Title: [222748] trunk/Source/_javascript_Core
- Revision
- 222748
- Author
- [email protected]
- Date
- 2017-10-02 14:58:50 -0700 (Mon, 02 Oct 2017)
Log Message
VMTraps shouldn't crash if it sees an exception it doesn't understand.
https://bugs.webkit.org/show_bug.cgi?id=177780
Reviewed by Mark Lam.
VMTraps could see a JIT breakpoint (SegV) for any number of
reasons it doesn't understand. e.g. a bug in JIT code, Wasm OOB,
etc. This patch makes it handle that case gracefully. It's worth
noting that this means there's no way to know if, due to a bug, we
didn't accurately track all the VMTraps we installed. I'm not sure
if there is a good solution to that problem though.
* runtime/VMTraps.cpp:
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (222747 => 222748)
--- trunk/Source/_javascript_Core/ChangeLog 2017-10-02 21:46:09 UTC (rev 222747)
+++ trunk/Source/_javascript_Core/ChangeLog 2017-10-02 21:58:50 UTC (rev 222748)
@@ -1,3 +1,19 @@
+2017-10-02 Keith Miller <[email protected]>
+
+ VMTraps shouldn't crash if it sees an exception it doesn't understand.
+ https://bugs.webkit.org/show_bug.cgi?id=177780
+
+ Reviewed by Mark Lam.
+
+ VMTraps could see a JIT breakpoint (SegV) for any number of
+ reasons it doesn't understand. e.g. a bug in JIT code, Wasm OOB,
+ etc. This patch makes it handle that case gracefully. It's worth
+ noting that this means there's no way to know if, due to a bug, we
+ didn't accurately track all the VMTraps we installed. I'm not sure
+ if there is a good solution to that problem though.
+
+ * runtime/VMTraps.cpp:
+
2017-10-02 Saam Barati <[email protected]>
Unreviewed. Add missing exception check for the custom-get-set-inline-caching-one-level-up-proto-chain.js
Modified: trunk/Source/_javascript_Core/runtime/VMTraps.cpp (222747 => 222748)
--- trunk/Source/_javascript_Core/runtime/VMTraps.cpp 2017-10-02 21:46:09 UTC (rev 222747)
+++ trunk/Source/_javascript_Core/runtime/VMTraps.cpp 2017-10-02 21:58:50 UTC (rev 222748)
@@ -211,6 +211,10 @@
return SignalAction::NotHandled;
CodeBlock* currentCodeBlock = DFG::codeBlockForVMTrapPC(context.trapPC);
+ if (!currentCodeBlock) {
+ // Either we trapped for some other reason, e.g. Wasm OOB, or we didn't properly monitor the PC. Regardless, we can't do much now...
+ return SignalAction::NotHandled;
+ }
ASSERT(currentCodeBlock->hasInstalledVMTrapBreakpoints());
VM& vm = *currentCodeBlock->vm();
ASSERT(vm.traps().needTrapHandling()); // We should have already jettisoned this code block when we handled the trap.
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
