Ignore:
Timestamp:
Oct 22, 2015, 9:12:42 AM (10 years ago)
Author:
[email protected]
Message:

REGRESSION(r191360): Repro Crash: com.apple.WebKit.WebContent at JavaScriptCore:JSC::ExecState::bytecodeOffset + 174
https://bugs.webkit.org/show_bug.cgi?id=150434

Reviewed by Mark Lam.

Source/JavaScriptCore:

Pass the current frame instead of the caller frame to operationVMHandleException when processing an
exception in one of the native thunks.

  • jit/JITExceptions.cpp:

(JSC::genericUnwind): Made debug printing of CodeBlock safe for call frames without one.

  • jit/JITOpcodes32_64.cpp:

(JSC::JIT::privateCompileCTINativeCall):

  • jit/ThunkGenerators.cpp:

(JSC::nativeForGenerator):

LayoutTests:

New regression test.

  • js/regress-150434-expected.txt: Added.
  • js/regress-150434.html: Added.
  • js/script-tests/regress-150434.js: Added.

(bar):
(foo):
(test):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/jit/JITExceptions.cpp

    r191191 r191455  
    4343{
    4444    if (Options::breakOnThrow()) {
    45         dataLog("In call frame ", RawPointer(callFrame), " for code block ", *callFrame->codeBlock(), "\n");
     45        CodeBlock* codeBlock = callFrame->codeBlock();
     46        if (codeBlock)
     47            dataLog("In call frame ", RawPointer(callFrame), " for code block ", *codeBlock, "\n");
     48        else
     49            dataLog("In call frame ", RawPointer(callFrame), " with null CodeBlock\n");
    4650        CRASH();
    4751    }
Note: See TracChangeset for help on using the changeset viewer.