[webkit-changes] [96438] trunk/Source/JavaScriptCore

Fri, 30 Sep 2011 16:53:47 -0700

Title: [96438] trunk/Source/_javascript_Core
Revision
96438
Author
barraclo...@apple.com
Date
2011-09-30 16:54:44 -0700 (Fri, 30 Sep 2011)

Log Message

StringRecursionChecker should not work in terms of EncodedJSValue
https://bugs.webkit.org/show_bug.cgi?id=69188

Reviewed by Oliver Hunt.

0 is not the empty value on 32_64.
Code that casts literals to EncodedJSValues may be unsafe if we change our internal representation.

* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncToString):
(JSC::arrayProtoFuncToLocaleString):
(JSC::arrayProtoFuncJoin):
* runtime/ErrorPrototype.cpp:
(JSC::errorProtoFuncToString):
* runtime/RegExpPrototype.cpp:
(JSC::regExpProtoFuncToString):
* runtime/StringRecursionChecker.cpp:
(JSC::StringRecursionChecker::throwStackOverflowError):
(JSC::StringRecursionChecker::emptyString):
* runtime/StringRecursionChecker.h:
(JSC::StringRecursionChecker::performCheck):
(JSC::StringRecursionChecker::earlyReturnValue):

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (96437 => 96438)


--- trunk/Source/_javascript_Core/ChangeLog	2011-09-30 23:30:59 UTC (rev 96437)
+++ trunk/Source/_javascript_Core/ChangeLog	2011-09-30 23:54:44 UTC (rev 96438)
@@ -1,5 +1,30 @@
 2011-09-30  Gavin Barraclough  <barraclo...@apple.com>
 
+        StringRecursionChecker should not work in terms of EncodedJSValue
+        https://bugs.webkit.org/show_bug.cgi?id=69188
+
+        Reviewed by Oliver Hunt.
+
+        0 is not the empty value on 32_64.
+        Code that casts literals to EncodedJSValues may be unsafe if we change our internal representation.
+
+        * runtime/ArrayPrototype.cpp:
+        (JSC::arrayProtoFuncToString):
+        (JSC::arrayProtoFuncToLocaleString):
+        (JSC::arrayProtoFuncJoin):
+        * runtime/ErrorPrototype.cpp:
+        (JSC::errorProtoFuncToString):
+        * runtime/RegExpPrototype.cpp:
+        (JSC::regExpProtoFuncToString):
+        * runtime/StringRecursionChecker.cpp:
+        (JSC::StringRecursionChecker::throwStackOverflowError):
+        (JSC::StringRecursionChecker::emptyString):
+        * runtime/StringRecursionChecker.h:
+        (JSC::StringRecursionChecker::performCheck):
+        (JSC::StringRecursionChecker::earlyReturnValue):
+
+2011-09-30  Gavin Barraclough  <barraclo...@apple.com>
+
         DFG JIT, Branch on integer can always be a 32-bit compare.
         https://bugs.webkit.org/show_bug.cgi?id=69174

Modified: trunk/Source/_javascript_Core/runtime/ArrayPrototype.cpp (96437 => 96438)


--- trunk/Source/_javascript_Core/runtime/ArrayPrototype.cpp	2011-09-30 23:30:59 UTC (rev 96437)
+++ trunk/Source/_javascript_Core/runtime/ArrayPrototype.cpp	2011-09-30 23:54:44 UTC (rev 96438)
@@ -180,8 +180,8 @@
         return JSValue::encode(jsUndefined());
 
     StringRecursionChecker checker(exec, thisObj);
-    if (EncodedJSValue earlyReturnValue = checker.earlyReturnValue())
-        return earlyReturnValue;
+    if (JSValue earlyReturnValue = checker.earlyReturnValue())
+        return JSValue::encode(earlyReturnValue);
 
     unsigned totalSize = length ? length - 1 : 0;
 #if OS(SYMBIAN)
@@ -243,8 +243,8 @@
         return JSValue::encode(jsUndefined());
 
     StringRecursionChecker checker(exec, thisObj);
-    if (EncodedJSValue earlyReturnValue = checker.earlyReturnValue())
-        return earlyReturnValue;
+    if (JSValue earlyReturnValue = checker.earlyReturnValue())
+        return JSValue::encode(earlyReturnValue);
 
     JSStringBuilder strBuffer;
     for (unsigned k = 0; k < length; k++) {
@@ -277,8 +277,8 @@
         return JSValue::encode(jsUndefined());
 
     StringRecursionChecker checker(exec, thisObj);
-    if (EncodedJSValue earlyReturnValue = checker.earlyReturnValue())
-        return earlyReturnValue;
+    if (JSValue earlyReturnValue = checker.earlyReturnValue())
+        return JSValue::encode(earlyReturnValue);
 
     JSStringBuilder strBuffer;

Modified: trunk/Source/_javascript_Core/runtime/ErrorPrototype.cpp (96437 => 96438)


--- trunk/Source/_javascript_Core/runtime/ErrorPrototype.cpp	2011-09-30 23:30:59 UTC (rev 96437)
+++ trunk/Source/_javascript_Core/runtime/ErrorPrototype.cpp	2011-09-30 23:54:44 UTC (rev 96438)
@@ -79,8 +79,8 @@
     JSObject* thisObj = exec->hostThisValue().toThisObject(exec);
 
     StringRecursionChecker checker(exec, thisObj);
-    if (EncodedJSValue earlyReturnValue = checker.earlyReturnValue())
-        return earlyReturnValue;
+    if (JSValue earlyReturnValue = checker.earlyReturnValue())
+        return JSValue::encode(earlyReturnValue);
 
     JSValue name = thisObj->get(exec, exec->propertyNames().name);
     JSValue message = thisObj->get(exec, exec->propertyNames().message);

Modified: trunk/Source/_javascript_Core/runtime/RegExpPrototype.cpp (96437 => 96438)


--- trunk/Source/_javascript_Core/runtime/RegExpPrototype.cpp	2011-09-30 23:30:59 UTC (rev 96437)
+++ trunk/Source/_javascript_Core/runtime/RegExpPrototype.cpp	2011-09-30 23:54:44 UTC (rev 96438)
@@ -142,8 +142,8 @@
     RegExpObject* thisObject = asRegExpObject(thisValue);
 
     StringRecursionChecker checker(exec, thisObject);
-    if (EncodedJSValue earlyReturnValue = checker.earlyReturnValue())
-        return earlyReturnValue;
+    if (JSValue earlyReturnValue = checker.earlyReturnValue())
+        return JSValue::encode(earlyReturnValue);
 
     char postfix[5] = { '/', 0, 0, 0, 0 };
     int index = 1;

Modified: trunk/Source/_javascript_Core/runtime/StringRecursionChecker.cpp (96437 => 96438)


--- trunk/Source/_javascript_Core/runtime/StringRecursionChecker.cpp	2011-09-30 23:30:59 UTC (rev 96437)
+++ trunk/Source/_javascript_Core/runtime/StringRecursionChecker.cpp	2011-09-30 23:54:44 UTC (rev 96438)
@@ -25,14 +25,14 @@
 
 namespace JSC {
 
-EncodedJSValue StringRecursionChecker::throwStackOverflowError()
+JSValue StringRecursionChecker::throwStackOverflowError()
 {
-    return throwVMError(m_exec, createStackOverflowError(m_exec));
+    return throwError(m_exec, createStackOverflowError(m_exec));
 }
 
-EncodedJSValue StringRecursionChecker::emptyString()
+JSValue StringRecursionChecker::emptyString()
 {
-    return JSValue::encode(jsEmptyString(m_exec));
+    return jsEmptyString(m_exec);
 }
 
 }

Modified: trunk/Source/_javascript_Core/runtime/StringRecursionChecker.h (96437 => 96438)


--- trunk/Source/_javascript_Core/runtime/StringRecursionChecker.h	2011-09-30 23:30:59 UTC (rev 96437)
+++ trunk/Source/_javascript_Core/runtime/StringRecursionChecker.h	2011-09-30 23:54:44 UTC (rev 96438)
@@ -31,19 +31,19 @@
     StringRecursionChecker(ExecState*, JSObject* thisObject);
     ~StringRecursionChecker();
 
-    EncodedJSValue earlyReturnValue() const; // 0 if everything is OK, value to return for failure cases
+    JSValue earlyReturnValue() const; // 0 if everything is OK, value to return for failure cases
 
 private:
-    EncodedJSValue throwStackOverflowError();
-    EncodedJSValue emptyString();
-    EncodedJSValue performCheck();
+    JSValue throwStackOverflowError();
+    JSValue emptyString();
+    JSValue performCheck();
 
     ExecState* m_exec;
     JSObject* m_thisObject;
-    EncodedJSValue m_earlyReturnValue;
+    JSValue m_earlyReturnValue;
 };
 
-inline EncodedJSValue StringRecursionChecker::performCheck()
+inline JSValue StringRecursionChecker::performCheck()
 {
     int size = m_exec->globalData().stringRecursionCheckVisitedObjects.size();
     if (size >= MaxSmallThreadReentryDepth && size >= m_exec->globalData().maxReentryDepth)
@@ -51,7 +51,7 @@
     bool alreadyVisited = !m_exec->globalData().stringRecursionCheckVisitedObjects.add(m_thisObject).second;
     if (alreadyVisited)
         return emptyString(); // Return empty string to avoid infinite recursion.
-    return 0; // Indicate success.
+    return JSValue(); // Indicate success.
 }
 
 inline StringRecursionChecker::StringRecursionChecker(ExecState* exec, JSObject* thisObject)
@@ -61,7 +61,7 @@
 {
 }
 
-inline EncodedJSValue StringRecursionChecker::earlyReturnValue() const
+inline JSValue StringRecursionChecker::earlyReturnValue() const
 {
     return m_earlyReturnValue;
 }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to