Context Navigation

← Previous Change
Next Change →

ProfilerCompilation.cpp

Timestamp:

Jun 7, 2016, 7:53:32 PM (9 years ago)

Author:

Message:

Need an exception check after constructEmptyArray().
https://bugs.webkit.org/show_bug.cgi?id=158411

Reviewed by Saam Barati.

Source/JavaScriptCore:

Added an exception check after each call to constructEmptyArray().

inspector/JSInjectedScriptHost.cpp:

(Inspector::JSInjectedScriptHost::getInternalProperties):
(Inspector::JSInjectedScriptHost::weakMapEntries):
(Inspector::JSInjectedScriptHost::weakSetEntries):
(Inspector::JSInjectedScriptHost::iteratorEntries):

interpreter/ShadowChicken.cpp:

(JSC::ShadowChicken::functionsOnStack):

profiler/ProfilerBytecodeSequence.cpp:

(JSC::Profiler::BytecodeSequence::addSequenceProperties):

profiler/ProfilerCompilation.cpp:

(JSC::Profiler::Compilation::toJS):

profiler/ProfilerDatabase.cpp:

(JSC::Profiler::Database::toJS):

profiler/ProfilerOSRExitSite.cpp:

(JSC::Profiler::OSRExitSite::toJS):

profiler/ProfilerOriginStack.cpp:

(JSC::Profiler::OriginStack::toJS):

runtime/ArrayPrototype.cpp:

(JSC::arrayProtoFuncConcat):
(JSC::arrayProtoFuncSlice):
(JSC::arrayProtoFuncSplice):

runtime/LiteralParser.cpp:

(JSC::LiteralParser<CharType>::parse):

runtime/ModuleLoaderObject.cpp:

(JSC::moduleLoaderObjectRequestedModules):

runtime/ObjectConstructor.cpp:

(JSC::ownPropertyKeys):

runtime/RegExpObject.cpp:

(JSC::collectMatches):

runtime/RegExpPrototype.cpp:

(JSC::regExpProtoFuncSplitFast):

runtime/StringPrototype.cpp:

(JSC::stringProtoFuncSplitFast):

runtime/TemplateRegistry.cpp:

(JSC::TemplateRegistry::getTemplateObject):

tests/stress/regress-158411.js: Added.

Source/WebCore:

A stress test for this was added in JavaScriptCore.

bindings/js/IDBBindingUtilities.cpp:

(WebCore::toJS):

bindings/js/JSCommandLineAPIHostCustom.cpp:

(WebCore::getJSListenerFunctions):

bindings/js/JSCryptoKeySerializationJWK.cpp:

(WebCore::buildJSONForRSAComponents):
(WebCore::addBoolToJSON):
(WebCore::addUsagesToJSON):
(WebCore::JSCryptoKeySerializationJWK::serialize):

bindings/js/JSDOMBinding.h:

(WebCore::toJS):

bindings/js/SerializedScriptValue.cpp:

(WebCore::CloneDeserializer::deserialize):

File:

: 1 edited

trunk/Source/JavaScriptCore/profiler/ProfilerCompilation.cpp (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/Source/JavaScriptCore/profiler/ProfilerCompilation.cpp

-              r200658
+              r201787
 JSValue Compilation::toJS(ExecState* exec) const
+{
+    VM& vm = exec->vm();
     JSObject* result = constructEmptyObject(exec);
+    result->putDirect(exec->vm(), exec->propertyNames().bytecodesID, jsNumber(m_bytecodes->id()));
+    result->putDirect(exec->vm(), exec->propertyNames().compilationKind, jsString(exec, String::fromUTF8(toCString(m_kind))));
+    if (UNLIKELY(vm.exception()))
+        return jsUndefined();
+    result->putDirect(vm, exec->propertyNames().bytecodesID, jsNumber(m_bytecodes->id()));
+    result->putDirect(vm, exec->propertyNames().compilationKind, jsString(exec, String::fromUTF8(toCString(m_kind))));
     JSArray* profiledBytecodes = constructEmptyArray(exec, 0);
+    if (UNLIKELY(vm.exception()))
+        return jsUndefined();
     for (unsigned i = 0; i < m_profiledBytecodes.size(); ++i)
         profiledBytecodes->putDirectIndex(exec, i, m_profiledBytecodes[i].toJS(exec));
     result->putDirect(exec->vm(), exec->propertyNames().profiledBytecodes, profiledBytecodes);
+    result->putDirect(vm, exec->propertyNames().profiledBytecodes, profiledBytecodes);
     JSArray* descriptions = constructEmptyArray(exec, 0);
+    if (UNLIKELY(vm.exception()))
+        return jsUndefined();
     for (unsigned i = 0; i < m_descriptions.size(); ++i)
         descriptions->putDirectIndex(exec, i, m_descriptions[i].toJS(exec));
     result->putDirect(exec->vm(), exec->propertyNames().descriptions, descriptions);
+    result->putDirect(vm, exec->propertyNames().descriptions, descriptions);
     JSArray* counters = constructEmptyArray(exec, 0);
+    if (UNLIKELY(vm.exception()))
+        return jsUndefined();
     for (auto it = m_counters.begin(), end = m_counters.end(); it != end; ++it) {
         JSObject* counterEntry = constructEmptyObject(exec);
         counterEntry->putDirect(exec->vm(), exec->propertyNames().origin, it->key.toJS(exec));
         counterEntry->putDirect(exec->vm(), exec->propertyNames().executionCount, jsNumber(it->value->count()));
+        counterEntry->putDirect(vm, exec->propertyNames().origin, it->key.toJS(exec));
+        counterEntry->putDirect(vm, exec->propertyNames().executionCount, jsNumber(it->value->count()));
         counters->push(exec, counterEntry);
+    }
     result->putDirect(exec->vm(), exec->propertyNames().counters, counters);
+    result->putDirect(vm, exec->propertyNames().counters, counters);
     JSArray* exitSites = constructEmptyArray(exec, 0);
+    if (UNLIKELY(vm.exception()))
+        return jsUndefined();
     for (unsigned i = 0; i < m_osrExitSites.size(); ++i)
         exitSites->putDirectIndex(exec, i, m_osrExitSites[i].toJS(exec));
     result->putDirect(exec->vm(), exec->propertyNames().osrExitSites, exitSites);
+    result->putDirect(vm, exec->propertyNames().osrExitSites, exitSites);
     JSArray* exits = constructEmptyArray(exec, 0);
+    if (UNLIKELY(vm.exception()))
+        return jsUndefined();
     for (unsigned i = 0; i < m_osrExits.size(); ++i)
         exits->putDirectIndex(exec, i, m_osrExits[i].toJS(exec));
     result->putDirect(exec->vm(), exec->propertyNames().osrExits, exits);
+    result->putDirect(vm, exec->propertyNames().osrExits, exits);
     result->putDirect(exec->vm(), exec->propertyNames().numInlinedGetByIds, jsNumber(m_numInlinedGetByIds));
     result->putDirect(exec->vm(), exec->propertyNames().numInlinedPutByIds, jsNumber(m_numInlinedPutByIds));
     result->putDirect(exec->vm(), exec->propertyNames().numInlinedCalls, jsNumber(m_numInlinedCalls));
     result->putDirect(exec->vm(), exec->propertyNames().jettisonReason, jsString(exec, String::fromUTF8(toCString(m_jettisonReason))));
+    result->putDirect(vm, exec->propertyNames().numInlinedGetByIds, jsNumber(m_numInlinedGetByIds));
+    result->putDirect(vm, exec->propertyNames().numInlinedPutByIds, jsNumber(m_numInlinedPutByIds));
+    result->putDirect(vm, exec->propertyNames().numInlinedCalls, jsNumber(m_numInlinedCalls));
+    result->putDirect(vm, exec->propertyNames().jettisonReason, jsString(exec, String::fromUTF8(toCString(m_jettisonReason))));
     if (!m_additionalJettisonReason.isNull())
         result->putDirect(exec->vm(), exec->propertyNames().additionalJettisonReason, jsString(exec, String::fromUTF8(m_additionalJettisonReason)));
+        result->putDirect(vm, exec->propertyNames().additionalJettisonReason, jsString(exec, String::fromUTF8(m_additionalJettisonReason)));
     result->putDirect(exec->vm(), exec->propertyNames().uid, m_uid.toJS(exec));
+    result->putDirect(vm, exec->propertyNames().uid, m_uid.toJS(exec));
     return result;

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 201787 in webkit for trunk/Source/JavaScriptCore/profiler/ProfilerCompilation.cpp

Legend:

trunk/Source/JavaScriptCore/profiler/ProfilerCompilation.cpp

Download in other formats: