Changeset 149404 in webkit for trunk/Source/JavaScriptCore/interpreter/CallFrame.cpp

Timestamp:

Apr 30, 2013, 3:15:47 PM (12 years ago)

Author:

[email protected]

Message:

JSC Stack walking logic craches in the face of inlined functions triggering VM re-entry
​https://bugs.webkit.org/show_bug.cgi?id=115449

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Rename callframeishost to something that makes sense, and fix
getCallerInfo to correctly handle inline functions calling into
the VM.

• bytecode/CodeBlock.cpp:

(JSC::CodeBlock::codeOriginForReturn):

Make this more robust in the face of incorrect stack walking

• interpreter/CallFrame.cpp:

(JSC::CallFrame::trueCallerFrame):

Everyone has to perform a codeblock() check before calling this
so we might as well just do it here.

• interpreter/Interpreter.cpp:

(JSC::getCallerInfo):

LayoutTests:

Add tests

• fast/js/script-tests/stack-trace.js:

(dfgTest):
(inlineableThrow):
(dfgThing.get willThrow):
(dfgThing.get willThrowEventually):
(dfgThing.willThrowFunc):
(dfgThing.willThrowEventuallyFunc):
(dfg1):
(dfg2):
(dfg3):
(dfg4):
(dfg5):
(dfg6):
(dfg7):
(dfg8):
(dfg9):
(dfga):
(dfgb):
(dfgc):

• fast/js/stack-trace-expected.txt:

File:

• trunk/Source/JavaScriptCore/interpreter/CallFrame.cpp (modified) (1 diff)

trunk/Source/JavaScriptCore/interpreter/CallFrame.cpp

@@ -173 +173 @@
 CallFrame* CallFrame::trueCallerFrame()
 {
+    if (!codeBlock())
+        return callerFrame()->removeHostCallFrameFlag();
+
     // this -> The callee; this is either an inlined callee in which case it already has
     //    a pointer to the true caller. Otherwise it contains current PC in the machine