Changeset 39571 in webkit for trunk/JavaScriptCore


Ignore:
Timestamp:
Jan 2, 2009, 8:36:40 PM (16 years ago)
Author:
[email protected]
Message:

Build fix. Include FrameState.h

Location:
trunk/JavaScriptCore
Files:
6 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/ChangeLog

    r39563 r39571  
     12009-01-02  Oliver Hunt  <[email protected]>
     2
     3        Reviewed by Gavin Barraclough.
     4
     5        [jsfunfuzz] unwind logic for exceptions in eval fails to account for dynamic scope external to the eval
     6        https://bugs.webkit.org/show_bug.cgi?id=23078
     7
     8        This bug was caused by eval codeblocks being generated without accounting
     9        for the depth of the scope chain they inherited.  This meant that exception
     10        handlers would understate their expected scope chain depth, which in turn
     11        led to incorrectly removing nodes from the scope chain.
     12
     13        * bytecompiler/BytecodeGenerator.cpp:
     14        (JSC::BytecodeGenerator::BytecodeGenerator):
     15        (JSC::BytecodeGenerator::emitCatch):
     16        * bytecompiler/BytecodeGenerator.h:
     17        * interpreter/Interpreter.cpp:
     18        (JSC::depth):
     19        * runtime/ScopeChain.cpp:
     20        (JSC::ScopeChain::localDepth):
     21        * runtime/ScopeChain.h:
     22        (JSC::ScopeChainNode::deref):
     23        (JSC::ScopeChainNode::ref):
     24
    1252009-01-02  David Smith  <[email protected]>
    226

  • trunk/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp

    r39524 r39571  
    213213    , m_finallyDepth(0)
    214214    , m_dynamicScopeDepth(0)
     215    , m_baseScopeDepth(0)
    215216    , m_codeType(GlobalCode)
    216217    , m_nextGlobalIndex(-1)
     
    293294    , m_finallyDepth(0)
    294295    , m_dynamicScopeDepth(0)
     296    , m_baseScopeDepth(0)
    295297    , m_codeType(FunctionCode)
    296298    , m_globalData(&scopeChain.globalObject()->globalExec()->globalData())
     
    364366    , m_finallyDepth(0)
    365367    , m_dynamicScopeDepth(0)
     368    , m_baseScopeDepth(scopeChain.localDepth())
    366369    , m_codeType(EvalCode)
    367370    , m_globalData(&scopeChain.globalObject()->globalExec()->globalData())
     
    369372    , m_emitNodeDepth(0)
    370373{
    371     if (m_shouldEmitDebugHooks)
     374    if (m_shouldEmitDebugHooks || m_baseScopeDepth)
    372375        m_codeBlock->setNeedsFullScopeChain(true);
    373376
     
    15891592{
    15901593#if ENABLE(JIT)
    1591     HandlerInfo info = { start->offsetFrom(0), end->offsetFrom(0), instructions().size(), m_dynamicScopeDepth, 0 };
     1594    HandlerInfo info = { start->offsetFrom(0), end->offsetFrom(0), instructions().size(), m_dynamicScopeDepth + m_baseScopeDepth, 0 };
    15921595#else
    1593     HandlerInfo info = { start->offsetFrom(0), end->offsetFrom(0), instructions().size(), m_dynamicScopeDepth };
     1596    HandlerInfo info = { start->offsetFrom(0), end->offsetFrom(0), instructions().size(), m_dynamicScopeDepth + m_baseScopeDepth };
    15941597#endif
    15951598

  • trunk/JavaScriptCore/bytecompiler/BytecodeGenerator.h

    r39366 r39571  
    441441        int m_finallyDepth;
    442442        int m_dynamicScopeDepth;
     443        int m_baseScopeDepth;
    443444        CodeType m_codeType;
    444445

  • trunk/JavaScriptCore/interpreter/Interpreter.cpp

    r39525 r39571  
    103103    if (!codeBlock->needsFullScopeChain())
    104104        return 0;
    105     int scopeDepth = 0;
    106     ScopeChainIterator iter = sc.begin();
    107     ScopeChainIterator end = sc.end();
    108     while (!(*iter)->isObject(&JSActivation::info)) {
    109         ++iter;
    110         if (iter == end)
    111             break;
    112         ++scopeDepth;
    113     }
    114     return scopeDepth;
     105    return sc.localDepth();
    115106}
    116107

  • trunk/JavaScriptCore/runtime/ScopeChain.cpp

    r38087 r39571  
    5151#endif
    5252
     53int ScopeChain::localDepth() const
     54{
     55    int scopeDepth = 0;
     56    ScopeChainIterator iter = this->begin();
     57    ScopeChainIterator end = this->end();
     58    while (!(*iter)->isObject(&JSActivation::info)) {
     59        ++iter;
     60        if (iter == end)
     61            break;
     62        ++scopeDepth;
     63    }
     64    return scopeDepth;
     65}
     66
    5367} // namespace JSC

  • trunk/JavaScriptCore/runtime/ScopeChain.h

    r38473 r39571  
    4949        int refCount;
    5050
    51         void deref() { if (--refCount == 0) release(); }
    52         void ref() { ++refCount; }
     51        void deref() { ASSERT(refCount); if (--refCount == 0) { release();} }
     52        void ref() { ASSERT(refCount); ++refCount; }
    5353        void release();
    5454
     
    192192        void mark() const;
    193193
     194        // Caution: this should only be used if the codeblock this is being used
     195        // with needs a full scope chain, otherwise this returns the depth of
     196        // the preceeding call frame
     197        //
     198        // Returns the depth of the current call frame's scope chain
     199        int localDepth() const;
     200
    194201#ifndef NDEBUG       
    195202        void print() const { m_node->print(); }
Note: See TracChangeset for help on using the changeset viewer.