Ignore:
Timestamp:
Aug 29, 2013, 10:03:32 AM (12 years ago)
Author:
[email protected]
Message:

Source/JavaScriptCore: VM::throwException() crashes reproducibly in testapi with !ENABLE(JIT)
https://bugs.webkit.org/show_bug.cgi?id=120472

Patch by Chris Curtis <[email protected]> on 2013-08-29
Reviewed by Filip Pizlo.

With the JIT disabled, interpreterThrowInCaller was attempting to throw an error,
but the topCallFrame was not set yet. By passing the error object into interpreterThrowInCaller
throwException can be called when topCallFrame is set.

  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

  • runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

  • runtime/CommonSlowPathsExceptions.cpp:

(JSC::CommonSlowPaths::interpreterThrowInCaller):

  • runtime/CommonSlowPathsExceptions.h:

Renamed genericThrow -> genericUnwind, because this function no longer has the ability
to throw errors. It unwinds the stack in order to report them.

  • dfg/DFGOperations.cpp:
  • jit/JITExceptions.cpp:

(JSC::genericUnwind):
(JSC::jitThrowNew):
(JSC::jitThrow):

  • jit/JITExceptions.h:
  • llint/LLIntExceptions.cpp:

(JSC::LLInt::doThrow):

LayoutTests: VM::throwException() crashes reproducibly in testapi with !ENABLE(JIT)
https://bugs.webkit.org/show_bug.cgi?id=120472

Patch by Chris Curtis <[email protected]> on 2013-08-29
Reviewed by Filip Pizlo.
An error that was not being reported before is now caught and being reported.

  • media/track/track-cue-rendering-on-resize-expected.txt:
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp

    r154814 r154817  
    19001900   
    19011901    unsigned vPCIndex = exec->codeBlock()->bytecodeOffsetForCallAtIndex(callIndex);
    1902     ExceptionHandler handler = genericThrow(vm, exec, exceptionValue, vPCIndex);
     1902    ExceptionHandler handler = genericUnwind(vm, exec, exceptionValue, vPCIndex);
    19031903    ASSERT(handler.catchRoutine);
    19041904    return dfgHandlerEncoded(handler.callFrame, handler.catchRoutine);
     
    19171917        codeOrigin = codeOrigin.inlineCallFrame->caller;
    19181918   
    1919     ExceptionHandler handler = genericThrow(vm, exec, exceptionValue, codeOrigin.bytecodeIndex);
     1919    ExceptionHandler handler = genericUnwind(vm, exec, exceptionValue, codeOrigin.bytecodeIndex);
    19201920    ASSERT(handler.catchRoutine);
    19211921    return dfgHandlerEncoded(handler.callFrame, handler.catchRoutine);
Note: See TracChangeset for help on using the changeset viewer.