[webkit-changes] [239455] trunk

[mark . lam]

Title: [239455] trunk

Revision

239455

Author

mark....@apple.com

Date

2018-12-20 10:51:49 -0800 (Thu, 20 Dec 2018)

Log Message

Fix a typo in slow_path_construct_arityCheck and operationConstructArityCheck.
https://bugs.webkit.org/show_bug.cgi?id=192939
<rdar://problem/46869516>

Reviewed by Keith Miller.

JSTests:

* stress/stack-overflow-frame-for-construct-arityCheck-should-use-construct-codeBlock.js: Added.

Source/_javascript_Core:

* jit/JITOperations.cpp:
* runtime/CommonSlowPaths.cpp:

Modified Paths

• trunk/JSTests/ChangeLog
• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/jit/JITOperations.cpp
• trunk/Source/_javascript_Core/runtime/CommonSlowPaths.cpp

Added Paths

• trunk/JSTests/stress/stack-overflow-frame-for-construct-arityCheck-should-use-construct-codeBlock.js

Diff

Modified: trunk/JSTests/ChangeLog (239454 => 239455)

--- trunk/JSTests/ChangeLog	2018-12-20 18:42:45 UTC (rev 239454)
+++ trunk/JSTests/ChangeLog	2018-12-20 18:51:49 UTC (rev 239455)
@@ -1,3 +1,13 @@
+2018-12-20  Mark Lam  <mark....@apple.com>
+
+        Fix a typo in slow_path_construct_arityCheck and operationConstructArityCheck.
+        https://bugs.webkit.org/show_bug.cgi?id=192939
+        <rdar://problem/46869516>
+
+        Reviewed by Keith Miller.
+
+        * stress/stack-overflow-frame-for-construct-arityCheck-should-use-construct-codeBlock.js: Added.
+
 2018-12-20  Tadeu Zagallo  <tzaga...@apple.com>
 
         WTF::String and StringImpl overflow MaxLength

Added: trunk/JSTests/stress/stack-overflow-frame-for-construct-arityCheck-should-use-construct-codeBlock.js (0 => 239455)

--- trunk/JSTests/stress/stack-overflow-frame-for-construct-arityCheck-should-use-construct-codeBlock.js	                        (rev 0)
+++ trunk/JSTests/stress/stack-overflow-frame-for-construct-arityCheck-should-use-construct-codeBlock.js	2018-12-20 18:51:49 UTC (rev 239455)
@@ -0,0 +1,27 @@
+//@ requireOptions("--maxPerThreadStackUsage=1572864")
+
+function foo(a, b, c) {
+    try {
+        throw new Error();
+    } catch {
+        hello();
+    }
+};
+
+function Bar(d, e) {
+    hello();
+}
+
+function hello(f) {
+    new Bar(0);
+};
+
+var exception;
+try {
+    foo();
+} catch(e) {
+    exception = e;
+}
+
+if (exception != "RangeError: Maximum call stack size exceeded.")
+    throw "FAILED";

Modified: trunk/Source/_javascript_Core/ChangeLog (239454 => 239455)

--- trunk/Source/_javascript_Core/ChangeLog	2018-12-20 18:42:45 UTC (rev 239454)
+++ trunk/Source/_javascript_Core/ChangeLog	2018-12-20 18:51:49 UTC (rev 239455)
@@ -1,3 +1,14 @@
+2018-12-20  Mark Lam  <mark....@apple.com>
+
+        Fix a typo in slow_path_construct_arityCheck and operationConstructArityCheck.
+        https://bugs.webkit.org/show_bug.cgi?id=192939
+        <rdar://problem/46869516>
+
+        Reviewed by Keith Miller.
+
+        * jit/JITOperations.cpp:
+        * runtime/CommonSlowPaths.cpp:
+
 2018-12-20  Caio Lima  <ticaiol...@gmail.com>
 
         [BigInt] We should enable CSE into arithmetic operations that speculate BigIntUse

Modified: trunk/Source/_javascript_Core/jit/JITOperations.cpp (239454 => 239455)

--- trunk/Source/_javascript_Core/jit/JITOperations.cpp	2018-12-20 18:42:45 UTC (rev 239454)
+++ trunk/Source/_javascript_Core/jit/JITOperations.cpp	2018-12-20 18:51:49 UTC (rev 239455)
@@ -130,7 +130,7 @@
 
     int32_t missingArgCount = CommonSlowPaths::arityCheckFor(exec, *vm, CodeForConstruct);
     if (UNLIKELY(missingArgCount < 0)) {
-        CodeBlock* codeBlock = CommonSlowPaths::codeBlockFromCallFrameCallee(exec, CodeForCall);
+        CodeBlock* codeBlock = CommonSlowPaths::codeBlockFromCallFrameCallee(exec, CodeForConstruct);
         exec->convertToStackOverflowFrame(*vm, codeBlock);
         NativeCallFrameTracer tracer(vm, exec);
         throwStackOverflowError(vm->topCallFrame, scope);

Modified: trunk/Source/_javascript_Core/runtime/CommonSlowPaths.cpp (239454 => 239455)

--- trunk/Source/_javascript_Core/runtime/CommonSlowPaths.cpp	2018-12-20 18:42:45 UTC (rev 239454)
+++ trunk/Source/_javascript_Core/runtime/CommonSlowPaths.cpp	2018-12-20 18:51:49 UTC (rev 239455)
@@ -194,7 +194,7 @@
     BEGIN();
     int slotsToAdd = CommonSlowPaths::arityCheckFor(exec, vm, CodeForConstruct);
     if (UNLIKELY(slotsToAdd < 0)) {
-        CodeBlock* codeBlock = CommonSlowPaths::codeBlockFromCallFrameCallee(exec, CodeForCall);
+        CodeBlock* codeBlock = CommonSlowPaths::codeBlockFromCallFrameCallee(exec, CodeForConstruct);
         exec->convertToStackOverflowFrame(vm, codeBlock);
         NativeCallFrameTracer tracer(&vm, exec);
         ErrorHandlingScope errorScope(vm);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes