Modified: branches/safari-607-branch/Source/_javascript_Core/ChangeLog (240077 => 240078)
--- branches/safari-607-branch/Source/_javascript_Core/ChangeLog 2019-01-16 23:28:13 UTC (rev 240077)
+++ branches/safari-607-branch/Source/_javascript_Core/ChangeLog 2019-01-16 23:28:16 UTC (rev 240078)
@@ -1,5 +1,33 @@
2019-01-15 Alan Coon <[email protected]>
+ Cherry-pick r239898. rdar://problem/47260206
+
+ Unreviewed, fix scope check assertions
+ https://bugs.webkit.org/show_bug.cgi?id=193308
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::notifyLexicalBindingShadowing):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::notifyLexicalBindingShadowing):
+ * runtime/ProgramExecutable.cpp:
+ (JSC::ProgramExecutable::initializeGlobalProperties):
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@239898 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2019-01-12 Yusuke Suzuki <[email protected]>
+
+ Unreviewed, fix scope check assertions
+ https://bugs.webkit.org/show_bug.cgi?id=193308
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::notifyLexicalBindingShadowing):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::notifyLexicalBindingShadowing):
+ * runtime/ProgramExecutable.cpp:
+ (JSC::ProgramExecutable::initializeGlobalProperties):
+
+2019-01-15 Alan Coon <[email protected]>
+
Cherry-pick r239888. rdar://problem/47260286
Compile out Web API Statistics Collection
Modified: branches/safari-607-branch/Source/_javascript_Core/bytecode/CodeBlock.cpp (240077 => 240078)
--- branches/safari-607-branch/Source/_javascript_Core/bytecode/CodeBlock.cpp 2019-01-16 23:28:13 UTC (rev 240077)
+++ branches/safari-607-branch/Source/_javascript_Core/bytecode/CodeBlock.cpp 2019-01-16 23:28:16 UTC (rev 240078)
@@ -2676,7 +2676,7 @@
return;
JSGlobalObject* globalObject = m_globalObject.get();
- auto throwScope = DECLARE_THROW_SCOPE(vm);
+ auto scope = DECLARE_THROW_SCOPE(vm);
ConcurrentJSLocker locker(m_lock);
@@ -2693,7 +2693,7 @@
// We pass JSGlobalLexicalScope as a start point of the scope chain.
// It should immediately find the lexical binding because that's the reason why we perform this rewriting now.
ResolveOp op = JSScope::abstractResolve(m_globalObject->globalExec(), bytecode.localScopeDepth, globalObject->globalScope(), ident, Get, bytecode.resolveType, InitializationMode::NotInitialization);
- EXCEPTION_ASSERT_UNUSED(throwScope, !throwScope.exception());
+ scope.releaseAssertNoException();
ASSERT(op.type == GlobalLexicalVarWithVarInjectionChecks || op.type == GlobalLexicalVar);
metadata.resolveType = needsVarInjectionChecks(originalResolveType) ? GlobalLexicalVarWithVarInjectionChecks : GlobalLexicalVar;
metadata.localScopeDepth = 0;
@@ -2717,7 +2717,7 @@
// We pass JSGlobalLexicalScope as a start point of the scope chain.
// It should immediately find the lexical binding because that's the reason why we perform this rewriting now.
ResolveOp op = JSScope::abstractResolve(m_globalObject->globalExec(), bytecode.localScopeDepth, globalObject->globalScope(), ident, Get, bytecode.getPutInfo.resolveType(), InitializationMode::NotInitialization);
- EXCEPTION_ASSERT_UNUSED(throwScope, !throwScope.exception());
+ scope.releaseAssertNoException();
ASSERT(op.type == GlobalLexicalVarWithVarInjectionChecks || op.type == GlobalLexicalVar);
metadata.getPutInfo = GetPutInfo(bytecode.getPutInfo.resolveMode(), needsVarInjectionChecks(originalResolveType) ? GlobalLexicalVarWithVarInjectionChecks : GlobalLexicalVar, bytecode.getPutInfo.initializationMode());
metadata.watchpointSet = op.watchpointSet;
@@ -2738,7 +2738,7 @@
// We pass JSGlobalLexicalScope as a start point of the scope chain.
// It should immediately find the lexical binding because that's the reason why we perform this rewriting now.
ResolveOp op = JSScope::abstractResolve(m_globalObject->globalExec(), bytecode.symbolTableOrScopeDepth, globalObject->globalScope(), ident, Put, bytecode.getPutInfo.resolveType(), bytecode.getPutInfo.initializationMode());
- EXCEPTION_ASSERT_UNUSED(throwScope, !throwScope.exception());
+ scope.releaseAssertNoException();
ASSERT(op.type == GlobalLexicalVarWithVarInjectionChecks || op.type == GlobalLexicalVar || op.type == Dynamic);
ResolveType resolveType = op.type;
Modified: branches/safari-607-branch/Source/_javascript_Core/runtime/JSGlobalObject.cpp (240077 => 240078)
--- branches/safari-607-branch/Source/_javascript_Core/runtime/JSGlobalObject.cpp 2019-01-16 23:28:13 UTC (rev 240077)
+++ branches/safari-607-branch/Source/_javascript_Core/runtime/JSGlobalObject.cpp 2019-01-16 23:28:16 UTC (rev 240078)
@@ -1853,6 +1853,7 @@
void JSGlobalObject::notifyLexicalBindingShadowing(VM& vm, const IdentifierSet& set)
{
+ auto scope = DECLARE_THROW_SCOPE(vm);
#if ENABLE(DFG_JIT)
for (const auto& key : set)
ensureReferencedPropertyWatchpointSet(key.get()).fireAll(vm, "Lexical binding shadows the existing global properties");
@@ -1861,7 +1862,9 @@
if (codeBlock->globalObject() != this)
return;
codeBlock->notifyLexicalBindingShadowing(vm, set);
+ scope.assertNoException();
});
+ scope.release();
}
void JSGlobalObject::queueMicrotask(Ref<Microtask>&& task)
Modified: branches/safari-607-branch/Source/_javascript_Core/runtime/ProgramExecutable.cpp (240077 => 240078)
--- branches/safari-607-branch/Source/_javascript_Core/runtime/ProgramExecutable.cpp 2019-01-16 23:28:13 UTC (rev 240077)
+++ branches/safari-607-branch/Source/_javascript_Core/runtime/ProgramExecutable.cpp 2019-01-16 23:28:16 UTC (rev 240078)
@@ -207,8 +207,10 @@
}
}
- if (!shadowedProperties.isEmpty())
+ if (!shadowedProperties.isEmpty()) {
globalObject->notifyLexicalBindingShadowing(vm, WTFMove(shadowedProperties));
+ throwScope.assertNoException();
+ }
return nullptr;
}
