Changeset 61588 in webkit for trunk/JavaScriptCore/bytecode/CodeBlock.cpp

Timestamp:

Jun 21, 2010, 4:17:48 PM (15 years ago)

Author:

[email protected]

Message:

2010-06-21 Oliver Hunt <​[email protected]>

Reviewed by Geoffrey Garen.

Make JSC more resilient in the face of parse failures
​https://bugs.webkit.org/show_bug.cgi?id=40951

A number of recent bugs have occurred due to issues like miscounting
BOMs, etc which lead to interesting crashes later on. Adding this
logic hardens JSC in the face of these errors, and has no impact on
performance (32bit jit actually gets 0.7% faster but I put that down
to cache effects).

• bytecode/CodeBlock.cpp: (JSC::CodeBlock::reparseForExceptionInfoIfNecessary): (JSC::CodeBlock::lineNumberForBytecodeOffset): (JSC::CodeBlock::expressionRangeForBytecodeOffset): (JSC::CodeBlock::getByIdExceptionInfoForBytecodeOffset):
• bytecode/CodeBlock.h: (JSC::CodeBlock::bytecodeOffset):
• interpreter/Interpreter.cpp: (JSC::Interpreter::execute): (JSC::Interpreter::executeCall): (JSC::Interpreter::executeConstruct): (JSC::Interpreter::prepareForRepeatCall): (JSC::Interpreter::privateExecute):
• jit/JITOpcodes.cpp: (JSC::JIT::privateCompileCTIMachineTrampolines):
• jit/JITOpcodes32_64.cpp: (JSC::JIT::privateCompileCTIMachineTrampolines):
• jit/JITStubs.cpp: (JSC::DEFINE_STUB_FUNCTION):
• runtime/ArrayPrototype.cpp: (JSC::isNumericCompareFunction):
• runtime/Executable.cpp: (JSC::FunctionExecutable::compileForCall): (JSC::FunctionExecutable::compileForConstruct): (JSC::FunctionExecutable::generateJITCodeForCall): (JSC::FunctionExecutable::generateJITCodeForConstruct): (JSC::FunctionExecutable::reparseExceptionInfo): (JSC::EvalExecutable::reparseExceptionInfo):
• runtime/Executable.h: (JSC::FunctionExecutable::bytecodeForCall): (JSC::FunctionExecutable::bytecodeForConstruct):
• runtime/JSGlobalData.cpp: (JSC::JSGlobalData::numericCompareFunction):

File:

• trunk/JavaScriptCore/bytecode/CodeBlock.cpp (modified) (5 diffs)

trunk/JavaScriptCore/bytecode/CodeBlock.cpp

@@ -1520 +1520 @@
 }
 
-void CodeBlock::reparseForExceptionInfoIfNecessary(CallFrame* callFrame)
+bool CodeBlock::reparseForExceptionInfoIfNecessary(CallFrame* callFrame)
 {
     if (m_exceptionInfo)
-        return;
+        return true;
 
     ASSERT(!m_rareData || !m_rareData->m_exceptionHandlers.size());
@@ -1540 +1540 @@
 
     m_exceptionInfo.set(m_ownerExecutable->reparseExceptionInfo(m_globalData, scopeChain, this));
+    return m_exceptionInfo;
 }
 
@@ -1564 +1565 @@
     ASSERT(bytecodeOffset < m_instructionCount);
 
-    reparseForExceptionInfoIfNecessary(callFrame);
-    ASSERT(m_exceptionInfo);
-
-    if (!m_exceptionInfo->m_lineInfo.size())
-        return m_ownerExecutable->source().firstLine(); // Empty function
+    if (!reparseForExceptionInfoIfNecessary(callFrame) || !m_exceptionInfo->m_lineInfo.size())
+        return m_ownerExecutable->source().firstLine(); // Empty function or unable to reparse
 
     int low = 0;
@@ -1589 +1587 @@
     ASSERT(bytecodeOffset < m_instructionCount);
 
-    reparseForExceptionInfoIfNecessary(callFrame);
-    ASSERT(m_exceptionInfo);
-
-    if (!m_exceptionInfo->m_expressionInfo.size()) {
+    if (!reparseForExceptionInfoIfNecessary(callFrame) || !m_exceptionInfo->m_expressionInfo.size()) {
         // We didn't think anything could throw.  Apparently we were wrong.
+        // Alternatively something went wrong when trying to reparse
         startOffset = 0;
         endOffset = 0;
@@ -1628 +1624 @@
     ASSERT(bytecodeOffset < m_instructionCount);
 
-    reparseForExceptionInfoIfNecessary(callFrame);
-    ASSERT(m_exceptionInfo);        
-
-    if (!m_exceptionInfo->m_getByIdExceptionInfo.size())
+    if (!reparseForExceptionInfoIfNecessary(callFrame) || !m_exceptionInfo->m_getByIdExceptionInfo.size())
         return false;