Changeset 51801 in webkit for trunk/JavaScriptCore/jit/JITStubs.cpp

Timestamp:

Dec 7, 2009, 3:14:04 PM (15 years ago)

Author:

[email protected]

Message:

​https://bugs.webkit.org/show_bug.cgi?id=32184
Handle out-of-memory conditions with JSC Ropes with a JS exception, rather than crashing.
Switch from using fastMalloc to tryFastMalloc, pass an ExecState to record the exception on.

Reviewed by Oliver Hunt.

JavaScriptCore:

• API/JSCallbackObjectFunctions.h:

(JSC::::toString):

• API/JSValueRef.cpp:

(JSValueIsStrictEqual):

• JavaScriptCore.exp:
• bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitEqualityOp):

• debugger/DebuggerCallFrame.cpp:

(JSC::DebuggerCallFrame::functionName):
(JSC::DebuggerCallFrame::calculatedFunctionName):

• interpreter/Interpreter.cpp:

(JSC::Interpreter::callEval):
(JSC::Interpreter::privateExecute):

• jit/JITStubs.cpp:

(JSC::DEFINE_STUB_FUNCTION):

• profiler/ProfileGenerator.cpp:

(JSC::ProfileGenerator::addParentForConsoleStart):

• profiler/Profiler.cpp:

(JSC::Profiler::willExecute):
(JSC::Profiler::didExecute):
(JSC::Profiler::createCallIdentifier):
(JSC::createCallIdentifierFromFunctionImp):

• profiler/Profiler.h:
• runtime/ArrayPrototype.cpp:

(JSC::arrayProtoFuncIndexOf):
(JSC::arrayProtoFuncLastIndexOf):

• runtime/DateConstructor.cpp:

(JSC::constructDate):

• runtime/FunctionPrototype.cpp:

(JSC::functionProtoFuncToString):

• runtime/InternalFunction.cpp:

(JSC::InternalFunction::name):
(JSC::InternalFunction::displayName):
(JSC::InternalFunction::calculatedDisplayName):

• runtime/InternalFunction.h:
• runtime/JSCell.cpp:

(JSC::JSCell::getString):

• runtime/JSCell.h:

(JSC::JSValue::getString):

• runtime/JSONObject.cpp:

(JSC::gap):
(JSC::Stringifier::Stringifier):
(JSC::Stringifier::appendStringifiedValue):

• runtime/JSObject.cpp:

(JSC::JSObject::putDirectFunction):
(JSC::JSObject::putDirectFunctionWithoutTransition):
(JSC::JSObject::defineOwnProperty):

• runtime/JSObject.h:
• runtime/JSPropertyNameIterator.cpp:

(JSC::JSPropertyNameIterator::get):

• runtime/JSString.cpp:

(JSC::JSString::Rope::~Rope):
(JSC::JSString::resolveRope):
(JSC::JSString::getPrimitiveNumber):
(JSC::JSString::toNumber):
(JSC::JSString::toString):
(JSC::JSString::toThisString):
(JSC::JSString::getStringPropertyDescriptor):

• runtime/JSString.h:

(JSC::JSString::Rope::createOrNull):
(JSC::JSString::Rope::operator new):
(JSC::JSString::value):
(JSC::JSString::tryGetValue):
(JSC::JSString::getIndex):
(JSC::JSString::getStringPropertySlot):
(JSC::JSValue::toString):

• runtime/JSValue.h:
• runtime/NativeErrorConstructor.cpp:

(JSC::NativeErrorConstructor::NativeErrorConstructor):

• runtime/Operations.cpp:

(JSC::JSValue::strictEqualSlowCase):

• runtime/Operations.h:

(JSC::JSValue::equalSlowCaseInline):
(JSC::JSValue::strictEqualSlowCaseInline):
(JSC::JSValue::strictEqual):
(JSC::jsLess):
(JSC::jsLessEq):
(JSC::jsAdd):
(JSC::concatenateStrings):

• runtime/PropertyDescriptor.cpp:

(JSC::PropertyDescriptor::equalTo):

• runtime/PropertyDescriptor.h:
• runtime/StringPrototype.cpp:

(JSC::stringProtoFuncReplace):
(JSC::stringProtoFuncToLowerCase):
(JSC::stringProtoFuncToUpperCase):

WebCore:

• bindings/ScriptControllerBase.cpp:

(WebCore::ScriptController::executeIfJavaScriptURL):

• bindings/js/JSCanvasRenderingContext2DCustom.cpp:

(WebCore::toHTMLCanvasStyle):
(WebCore::JSCanvasRenderingContext2D::setFillColor):
(WebCore::JSCanvasRenderingContext2D::setStrokeColor):
(WebCore::JSCanvasRenderingContext2D::setShadow):

• bindings/js/ScriptCallStack.cpp:

(WebCore::ScriptCallStack::ScriptCallStack):
(WebCore::ScriptCallStack::initialize):

• bindings/js/ScriptValue.cpp:

(WebCore::ScriptValue::getString):

• bindings/js/ScriptValue.h:
• bindings/js/SerializedScriptValue.cpp:

(WebCore::SerializingTreeWalker::convertIfTerminal):

• bindings/objc/WebScriptObject.mm:

(+[WebScriptObject _convertValueToObjcValue:originRootObject:rootObject:]):

• page/Console.cpp:

(WebCore::Console::addMessage):

WebKit/mac:

• WebView/WebView.mm:

(aeDescFromJSValue):

File:

• trunk/JavaScriptCore/jit/JITStubs.cpp (modified) (13 diffs)

trunk/JavaScriptCore/jit/JITStubs.cpp

@@ -1045 +1045 @@
     if (leftIsString && v2.isString()) {
         if (asString(v1)->isRope() || asString(v2)->isRope()) {
-            RefPtr<JSString::Rope> rope = JSString::Rope::create(2);
+            RefPtr<JSString::Rope> rope = JSString::Rope::createOrNull(2);
+            if (UNLIKELY(!rope)) {
+                throwOutOfMemoryError(callFrame);
+                VM_THROW_EXCEPTION();
+            }
             rope->initializeFiber(0, asString(v1));
             rope->initializeFiber(1, asString(v2));
@@ -1052 +1056 @@
         }
 
-        RefPtr<UString::Rep> value = concatenate(asString(v1)->value().rep(), asString(v2)->value().rep());
+        RefPtr<UString::Rep> value = concatenate(asString(v1)->value(callFrame).rep(), asString(v2)->value(callFrame).rep());
         if (UNLIKELY(!value)) {
             throwOutOfMemoryError(callFrame);
@@ -1063 +1067 @@
     if (rightIsNumber & leftIsString) {
         RefPtr<UString::Rep> value = v2.isInt32() ?
-            concatenate(asString(v1)->value().rep(), v2.asInt32()) :
-            concatenate(asString(v1)->value().rep(), right);
+            concatenate(asString(v1)->value(callFrame).rep(), v2.asInt32()) :
+            concatenate(asString(v1)->value(callFrame).rep(), right);
 
         if (UNLIKELY(!value)) {
@@ -1889 +1893 @@
             // All fast byte array accesses are safe from exceptions so return immediately to avoid exception checks.
             ctiPatchCallByReturnAddress(callFrame->codeBlock(), STUB_RETURN_ADDRESS, FunctionPtr(cti_op_get_by_val_string));
-            result = asString(baseValue)->getIndex(stackFrame.globalData, i);
+            result = asString(baseValue)->getIndex(callFrame, i);
         } else if (isJSByteArray(globalData, baseValue) && asByteArray(baseValue)->canAccessIndex(i)) {
             // All fast byte array accesses are safe from exceptions so return immediately to avoid exception checks.
@@ -1920 +1924 @@
         uint32_t i = subscript.asUInt32();
         if (isJSString(globalData, baseValue) && asString(baseValue)->canGetIndex(i))
-            result = asString(baseValue)->getIndex(stackFrame.globalData, i);
+            result = asString(baseValue)->getIndex(callFrame, i);
         else {
             result = baseValue.get(callFrame, i);
@@ -2423 +2427 @@
     if (cell1->isString()) {
         if (src2.isInt32())
-            return static_cast<JSString*>(cell1)->value().toDouble() == src2.asInt32();
+            return static_cast<JSString*>(cell1)->value(stackFrame.callFrame).toDouble() == src2.asInt32();
             
         if (src2.isDouble())
-            return static_cast<JSString*>(cell1)->value().toDouble() == src2.asDouble();
+            return static_cast<JSString*>(cell1)->value(stackFrame.callFrame).toDouble() == src2.asDouble();
 
         if (src2.isTrue())
-            return static_cast<JSString*>(cell1)->value().toDouble() == 1.0;
+            return static_cast<JSString*>(cell1)->value(stackFrame.callFrame).toDouble() == 1.0;
 
         if (src2.isFalse())
-            return static_cast<JSString*>(cell1)->value().toDouble() == 0.0;
+            return static_cast<JSString*>(cell1)->value(stackFrame.callFrame).toDouble() == 0.0;
 
         JSCell* cell2 = asCell(src2);
         if (cell2->isString())
-            return static_cast<JSString*>(cell1)->value() == static_cast<JSString*>(cell2)->value();
+            return static_cast<JSString*>(cell1)->value(stackFrame.callFrame) == static_cast<JSString*>(cell2)->value(stackFrame.callFrame);
 
         src2 = asObject(cell2)->toPrimitive(stackFrame.callFrame);
@@ -2459 +2463 @@
     ASSERT(string1->isString());
     ASSERT(string2->isString());
-    return string1->value() == string2->value();
+    return string1->value(stackFrame.callFrame) == string2->value(stackFrame.callFrame);
 }
 
@@ -2757 +2761 @@
     JSObject* base = stackFrame.args[0].jsObject();
     JSString* property = stackFrame.args[1].jsString();
-    return base->hasProperty(stackFrame.callFrame, Identifier(stackFrame.callFrame, property->value()));
+    return base->hasProperty(stackFrame.callFrame, Identifier(stackFrame.callFrame, property->value(stackFrame.callFrame)));
 }
 
@@ -2834 +2838 @@
     JSValue src2 = stackFrame.args[1].jsValue();
 
-    return JSValue::encode(jsBoolean(JSValue::strictEqual(src1, src2)));
+    return JSValue::encode(jsBoolean(JSValue::strictEqual(stackFrame.callFrame, src1, src2)));
 }
 
@@ -2848 +2852 @@
     STUB_INIT_STACK_FRAME(stackFrame);
 
-    return JSValue::encode(concatenateStrings(stackFrame.callFrame, &stackFrame.callFrame->registers()[stackFrame.args[0].int32()], stackFrame.args[1].int32()));
+    JSValue result = concatenateStrings(stackFrame.callFrame, &stackFrame.callFrame->registers()[stackFrame.args[0].int32()], stackFrame.args[1].int32());
+    CHECK_FOR_EXCEPTION_AT_END();
+    return JSValue::encode(result);
 }
 
@@ -2858 +2864 @@
     JSValue src2 = stackFrame.args[1].jsValue();
 
-    return JSValue::encode(jsBoolean(!JSValue::strictEqual(src1, src2)));
+    return JSValue::encode(jsBoolean(!JSValue::strictEqual(stackFrame.callFrame, src1, src2)));
 }
 
@@ -2967 +2973 @@
 
     if (scrutinee.isString()) {
-        UString::Rep* value = asString(scrutinee)->value().rep();
+        UString::Rep* value = asString(scrutinee)->value(callFrame).rep();
         if (value->size() == 1)
             result = codeBlock->characterSwitchJumpTable(tableIndex).ctiForValue(value->data()[0]).executableAddress();
@@ -2987 +2993 @@
 
     if (scrutinee.isString()) {
-        UString::Rep* value = asString(scrutinee)->value().rep();
+        UString::Rep* value = asString(scrutinee)->value(callFrame).rep();
         result = codeBlock->stringSwitchJumpTable(tableIndex).ctiForValue(value).executableAddress();
     }