Ignore:
Timestamp:
Sep 10, 2017, 11:23:39 PM (8 years ago)
Author:
[email protected]
Message:

Fix all ExceptionScope verification failures in JavaScriptCore.
https://bugs.webkit.org/show_bug.cgi?id=176662
<rdar://problem/34352085>

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

  1. Introduced EXCEPTION_ASSERT macros so that we can enable exception scope verification for release builds too (though this requires manually setting ENABLE_EXCEPTION_SCOPE_VERIFICATION to 1 in Platform.h).

This is useful because it allows us to run the tests more quickly to check
if any regressions have occurred. Debug builds run so much slower and not
good for a quick turn around. Debug builds are necessary though to get
trace information without inlining by the C++ compiler. This is necessary to
diagnose where the missing exception check is.

  1. Repurposed the JSC_dumpSimulatedThrows=true options to capture and dump the last simulated throw when an exception scope verification fails.

Previously, this option dumps the stack trace on all simulated throws. That
turned out to not be very useful, and slows down the debugging process.
Instead, the new implementation captures the stack trace and only dumps it
if we have a verification failure.

  1. Fixed missing exception checks and book-keeping needed to allow the JSC tests to pass with JSC_validateExceptionChecks=true.
  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::finishCreation):

  • dfg/DFGOSRExit.cpp:

(JSC::DFG::OSRExit::executeOSRExit):

  • dfg/DFGOperations.cpp:
  • interpreter/Interpreter.cpp:

(JSC::eval):
(JSC::loadVarargs):
(JSC::Interpreter::unwind):
(JSC::Interpreter::executeProgram):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
(JSC::Interpreter::prepareForRepeatCall):
(JSC::Interpreter::execute):
(JSC::Interpreter::executeModuleProgram):

  • jit/JITOperations.cpp:

(JSC::getByVal):

  • jsc.cpp:

(WTF::CustomGetter::customGetterAcessor):
(GlobalObject::moduleLoaderImportModule):
(GlobalObject::moduleLoaderResolve):

  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::getByVal):
(JSC::LLInt::setUpCall):

  • parser/Parser.h:

(JSC::Parser::popScopeInternal):

  • runtime/AbstractModuleRecord.cpp:

(JSC::AbstractModuleRecord::hostResolveImportedModule):
(JSC::AbstractModuleRecord::resolveImport):
(JSC::AbstractModuleRecord::resolveExportImpl):
(JSC::getExportedNames):
(JSC::AbstractModuleRecord::getModuleNamespace):

  • runtime/ArrayPrototype.cpp:

(JSC::getProperty):
(JSC::unshift):
(JSC::arrayProtoFuncToString):
(JSC::arrayProtoFuncToLocaleString):
(JSC::arrayProtoFuncJoin):
(JSC::arrayProtoFuncPop):
(JSC::arrayProtoFuncPush):
(JSC::arrayProtoFuncReverse):
(JSC::arrayProtoFuncShift):
(JSC::arrayProtoFuncSlice):
(JSC::arrayProtoFuncSplice):
(JSC::arrayProtoFuncUnShift):
(JSC::arrayProtoFuncIndexOf):
(JSC::arrayProtoFuncLastIndexOf):
(JSC::concatAppendOne):
(JSC::arrayProtoPrivateFuncConcatMemcpy):
(JSC::arrayProtoPrivateFuncAppendMemcpy):

  • runtime/CatchScope.h:
  • runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

  • runtime/DatePrototype.cpp:

(JSC::dateProtoFuncSetTime):
(JSC::setNewValueFromTimeArgs):

  • runtime/DirectArguments.h:

(JSC::DirectArguments::length const):

  • runtime/ErrorPrototype.cpp:

(JSC::errorProtoFuncToString):

  • runtime/ExceptionFuzz.cpp:

(JSC::doExceptionFuzzing):

  • runtime/ExceptionScope.h:

(JSC::ExceptionScope::needExceptionCheck):
(JSC::ExceptionScope::assertNoException):

  • runtime/GenericArgumentsInlines.h:

(JSC::GenericArguments<Type>::defineOwnProperty):

  • runtime/HashMapImpl.h:

(JSC::HashMapImpl::rehash):

  • runtime/IntlDateTimeFormat.cpp:

(JSC::IntlDateTimeFormat::formatToParts):

  • runtime/JSArray.cpp:

(JSC::JSArray::defineOwnProperty):
(JSC::JSArray::put):

  • runtime/JSCJSValue.cpp:

(JSC::JSValue::putToPrimitive):
(JSC::JSValue::putToPrimitiveByIndex):

  • runtime/JSCJSValueInlines.h:

(JSC::JSValue::toIndex const):
(JSC::JSValue::get const):
(JSC::JSValue::getPropertySlot const):
(JSC::JSValue::equalSlowCaseInline):

  • runtime/JSGenericTypedArrayViewConstructorInlines.h:

(JSC::constructGenericTypedArrayViewFromIterator):
(JSC::constructGenericTypedArrayViewWithArguments):

  • runtime/JSGenericTypedArrayViewInlines.h:

(JSC::JSGenericTypedArrayView<Adaptor>::set):

  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::put):

  • runtime/JSGlobalObjectFunctions.cpp:

(JSC::decode):
(JSC::globalFuncEval):
(JSC::globalFuncProtoGetter):
(JSC::globalFuncProtoSetter):
(JSC::globalFuncImportModule):

  • runtime/JSInternalPromise.cpp:

(JSC::JSInternalPromise::then):

  • runtime/JSInternalPromiseDeferred.cpp:

(JSC::JSInternalPromiseDeferred::create):

  • runtime/JSJob.cpp:

(JSC::JSJobMicrotask::run):

  • runtime/JSModuleEnvironment.cpp:

(JSC::JSModuleEnvironment::getOwnPropertySlot):
(JSC::JSModuleEnvironment::put):
(JSC::JSModuleEnvironment::deleteProperty):

  • runtime/JSModuleLoader.cpp:

(JSC::JSModuleLoader::provide):
(JSC::JSModuleLoader::loadAndEvaluateModule):
(JSC::JSModuleLoader::loadModule):
(JSC::JSModuleLoader::linkAndEvaluateModule):
(JSC::JSModuleLoader::requestImportModule):

  • runtime/JSModuleRecord.cpp:

(JSC::JSModuleRecord::link):
(JSC::JSModuleRecord::instantiateDeclarations):

  • runtime/JSONObject.cpp:

(JSC::Stringifier::stringify):
(JSC::Stringifier::toJSON):
(JSC::JSONProtoFuncParse):

  • runtime/JSObject.cpp:

(JSC::JSObject::calculatedClassName):
(JSC::ordinarySetSlow):
(JSC::JSObject::putInlineSlow):
(JSC::JSObject::ordinaryToPrimitive const):
(JSC::JSObject::toPrimitive const):
(JSC::JSObject::hasInstance):
(JSC::JSObject::getPropertyNames):
(JSC::JSObject::toNumber const):
(JSC::JSObject::defineOwnIndexedProperty):
(JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
(JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage):
(JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
(JSC::validateAndApplyPropertyDescriptor):
(JSC::JSObject::defineOwnNonIndexProperty):
(JSC::JSObject::getGenericPropertyNames):

  • runtime/JSObject.h:

(JSC::JSObject::get const):

  • runtime/JSObjectInlines.h:

(JSC::JSObject::getPropertySlot const):
(JSC::JSObject::getPropertySlot):
(JSC::JSObject::getNonIndexPropertySlot):
(JSC::JSObject::putInlineForJSObject):

  • runtime/JSPromiseConstructor.cpp:

(JSC::constructPromise):

  • runtime/JSPromiseDeferred.cpp:

(JSC::JSPromiseDeferred::create):

  • runtime/JSScope.cpp:

(JSC::abstractAccess):
(JSC::JSScope::resolve):
(JSC::JSScope::resolveScopeForHoistingFuncDeclInEval):
(JSC::JSScope::abstractResolve):

  • runtime/LiteralParser.cpp:

(JSC::LiteralParser<CharType>::tryJSONPParse):
(JSC::LiteralParser<CharType>::parse):

  • runtime/Lookup.h:

(JSC::putEntry):

  • runtime/MapConstructor.cpp:

(JSC::constructMap):

  • runtime/NumberPrototype.cpp:

(JSC::numberProtoFuncToString):

  • runtime/ObjectConstructor.cpp:

(JSC::objectConstructorSetPrototypeOf):
(JSC::objectConstructorGetOwnPropertyDescriptor):
(JSC::objectConstructorGetOwnPropertyDescriptors):
(JSC::objectConstructorAssign):
(JSC::objectConstructorValues):
(JSC::toPropertyDescriptor):
(JSC::objectConstructorDefineProperty):
(JSC::defineProperties):
(JSC::objectConstructorDefineProperties):
(JSC::ownPropertyKeys):

  • runtime/ObjectPrototype.cpp:

(JSC::objectProtoFuncHasOwnProperty):
(JSC::objectProtoFuncIsPrototypeOf):
(JSC::objectProtoFuncLookupGetter):
(JSC::objectProtoFuncLookupSetter):
(JSC::objectProtoFuncToLocaleString):
(JSC::objectProtoFuncToString):

  • runtime/Options.h:
  • runtime/ParseInt.h:

(JSC::toStringView):

  • runtime/ProxyObject.cpp:

(JSC::performProxyGet):
(JSC::ProxyObject::performPut):

  • runtime/ReflectObject.cpp:

(JSC::reflectObjectDefineProperty):

  • runtime/RegExpConstructor.cpp:

(JSC::toFlags):
(JSC::regExpCreate):
(JSC::constructRegExp):

  • runtime/RegExpObject.cpp:

(JSC::collectMatches):

  • runtime/RegExpObjectInlines.h:

(JSC::RegExpObject::execInline):
(JSC::RegExpObject::matchInline):

  • runtime/RegExpPrototype.cpp:

(JSC::regExpProtoFuncTestFast):
(JSC::regExpProtoFuncExec):
(JSC::regExpProtoFuncMatchFast):
(JSC::regExpProtoFuncToString):
(JSC::regExpProtoFuncSplitFast):

  • runtime/ScriptExecutable.cpp:

(JSC::ScriptExecutable::newCodeBlockFor):
(JSC::ScriptExecutable::prepareForExecutionImpl):

  • runtime/SetConstructor.cpp:

(JSC::constructSet):

  • runtime/ThrowScope.cpp:

(JSC::ThrowScope::simulateThrow):

  • runtime/VM.cpp:

(JSC::VM::verifyExceptionCheckNeedIsSatisfied):

  • runtime/VM.h:
  • runtime/WeakMapPrototype.cpp:

(JSC::protoFuncWeakMapSet):

  • runtime/WeakSetPrototype.cpp:

(JSC::protoFuncWeakSetAdd):

  • wasm/js/WebAssemblyModuleConstructor.cpp:

(JSC::WebAssemblyModuleConstructor::createModule):

  • wasm/js/WebAssemblyModuleRecord.cpp:

(JSC::WebAssemblyModuleRecord::link):

  • wasm/js/WebAssemblyPrototype.cpp:

(JSC::reject):
(JSC::webAssemblyCompileFunc):
(JSC::resolve):
(JSC::webAssemblyInstantiateFunc):

Source/WebCore:

No new tests because this is covered by existing tests with the JSC_validateExceptionChecks=true enabled.

  • bindings/js/JSCustomElementInterface.cpp:

(WebCore::JSCustomElementInterface::tryToConstructCustomElement):

  • bindings/js/JSCustomElementRegistryCustom.cpp:

(WebCore::whenDefinedPromise):

  • bindings/js/JSDOMConvertRecord.h:
  • bindings/js/JSDOMMapLike.cpp:

(WebCore::createBackingMap):

  • bindings/js/JSDOMPromiseDeferred.cpp:

(WebCore::DeferredPromise::callFunction):
(WebCore::DeferredPromise::reject):

  • bindings/js/JSDOMPromiseDeferred.h:

(WebCore::callPromiseFunction):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp

    r221822 r221849  
    232232        builder.append(c);
    233233    }
     234    scope.release();
    234235    return builder.build(exec);
    235236}
     
    487488    RETURN_IF_EXCEPTION(scope, encodedJSValue());
    488489
     490    JSValue parsedObject;
    489491    if (s.is8Bit()) {
    490492        LiteralParser<LChar> preparser(exec, s.characters8(), s.length(), NonStrictJSON);
    491         if (JSValue parsedObject = preparser.tryLiteralParse())
    492             return JSValue::encode(parsedObject);
     493        parsedObject = preparser.tryLiteralParse();
    493494    } else {
    494495        LiteralParser<UChar> preparser(exec, s.characters16(), s.length(), NonStrictJSON);
    495         if (JSValue parsedObject = preparser.tryLiteralParse())
    496             return JSValue::encode(parsedObject);
    497     }
     496        parsedObject = preparser.tryLiteralParse();
     497    }
     498    RETURN_IF_EXCEPTION(scope, encodedJSValue());
     499    if (parsedObject)
     500        return JSValue::encode(parsedObject);
    498501
    499502    SourceOrigin sourceOrigin = exec->callerSourceOrigin();
    500503    JSGlobalObject* calleeGlobalObject = exec->jsCallee()->globalObject();
    501504    EvalExecutable* eval = IndirectEvalExecutable::create(exec, makeSource(s, sourceOrigin), false, DerivedContextType::None, false, EvalContextType::None);
     505    EXCEPTION_ASSERT(!!scope.exception() == !eval);
    502506    if (!eval)
    503         return JSValue::encode(jsUndefined());
    504 
     507        return encodedJSValue();
     508
     509    scope.release();
    505510    return JSValue::encode(vm.interpreter->execute(eval, exec, calleeGlobalObject->globalThis(), calleeGlobalObject->globalScope()));
    506511}
     
    707712    if (!thisObject) {
    708713        JSObject* prototype = exec->thisValue().synthesizePrototype(exec);
     714        EXCEPTION_ASSERT(!!scope.exception() == !prototype);
    709715        if (UNLIKELY(!prototype))
    710716            return JSValue::encode(JSValue());
     
    712718    }
    713719
     720    scope.release();
    714721    return JSValue::encode(thisObject->getPrototype(vm, exec));
    715722}
     
    736743        return JSValue::encode(jsUndefined());
    737744
     745    scope.release();
    738746    bool shouldThrowIfCantSet = true;
    739747    thisObject->setPrototype(vm, exec, value, shouldThrowIfCantSet);
     
    778786
    779787    auto* promise = JSPromiseDeferred::create(exec, globalObject);
    780     RETURN_IF_EXCEPTION(catchScope, { });
     788    CLEAR_AND_RETURN_IF_EXCEPTION(catchScope, encodedJSValue());
    781789
    782790    auto sourceOrigin = exec->callerSourceOrigin();
     
    786794        catchScope.clearException();
    787795        promise->reject(exec, exception->value());
     796        CLEAR_AND_RETURN_IF_EXCEPTION(catchScope, encodedJSValue());
    788797        return JSValue::encode(promise->promise());
    789798    }
     
    793802        catchScope.clearException();
    794803        promise->reject(exec, exception->value());
     804        CLEAR_AND_RETURN_IF_EXCEPTION(catchScope, encodedJSValue());
    795805        return JSValue::encode(promise->promise());
    796806    }
    797807    promise->resolve(exec, internalPromise);
     808    CLEAR_AND_RETURN_IF_EXCEPTION(catchScope, encodedJSValue());
    798809
    799810    return JSValue::encode(promise->promise());
Note: See TracChangeset for help on using the changeset viewer.