Modified: trunk/Source/_javascript_Core/ChangeLog (213366 => 213367)
--- trunk/Source/_javascript_Core/ChangeLog 2017-03-03 17:24:13 UTC (rev 213366)
+++ trunk/Source/_javascript_Core/ChangeLog 2017-03-03 17:48:42 UTC (rev 213367)
@@ -1,3 +1,26 @@
+2017-03-03 Mark Lam <[email protected]>
+
+ We should only check for traps that we're able to handle.
+ https://bugs.webkit.org/show_bug.cgi?id=169136
+
+ Reviewed by Michael Saboff.
+
+ The execute methods in interpreter were checking for the existence of any traps
+ (without masking) and only handling a subset of those via a mask. This can
+ result in a failed assertion on debug builds.
+
+ This patch fixes this by applying the same mask for both the needTrapHandling()
+ check and the handleTraps() call. Also added a few assertions.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::executeProgram):
+ (JSC::Interpreter::executeCall):
+ (JSC::Interpreter::executeConstruct):
+ (JSC::Interpreter::execute):
+ * jit/JITOperations.cpp:
+ * llint/LLIntSlowPaths.cpp:
+ (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+
2017-03-02 Carlos Garcia Campos <[email protected]>
Remote Inspector: Move updateTargetListing() methods to RemoteInspector.cpp
Modified: trunk/Source/_javascript_Core/interpreter/Interpreter.cpp (213366 => 213367)
--- trunk/Source/_javascript_Core/interpreter/Interpreter.cpp 2017-03-03 17:24:13 UTC (rev 213366)
+++ trunk/Source/_javascript_Core/interpreter/Interpreter.cpp 2017-03-03 17:48:42 UTC (rev 213367)
@@ -860,8 +860,8 @@
codeBlock = jsCast<ProgramCodeBlock*>(tempCodeBlock);
}
- if (UNLIKELY(vm.needTrapHandling())) {
- VMTraps::Mask mask(VMTraps::NeedTermination, VMTraps::NeedWatchdogCheck);
+ VMTraps::Mask mask(VMTraps::NeedTermination, VMTraps::NeedWatchdogCheck);
+ if (UNLIKELY(vm.needTrapHandling(mask))) {
vm.handleTraps(callFrame, mask);
RETURN_IF_EXCEPTION(throwScope, throwScope.exception());
}
@@ -921,8 +921,8 @@
} else
newCodeBlock = 0;
- if (UNLIKELY(vm.needTrapHandling())) {
- VMTraps::Mask mask(VMTraps::NeedTermination, VMTraps::NeedWatchdogCheck);
+ VMTraps::Mask mask(VMTraps::NeedTermination, VMTraps::NeedWatchdogCheck);
+ if (UNLIKELY(vm.needTrapHandling(mask))) {
vm.handleTraps(callFrame, mask);
RETURN_IF_EXCEPTION(throwScope, throwScope.exception());
}
@@ -987,8 +987,8 @@
} else
newCodeBlock = 0;
- if (UNLIKELY(vm.needTrapHandling())) {
- VMTraps::Mask mask(VMTraps::NeedTermination, VMTraps::NeedWatchdogCheck);
+ VMTraps::Mask mask(VMTraps::NeedTermination, VMTraps::NeedWatchdogCheck);
+ if (UNLIKELY(vm.needTrapHandling(mask))) {
vm.handleTraps(callFrame, mask);
RETURN_IF_EXCEPTION(throwScope, throwScope.exception());
}
@@ -1052,8 +1052,8 @@
StackStats::CheckPoint stackCheckPoint;
- if (UNLIKELY(vm.needTrapHandling())) {
- VMTraps::Mask mask(VMTraps::NeedTermination, VMTraps::NeedWatchdogCheck);
+ VMTraps::Mask mask(VMTraps::NeedTermination, VMTraps::NeedWatchdogCheck);
+ if (UNLIKELY(vm.needTrapHandling(mask))) {
vm.handleTraps(closure.oldCallFrame, mask);
RETURN_IF_EXCEPTION(throwScope, throwScope.exception());
}
@@ -1156,8 +1156,8 @@
}
}
- if (UNLIKELY(vm.needTrapHandling())) {
- VMTraps::Mask mask(VMTraps::NeedTermination, VMTraps::NeedWatchdogCheck);
+ VMTraps::Mask mask(VMTraps::NeedTermination, VMTraps::NeedWatchdogCheck);
+ if (UNLIKELY(vm.needTrapHandling(mask))) {
vm.handleTraps(callFrame, mask);
RETURN_IF_EXCEPTION(throwScope, throwScope.exception());
}
@@ -1198,8 +1198,8 @@
codeBlock = jsCast<ModuleProgramCodeBlock*>(tempCodeBlock);
}
- if (UNLIKELY(vm.needTrapHandling())) {
- VMTraps::Mask mask(VMTraps::NeedTermination, VMTraps::NeedWatchdogCheck);
+ VMTraps::Mask mask(VMTraps::NeedTermination, VMTraps::NeedWatchdogCheck);
+ if (UNLIKELY(vm.needTrapHandling(mask))) {
vm.handleTraps(callFrame, mask);
RETURN_IF_EXCEPTION(throwScope, throwScope.exception());
}
Modified: trunk/Source/_javascript_Core/jit/JITOperations.cpp (213366 => 213367)
--- trunk/Source/_javascript_Core/jit/JITOperations.cpp 2017-03-03 17:24:13 UTC (rev 213366)
+++ trunk/Source/_javascript_Core/jit/JITOperations.cpp 2017-03-03 17:48:42 UTC (rev 213367)
@@ -1212,6 +1212,7 @@
{
VM& vm = exec->vm();
NativeCallFrameTracer tracer(&vm, exec);
+ ASSERT(vm.needTrapHandling());
vm.handleTraps(exec);
return nullptr;
}
Modified: trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp (213366 => 213367)
--- trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp 2017-03-03 17:24:13 UTC (rev 213366)
+++ trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp 2017-03-03 17:48:42 UTC (rev 213367)
@@ -1497,6 +1497,7 @@
LLINT_SLOW_PATH_DECL(slow_path_handle_traps)
{
LLINT_BEGIN_NO_SET_PC();
+ ASSERT(vm.needTrapHandling());
vm.handleTraps(exec);
LLINT_RETURN_TWO(throwScope.exception(), exec);
}
