Title: [290283] trunk
- Revision
- 290283
- Author
- [email protected]
- Date
- 2022-02-21 18:16:28 -0800 (Mon, 21 Feb 2022)
Log Message
[JSC] Fix ShadowRealm unwinding
https://bugs.webkit.org/show_bug.cgi?id=237001
Reviewed by Saam Barati.
JSTests:
* test262/expectations.yaml:
Source/_javascript_Core:
This patch fixes a crash bug found by test262. Regardless of it is RemoteFunction,
we should handle it as the same way to the other normal host functions except
for setting m_seenRemoteFunction = true flag. Previously, we are early returning,
this is wrong since we should stop unwinding if the caller is entry frame.
* interpreter/Interpreter.cpp:
(JSC::UnwindFunctor::operator() const):
Modified Paths
Diff
Modified: trunk/JSTests/ChangeLog (290282 => 290283)
--- trunk/JSTests/ChangeLog 2022-02-22 02:12:13 UTC (rev 290282)
+++ trunk/JSTests/ChangeLog 2022-02-22 02:16:28 UTC (rev 290283)
@@ -1,5 +1,14 @@
2022-02-21 Yusuke Suzuki <[email protected]>
+ [JSC] Fix ShadowRealm unwinding
+ https://bugs.webkit.org/show_bug.cgi?id=237001
+
+ Reviewed by Saam Barati.
+
+ * test262/expectations.yaml:
+
+2022-02-21 Yusuke Suzuki <[email protected]>
+
[JSC] Temporal.PlainDate should validate input range
https://bugs.webkit.org/show_bug.cgi?id=236936
Modified: trunk/JSTests/test262/expectations.yaml (290282 => 290283)
--- trunk/JSTests/test262/expectations.yaml 2022-02-22 02:12:13 UTC (rev 290282)
+++ trunk/JSTests/test262/expectations.yaml 2022-02-22 02:16:28 UTC (rev 290283)
@@ -828,8 +828,6 @@
test/built-ins/ShadowRealm/WrappedFunction/name-throws-typeerror.js:
default: 'Test262Error: expect a TypeError on name getter throwing Expected a TypeError but got a Error'
strict mode: 'Test262Error: expect a TypeError on name getter throwing Expected a TypeError but got a Error'
-test/built-ins/ShadowRealm/prototype/evaluate/wrapped-function-proxied-observes-boundary.js:
- strict mode: 'Bad exit code: 11'
test/built-ins/ShadowRealm/prototype/evaluate/wrapped-function-throws-typeerror-from-caller-realm.js:
default: 'Test262Error: throws TypeError if arguments are not wrappable Expected a TypeError but got a different error constructor with the same name'
strict mode: 'Test262Error: throws TypeError if arguments are not wrappable Expected a TypeError but got a different error constructor with the same name'
Modified: trunk/Source/_javascript_Core/ChangeLog (290282 => 290283)
--- trunk/Source/_javascript_Core/ChangeLog 2022-02-22 02:12:13 UTC (rev 290282)
+++ trunk/Source/_javascript_Core/ChangeLog 2022-02-22 02:16:28 UTC (rev 290283)
@@ -1,5 +1,20 @@
2022-02-21 Yusuke Suzuki <[email protected]>
+ [JSC] Fix ShadowRealm unwinding
+ https://bugs.webkit.org/show_bug.cgi?id=237001
+
+ Reviewed by Saam Barati.
+
+ This patch fixes a crash bug found by test262. Regardless of it is RemoteFunction,
+ we should handle it as the same way to the other normal host functions except
+ for setting m_seenRemoteFunction = true flag. Previously, we are early returning,
+ this is wrong since we should stop unwinding if the caller is entry frame.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::UnwindFunctor::operator() const):
+
+2022-02-21 Yusuke Suzuki <[email protected]>
+
[JSC] Temporal.PlainDate should validate input range
https://bugs.webkit.org/show_bug.cgi?id=236936
Modified: trunk/Source/_javascript_Core/interpreter/Interpreter.cpp (290282 => 290283)
--- trunk/Source/_javascript_Core/interpreter/Interpreter.cpp 2022-02-22 02:12:13 UTC (rev 290282)
+++ trunk/Source/_javascript_Core/interpreter/Interpreter.cpp 2022-02-22 02:16:28 UTC (rev 290283)
@@ -611,11 +611,10 @@
}
#endif
- if (!m_callFrame->isWasmFrame() && JSC::isRemoteFunction(m_vm, m_callFrame->jsCallee()) && !m_isTermination) {
+ if (!m_callFrame->isWasmFrame() && JSC::isRemoteFunction(m_vm, m_callFrame->jsCallee()) && !m_isTermination) {
// Continue searching for a handler, but mark that a marshalling function was on the stack so that we can
// translate the exception before jumping to the handler.
const_cast<UnwindFunctor*>(this)->m_seenRemoteFunction = true;
- return StackVisitor::Continue;
}
notifyDebuggerOfUnwinding(m_vm, m_callFrame);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
