Diff
Modified: branches/safari-607.2.1.2-branch/JSTests/ChangeLog (245410 => 245411)
--- branches/safari-607.2.1.2-branch/JSTests/ChangeLog 2019-05-16 22:47:56 UTC (rev 245410)
+++ branches/safari-607.2.1.2-branch/JSTests/ChangeLog 2019-05-16 22:47:59 UTC (rev 245411)
@@ -1,51 +1,5 @@
2019-05-15 Alan Coon <[email protected]>
- Cherry-pick r244996. rdar://problem/50754980
-
- [JSC] We should check OOM for description string of Symbol
- https://bugs.webkit.org/show_bug.cgi?id=197634
-
- Reviewed by Keith Miller.
-
- JSTests:
-
- * stress/check-symbol-description-oom.js: Added.
- (shouldThrow):
-
- Source/_javascript_Core:
-
- When resoling JSString for description of Symbol, we should check OOM error.
- We also change JSValueMakeSymbol(..., nullptr) to returning a symbol value
- without description, (1) to simplify the code and (2) give a way for JSC API
- to create a symbol value without description.
-
- * API/JSValueRef.cpp:
- (JSValueMakeSymbol):
- * API/tests/testapi.cpp:
- (TestAPI::symbolsTypeof):
- (TestAPI::symbolsDescription):
- (testCAPIViaCpp):
- * dfg/DFGOperations.cpp:
- * runtime/Symbol.cpp:
- (JSC::Symbol::createWithDescription):
- * runtime/Symbol.h:
- * runtime/SymbolConstructor.cpp:
- (JSC::callSymbol):
-
- git-svn-id: https://svn.webkit.org/repository/webkit/trunk@244996 268f45cc-cd09-0410-ab3c-d52691b4dbfc
-
- 2019-05-06 Yusuke Suzuki <[email protected]>
-
- [JSC] We should check OOM for description string of Symbol
- https://bugs.webkit.org/show_bug.cgi?id=197634
-
- Reviewed by Keith Miller.
-
- * stress/check-symbol-description-oom.js: Added.
- (shouldThrow):
-
-2019-05-15 Alan Coon <[email protected]>
-
Cherry-pick r243948. rdar://problem/50754972
SIGSEGV in JSC::BytecodeGenerator::addStringConstant
Deleted: branches/safari-607.2.1.2-branch/JSTests/stress/check-symbol-description-oom.js (245410 => 245411)
--- branches/safari-607.2.1.2-branch/JSTests/stress/check-symbol-description-oom.js 2019-05-16 22:47:56 UTC (rev 245410)
+++ branches/safari-607.2.1.2-branch/JSTests/stress/check-symbol-description-oom.js 2019-05-16 22:47:59 UTC (rev 245411)
@@ -1,18 +0,0 @@
-function shouldThrow(func, errorMessage) {
- var errorThrown = false;
- var error = null;
- try {
- func();
- } catch (e) {
- errorThrown = true;
- error = e;
- }
- if (!errorThrown)
- throw new Error('not thrown');
- if (String(error) !== errorMessage)
- throw new Error(`bad error: ${String(error)}`);
-}
-
-const s0 = (-1).toLocaleString();
-const s1 = s0.padEnd(2147483647, ' ');
-shouldThrow(() => Symbol(s1), `Error: Out of memory`);
Modified: branches/safari-607.2.1.2-branch/Source/_javascript_Core/API/JSValueRef.cpp (245410 => 245411)
--- branches/safari-607.2.1.2-branch/Source/_javascript_Core/API/JSValueRef.cpp 2019-05-16 22:47:56 UTC (rev 245410)
+++ branches/safari-607.2.1.2-branch/Source/_javascript_Core/API/JSValueRef.cpp 2019-05-16 22:47:59 UTC (rev 245411)
@@ -330,12 +330,13 @@
return nullptr;
}
ExecState* exec = toJS(ctx);
- VM& vm = exec->vm();
JSLockHolder locker(exec);
+ auto scope = DECLARE_CATCH_SCOPE(exec->vm());
- if (!description)
- return toRef(exec, Symbol::create(vm));
- return toRef(exec, Symbol::createWithDescription(vm, description->string()));
+ JSString* jsDescription = jsString(exec, description ? description->string() : String());
+ RETURN_IF_EXCEPTION(scope, nullptr);
+
+ return toRef(exec, Symbol::create(exec, jsDescription));
}
JSValueRef JSValueMakeString(JSContextRef ctx, JSStringRef string)
Modified: branches/safari-607.2.1.2-branch/Source/_javascript_Core/API/tests/testapi.cpp (245410 => 245411)
--- branches/safari-607.2.1.2-branch/Source/_javascript_Core/API/tests/testapi.cpp 2019-05-16 22:47:56 UTC (rev 245410)
+++ branches/safari-607.2.1.2-branch/Source/_javascript_Core/API/tests/testapi.cpp 2019-05-16 22:47:59 UTC (rev 245411)
@@ -129,7 +129,6 @@
void basicSymbol();
void symbolsTypeof();
- void symbolsDescription();
void symbolsGetPropertyForKey();
void symbolsSetPropertyForKey();
void symbolsHasPropertyForKey();
@@ -268,7 +267,6 @@
}
static const char* isSymbolFunction = "(function isSymbol(symbol) { return typeof(symbol) === 'symbol'; })";
-static const char* getSymbolDescription = "(function getSymbolDescription(symbol) { return symbol.description; })";
static const char* getFunction = "(function get(object, key) { return object[key]; })";
static const char* setFunction = "(function set(object, key, value) { object[key] = value; })";
@@ -282,32 +280,11 @@
void TestAPI::symbolsTypeof()
{
- {
- JSValueRef symbol = JSValueMakeSymbol(context, nullptr);
- check(functionReturnsTrue(isSymbolFunction, symbol), "JSValueMakeSymbol makes a symbol value");
- }
- {
- APIString description("dope");
- JSValueRef symbol = JSValueMakeSymbol(context, description);
- check(functionReturnsTrue(isSymbolFunction, symbol), "JSValueMakeSymbol makes a symbol value");
- }
+ APIString description("dope");
+ JSValueRef symbol = JSValueMakeSymbol(context, description);
+ check(functionReturnsTrue(isSymbolFunction, symbol), "JSValueMakeSymbol makes a symbol value");
}
-void TestAPI::symbolsDescription()
-{
- {
- JSValueRef symbol = JSValueMakeSymbol(context, nullptr);
- auto result = callFunction(getSymbolDescription, symbol);
- check(JSValueIsStrictEqual(context, result.value(), JSValueMakeUndefined(context)), "JSValueMakeSymbol with nullptr description produces a symbol value without description");
- }
- {
- APIString description("dope");
- JSValueRef symbol = JSValueMakeSymbol(context, description);
- auto result = callFunction(getSymbolDescription, symbol);
- check(JSValueIsStrictEqual(context, result.value(), JSValueMakeString(context, description)), "JSValueMakeSymbol with description string produces a symbol value with description");
- }
-}
-
void TestAPI::symbolsGetPropertyForKey()
{
auto objects = interestingObjects();
@@ -517,7 +494,6 @@
RUN(basicSymbol());
RUN(symbolsTypeof());
- RUN(symbolsDescription());
RUN(symbolsGetPropertyForKey());
RUN(symbolsSetPropertyForKey());
RUN(symbolsHasPropertyForKey());
Modified: branches/safari-607.2.1.2-branch/Source/_javascript_Core/ChangeLog (245410 => 245411)
--- branches/safari-607.2.1.2-branch/Source/_javascript_Core/ChangeLog 2019-05-16 22:47:56 UTC (rev 245410)
+++ branches/safari-607.2.1.2-branch/Source/_javascript_Core/ChangeLog 2019-05-16 22:47:59 UTC (rev 245411)
@@ -1,66 +1,5 @@
2019-05-15 Alan Coon <[email protected]>
- Cherry-pick r244996. rdar://problem/50754980
-
- [JSC] We should check OOM for description string of Symbol
- https://bugs.webkit.org/show_bug.cgi?id=197634
-
- Reviewed by Keith Miller.
-
- JSTests:
-
- * stress/check-symbol-description-oom.js: Added.
- (shouldThrow):
-
- Source/_javascript_Core:
-
- When resoling JSString for description of Symbol, we should check OOM error.
- We also change JSValueMakeSymbol(..., nullptr) to returning a symbol value
- without description, (1) to simplify the code and (2) give a way for JSC API
- to create a symbol value without description.
-
- * API/JSValueRef.cpp:
- (JSValueMakeSymbol):
- * API/tests/testapi.cpp:
- (TestAPI::symbolsTypeof):
- (TestAPI::symbolsDescription):
- (testCAPIViaCpp):
- * dfg/DFGOperations.cpp:
- * runtime/Symbol.cpp:
- (JSC::Symbol::createWithDescription):
- * runtime/Symbol.h:
- * runtime/SymbolConstructor.cpp:
- (JSC::callSymbol):
-
- git-svn-id: https://svn.webkit.org/repository/webkit/trunk@244996 268f45cc-cd09-0410-ab3c-d52691b4dbfc
-
- 2019-05-06 Yusuke Suzuki <[email protected]>
-
- [JSC] We should check OOM for description string of Symbol
- https://bugs.webkit.org/show_bug.cgi?id=197634
-
- Reviewed by Keith Miller.
-
- When resoling JSString for description of Symbol, we should check OOM error.
- We also change JSValueMakeSymbol(..., nullptr) to returning a symbol value
- without description, (1) to simplify the code and (2) give a way for JSC API
- to create a symbol value without description.
-
- * API/JSValueRef.cpp:
- (JSValueMakeSymbol):
- * API/tests/testapi.cpp:
- (TestAPI::symbolsTypeof):
- (TestAPI::symbolsDescription):
- (testCAPIViaCpp):
- * dfg/DFGOperations.cpp:
- * runtime/Symbol.cpp:
- (JSC::Symbol::createWithDescription):
- * runtime/Symbol.h:
- * runtime/SymbolConstructor.cpp:
- (JSC::callSymbol):
-
-2019-05-15 Alan Coon <[email protected]>
-
Cherry-pick r243948. rdar://problem/50754972
SIGSEGV in JSC::BytecodeGenerator::addStringConstant
Modified: branches/safari-607.2.1.2-branch/Source/_javascript_Core/dfg/DFGOperations.cpp (245410 => 245411)
--- branches/safari-607.2.1.2-branch/Source/_javascript_Core/dfg/DFGOperations.cpp 2019-05-16 22:47:56 UTC (rev 245410)
+++ branches/safari-607.2.1.2-branch/Source/_javascript_Core/dfg/DFGOperations.cpp 2019-05-16 22:47:59 UTC (rev 245411)
@@ -2272,12 +2272,8 @@
{
VM& vm = exec->vm();
NativeCallFrameTracer tracer(&vm, exec);
- auto scope = DECLARE_THROW_SCOPE(vm);
- String string = description->value(exec);
- RETURN_IF_EXCEPTION(scope, nullptr);
-
- return Symbol::createWithDescription(vm, string);
+ return Symbol::create(exec, description);
}
JSCell* JIT_OPERATION operationNewStringObject(ExecState* exec, JSString* string, Structure* structure)
Modified: branches/safari-607.2.1.2-branch/Source/_javascript_Core/runtime/Symbol.cpp (245410 => 245411)
--- branches/safari-607.2.1.2-branch/Source/_javascript_Core/runtime/Symbol.cpp 2019-05-16 22:47:56 UTC (rev 245410)
+++ branches/safari-607.2.1.2-branch/Source/_javascript_Core/runtime/Symbol.cpp 2019-05-16 22:47:59 UTC (rev 245411)
@@ -116,9 +116,11 @@
return symbol;
}
-Symbol* Symbol::createWithDescription(VM& vm, const String& description)
+Symbol* Symbol::create(ExecState* exec, JSString* description)
{
- Symbol* symbol = new (NotNull, allocateCell<Symbol>(vm.heap)) Symbol(vm, description);
+ VM& vm = exec->vm();
+ String desc = description->value(exec);
+ Symbol* symbol = new (NotNull, allocateCell<Symbol>(vm.heap)) Symbol(vm, desc);
symbol->finishCreation(vm);
return symbol;
}
Modified: branches/safari-607.2.1.2-branch/Source/_javascript_Core/runtime/Symbol.h (245410 => 245411)
--- branches/safari-607.2.1.2-branch/Source/_javascript_Core/runtime/Symbol.h 2019-05-16 22:47:56 UTC (rev 245410)
+++ branches/safari-607.2.1.2-branch/Source/_javascript_Core/runtime/Symbol.h 2019-05-16 22:47:59 UTC (rev 245411)
@@ -52,7 +52,7 @@
}
static Symbol* create(VM&);
- static Symbol* createWithDescription(VM&, const String&);
+ static Symbol* create(ExecState*, JSString* description);
JS_EXPORT_PRIVATE static Symbol* create(VM&, SymbolImpl& uid);
const PrivateName& privateName() const { return m_privateName; }
Modified: branches/safari-607.2.1.2-branch/Source/_javascript_Core/runtime/SymbolConstructor.cpp (245410 => 245411)
--- branches/safari-607.2.1.2-branch/Source/_javascript_Core/runtime/SymbolConstructor.cpp 2019-05-16 22:47:56 UTC (rev 245410)
+++ branches/safari-607.2.1.2-branch/Source/_javascript_Core/runtime/SymbolConstructor.cpp 2019-05-16 22:47:59 UTC (rev 245411)
@@ -79,16 +79,10 @@
static EncodedJSValue JSC_HOST_CALL callSymbol(ExecState* exec)
{
- VM& vm = exec->vm();
- auto scope = DECLARE_THROW_SCOPE(vm);
-
JSValue description = exec->argument(0);
if (description.isUndefined())
- return JSValue::encode(Symbol::create(vm));
-
- String string = description.toWTFString(exec);
- RETURN_IF_EXCEPTION(scope, { });
- return JSValue::encode(Symbol::createWithDescription(vm, string));
+ return JSValue::encode(Symbol::create(exec->vm()));
+ return JSValue::encode(Symbol::create(exec, description.toString(exec)));
}
EncodedJSValue JSC_HOST_CALL symbolConstructorFor(ExecState* exec)
