Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: e94a54e5f285c566688cb047bb8008efea0665dc
https://github.com/WebKit/WebKit/commit/e94a54e5f285c566688cb047bb8008efea0665dc
Author: Yusuke Suzuki <[email protected]>
Date: 2024-01-09 (Tue, 09 Jan 2024)
Changed paths:
A JSTests/stress/tail-call-callee-frame-polymorphic.js
M LayoutTests/inspector/unit-tests/array-utilities-expected.txt
M LayoutTests/inspector/unit-tests/set-utilities-expected.txt
M Source/JavaScriptCore/bytecode/CodeBlock.cpp
M Source/JavaScriptCore/bytecode/CodeBlock.h
M Source/JavaScriptCore/bytecode/RepatchInlines.h
M Source/JavaScriptCore/interpreter/CallFrame.cpp
M Source/JavaScriptCore/interpreter/CallFrame.h
M Source/JavaScriptCore/interpreter/CallFrameInlines.h
M Source/JavaScriptCore/interpreter/FrameTracers.h
M Source/JavaScriptCore/interpreter/StackVisitor.cpp
M Source/JavaScriptCore/interpreter/StackVisitor.h
M Source/JavaScriptCore/jit/JITOperations.cpp
M Source/JavaScriptCore/jit/JITThunks.h
M Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.cpp
M Source/JavaScriptCore/jit/ThunkGenerators.cpp
M Source/JavaScriptCore/jit/ThunkGenerators.h
M Source/JavaScriptCore/runtime/JSGlobalObject.cpp
M Source/JavaScriptCore/runtime/JSGlobalObject.h
M Source/JavaScriptCore/runtime/VMInlines.h
Log Message:
-----------
[JSC] exception from handleHostCall for tail-call should be handled correctly
https://bugs.webkit.org/show_bug.cgi?id=267249
rdar://120662635
Reviewed by Mark Lam.
272580@main introduced failing in the fast path in polymorphic thunk (calling
operationLinkPolymorphicFromRegularCall etc.).
In this case,
1. We should anyway use the top-most CallFrame* for NativeCallFrameTracer since
it confuses StackVisitor (It assumes vm.topCallFrame is the top-most
CallFrame*).
We use calleeFrame instead of callerFrame.
2. Then, we should make StackVisitor work with CallFrame* which has non-cell
JSCallee (when calling a non-function value). We rename
stackOverflowFrameCallee to
partiallyInitializedFrameCallee and use it. This tells StackVisitor that it
should skip the first frame since it is pre-baked one. Also, make it possible
to throw
exception from this frame since exception catching code assumes that Callee
is some cells.
3. To throw an exception from the current calleeFrame, this patch adds
throwExceptionFromCallGenerator thunk, which throws an exception from the
current frame when
it is called as a normal JS function.
* JSTests/stress/tail-call-callee-frame-polymorphic.js: Added.
* Source/JavaScriptCore/bytecode/RepatchInlines.h:
(JSC::handleHostCall):
* Source/JavaScriptCore/interpreter/CallFrame.h:
* Source/JavaScriptCore/interpreter/CallFrameInlines.h:
(JSC::CallFrame::isHandleHostCallExceptionFrame const):
* Source/JavaScriptCore/interpreter/FrameTracers.h:
(JSC::NativeCallFrameTracerForTailCall::NativeCallFrameTracerForTailCall):
Deleted.
* Source/JavaScriptCore/interpreter/StackVisitor.cpp:
(JSC::StackVisitor::StackVisitor):
* Source/JavaScriptCore/jit/JITOperations.cpp:
(JSC::JSC_DEFINE_JIT_OPERATION):
* Source/JavaScriptCore/jit/JITThunks.h:
* Source/JavaScriptCore/jit/ThunkGenerators.cpp:
(JSC::throwExceptionFromCallGenerator):
(JSC::polymorphicThunkFor):
* Source/JavaScriptCore/jit/ThunkGenerators.h:
* Source/JavaScriptCore/runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::visitChildrenImpl):
* Source/JavaScriptCore/runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::handleHostCallExceptionCallee const):
* Source/JavaScriptCore/runtime/VMInlines.h:
(JSC::VM::topJSCallFrame const):
Canonical link: https://commits.webkit.org/272816@main
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
