Diff
Modified: trunk/Source/_javascript_Core/API/APIUtils.h (222616 => 222617)
--- trunk/Source/_javascript_Core/API/APIUtils.h 2017-09-28 17:56:16 UTC (rev 222616)
+++ trunk/Source/_javascript_Core/API/APIUtils.h 2017-09-28 18:09:09 UTC (rev 222617)
@@ -37,10 +37,8 @@
DidNotThrow
};
-inline ExceptionStatus handleExceptionIfNeeded(JSC::ExecState* exec, JSValueRef* returnedExceptionRef)
+inline ExceptionStatus handleExceptionIfNeeded(JSC::CatchScope& scope, JSC::ExecState* exec, JSValueRef* returnedExceptionRef)
{
- JSC::VM& vm = exec->vm();
- auto scope = DECLARE_CATCH_SCOPE(vm);
if (UNLIKELY(scope.exception())) {
JSC::Exception* exception = scope.exception();
if (returnedExceptionRef)
Modified: trunk/Source/_javascript_Core/API/JSObjectRef.cpp (222616 => 222617)
--- trunk/Source/_javascript_Core/API/JSObjectRef.cpp 2017-09-28 17:56:16 UTC (rev 222616)
+++ trunk/Source/_javascript_Core/API/JSObjectRef.cpp 2017-09-28 18:09:09 UTC (rev 222617)
@@ -142,6 +142,7 @@
ExecState* exec = toJS(ctx);
VM& vm = exec->vm();
JSLockHolder locker(vm);
+ auto scope = DECLARE_CATCH_SCOPE(vm);
startingLineNumber = std::max(1, startingLineNumber);
Identifier nameID = name ? name->identifier(&vm) : Identifier::fromString(exec, "anonymous");
@@ -153,7 +154,7 @@
auto sourceURLString = sourceURL ? sourceURL->string() : String();
JSObject* result = constructFunction(exec, exec->lexicalGlobalObject(), args, nameID, SourceOrigin { sourceURLString }, sourceURLString, TextPosition(OrdinalNumber::fromOneBasedInt(startingLineNumber), OrdinalNumber()));
- if (handleExceptionIfNeeded(exec, exception) == ExceptionStatus::DidThrow)
+ if (handleExceptionIfNeeded(scope, exec, exception) == ExceptionStatus::DidThrow)
result = 0;
return toRef(result);
}
@@ -165,7 +166,9 @@
return 0;
}
ExecState* exec = toJS(ctx);
- JSLockHolder locker(exec);
+ VM& vm = exec->vm();
+ JSLockHolder locker(vm);
+ auto scope = DECLARE_CATCH_SCOPE(vm);
JSObject* result;
if (argumentCount) {
@@ -177,7 +180,7 @@
} else
result = constructEmptyArray(exec, 0);
- if (handleExceptionIfNeeded(exec, exception) == ExceptionStatus::DidThrow)
+ if (handleExceptionIfNeeded(scope, exec, exception) == ExceptionStatus::DidThrow)
result = 0;
return toRef(result);
@@ -190,7 +193,9 @@
return 0;
}
ExecState* exec = toJS(ctx);
- JSLockHolder locker(exec);
+ VM& vm = exec->vm();
+ JSLockHolder locker(vm);
+ auto scope = DECLARE_CATCH_SCOPE(vm);
MarkedArgumentBuffer argList;
for (size_t i = 0; i < argumentCount; ++i)
@@ -197,7 +202,7 @@
argList.append(toJS(exec, arguments[i]));
JSObject* result = constructDate(exec, exec->lexicalGlobalObject(), JSValue(), argList);
- if (handleExceptionIfNeeded(exec, exception) == ExceptionStatus::DidThrow)
+ if (handleExceptionIfNeeded(scope, exec, exception) == ExceptionStatus::DidThrow)
result = 0;
return toRef(result);
@@ -210,13 +215,15 @@
return 0;
}
ExecState* exec = toJS(ctx);
- JSLockHolder locker(exec);
+ VM& vm = exec->vm();
+ JSLockHolder locker(vm);
+ auto scope = DECLARE_CATCH_SCOPE(vm);
JSValue message = argumentCount ? toJS(exec, arguments[0]) : jsUndefined();
Structure* errorStructure = exec->lexicalGlobalObject()->errorStructure();
JSObject* result = ErrorInstance::create(exec, errorStructure, message);
- if (handleExceptionIfNeeded(exec, exception) == ExceptionStatus::DidThrow)
+ if (handleExceptionIfNeeded(scope, exec, exception) == ExceptionStatus::DidThrow)
result = 0;
return toRef(result);
@@ -229,7 +236,9 @@
return 0;
}
ExecState* exec = toJS(ctx);
- JSLockHolder locker(exec);
+ VM& vm = exec->vm();
+ JSLockHolder locker(vm);
+ auto scope = DECLARE_CATCH_SCOPE(vm);
MarkedArgumentBuffer argList;
for (size_t i = 0; i < argumentCount; ++i)
@@ -236,7 +245,7 @@
argList.append(toJS(exec, arguments[i]));
JSObject* result = constructRegExp(exec, exec->lexicalGlobalObject(), argList);
- if (handleExceptionIfNeeded(exec, exception) == ExceptionStatus::DidThrow)
+ if (handleExceptionIfNeeded(scope, exec, exception) == ExceptionStatus::DidThrow)
result = 0;
return toRef(result);
@@ -264,11 +273,12 @@
ExecState* exec = toJS(ctx);
VM& vm = exec->vm();
JSLockHolder locker(vm);
+ auto scope = DECLARE_CATCH_SCOPE(vm);
JSObject* jsObject = toJS(object);
JSValue jsValue = toJS(exec, value);
jsObject->setPrototype(vm, exec, jsValue.isObject() ? jsValue : jsNull());
- handleExceptionIfNeeded(exec, nullptr);
+ handleExceptionIfNeeded(scope, exec, nullptr);
}
bool JSObjectHasProperty(JSContextRef ctx, JSObjectRef object, JSStringRef propertyName)
@@ -295,11 +305,12 @@
ExecState* exec = toJS(ctx);
VM& vm = exec->vm();
JSLockHolder locker(vm);
+ auto scope = DECLARE_CATCH_SCOPE(vm);
JSObject* jsObject = toJS(object);
JSValue jsValue = jsObject->get(exec, propertyName->identifier(&vm));
- handleExceptionIfNeeded(exec, exception);
+ handleExceptionIfNeeded(scope, exec, exception);
return toRef(exec, jsValue);
}
@@ -328,7 +339,7 @@
jsObject->methodTable(vm)->put(jsObject, exec, name, jsValue, slot);
}
}
- handleExceptionIfNeeded(exec, exception);
+ handleExceptionIfNeeded(scope, exec, exception);
}
JSValueRef JSObjectGetPropertyAtIndex(JSContextRef ctx, JSObjectRef object, unsigned propertyIndex, JSValueRef* exception)
@@ -338,12 +349,14 @@
return 0;
}
ExecState* exec = toJS(ctx);
- JSLockHolder locker(exec);
+ VM& vm = exec->vm();
+ JSLockHolder locker(vm);
+ auto scope = DECLARE_CATCH_SCOPE(vm);
JSObject* jsObject = toJS(object);
JSValue jsValue = jsObject->get(exec, propertyIndex);
- handleExceptionIfNeeded(exec, exception);
+ handleExceptionIfNeeded(scope, exec, exception);
return toRef(exec, jsValue);
}
@@ -357,12 +370,13 @@
ExecState* exec = toJS(ctx);
VM& vm = exec->vm();
JSLockHolder locker(vm);
+ auto scope = DECLARE_CATCH_SCOPE(vm);
JSObject* jsObject = toJS(object);
JSValue jsValue = toJS(exec, value);
jsObject->methodTable(vm)->putByIndex(jsObject, exec, propertyIndex, jsValue, false);
- handleExceptionIfNeeded(exec, exception);
+ handleExceptionIfNeeded(scope, exec, exception);
}
bool JSObjectDeleteProperty(JSContextRef ctx, JSObjectRef object, JSStringRef propertyName, JSValueRef* exception)
@@ -374,11 +388,12 @@
ExecState* exec = toJS(ctx);
VM& vm = exec->vm();
JSLockHolder locker(vm);
+ auto scope = DECLARE_CATCH_SCOPE(vm);
JSObject* jsObject = toJS(object);
bool result = jsObject->methodTable(vm)->deleteProperty(jsObject, exec, propertyName->identifier(&vm));
- handleExceptionIfNeeded(exec, exception);
+ handleExceptionIfNeeded(scope, exec, exception);
return result;
}
@@ -552,6 +567,7 @@
ExecState* exec = toJS(ctx);
VM& vm = exec->vm();
JSLockHolder locker(vm);
+ auto scope = DECLARE_CATCH_SCOPE(vm);
if (!object)
return 0;
@@ -572,7 +588,7 @@
return 0;
JSValueRef result = toRef(exec, profiledCall(exec, ProfilingReason::API, jsObject, callType, callData, jsThisObject, argList));
- if (handleExceptionIfNeeded(exec, exception) == ExceptionStatus::DidThrow)
+ if (handleExceptionIfNeeded(scope, exec, exception) == ExceptionStatus::DidThrow)
result = 0;
return result;
}
@@ -591,6 +607,7 @@
ExecState* exec = toJS(ctx);
VM& vm = exec->vm();
JSLockHolder locker(vm);
+ auto scope = DECLARE_CATCH_SCOPE(vm);
if (!object)
return 0;
@@ -607,7 +624,7 @@
argList.append(toJS(exec, arguments[i]));
JSObjectRef result = toRef(profiledConstruct(exec, ProfilingReason::API, jsObject, constructType, constructData, argList));
- if (handleExceptionIfNeeded(exec, exception) == ExceptionStatus::DidThrow)
+ if (handleExceptionIfNeeded(scope, exec, exception) == ExceptionStatus::DidThrow)
result = 0;
return result;
}
Modified: trunk/Source/_javascript_Core/API/JSTypedArray.cpp (222616 => 222617)
--- trunk/Source/_javascript_Core/API/JSTypedArray.cpp 2017-09-28 17:56:16 UTC (rev 222616)
+++ trunk/Source/_javascript_Core/API/JSTypedArray.cpp 2017-09-28 18:09:09 UTC (rev 222617)
@@ -157,7 +157,9 @@
JSObjectRef JSObjectMakeTypedArray(JSContextRef ctx, JSTypedArrayType arrayType, size_t length, JSValueRef* exception)
{
ExecState* exec = toJS(ctx);
- JSLockHolder locker(exec);
+ VM& vm = exec->vm();
+ JSLockHolder locker(vm);
+ auto scope = DECLARE_CATCH_SCOPE(vm);
if (arrayType == kJSTypedArrayTypeNone || arrayType == kJSTypedArrayTypeArrayBuffer)
return nullptr;
@@ -166,7 +168,7 @@
auto buffer = ArrayBuffer::tryCreate(length, elementByteSize);
JSObject* result = createTypedArray(exec, arrayType, WTFMove(buffer), 0, length);
- if (handleExceptionIfNeeded(exec, exception) == ExceptionStatus::DidThrow)
+ if (handleExceptionIfNeeded(scope, exec, exception) == ExceptionStatus::DidThrow)
return nullptr;
return toRef(result);
}
@@ -174,7 +176,9 @@
JSObjectRef JSObjectMakeTypedArrayWithBytesNoCopy(JSContextRef ctx, JSTypedArrayType arrayType, void* bytes, size_t length, JSTypedArrayBytesDeallocator destructor, void* destructorContext, JSValueRef* exception)
{
ExecState* exec = toJS(ctx);
- JSLockHolder locker(exec);
+ VM& vm = exec->vm();
+ JSLockHolder locker(vm);
+ auto scope = DECLARE_CATCH_SCOPE(vm);
if (arrayType == kJSTypedArrayTypeNone || arrayType == kJSTypedArrayTypeArrayBuffer)
return nullptr;
@@ -186,7 +190,7 @@
destructor(p, destructorContext);
});
JSObject* result = createTypedArray(exec, arrayType, WTFMove(buffer), 0, length / elementByteSize);
- if (handleExceptionIfNeeded(exec, exception) == ExceptionStatus::DidThrow)
+ if (handleExceptionIfNeeded(scope, exec, exception) == ExceptionStatus::DidThrow)
return nullptr;
return toRef(result);
}
@@ -196,6 +200,7 @@
ExecState* exec = toJS(ctx);
VM& vm = exec->vm();
JSLockHolder locker(vm);
+ auto scope = DECLARE_CATCH_SCOPE(vm);
if (arrayType == kJSTypedArrayTypeNone || arrayType == kJSTypedArrayTypeArrayBuffer)
return nullptr;
@@ -210,7 +215,7 @@
unsigned elementByteSize = elementSize(toTypedArrayType(arrayType));
JSObject* result = createTypedArray(exec, arrayType, WTFMove(buffer), 0, buffer->byteLength() / elementByteSize);
- if (handleExceptionIfNeeded(exec, exception) == ExceptionStatus::DidThrow)
+ if (handleExceptionIfNeeded(scope, exec, exception) == ExceptionStatus::DidThrow)
return nullptr;
return toRef(result);
}
@@ -220,6 +225,7 @@
ExecState* exec = toJS(ctx);
VM& vm = exec->vm();
JSLockHolder locker(vm);
+ auto scope = DECLARE_CATCH_SCOPE(vm);
if (arrayType == kJSTypedArrayTypeNone || arrayType == kJSTypedArrayTypeArrayBuffer)
return nullptr;
@@ -231,7 +237,7 @@
}
JSObject* result = createTypedArray(exec, arrayType, jsBuffer->impl(), offset, length);
- if (handleExceptionIfNeeded(exec, exception) == ExceptionStatus::DidThrow)
+ if (handleExceptionIfNeeded(scope, exec, exception) == ExceptionStatus::DidThrow)
return nullptr;
return toRef(result);
}
@@ -305,6 +311,7 @@
ExecState* exec = toJS(ctx);
VM& vm = exec->vm();
JSLockHolder locker(vm);
+ auto scope = DECLARE_CATCH_SCOPE(vm);
auto buffer = ArrayBuffer::createFromBytes(bytes, byteLength, [=](void* p) {
if (bytesDeallocator)
@@ -312,7 +319,7 @@
});
JSArrayBuffer* jsBuffer = JSArrayBuffer::create(vm, exec->lexicalGlobalObject()->arrayBufferStructure(ArrayBufferSharingMode::Default), WTFMove(buffer));
- if (handleExceptionIfNeeded(exec, exception) == ExceptionStatus::DidThrow)
+ if (handleExceptionIfNeeded(scope, exec, exception) == ExceptionStatus::DidThrow)
return nullptr;
return toRef(jsBuffer);
Modified: trunk/Source/_javascript_Core/API/JSValueRef.cpp (222616 => 222617)
--- trunk/Source/_javascript_Core/API/JSValueRef.cpp 2017-09-28 17:56:16 UTC (rev 222616)
+++ trunk/Source/_javascript_Core/API/JSValueRef.cpp 2017-09-28 18:09:09 UTC (rev 222617)
@@ -223,13 +223,15 @@
return false;
}
ExecState* exec = toJS(ctx);
- JSLockHolder locker(exec);
+ VM& vm = exec->vm();
+ JSLockHolder locker(vm);
+ auto scope = DECLARE_CATCH_SCOPE(vm);
JSValue jsA = toJS(exec, a);
JSValue jsB = toJS(exec, b);
bool result = JSValue::equal(exec, jsA, jsB); // false if an exception is thrown
- handleExceptionIfNeeded(exec, exception);
+ handleExceptionIfNeeded(scope, exec, exception);
return result;
}
@@ -256,7 +258,9 @@
return false;
}
ExecState* exec = toJS(ctx);
- JSLockHolder locker(exec);
+ VM& vm = exec->vm();
+ JSLockHolder locker(vm);
+ auto scope = DECLARE_CATCH_SCOPE(vm);
JSValue jsValue = toJS(exec, value);
@@ -264,7 +268,7 @@
if (!jsConstructor->structure()->typeInfo().implementsHasInstance())
return false;
bool result = jsConstructor->hasInstance(exec, jsValue); // false if an exception is thrown
- handleExceptionIfNeeded(exec, exception);
+ handleExceptionIfNeeded(scope, exec, exception);
return result;
}
@@ -353,12 +357,15 @@
return 0;
}
ExecState* exec = toJS(ctx);
- JSLockHolder locker(exec);
+ VM& vm = exec->vm();
+ JSLockHolder locker(vm);
+ auto scope = DECLARE_CATCH_SCOPE(vm);
+
JSValue value = toJS(exec, apiValue);
String result = JSONStringify(exec, value, indent);
if (exception)
*exception = 0;
- if (handleExceptionIfNeeded(exec, exception) == ExceptionStatus::DidThrow)
+ if (handleExceptionIfNeeded(scope, exec, exception) == ExceptionStatus::DidThrow)
return 0;
return OpaqueJSString::create(result).leakRef();
}
@@ -383,12 +390,14 @@
return PNaN;
}
ExecState* exec = toJS(ctx);
- JSLockHolder locker(exec);
+ VM& vm = exec->vm();
+ JSLockHolder locker(vm);
+ auto scope = DECLARE_CATCH_SCOPE(vm);
JSValue jsValue = toJS(exec, value);
double number = jsValue.toNumber(exec);
- if (handleExceptionIfNeeded(exec, exception) == ExceptionStatus::DidThrow)
+ if (handleExceptionIfNeeded(scope, exec, exception) == ExceptionStatus::DidThrow)
number = PNaN;
return number;
}
@@ -400,12 +409,14 @@
return 0;
}
ExecState* exec = toJS(ctx);
- JSLockHolder locker(exec);
+ VM& vm = exec->vm();
+ JSLockHolder locker(vm);
+ auto scope = DECLARE_CATCH_SCOPE(vm);
JSValue jsValue = toJS(exec, value);
auto stringRef(OpaqueJSString::create(jsValue.toWTFString(exec)));
- if (handleExceptionIfNeeded(exec, exception) == ExceptionStatus::DidThrow)
+ if (handleExceptionIfNeeded(scope, exec, exception) == ExceptionStatus::DidThrow)
stringRef = nullptr;
return stringRef.leakRef();
}
@@ -417,12 +428,14 @@
return 0;
}
ExecState* exec = toJS(ctx);
- JSLockHolder locker(exec);
+ VM& vm = exec->vm();
+ JSLockHolder locker(vm);
+ auto scope = DECLARE_CATCH_SCOPE(vm);
JSValue jsValue = toJS(exec, value);
JSObjectRef objectRef = toRef(jsValue.toObject(exec));
- if (handleExceptionIfNeeded(exec, exception) == ExceptionStatus::DidThrow)
+ if (handleExceptionIfNeeded(scope, exec, exception) == ExceptionStatus::DidThrow)
objectRef = 0;
return objectRef;
}
Modified: trunk/Source/_javascript_Core/ChangeLog (222616 => 222617)
--- trunk/Source/_javascript_Core/ChangeLog 2017-09-28 17:56:16 UTC (rev 222616)
+++ trunk/Source/_javascript_Core/ChangeLog 2017-09-28 18:09:09 UTC (rev 222617)
@@ -1,3 +1,71 @@
+2017-09-28 Mark Lam <[email protected]>
+
+ Add missing exception checks and book-keeping for exception check validation.
+ https://bugs.webkit.org/show_bug.cgi?id=177609
+ <rdar://problem/34717972>
+
+ Reviewed by Keith Miller.
+
+ This resolves exception check validation failures when running test262 tests and
+ a few other tests.
+
+ * API/APIUtils.h:
+ (handleExceptionIfNeeded):
+ * API/JSObjectRef.cpp:
+ (JSObjectMakeFunction):
+ (JSObjectMakeArray):
+ (JSObjectMakeDate):
+ (JSObjectMakeError):
+ (JSObjectMakeRegExp):
+ (JSObjectSetPrototype):
+ (JSObjectGetProperty):
+ (JSObjectSetProperty):
+ (JSObjectGetPropertyAtIndex):
+ (JSObjectSetPropertyAtIndex):
+ (JSObjectDeleteProperty):
+ (JSObjectCallAsFunction):
+ (JSObjectCallAsConstructor):
+ * API/JSTypedArray.cpp:
+ (JSObjectMakeTypedArray):
+ (JSObjectMakeTypedArrayWithBytesNoCopy):
+ (JSObjectMakeTypedArrayWithArrayBuffer):
+ (JSObjectMakeTypedArrayWithArrayBufferAndOffset):
+ (JSObjectMakeArrayBufferWithBytesNoCopy):
+ * API/JSValueRef.cpp:
+ (JSValueIsEqual):
+ (JSValueIsInstanceOfConstructor):
+ (JSValueCreateJSONString):
+ (JSValueToNumber):
+ (JSValueToStringCopy):
+ (JSValueToObject):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::executeProgram):
+ * llint/LLIntSlowPaths.cpp:
+ (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncIndexOf):
+ (JSC::arrayProtoFuncLastIndexOf):
+ * runtime/DatePrototype.cpp:
+ (JSC::fillStructuresUsingTimeArgs):
+ (JSC::setNewValueFromDateArgs):
+ (JSC::dateProtoFuncSetYear):
+ * runtime/JSGenericTypedArrayViewConstructorInlines.h:
+ (JSC::constructGenericTypedArrayViewWithArguments):
+ * runtime/JSModuleEnvironment.cpp:
+ (JSC::JSModuleEnvironment::put):
+ * runtime/ProgramExecutable.cpp:
+ (JSC::ProgramExecutable::initializeGlobalProperties):
+ * runtime/ProxyObject.cpp:
+ (JSC::ProxyObject::toStringName):
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncCharAt):
+ (JSC::stringProtoFuncCharCodeAt):
+ (JSC::stringProtoFuncIndexOf):
+ (JSC::stringProtoFuncLastIndexOf):
+ (JSC::stringProtoFuncSlice):
+ (JSC::stringProtoFuncSplitFast):
+ (JSC::stringProtoFuncSubstr):
+
2017-09-27 Michael Saboff <[email protected]>
REGRESSION(210837): RegExp containing failed non-zero minimum greedy groups incorrectly match
Modified: trunk/Source/_javascript_Core/interpreter/Interpreter.cpp (222616 => 222617)
--- trunk/Source/_javascript_Core/interpreter/Interpreter.cpp 2017-09-28 17:56:16 UTC (rev 222616)
+++ trunk/Source/_javascript_Core/interpreter/Interpreter.cpp 2017-09-28 18:09:09 UTC (rev 222617)
@@ -815,8 +815,10 @@
JSValue JSONPValue = JSONPData[entry].m_value.get();
if (JSONPPath.size() == 1 && JSONPPath[0].m_type == JSONPPathEntryTypeDeclare) {
globalObject->addVar(callFrame, JSONPPath[0].m_pathEntryName);
+ RETURN_IF_EXCEPTION(throwScope, { });
PutPropertySlot slot(globalObject);
globalObject->methodTable(vm)->put(globalObject, callFrame, JSONPPath[0].m_pathEntryName, JSONPValue, slot);
+ RETURN_IF_EXCEPTION(throwScope, { });
result = jsUndefined();
continue;
}
Modified: trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp (222616 => 222617)
--- trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp 2017-09-28 17:56:16 UTC (rev 222616)
+++ trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp 2017-09-28 18:09:09 UTC (rev 222617)
@@ -931,7 +931,8 @@
LLINT_CHECK_EXCEPTION();
couldDelete = baseObject->methodTable(vm)->deleteProperty(baseObject, exec, property);
}
-
+ LLINT_CHECK_EXCEPTION();
+
if (!couldDelete && exec->codeBlock()->isStrictMode())
LLINT_THROW(createTypeError(exec, UnableToDeletePropertyError));
Modified: trunk/Source/_javascript_Core/runtime/ArrayPrototype.cpp (222616 => 222617)
--- trunk/Source/_javascript_Core/runtime/ArrayPrototype.cpp 2017-09-28 17:56:16 UTC (rev 222616)
+++ trunk/Source/_javascript_Core/runtime/ArrayPrototype.cpp 2017-09-28 18:09:09 UTC (rev 222617)
@@ -1120,9 +1120,10 @@
RETURN_IF_EXCEPTION(scope, encodedJSValue());
if (!e)
continue;
- if (JSValue::strictEqual(exec, searchElement, e))
+ bool isEqual = JSValue::strictEqual(exec, searchElement, e);
+ RETURN_IF_EXCEPTION(scope, encodedJSValue());
+ if (isEqual)
return JSValue::encode(jsNumber(index));
- RETURN_IF_EXCEPTION(scope, encodedJSValue());
}
return JSValue::encode(jsNumber(-1));
@@ -1146,6 +1147,7 @@
if (exec->argumentCount() >= 2) {
JSValue fromValue = exec->uncheckedArgument(1);
double fromDouble = fromValue.toInteger(exec);
+ RETURN_IF_EXCEPTION(scope, encodedJSValue());
if (fromDouble < 0) {
fromDouble += length;
if (fromDouble < 0)
Modified: trunk/Source/_javascript_Core/runtime/DatePrototype.cpp (222616 => 222617)
--- trunk/Source/_javascript_Core/runtime/DatePrototype.cpp 2017-09-28 17:56:16 UTC (rev 222616)
+++ trunk/Source/_javascript_Core/runtime/DatePrototype.cpp 2017-09-28 18:09:09 UTC (rev 222617)
@@ -343,6 +343,9 @@
// Format of member function: f([hour,] [min,] [sec,] [ms])
static bool fillStructuresUsingTimeArgs(ExecState* exec, int maxArgs, double* ms, GregorianDateTime* t)
{
+ VM& vm = exec->vm();
+ auto scope = DECLARE_THROW_SCOPE(vm);
+
double milliseconds = 0;
bool ok = true;
int idx = 0;
@@ -356,6 +359,7 @@
if (maxArgs >= 4 && idx < numArgs) {
t->setHour(0);
double hours = exec->uncheckedArgument(idx++).toIntegerPreserveNaN(exec);
+ RETURN_IF_EXCEPTION(scope, false);
ok = std::isfinite(hours);
milliseconds += hours * msPerHour;
}
@@ -364,6 +368,7 @@
if (maxArgs >= 3 && idx < numArgs && ok) {
t->setMinute(0);
double minutes = exec->uncheckedArgument(idx++).toIntegerPreserveNaN(exec);
+ RETURN_IF_EXCEPTION(scope, false);
ok = std::isfinite(minutes);
milliseconds += minutes * msPerMinute;
}
@@ -372,6 +377,7 @@
if (maxArgs >= 2 && idx < numArgs && ok) {
t->setSecond(0);
double seconds = exec->uncheckedArgument(idx++).toIntegerPreserveNaN(exec);
+ RETURN_IF_EXCEPTION(scope, false);
ok = std::isfinite(seconds);
milliseconds += seconds * msPerSecond;
}
@@ -382,6 +388,7 @@
// milliseconds
if (idx < numArgs) {
double millis = exec->uncheckedArgument(idx).toIntegerPreserveNaN(exec);
+ RETURN_IF_EXCEPTION(scope, false);
ok = std::isfinite(millis);
milliseconds += millis;
} else
@@ -1006,7 +1013,9 @@
gregorianDateTime.copyFrom(*other);
}
- if (!fillStructuresUsingDateArgs(exec, numArgsToUse, &ms, &gregorianDateTime)) {
+ bool success = fillStructuresUsingDateArgs(exec, numArgsToUse, &ms, &gregorianDateTime);
+ RETURN_IF_EXCEPTION(scope, encodedJSValue());
+ if (!success) {
JSValue result = jsNaN();
thisDateObj->setInternalValue(vm, result);
return JSValue::encode(result);
@@ -1119,6 +1128,7 @@
}
double year = exec->argument(0).toIntegerPreserveNaN(exec);
+ RETURN_IF_EXCEPTION(scope, encodedJSValue());
if (!std::isfinite(year)) {
JSValue result = jsNaN();
thisDateObj->setInternalValue(vm, result);
Modified: trunk/Source/_javascript_Core/runtime/JSGenericTypedArrayViewConstructorInlines.h (222616 => 222617)
--- trunk/Source/_javascript_Core/runtime/JSGenericTypedArrayViewConstructorInlines.h 2017-09-28 17:56:16 UTC (rev 222616)
+++ trunk/Source/_javascript_Core/runtime/JSGenericTypedArrayViewConstructorInlines.h 2017-09-28 18:09:09 UTC (rev 222617)
@@ -161,6 +161,7 @@
|| lengthSlot.isAccessor() || lengthSlot.isCustom() || lengthSlot.isTaintedByOpaqueObject()
|| hasAnyArrayStorage(object->indexingType()))) {
+ scope.release();
return constructGenericTypedArrayViewFromIterator<ViewClass>(exec, structure, object, iteratorFunc);
}
Modified: trunk/Source/_javascript_Core/runtime/JSModuleEnvironment.cpp (222616 => 222617)
--- trunk/Source/_javascript_Core/runtime/JSModuleEnvironment.cpp 2017-09-28 17:56:16 UTC (rev 222616)
+++ trunk/Source/_javascript_Core/runtime/JSModuleEnvironment.cpp 2017-09-28 18:09:09 UTC (rev 222617)
@@ -126,6 +126,7 @@
throwTypeError(exec, scope, ASCIILiteral(ReadonlyPropertyWriteError));
return false;
}
+ scope.release();
return Base::put(thisObject, exec, propertyName, value, slot);
}
Modified: trunk/Source/_javascript_Core/runtime/ProgramExecutable.cpp (222616 => 222617)
--- trunk/Source/_javascript_Core/runtime/ProgramExecutable.cpp 2017-09-28 17:56:16 UTC (rev 222616)
+++ trunk/Source/_javascript_Core/runtime/ProgramExecutable.cpp 2017-09-28 18:09:09 UTC (rev 222617)
@@ -130,10 +130,12 @@
// It's an error to introduce a shadow.
for (auto& entry : lexicalDeclarations) {
// The ES6 spec says that RestrictedGlobalProperty can't be shadowed.
- if (hasRestrictedGlobalProperty(exec, globalObject, entry.key.get()))
+ bool hasProperty = hasRestrictedGlobalProperty(exec, globalObject, entry.key.get());
+ RETURN_IF_EXCEPTION(throwScope, throwScope.exception());
+ if (hasProperty)
return createSyntaxError(exec, makeString("Can't create duplicate variable that shadows a global property: '", String(entry.key.get()), "'"));
- bool hasProperty = globalLexicalEnvironment->hasProperty(exec, entry.key.get());
+ hasProperty = globalLexicalEnvironment->hasProperty(exec, entry.key.get());
RETURN_IF_EXCEPTION(throwScope, throwScope.exception());
if (hasProperty) {
if (UNLIKELY(entry.value.isConst() && !vm.globalConstRedeclarationShouldThrow() && !isStrictMode())) {
Modified: trunk/Source/_javascript_Core/runtime/ProxyObject.cpp (222616 => 222617)
--- trunk/Source/_javascript_Core/runtime/ProxyObject.cpp 2017-09-28 17:56:16 UTC (rev 222616)
+++ trunk/Source/_javascript_Core/runtime/ProxyObject.cpp 2017-09-28 18:09:09 UTC (rev 222617)
@@ -58,10 +58,13 @@
const ProxyObject* proxy = jsCast<const ProxyObject*>(object);
while (proxy) {
const JSObject* target = proxy->target();
- if (isArray(exec, target))
- return target->classInfo(vm)->methodTable.toStringName(target, exec);
+ bool targetIsArray = isArray(exec, target);
if (UNLIKELY(scope.exception()))
break;
+ if (targetIsArray) {
+ scope.release();
+ return target->classInfo(vm)->methodTable.toStringName(target, exec);
+ }
proxy = jsDynamicCast<const ProxyObject*>(vm, target);
}
Modified: trunk/Source/_javascript_Core/runtime/StringPrototype.cpp (222616 => 222617)
--- trunk/Source/_javascript_Core/runtime/StringPrototype.cpp 2017-09-28 17:56:16 UTC (rev 222616)
+++ trunk/Source/_javascript_Core/runtime/StringPrototype.cpp 2017-09-28 18:09:09 UTC (rev 222617)
@@ -1020,6 +1020,7 @@
return JSValue::encode(jsEmptyString(exec));
}
double dpos = a0.toInteger(exec);
+ RETURN_IF_EXCEPTION(scope, encodedJSValue());
if (dpos >= 0 && dpos < view.length())
return JSValue::encode(jsSingleCharacterString(exec, view[static_cast<unsigned>(dpos)]));
return JSValue::encode(jsEmptyString(exec));
@@ -1044,6 +1045,7 @@
return JSValue::encode(jsNaN());
}
double dpos = a0.toInteger(exec);
+ RETURN_IF_EXCEPTION(scope, encodedJSValue());
if (dpos >= 0 && dpos < view.length())
return JSValue::encode(jsNumber(view[static_cast<int>(dpos)]));
return JSValue::encode(jsNaN());
@@ -1114,6 +1116,7 @@
pos = std::min<uint32_t>(a1.asUInt32(), len);
else {
double dpos = a1.toInteger(exec);
+ RETURN_IF_EXCEPTION(scope, encodedJSValue());
if (dpos < 0)
dpos = 0;
else if (dpos > len)
@@ -1154,6 +1157,7 @@
RETURN_IF_EXCEPTION(scope, encodedJSValue());
double dpos = a1.toIntegerPreserveNaN(exec);
+ RETURN_IF_EXCEPTION(scope, encodedJSValue());
unsigned startPosition;
if (dpos < 0)
startPosition = 0;
@@ -1196,7 +1200,9 @@
// The arg processing is very much like ArrayProtoFunc::Slice
double start = a0.toInteger(exec);
+ RETURN_IF_EXCEPTION(scope, encodedJSValue());
double end = a1.isUndefined() ? len : a1.toInteger(exec);
+ RETURN_IF_EXCEPTION(scope, encodedJSValue());
double from = start < 0 ? len + start : start;
double to = end < 0 ? len + end : end;
if (to > from && to > 0 && from < len) {
@@ -1268,6 +1274,7 @@
// 6. If limit is undefined, let lim = 2^32-1; else let lim = ToUint32(limit).
JSValue limitValue = exec->uncheckedArgument(1);
unsigned limit = limitValue.isUndefined() ? 0xFFFFFFFFu : limitValue.toUInt32(exec);
+ RETURN_IF_EXCEPTION(scope, encodedJSValue());
// 8. Let p = 0.
size_t position = 0;
@@ -1403,7 +1410,9 @@
JSValue a1 = exec->argument(1);
double start = a0.toInteger(exec);
+ RETURN_IF_EXCEPTION(scope, encodedJSValue());
double length = a1.isUndefined() ? len : a1.toInteger(exec);
+ RETURN_IF_EXCEPTION(scope, encodedJSValue());
if (start >= len || length <= 0)
return JSValue::encode(jsEmptyString(exec));
if (start < 0) {
