From f3b1568d05d6c31137aae186d2928fef0faba9b1 Mon Sep 17 00:00:00 2001 From: Erik Verbruggen Date: Wed, 6 Feb 2019 10:32:31 +0100 Subject: V4: Add label for loop in spread in ArrayPattern This patch also rotates the loop back so that the condition is at the top of the loop. It's a cherry-picked from commit 0282b89ec672e25a465a8e51bc74c7fd58a624b1. Without explicitly setting the label, we get a default constructed Label from labelForOffset in PlatformAssemblerCommon::link, which leads to a jump into nirvana. This issue arises only with backward jumps, as we fill in the information for forward jump targets once we actually encounter the target. Fixes: QTBUG-77047 Change-Id: Id928831f90eace494adb1eb1190f674a6f033b20 Reviewed-by: Simon Hausmann --- tests/auto/qml/qjsengine/tst_qjsengine.cpp | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'tests/auto/qml/qjsengine') diff --git a/tests/auto/qml/qjsengine/tst_qjsengine.cpp b/tests/auto/qml/qjsengine/tst_qjsengine.cpp index aeb29d3cd9..cd7796827d 100644 --- a/tests/auto/qml/qjsengine/tst_qjsengine.cpp +++ b/tests/auto/qml/qjsengine/tst_qjsengine.cpp @@ -239,6 +239,8 @@ private slots: void aggressiveGc(); void noAccumulatorInTemplateLiteral(); + void triggerBackwardJumpWithDestructuring(); + public: Q_INVOKABLE QJSValue throwingCppMethod1(); Q_INVOKABLE void throwingCppMethod2(); @@ -4691,6 +4693,19 @@ void tst_QJSEngine::noAccumulatorInTemplateLiteral() qputenv("QV4_MM_AGGRESSIVE_GC", origAggressiveGc); } +void tst_QJSEngine::triggerBackwardJumpWithDestructuring() +{ + QJSEngine engine; + auto value = engine.evaluate( + "function makeArray(n) { return [...Array(n).keys()]; }\n" + "for (let i=0;i<100;++i) {\n" + " let arr = makeArray(20)\n" + " arr.sort( (a, b) => b - a )\n" + "}" + ); + QVERIFY(!value.isError()); +} + QTEST_MAIN(tst_QJSEngine) #include "tst_qjsengine.moc" -- cgit v1.2.3