[webkit-changes] [WebKit/WebKit] 5faa0d: Trace trap in JIT-compiled code.

EWS Tue, 01 Nov 2022 13:49:13 -0700

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 5faa0d3ac693ecf9ebf58e6441449e16257c3489
      
https://github.com/WebKit/WebKit/commit/5faa0d3ac693ecf9ebf58e6441449e16257c3489
  Author: David Degazio <[email protected]>
  Date:   2022-11-01 (Tue, 01 Nov 2022)


  Changed paths:
    A JSTests/stress/array-push-stack-overflow-exception-check.js
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp

  Log Message:
  -----------
  Trace trap in JIT-compiled code.
https://bugs.webkit.org/show_bug.cgi?id=246942
rdar://101496803

Reviewed by Yusuke Suzuki.

Adds an exception check to calling the array push slow path in DFG. Without 
this check, it was possible for an exception to be thrown but not handled, 
causing
release assertion failures in some subsequent DFG nodes.

* JSTests/stress/array-push-stack-overflow-exception-check.js: Added.
(main.catch.v22):
(main.v9):
(main.v2):
(main):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:

Canonical link: https://commits.webkit.org/256197@main


_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [WebKit/WebKit] 5faa0d: Trace trap in JIT-compiled code.

Reply via email to