVERIFY(!value.isError()); +} + QTEST_MAIN(tst_QJSEngine) #include "tst_qjsengine.moc" |