Title: [115483] trunk/Source/_javascript_Core
- Revision
- 115483
- Author
- oli...@apple.com
- Date
- 2012-04-27 13:19:24 -0700 (Fri, 27 Apr 2012)
Log Message
Lazy link phase of baseline jit fails to propagate exception
https://bugs.webkit.org/show_bug.cgi?id=85092
Reviewed by Filip Pizlo.
Very simple patch, when linking produces an error we need to actually store
the exception prior to throwing it. I can't find any other examples of this,
but as we're already in the slow path when throwing an exception I've hardened
exception throwing against null exceptions.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::throwException):
* jit/JITStubs.cpp:
(JSC::lazyLinkFor):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (115482 => 115483)
--- trunk/Source/_javascript_Core/ChangeLog 2012-04-27 20:18:41 UTC (rev 115482)
+++ trunk/Source/_javascript_Core/ChangeLog 2012-04-27 20:19:24 UTC (rev 115483)
@@ -1,3 +1,20 @@
+2012-04-27 Oliver Hunt <oli...@apple.com>
+
+ Lazy link phase of baseline jit fails to propagate exception
+ https://bugs.webkit.org/show_bug.cgi?id=85092
+
+ Reviewed by Filip Pizlo.
+
+ Very simple patch, when linking produces an error we need to actually store
+ the exception prior to throwing it. I can't find any other examples of this,
+ but as we're already in the slow path when throwing an exception I've hardened
+ exception throwing against null exceptions.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::throwException):
+ * jit/JITStubs.cpp:
+ (JSC::lazyLinkFor):
+
2012-04-27 Benjamin Poulain <benja...@webkit.org>
Generalize the single character optimization of numberProtoFuncToString
Modified: trunk/Source/_javascript_Core/interpreter/Interpreter.cpp (115482 => 115483)
--- trunk/Source/_javascript_Core/interpreter/Interpreter.cpp 2012-04-27 20:18:41 UTC (rev 115482)
+++ trunk/Source/_javascript_Core/interpreter/Interpreter.cpp 2012-04-27 20:19:24 UTC (rev 115483)
@@ -1009,6 +1009,13 @@
CodeBlock* codeBlock = callFrame->codeBlock();
bool isInterrupt = false;
+ ASSERT(exceptionValue.isEmpty());
+ ASSERT(!exceptionValue.isCell() || exceptionValue.asCell());
+ // This shouldn't be possible (hence the assertions), but we're already in the slowest of
+ // slow cases, so let's harden against it anyway to be safe.
+ if (exceptionValue.isEmpty() || (exceptionValue.isCell() && !exceptionValue.asCell()))
+ exceptionValue = jsNull();
+
// Set up the exception object
if (exceptionValue.isObject()) {
JSObject* exception = asObject(exceptionValue);
Modified: trunk/Source/_javascript_Core/jit/JITStubs.cpp (115482 => 115483)
--- trunk/Source/_javascript_Core/jit/JITStubs.cpp 2012-04-27 20:18:41 UTC (rev 115482)
+++ trunk/Source/_javascript_Core/jit/JITStubs.cpp 2012-04-27 20:19:24 UTC (rev 115483)
@@ -2256,9 +2256,10 @@
codePtr = executable->generatedJITCodeFor(kind).addressForCall();
else {
FunctionExecutable* functionExecutable = static_cast<FunctionExecutable*>(executable);
- JSObject* error = functionExecutable->compileFor(callFrame, callee->scope(), kind);
- if (error)
+ if (JSObject* error = functionExecutable->compileFor(callFrame, callee->scope(), kind)) {
+ callFrame->globalData().exception = error;
return 0;
+ }
codeBlock = &functionExecutable->generatedBytecodeFor(kind);
if (callFrame->argumentCountIncludingThis() < static_cast<size_t>(codeBlock->numParameters())
|| callLinkInfo->callType == CallLinkInfo::CallVarargs)
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
