- Revision
- 277094
- Author
- [email protected]
- Date
- 2021-05-06 09:22:45 -0700 (Thu, 06 May 2021)
Log Message
Forbid further execution in jsc shell if execution is terminated.
https://bugs.webkit.org/show_bug.cgi?id=225410
rdar://77548608
Reviewed by Michael Saboff.
JSTests:
* stress/jsc-shell-forbid-execution-after-termination.js: Added.
Source/_javascript_Core:
1. Introduce a VM::m_executionForbidden flag.
2. In the jsc shell, forbid further execution if termination was encountered.
* jsc.cpp:
(runWithOptions):
* runtime/VM.cpp:
(JSC::VM::drainMicrotasks):
* runtime/VM.h:
(JSC::VM::executionForbidden const):
(JSC::VM::setExecutionForbidden):
Source/WebCore:
Re-implement WorkerOrWorkletScriptController::forbidExecution() and
isExecutionForbidden() using the VM's notion of the flag
* workers/WorkerOrWorkletScriptController.cpp:
(WebCore::WorkerOrWorkletScriptController::forbidExecution):
(WebCore::WorkerOrWorkletScriptController::isExecutionForbidden const):
* workers/WorkerOrWorkletScriptController.h:
Modified Paths
Added Paths
Diff
Modified: trunk/JSTests/ChangeLog (277093 => 277094)
--- trunk/JSTests/ChangeLog 2021-05-06 16:08:17 UTC (rev 277093)
+++ trunk/JSTests/ChangeLog 2021-05-06 16:22:45 UTC (rev 277094)
@@ -1,3 +1,13 @@
+2021-05-06 Mark Lam <[email protected]>
+
+ Forbid further execution in jsc shell if execution is terminated.
+ https://bugs.webkit.org/show_bug.cgi?id=225410
+ rdar://77548608
+
+ Reviewed by Michael Saboff.
+
+ * stress/jsc-shell-forbid-execution-after-termination.js: Added.
+
2021-05-05 Saam Barati <[email protected]>
Update tests to use collectExtraSamplingProfilerData instead of collectSamplingProfilerDataForJSCShell
Added: trunk/JSTests/stress/jsc-shell-forbid-execution-after-termination.js (0 => 277094)
--- trunk/JSTests/stress/jsc-shell-forbid-execution-after-termination.js (rev 0)
+++ trunk/JSTests/stress/jsc-shell-forbid-execution-after-termination.js 2021-05-06 16:22:45 UTC (rev 277094)
@@ -0,0 +1,3 @@
+//@ runDefault("--watchdog=50", "--watchdog-exception-ok")
+Promise.resolve().then(()=>''.localeCompare());
+''.localeCompare();
Modified: trunk/Source/_javascript_Core/ChangeLog (277093 => 277094)
--- trunk/Source/_javascript_Core/ChangeLog 2021-05-06 16:08:17 UTC (rev 277093)
+++ trunk/Source/_javascript_Core/ChangeLog 2021-05-06 16:22:45 UTC (rev 277094)
@@ -1,5 +1,24 @@
2021-05-06 Mark Lam <[email protected]>
+ Forbid further execution in jsc shell if execution is terminated.
+ https://bugs.webkit.org/show_bug.cgi?id=225410
+ rdar://77548608
+
+ Reviewed by Michael Saboff.
+
+ 1. Introduce a VM::m_executionForbidden flag.
+ 2. In the jsc shell, forbid further execution if termination was encountered.
+
+ * jsc.cpp:
+ (runWithOptions):
+ * runtime/VM.cpp:
+ (JSC::VM::drainMicrotasks):
+ * runtime/VM.h:
+ (JSC::VM::executionForbidden const):
+ (JSC::VM::setExecutionForbidden):
+
+2021-05-06 Mark Lam <[email protected]>
+
Fix missing exception check in objectConstructorGetOwnPropertyDescriptors().
https://bugs.webkit.org/show_bug.cgi?id=225413
rdar://77551530
Modified: trunk/Source/_javascript_Core/jsc.cpp (277093 => 277094)
--- trunk/Source/_javascript_Core/jsc.cpp 2021-05-06 16:08:17 UTC (rev 277093)
+++ trunk/Source/_javascript_Core/jsc.cpp 2021-05-06 16:22:45 UTC (rev 277094)
@@ -3048,8 +3048,11 @@
NakedPtr<Exception> evaluationException;
JSValue returnValue = evaluate(globalObject, jscSource(scriptBuffer, sourceOrigin , fileName), JSValue(), evaluationException);
scope.assertNoException();
- if (evaluationException)
+ if (evaluationException) {
+ if (vm.isTerminationException(evaluationException.get()))
+ vm.setExecutionForbidden();
returnValue = evaluationException->value();
+ }
checkException(globalObject, isLastFile, evaluationException, returnValue, options, success);
}
Modified: trunk/Source/_javascript_Core/runtime/VM.cpp (277093 => 277094)
--- trunk/Source/_javascript_Core/runtime/VM.cpp 2021-05-06 16:08:17 UTC (rev 277093)
+++ trunk/Source/_javascript_Core/runtime/VM.cpp 2021-05-06 16:22:45 UTC (rev 277094)
@@ -1385,14 +1385,18 @@
void VM::drainMicrotasks()
{
- do {
- while (!m_microtaskQueue.isEmpty()) {
- m_microtaskQueue.takeFirst()->run();
- if (m_onEachMicrotaskTick)
- m_onEachMicrotaskTick(*this);
- }
- didExhaustMicrotaskQueue();
- } while (!m_microtaskQueue.isEmpty());
+ if (UNLIKELY(executionForbidden()))
+ m_microtaskQueue.clear();
+ else {
+ do {
+ while (!m_microtaskQueue.isEmpty()) {
+ m_microtaskQueue.takeFirst()->run();
+ if (m_onEachMicrotaskTick)
+ m_onEachMicrotaskTick(*this);
+ }
+ didExhaustMicrotaskQueue();
+ } while (!m_microtaskQueue.isEmpty());
+ }
finalizeSynchronousJSExecution();
}
Modified: trunk/Source/_javascript_Core/runtime/VM.h (277093 => 277094)
--- trunk/Source/_javascript_Core/runtime/VM.h 2021-05-06 16:08:17 UTC (rev 277093)
+++ trunk/Source/_javascript_Core/runtime/VM.h 2021-05-06 16:22:45 UTC (rev 277094)
@@ -341,6 +341,9 @@
bool terminationInProgress() const { return m_terminationInProgress; }
void setTerminationInProgress(bool value) { m_terminationInProgress = value; }
+ bool executionForbidden() const { return m_executionForbidden; }
+ void setExecutionForbidden() { m_executionForbidden = true; }
+
JS_EXPORT_PRIVATE Exception* ensureTerminationException();
Exception* terminationException() const
{
@@ -1263,6 +1266,7 @@
uintptr_t m_currentWeakRefVersion { 0 };
bool m_terminationInProgress { false };
+ bool m_executionForbidden { false };
Lock m_loopHintExecutionCountLock;
HashMap<const Instruction*, std::pair<unsigned, std::unique_ptr<uint64_t>>> m_loopHintExecutionCounts;
Modified: trunk/Source/WebCore/ChangeLog (277093 => 277094)
--- trunk/Source/WebCore/ChangeLog 2021-05-06 16:08:17 UTC (rev 277093)
+++ trunk/Source/WebCore/ChangeLog 2021-05-06 16:22:45 UTC (rev 277094)
@@ -1,3 +1,19 @@
+2021-05-06 Mark Lam <[email protected]>
+
+ Forbid further execution in jsc shell if execution is terminated.
+ https://bugs.webkit.org/show_bug.cgi?id=225410
+ rdar://77548608
+
+ Reviewed by Michael Saboff.
+
+ Re-implement WorkerOrWorkletScriptController::forbidExecution() and
+ isExecutionForbidden() using the VM's notion of the flag
+
+ * workers/WorkerOrWorkletScriptController.cpp:
+ (WebCore::WorkerOrWorkletScriptController::forbidExecution):
+ (WebCore::WorkerOrWorkletScriptController::isExecutionForbidden const):
+ * workers/WorkerOrWorkletScriptController.h:
+
2021-05-06 Darin Adler <[email protected]>
Streamline codec parsing, replacing uses of HashMap with SortedArrayMap
Modified: trunk/Source/WebCore/workers/WorkerOrWorkletScriptController.cpp (277093 => 277094)
--- trunk/Source/WebCore/workers/WorkerOrWorkletScriptController.cpp 2021-05-06 16:08:17 UTC (rev 277093)
+++ trunk/Source/WebCore/workers/WorkerOrWorkletScriptController.cpp 2021-05-06 16:22:45 UTC (rev 277094)
@@ -108,13 +108,13 @@
void WorkerOrWorkletScriptController::forbidExecution()
{
ASSERT(m_globalScope->isContextThread());
- m_executionForbidden = true;
+ m_vm->setExecutionForbidden();
}
bool WorkerOrWorkletScriptController::isExecutionForbidden() const
{
ASSERT(m_globalScope->isContextThread());
- return m_executionForbidden;
+ return m_vm->executionForbidden();
}
void WorkerOrWorkletScriptController::scheduleExecutionTermination()
Modified: trunk/Source/WebCore/workers/WorkerOrWorkletScriptController.h (277093 => 277094)
--- trunk/Source/WebCore/workers/WorkerOrWorkletScriptController.h 2021-05-06 16:08:17 UTC (rev 277093)
+++ trunk/Source/WebCore/workers/WorkerOrWorkletScriptController.h 2021-05-06 16:22:45 UTC (rev 277094)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2020 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2008-2021 Apple Inc. All Rights Reserved.
* Copyright (C) 2012 Google Inc. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -122,7 +122,6 @@
JSC::Strong<JSDOMGlobalObject> m_globalScopeWrapper;
std::unique_ptr<WorkerConsoleClient> m_consoleClient;
mutable Lock m_scheduledTerminationMutex;
- bool m_executionForbidden { false };
bool m_isTerminatingExecution { false };
};
