Title: [287624] branches/safari-612-branch
- Revision
- 287624
- Author
- repst...@apple.com
- Date
- 2022-01-05 10:20:53 -0800 (Wed, 05 Jan 2022)
Log Message
Cherry-pick r286249. rdar://problem/87124979
[JSC] private name operation should use RETURN_IF_EXCEPTION
https://bugs.webkit.org/show_bug.cgi?id=233577
rdar://85813869
Reviewed by Mark Lam.
JSTests:
* stress/termination-error-in-private-name.js: Added.
(C):
Source/_javascript_Core:
Because of TerminatedExecutionError, error can be thrown at any time.
* jit/JITOperations.cpp:
(JSC::JSC_DEFINE_JIT_OPERATION):
(JSC::putPrivateNameOptimize):
(JSC::putPrivateName):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@286249 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Added Paths
Diff
Modified: branches/safari-612-branch/JSTests/ChangeLog (287623 => 287624)
--- branches/safari-612-branch/JSTests/ChangeLog 2022-01-05 18:20:50 UTC (rev 287623)
+++ branches/safari-612-branch/JSTests/ChangeLog 2022-01-05 18:20:53 UTC (rev 287624)
@@ -1,5 +1,44 @@
2022-01-05 Russell Epstein <repst...@apple.com>
+ Cherry-pick r286249. rdar://problem/87124979
+
+ [JSC] private name operation should use RETURN_IF_EXCEPTION
+ https://bugs.webkit.org/show_bug.cgi?id=233577
+ rdar://85813869
+
+ Reviewed by Mark Lam.
+
+ JSTests:
+
+ * stress/termination-error-in-private-name.js: Added.
+ (C):
+
+ Source/_javascript_Core:
+
+ Because of TerminatedExecutionError, error can be thrown at any time.
+
+ * jit/JITOperations.cpp:
+ (JSC::JSC_DEFINE_JIT_OPERATION):
+ (JSC::putPrivateNameOptimize):
+ (JSC::putPrivateName):
+ * llint/LLIntSlowPaths.cpp:
+ (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@286249 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-11-29 Yusuke Suzuki <ysuz...@apple.com>
+
+ [JSC] private name operation should use RETURN_IF_EXCEPTION
+ https://bugs.webkit.org/show_bug.cgi?id=233577
+ rdar://85813869
+
+ Reviewed by Mark Lam.
+
+ * stress/termination-error-in-private-name.js: Added.
+ (C):
+
+2022-01-05 Russell Epstein <repst...@apple.com>
+
Cherry-pick r286228. rdar://problem/87125189
[JSC] GetTypedArrayLengthAsInt52 can get Array::Generic ArrayMode
Added: branches/safari-612-branch/JSTests/stress/termination-error-in-private-name.js (0 => 287624)
--- branches/safari-612-branch/JSTests/stress/termination-error-in-private-name.js (rev 0)
+++ branches/safari-612-branch/JSTests/stress/termination-error-in-private-name.js 2022-01-05 18:20:53 UTC (rev 287624)
@@ -0,0 +1,14 @@
+//@ runDefault("--watchdog=2", "--watchdog-exception-ok")
+
+class C {
+ #field;
+
+ constructor() {
+ gc();
+ #field in this;
+ }
+}
+
+for (let i = 0; i < 1000; i++) {
+ new C();
+}
Modified: branches/safari-612-branch/Source/_javascript_Core/ChangeLog (287623 => 287624)
--- branches/safari-612-branch/Source/_javascript_Core/ChangeLog 2022-01-05 18:20:50 UTC (rev 287623)
+++ branches/safari-612-branch/Source/_javascript_Core/ChangeLog 2022-01-05 18:20:53 UTC (rev 287624)
@@ -1,5 +1,50 @@
2022-01-05 Russell Epstein <repst...@apple.com>
+ Cherry-pick r286249. rdar://problem/87124979
+
+ [JSC] private name operation should use RETURN_IF_EXCEPTION
+ https://bugs.webkit.org/show_bug.cgi?id=233577
+ rdar://85813869
+
+ Reviewed by Mark Lam.
+
+ JSTests:
+
+ * stress/termination-error-in-private-name.js: Added.
+ (C):
+
+ Source/_javascript_Core:
+
+ Because of TerminatedExecutionError, error can be thrown at any time.
+
+ * jit/JITOperations.cpp:
+ (JSC::JSC_DEFINE_JIT_OPERATION):
+ (JSC::putPrivateNameOptimize):
+ (JSC::putPrivateName):
+ * llint/LLIntSlowPaths.cpp:
+ (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@286249 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-11-29 Yusuke Suzuki <ysuz...@apple.com>
+
+ [JSC] private name operation should use RETURN_IF_EXCEPTION
+ https://bugs.webkit.org/show_bug.cgi?id=233577
+ rdar://85813869
+
+ Reviewed by Mark Lam.
+
+ Because of TerminatedExecutionError, error can be thrown at any time.
+
+ * jit/JITOperations.cpp:
+ (JSC::JSC_DEFINE_JIT_OPERATION):
+ (JSC::putPrivateNameOptimize):
+ (JSC::putPrivateName):
+ * llint/LLIntSlowPaths.cpp:
+ (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+
+2022-01-05 Russell Epstein <repst...@apple.com>
+
Cherry-pick r286228. rdar://problem/87125189
[JSC] GetTypedArrayLengthAsInt52 can get Array::Generic ArrayMode
Modified: branches/safari-612-branch/Source/_javascript_Core/jit/JITOperations.cpp (287623 => 287624)
--- branches/safari-612-branch/Source/_javascript_Core/jit/JITOperations.cpp 2022-01-05 18:20:50 UTC (rev 287623)
+++ branches/safari-612-branch/Source/_javascript_Core/jit/JITOperations.cpp 2022-01-05 18:20:53 UTC (rev 287624)
@@ -527,7 +527,7 @@
JSValue propertyValue = JSValue::decode(encodedProperty);
ASSERT(propertyValue.isSymbol());
auto property = propertyValue.toPropertyKey(globalObject);
- EXCEPTION_ASSERT(!scope.exception());
+ RETURN_IF_EXCEPTION(scope, { });
PropertySlot slot(baseObject, PropertySlot::InternalMethodType::HasProperty);
bool found = JSObject::getPrivateFieldSlot(baseObject, globalObject, property, slot);
@@ -561,7 +561,7 @@
JSValue propertyValue = JSValue::decode(encodedProperty);
ASSERT(propertyValue.isSymbol());
auto property = propertyValue.toPropertyKey(globalObject);
- EXCEPTION_ASSERT(!scope.exception());
+ RETURN_IF_EXCEPTION(scope, { });
return JSValue::encode(jsBoolean(asObject(baseValue)->hasPrivateField(globalObject, property)));
}
@@ -1323,7 +1323,7 @@
RETURN_IF_EXCEPTION(scope, void());
auto propertyName = subscript.toPropertyKey(globalObject);
- EXCEPTION_ASSERT(!scope.exception());
+ RETURN_IF_EXCEPTION(scope, void());
// Private fields can only be accessed within class lexical scope
// and class methods are always in strict mode
@@ -1357,7 +1357,7 @@
RETURN_IF_EXCEPTION(scope, void());
auto propertyName = subscript.toPropertyKey(globalObject);
- EXCEPTION_ASSERT(!scope.exception());
+ RETURN_IF_EXCEPTION(scope, void());
scope.release();
Modified: branches/safari-612-branch/Source/_javascript_Core/llint/LLIntSlowPaths.cpp (287623 => 287624)
--- branches/safari-612-branch/Source/_javascript_Core/llint/LLIntSlowPaths.cpp 2022-01-05 18:20:50 UTC (rev 287623)
+++ branches/safari-612-branch/Source/_javascript_Core/llint/LLIntSlowPaths.cpp 2022-01-05 18:20:53 UTC (rev 287624)
@@ -1443,7 +1443,7 @@
auto propertyValue = getOperand(callFrame, bytecode.m_property);
ASSERT(propertyValue.isSymbol());
auto property = propertyValue.toPropertyKey(globalObject);
- EXCEPTION_ASSERT(!throwScope.exception());
+ LLINT_CHECK_EXCEPTION();
LLINT_RETURN(jsBoolean(asObject(baseValue)->hasPrivateField(globalObject, property)));
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
