JavaScriptCore

mark . lam Mon, 28 Nov 2016 14:21:48 -0800

Title: [209018] trunk/Source/_javascript_Core

Revision: 209018
Author: mark....@apple.com
Date: 2016-11-28 14:21:29 -0800 (Mon, 28 Nov 2016)

Log Message

Fix exception scope verification failures in miscellaneous files.
https://bugs.webkit.org/show_bug.cgi?id=165055


Reviewed by Saam Barati.

* runtime/MathObject.cpp:
(JSC::mathProtoFuncIMul):
* runtime/ModuleLoaderPrototype.cpp:
(JSC::moduleLoaderPrototypeParseModule):
(JSC::moduleLoaderPrototypeRequestedModules):
* runtime/NativeErrorConstructor.cpp:
(JSC::Interpreter::constructWithNativeErrorConstructor):
* runtime/NumberConstructor.cpp:
(JSC::constructWithNumberConstructor):
* runtime/SetConstructor.cpp:
(JSC::constructSet):
* runtime/SetIteratorPrototype.cpp:
(JSC::SetIteratorPrototypeFuncNext):
* runtime/SparseArrayValueMap.cpp:
(JSC::SparseArrayValueMap::putEntry):
(JSC::SparseArrayEntry::put):
* runtime/TemplateRegistry.cpp:
(JSC::TemplateRegistry::getTemplateObject):

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/runtime/MathObject.cpp
trunk/Source/_javascript_Core/runtime/ModuleLoaderPrototype.cpp
trunk/Source/_javascript_Core/runtime/NativeErrorConstructor.cpp
trunk/Source/_javascript_Core/runtime/NumberConstructor.cpp
trunk/Source/_javascript_Core/runtime/SetConstructor.cpp
trunk/Source/_javascript_Core/runtime/SetIteratorPrototype.cpp
trunk/Source/_javascript_Core/runtime/SparseArrayValueMap.cpp
trunk/Source/_javascript_Core/runtime/TemplateRegistry.cpp

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (209017 => 209018)


--- trunk/Source/_javascript_Core/ChangeLog	2016-11-28 22:19:08 UTC (rev 209017)
+++ trunk/Source/_javascript_Core/ChangeLog	2016-11-28 22:21:29 UTC (rev 209018)
@@ -1,3 +1,29 @@
+2016-11-26  Mark Lam  <mark....@apple.com>
+
+        Fix exception scope verification failures in miscellaneous files.
+        https://bugs.webkit.org/show_bug.cgi?id=165055
+
+        Reviewed by Saam Barati.
+
+        * runtime/MathObject.cpp:
+        (JSC::mathProtoFuncIMul):
+        * runtime/ModuleLoaderPrototype.cpp:
+        (JSC::moduleLoaderPrototypeParseModule):
+        (JSC::moduleLoaderPrototypeRequestedModules):
+        * runtime/NativeErrorConstructor.cpp:
+        (JSC::Interpreter::constructWithNativeErrorConstructor):
+        * runtime/NumberConstructor.cpp:
+        (JSC::constructWithNumberConstructor):
+        * runtime/SetConstructor.cpp:
+        (JSC::constructSet):
+        * runtime/SetIteratorPrototype.cpp:
+        (JSC::SetIteratorPrototypeFuncNext):
+        * runtime/SparseArrayValueMap.cpp:
+        (JSC::SparseArrayValueMap::putEntry):
+        (JSC::SparseArrayEntry::put):
+        * runtime/TemplateRegistry.cpp:
+        (JSC::TemplateRegistry::getTemplateObject):
+
 2016-11-28  Mark Lam  <mark....@apple.com>
 
         Fix exception scope verification failures in ReflectObject.cpp.

Modified: trunk/Source/_javascript_Core/runtime/MathObject.cpp (209017 => 209018)


--- trunk/Source/_javascript_Core/runtime/MathObject.cpp	2016-11-28 22:19:08 UTC (rev 209017)
+++ trunk/Source/_javascript_Core/runtime/MathObject.cpp	2016-11-28 22:21:29 UTC (rev 209018)
@@ -297,6 +297,7 @@
     auto scope = DECLARE_THROW_SCOPE(vm);
     int32_t left = exec->argument(0).toInt32(exec);
     RETURN_IF_EXCEPTION(scope, encodedJSValue());
+    scope.release();
     int32_t right = exec->argument(1).toInt32(exec);
     return JSValue::encode(jsNumber(left * right));
 }

Modified: trunk/Source/_javascript_Core/runtime/ModuleLoaderPrototype.cpp (209017 => 209018)


--- trunk/Source/_javascript_Core/runtime/ModuleLoaderPrototype.cpp	2016-11-28 22:19:08 UTC (rev 209017)
+++ trunk/Source/_javascript_Core/runtime/ModuleLoaderPrototype.cpp	2016-11-28 22:21:29 UTC (rev 209018)
@@ -133,6 +133,7 @@
     ASSERT(moduleProgramNode);
 
     ModuleAnalyzer moduleAnalyzer(exec, moduleKey, sourceCode, moduleProgramNode->varDeclarations(), moduleProgramNode->lexicalVariables());
+    RETURN_IF_EXCEPTION(scope, encodedJSValue());
     JSModuleRecord* moduleRecord = moduleAnalyzer.analyze(*moduleProgramNode);
 
     return JSValue::encode(moduleRecord);
@@ -143,15 +144,18 @@
     VM& vm = exec->vm();
     auto scope = DECLARE_THROW_SCOPE(vm);
     JSModuleRecord* moduleRecord = jsDynamicCast<JSModuleRecord*>(exec->argument(0));
-    if (!moduleRecord)
+    if (!moduleRecord) {
+        scope.release();
         return JSValue::encode(constructEmptyArray(exec, nullptr));
+    }
 
     JSArray* result = constructEmptyArray(exec, nullptr, moduleRecord->requestedModules().size());
     RETURN_IF_EXCEPTION(scope, encodedJSValue());
     size_t i = 0;
-    for (auto& key : moduleRecord->requestedModules())
+    for (auto& key : moduleRecord->requestedModules()) {
         result->putDirectIndex(exec, i++, jsString(exec, key.get()));
-
+        RETURN_IF_EXCEPTION(scope, encodedJSValue());
+    }
     return JSValue::encode(result);
 }

Modified: trunk/Source/_javascript_Core/runtime/NativeErrorConstructor.cpp (209017 => 209018)


--- trunk/Source/_javascript_Core/runtime/NativeErrorConstructor.cpp	2016-11-28 22:19:08 UTC (rev 209017)
+++ trunk/Source/_javascript_Core/runtime/NativeErrorConstructor.cpp	2016-11-28 22:21:29 UTC (rev 209018)
@@ -69,6 +69,7 @@
     Structure* errorStructure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), jsCast<NativeErrorConstructor*>(exec->callee())->errorStructure());
     RETURN_IF_EXCEPTION(scope, encodedJSValue());
     ASSERT(errorStructure);
+    scope.release();
     return JSValue::encode(ErrorInstance::create(exec, errorStructure, message, nullptr, TypeNothing, false));
 }

Modified: trunk/Source/_javascript_Core/runtime/NumberConstructor.cpp (209017 => 209018)


--- trunk/Source/_javascript_Core/runtime/NumberConstructor.cpp	2016-11-28 22:19:08 UTC (rev 209017)
+++ trunk/Source/_javascript_Core/runtime/NumberConstructor.cpp	2016-11-28 22:21:29 UTC (rev 209018)
@@ -88,11 +88,12 @@
     VM& vm = exec->vm();
     auto scope = DECLARE_THROW_SCOPE(vm);
     double n = exec->argumentCount() ? exec->uncheckedArgument(0).toNumber(exec) : 0;
+    RETURN_IF_EXCEPTION(scope, encodedJSValue());
     Structure* structure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), exec->lexicalGlobalObject()->numberObjectStructure());
     RETURN_IF_EXCEPTION(scope, encodedJSValue());
 
-    NumberObject* object = NumberObject::create(exec->vm(), structure);
-    object->setInternalValue(exec->vm(), jsNumber(n));
+    NumberObject* object = NumberObject::create(vm, structure);
+    object->setInternalValue(vm, jsNumber(n));
     return JSValue::encode(object);
 }

Modified: trunk/Source/_javascript_Core/runtime/SetConstructor.cpp (209017 => 209018)


--- trunk/Source/_javascript_Core/runtime/SetConstructor.cpp	2016-11-28 22:19:08 UTC (rev 209017)
+++ trunk/Source/_javascript_Core/runtime/SetConstructor.cpp	2016-11-28 22:21:29 UTC (rev 209018)
@@ -68,14 +68,15 @@
     if (iterable.isUndefinedOrNull())
         return JSValue::encode(set);
 
-    JSValue adderFunction = set->get(exec, exec->propertyNames().add);
+    JSValue adderFunction = set->get(exec, vm.propertyNames->add);
     RETURN_IF_EXCEPTION(scope, encodedJSValue());
 
     CallData adderFunctionCallData;
     CallType adderFunctionCallType = getCallData(adderFunction, adderFunctionCallData);
-    if (adderFunctionCallType == CallType::None)
+    if (UNLIKELY(adderFunctionCallType == CallType::None))
         return JSValue::encode(throwTypeError(exec, scope));
 
+    scope.release();
     forEachInIterable(exec, iterable, [&](VM&, ExecState* exec, JSValue nextValue) {
         MarkedArgumentBuffer arguments;
         arguments.append(nextValue);

Modified: trunk/Source/_javascript_Core/runtime/SetIteratorPrototype.cpp (209017 => 209018)


--- trunk/Source/_javascript_Core/runtime/SetIteratorPrototype.cpp	2016-11-28 22:19:08 UTC (rev 209017)
+++ trunk/Source/_javascript_Core/runtime/SetIteratorPrototype.cpp	2016-11-28 22:21:29 UTC (rev 209018)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Apple, Inc. All rights reserved.
+ * Copyright (C) 2013, 2016 Apple, Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -56,8 +56,11 @@
     if (!iterator)
         return JSValue::encode(throwTypeError(callFrame, scope, ASCIILiteral("Cannot call SetIterator.next() on a non-SetIterator object")));
 
-    if (iterator->next(callFrame, result))
+    if (iterator->next(callFrame, result)) {
+        scope.release();
         return JSValue::encode(createIteratorResultObject(callFrame, result, false));
+    }
+    scope.release();
     return JSValue::encode(createIteratorResultObject(callFrame, jsUndefined(), true));
 }

Modified: trunk/Source/_javascript_Core/runtime/SparseArrayValueMap.cpp (209017 => 209018)


--- trunk/Source/_javascript_Core/runtime/SparseArrayValueMap.cpp	2016-11-28 22:19:08 UTC (rev 209017)
+++ trunk/Source/_javascript_Core/runtime/SparseArrayValueMap.cpp	2016-11-28 22:21:29 UTC (rev 209018)
@@ -105,6 +105,7 @@
         return typeError(exec, scope, shouldThrow, ASCIILiteral(ReadonlyPropertyWriteError));
     }
     
+    scope.release();
     return entry.put(exec, array, this, value, shouldThrow);
 }
 
@@ -166,6 +167,7 @@
         return true;
     }
 
+    scope.release();
     return callSetter(exec, thisValue, Base::get(), value, shouldThrow ? StrictMode : NotStrictMode);
 }

Modified: trunk/Source/_javascript_Core/runtime/TemplateRegistry.cpp (209017 => 209018)


--- trunk/Source/_javascript_Core/runtime/TemplateRegistry.cpp	2016-11-28 22:19:08 UTC (rev 209017)
+++ trunk/Source/_javascript_Core/runtime/TemplateRegistry.cpp	2016-11-28 22:21:29 UTC (rev 209018)
@@ -59,13 +59,15 @@
 
     for (unsigned index = 0; index < count; ++index) {
         templateObject->putDirectIndex(exec, index, jsString(exec, templateKey.cookedStrings()[index]), ReadOnly | DontDelete, PutDirectIndexLikePutDirect);
+        RETURN_IF_EXCEPTION(scope, nullptr);
         rawObject->putDirectIndex(exec, index, jsString(exec, templateKey.rawStrings()[index]), ReadOnly | DontDelete, PutDirectIndexLikePutDirect);
+        RETURN_IF_EXCEPTION(scope, nullptr);
     }
 
     objectConstructorFreeze(exec, rawObject);
     ASSERT(!scope.exception());
 
-    templateObject->putDirect(vm, exec->propertyNames().raw, rawObject, ReadOnly | DontEnum | DontDelete);
+    templateObject->putDirect(vm, vm.propertyNames->raw, rawObject, ReadOnly | DontEnum | DontDelete);
 
     // Template JSArray hold the reference to JSTemplateRegistryKey to make TemplateRegistryKey pointer live until this JSArray is collected.
     // TemplateRegistryKey pointer is used for TemplateRegistry's key.

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [209018] trunk/Source/JavaScriptCore

Log Message

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (209017 => 209018)

Modified: trunk/Source/_javascript_Core/runtime/MathObject.cpp (209017 => 209018)

Modified: trunk/Source/_javascript_Core/runtime/ModuleLoaderPrototype.cpp (209017 => 209018)

Modified: trunk/Source/_javascript_Core/runtime/NativeErrorConstructor.cpp (209017 => 209018)

Modified: trunk/Source/_javascript_Core/runtime/NumberConstructor.cpp (209017 => 209018)

Modified: trunk/Source/_javascript_Core/runtime/SetConstructor.cpp (209017 => 209018)

Modified: trunk/Source/_javascript_Core/runtime/SetIteratorPrototype.cpp (209017 => 209018)

Modified: trunk/Source/_javascript_Core/runtime/SparseArrayValueMap.cpp (209017 => 209018)

Modified: trunk/Source/_javascript_Core/runtime/TemplateRegistry.cpp (209017 => 209018)

Reply via email to