Changeset 51801 in webkit for trunk/JavaScriptCore/runtime/Operations.h

Timestamp:

Dec 7, 2009, 3:14:04 PM (15 years ago)

Author:

[email protected]

Message:

​https://bugs.webkit.org/show_bug.cgi?id=32184
Handle out-of-memory conditions with JSC Ropes with a JS exception, rather than crashing.
Switch from using fastMalloc to tryFastMalloc, pass an ExecState to record the exception on.

Reviewed by Oliver Hunt.

JavaScriptCore:

• API/JSCallbackObjectFunctions.h:

(JSC::::toString):

• API/JSValueRef.cpp:

(JSValueIsStrictEqual):

• JavaScriptCore.exp:
• bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitEqualityOp):

• debugger/DebuggerCallFrame.cpp:

(JSC::DebuggerCallFrame::functionName):
(JSC::DebuggerCallFrame::calculatedFunctionName):

• interpreter/Interpreter.cpp:

(JSC::Interpreter::callEval):
(JSC::Interpreter::privateExecute):

• jit/JITStubs.cpp:

(JSC::DEFINE_STUB_FUNCTION):

• profiler/ProfileGenerator.cpp:

(JSC::ProfileGenerator::addParentForConsoleStart):

• profiler/Profiler.cpp:

(JSC::Profiler::willExecute):
(JSC::Profiler::didExecute):
(JSC::Profiler::createCallIdentifier):
(JSC::createCallIdentifierFromFunctionImp):

• profiler/Profiler.h:
• runtime/ArrayPrototype.cpp:

(JSC::arrayProtoFuncIndexOf):
(JSC::arrayProtoFuncLastIndexOf):

• runtime/DateConstructor.cpp:

(JSC::constructDate):

• runtime/FunctionPrototype.cpp:

(JSC::functionProtoFuncToString):

• runtime/InternalFunction.cpp:

(JSC::InternalFunction::name):
(JSC::InternalFunction::displayName):
(JSC::InternalFunction::calculatedDisplayName):

• runtime/InternalFunction.h:
• runtime/JSCell.cpp:

(JSC::JSCell::getString):

• runtime/JSCell.h:

(JSC::JSValue::getString):

• runtime/JSONObject.cpp:

(JSC::gap):
(JSC::Stringifier::Stringifier):
(JSC::Stringifier::appendStringifiedValue):

• runtime/JSObject.cpp:

(JSC::JSObject::putDirectFunction):
(JSC::JSObject::putDirectFunctionWithoutTransition):
(JSC::JSObject::defineOwnProperty):

• runtime/JSObject.h:
• runtime/JSPropertyNameIterator.cpp:

(JSC::JSPropertyNameIterator::get):

• runtime/JSString.cpp:

(JSC::JSString::Rope::~Rope):
(JSC::JSString::resolveRope):
(JSC::JSString::getPrimitiveNumber):
(JSC::JSString::toNumber):
(JSC::JSString::toString):
(JSC::JSString::toThisString):
(JSC::JSString::getStringPropertyDescriptor):

• runtime/JSString.h:

(JSC::JSString::Rope::createOrNull):
(JSC::JSString::Rope::operator new):
(JSC::JSString::value):
(JSC::JSString::tryGetValue):
(JSC::JSString::getIndex):
(JSC::JSString::getStringPropertySlot):
(JSC::JSValue::toString):

• runtime/JSValue.h:
• runtime/NativeErrorConstructor.cpp:

(JSC::NativeErrorConstructor::NativeErrorConstructor):

• runtime/Operations.cpp:

(JSC::JSValue::strictEqualSlowCase):

• runtime/Operations.h:

(JSC::JSValue::equalSlowCaseInline):
(JSC::JSValue::strictEqualSlowCaseInline):
(JSC::JSValue::strictEqual):
(JSC::jsLess):
(JSC::jsLessEq):
(JSC::jsAdd):
(JSC::concatenateStrings):

• runtime/PropertyDescriptor.cpp:

(JSC::PropertyDescriptor::equalTo):

• runtime/PropertyDescriptor.h:
• runtime/StringPrototype.cpp:

(JSC::stringProtoFuncReplace):
(JSC::stringProtoFuncToLowerCase):
(JSC::stringProtoFuncToUpperCase):

WebCore:

• bindings/ScriptControllerBase.cpp:

(WebCore::ScriptController::executeIfJavaScriptURL):

• bindings/js/JSCanvasRenderingContext2DCustom.cpp:

(WebCore::toHTMLCanvasStyle):
(WebCore::JSCanvasRenderingContext2D::setFillColor):
(WebCore::JSCanvasRenderingContext2D::setStrokeColor):
(WebCore::JSCanvasRenderingContext2D::setShadow):

• bindings/js/ScriptCallStack.cpp:

(WebCore::ScriptCallStack::ScriptCallStack):
(WebCore::ScriptCallStack::initialize):

• bindings/js/ScriptValue.cpp:

(WebCore::ScriptValue::getString):

• bindings/js/ScriptValue.h:
• bindings/js/SerializedScriptValue.cpp:

(WebCore::SerializingTreeWalker::convertIfTerminal):

• bindings/objc/WebScriptObject.mm:

(+[WebScriptObject _convertValueToObjcValue:originRootObject:rootObject:]):

• page/Console.cpp:

(WebCore::Console::addMessage):

WebKit/mac:

• WebView/WebView.mm:

(aeDescFromJSValue):

File:

• trunk/JavaScriptCore/runtime/Operations.h (modified) (11 diffs)

trunk/JavaScriptCore/runtime/Operations.h

@@ -54 +54 @@
             bool s2 = v2.isString();
             if (s1 && s2)
-                return asString(v1)->value() == asString(v2)->value();
+                return asString(v1)->value(exec) == asString(v2)->value(exec);
 
             if (v1.isUndefinedOrNull()) {
@@ -111 +111 @@
 
     // ECMA 11.9.3
-    ALWAYS_INLINE bool JSValue::strictEqualSlowCaseInline(JSValue v1, JSValue v2)
+    ALWAYS_INLINE bool JSValue::strictEqualSlowCaseInline(ExecState* exec, JSValue v1, JSValue v2)
     {
         ASSERT(v1.isCell() && v2.isCell());
 
         if (v1.asCell()->isString() && v2.asCell()->isString())
-            return asString(v1)->value() == asString(v2)->value();
+            return asString(v1)->value(exec) == asString(v2)->value(exec);
 
         return v1 == v2;
     }
 
-    inline bool JSValue::strictEqual(JSValue v1, JSValue v2)
+    inline bool JSValue::strictEqual(ExecState* exec, JSValue v1, JSValue v2)
     {
         if (v1.isInt32() && v2.isInt32())
@@ -132 +132 @@
             return v1 == v2;
 
-        return strictEqualSlowCaseInline(v1, v2);
+        return strictEqualSlowCaseInline(exec, v1, v2);
     }
 
@@ -147 +147 @@
         JSGlobalData* globalData = &callFrame->globalData();
         if (isJSString(globalData, v1) && isJSString(globalData, v2))
-            return asString(v1)->value() < asString(v2)->value();
+            return asString(v1)->value(callFrame) < asString(v2)->value(callFrame);
 
         JSValue p1;
@@ -157 +157 @@
             return n1 < n2;
 
-        return asString(p1)->value() < asString(p2)->value();
+        return asString(p1)->value(callFrame) < asString(p2)->value(callFrame);
     }
 
@@ -172 +172 @@
         JSGlobalData* globalData = &callFrame->globalData();
         if (isJSString(globalData, v1) && isJSString(globalData, v2))
-            return !(asString(v2)->value() < asString(v1)->value());
+            return !(asString(v2)->value(callFrame) < asString(v1)->value(callFrame));
 
         JSValue p1;
@@ -182 +182 @@
             return n1 <= n2;
 
-        return !(asString(p2)->value() < asString(p1)->value());
+        return !(asString(p2)->value(callFrame) < asString(p1)->value(callFrame));
     }
 
@@ -206 +206 @@
         if (leftIsString && v2.isString()) {
             if (asString(v1)->isRope() || asString(v2)->isRope()) {
-                RefPtr<JSString::Rope> rope = JSString::Rope::create(2);
+                RefPtr<JSString::Rope> rope = JSString::Rope::createOrNull(2);
+                if (UNLIKELY(!rope))
+                    return throwOutOfMemoryError(callFrame);
                 rope->initializeFiber(0, asString(v1));
                 rope->initializeFiber(1, asString(v2));
@@ -213 +215 @@
             }
 
-            RefPtr<UString::Rep> value = concatenate(asString(v1)->value().rep(), asString(v2)->value().rep());
+            RefPtr<UString::Rep> value = concatenate(asString(v1)->value(callFrame).rep(), asString(v2)->value(callFrame).rep());
             if (!value)
                 return throwOutOfMemoryError(callFrame);
@@ -221 +223 @@
         if (rightIsNumber & leftIsString) {
             RefPtr<UString::Rep> value = v2.isInt32() ?
-                concatenate(asString(v1)->value().rep(), v2.asInt32()) :
-                concatenate(asString(v1)->value().rep(), right);
+                concatenate(asString(v1)->value(callFrame).rep(), v2.asInt32()) :
+                concatenate(asString(v1)->value(callFrame).rep(), right);
 
             if (!value)
@@ -307 +309 @@
         ASSERT(count >= 3);
 
-        RefPtr<JSString::Rope> rope = JSString::Rope::create(count);
+        RefPtr<JSString::Rope> rope = JSString::Rope::createOrNull(count);
+        if (UNLIKELY(!rope))
+            return throwOutOfMemoryError(callFrame);
 
         for (unsigned i = 0; i < count; ++i) {