Ignore:
Timestamp:
Dec 11, 2014, 8:41:33 AM (11 years ago)
Author:
[email protected]
Message:

REGRESSION: Use of undefined CallFrame::ScopeChain value
https://bugs.webkit.org/show_bug.cgi?id=139533

Reviewed by Mark Lam.

Removed CallFrame::scope() and CallFrame::setScope() and eliminated or changed
all usages of these funcitons. In some cases the scope is passed in or determined
another way. In some cases the scope is used to calculate other values. Lastly
were places where these functions where used that are no longer needed. For
example when making a call, the caller's ScopeChain was copied to the callee's
ScopeChain. This change no longer uses the ScopeChain call frame header slot.
That slot will be removed in a future patch.

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callOperation):

  • jit/JIT.h:
  • jit/JITInlines.h:

(JSC::JIT::callOperation):

  • runtime/JSLexicalEnvironment.h:

(JSC::JSLexicalEnvironment::create):
(JSC::JSLexicalEnvironment::JSLexicalEnvironment):

  • jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_create_lexical_environment):

  • jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_create_lexical_environment):

  • jit/JITOperations.cpp:
  • jit/JITOperations.h:
  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):
(JSC::LLInt::handleHostCall):
(JSC::LLInt::setUpCall):
(JSC::LLInt::llint_throw_stack_overflow_error):
Pass the current scope value to the helper operationCreateActivation() and
the call to JSLexicalEnvironment::create() instead of using the stack frame
scope chain value.

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):
CreateActivation now has a second child, the scope.

  • interpreter/CallFrame.h:

(JSC::ExecState::init): Deleted. This is dead code.
(JSC::ExecState::scope): Deleted.
(JSC::ExecState::setScope): Deleted.

  • interpreter/Interpreter.cpp:

(JSC::Interpreter::dumpRegisters): Changed so we didn't access the scope
chain slot.

(JSC::Interpreter::execute):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
Changed process to find JSScope values on the stack or by some other means.

  • runtime/JSWithScope.h:

(JSC::JSWithScope::JSWithScope): Deleted.
Eliminated unused constructor.

  • runtime/StrictEvalActivation.cpp:

(JSC::StrictEvalActivation::StrictEvalActivation):

  • runtime/StrictEvalActivation.h:

(JSC::StrictEvalActivation::create):
Changed to pass in the current scope.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/jit/JITOperations.cpp

    r177083 r177146  
    609609EncodedJSValue JIT_OPERATION operationCallEval(ExecState* exec, ExecState* execCallee)
    610610{
    611     ASSERT(exec->codeBlock()->codeType() != FunctionCode
     611
     612    ASSERT_UNUSED(exec, exec->codeBlock()->codeType() != FunctionCode
    612613        || !exec->codeBlock()->needsActivation()
    613614        || exec->hasActivation());
    614615
    615     execCallee->setScope(exec->scope());
    616616    execCallee->setCodeBlock(0);
    617617
     
    632632    VM* vm = &exec->vm();
    633633
    634     execCallee->setScope(exec->scope());
    635634    execCallee->setCodeBlock(0);
    636635
     
    693692    JSFunction* callee = jsCast<JSFunction*>(calleeAsFunctionCell);
    694693    JSScope* scope = callee->scopeUnchecked();
    695     execCallee->setScope(scope);
    696694    ExecutableBase* executable = callee->executable();
    697695
     
    703701        FunctionExecutable* functionExecutable = static_cast<FunctionExecutable*>(executable);
    704702        JSObject* error = functionExecutable->prepareForExecution(execCallee, callee, &scope, kind);
    705         execCallee->setScope(scope);
    706703        if (error) {
    707704            throwStackOverflowError(exec);
     
    758755    JSFunction* function = jsCast<JSFunction*>(calleeAsFunctionCell);
    759756    JSScope* scope = function->scopeUnchecked();
    760     execCallee->setScope(scope);
    761757    ExecutableBase* executable = function->executable();
    762758    if (UNLIKELY(!executable->hasJITCodeFor(kind))) {
    763759        FunctionExecutable* functionExecutable = static_cast<FunctionExecutable*>(executable);
    764760        JSObject* error = functionExecutable->prepareForExecution(execCallee, function, &scope, kind);
    765         execCallee->setScope(scope);
    766761        if (error) {
    767762            exec->vm().throwException(exec, error);
     
    14021397}
    14031398
    1404 JSCell* JIT_OPERATION operationCreateActivation(ExecState* exec, int32_t offset)
    1405 {
    1406     VM& vm = exec->vm();
    1407     NativeCallFrameTracer tracer(&vm, exec);
    1408     JSLexicalEnvironment* lexicalEnvironment = JSLexicalEnvironment::create(vm, exec, exec->registers() + offset, exec->codeBlock());
    1409     exec->setScope(lexicalEnvironment);
     1399JSCell* JIT_OPERATION operationCreateActivation(ExecState* exec, JSScope* currentScope, int32_t offset)
     1400{
     1401    VM& vm = exec->vm();
     1402    NativeCallFrameTracer tracer(&vm, exec);
     1403    JSLexicalEnvironment* lexicalEnvironment = JSLexicalEnvironment::create(vm, exec, exec->registers() + offset, currentScope, exec->codeBlock());
    14101404    return lexicalEnvironment;
    14111405}
Note: See TracChangeset for help on using the changeset viewer.