Changeset 233377 in webkit for trunk/Source/JavaScriptCore/parser/SourceCode.h

Timestamp:

Jun 29, 2018, 4:40:25 PM (7 years ago)

Author:

[email protected]

Message:

We shouldn't recurse into the parser when gathering metadata about various function offsets
​https://bugs.webkit.org/show_bug.cgi?id=184074
<rdar://problem/37165897>

Reviewed by Mark Lam.

JSTests:

• microbenchmarks/try-get-by-id-basic.js:

(const.bench.f.const.fooPlusBar.createBuiltin):

• microbenchmarks/try-get-by-id-polymorphic.js:

(fooPlusBar.createBuiltin):

• stress/array-push-with-force-exit.js:
• stress/dont-crash-on-stack-overflow-when-parsing-builtin.js: Added.

(f):

• stress/dont-crash-on-stack-overflow-when-parsing-default-constructor.js: Added.

(foo):
(prototype.runNearStackLimit):

• stress/is-constructor.js:
• stress/tailCallForwardArguments.js:

(putFuncToPrivateName.createBuiltin):

Source/JavaScriptCore:

Prior to this patch, when we made a builtin, we had to make an UnlinkedFunctionExecutable
for that builtin. This required calling into the parser. However, the parser
may throw a stack overflow. We were not able to recover from that. The only
reason we called into the parser here is that we were gathering text offsets
and various metadata for things in the builtin function. This patch writes a
mini parser that figures this information out without calling into the full
parser. (I've also added a debug assert that verifies the mini parser stays in
sync with the full parser.) The result of this is that BuiltinExecutbles::createExecutable
always succeeds.

• builtins/AsyncFromSyncIteratorPrototype.js:

(globalPrivate.createAsyncFromSyncIterator):
(globalPrivate.AsyncFromSyncIteratorConstructor):

• builtins/BuiltinExecutables.cpp:

(JSC::BuiltinExecutables::createExecutable):

• builtins/GlobalOperations.js:

(globalPrivate.getter.overriddenName.string_appeared_here.speciesGetter):
(globalPrivate.speciesConstructor):
(globalPrivate.copyDataProperties):
(globalPrivate.copyDataPropertiesNoExclusions):

• builtins/PromiseOperations.js:

(globalPrivate.newHandledRejectedPromise):

• builtins/RegExpPrototype.js:

(globalPrivate.hasObservableSideEffectsForRegExpMatch):
(globalPrivate.hasObservableSideEffectsForRegExpSplit):

• builtins/StringPrototype.js:

(globalPrivate.hasObservableSideEffectsForStringReplace):
(globalPrivate.getDefaultCollator):

• parser/Nodes.cpp:

(JSC::FunctionMetadataNode::FunctionMetadataNode):
(JSC::FunctionMetadataNode::operator== const):
(JSC::FunctionMetadataNode::dump const):

• parser/Nodes.h:
• parser/Parser.h:

(JSC::parse):

• parser/ParserError.h:

(JSC::ParserError::type const):

• parser/ParserTokens.h:

(JSC::JSTextPosition::operator== const):
(JSC::JSTextPosition::operator!= const):

• parser/SourceCode.h:

(JSC::SourceCode::operator== const):
(JSC::SourceCode::operator!= const):
(JSC::SourceCode::subExpression const):
(JSC::SourceCode::subExpression): Deleted.

File:

• trunk/Source/JavaScriptCore/parser/SourceCode.h (modified) (2 diffs)

trunk/Source/JavaScriptCore/parser/SourceCode.h

@@ -80 +80 @@
         SourceProvider* provider() const { return m_provider.get(); }
 
-        SourceCode subExpression(unsigned openBrace, unsigned closeBrace, int firstLine, int startColumn);
+        SourceCode subExpression(unsigned openBrace, unsigned closeBrace, int firstLine, int startColumn) const;
+
+        bool operator==(const SourceCode& other) const
+        {
+            return m_firstLine == other.m_firstLine
+                && m_startColumn == other.m_startColumn
+                && m_provider == other.m_provider
+                && m_startOffset == other.m_startOffset
+                && m_endOffset == other.m_endOffset;
+        }
+
+        bool operator!=(const SourceCode& other) const
+        {
+            return !(*this == other);
+        }
 
     private:
@@ -92 +106 @@
     }
     
-    inline SourceCode SourceCode::subExpression(unsigned openBrace, unsigned closeBrace, int firstLine, int startColumn)
+    inline SourceCode SourceCode::subExpression(unsigned openBrace, unsigned closeBrace, int firstLine, int startColumn) const
     {
         startColumn += 1; // Convert to base 1.