Changeset 163595 in webkit

Timestamp:

Feb 6, 2014 6:03:26 PM (10 years ago)

Author:

msaboff@apple.com

Message:

Workaround REGRESSION(r163195-r163227): Crash beneath NSErrorUserInfoFromJSException when installing AppleInternal.mpkg
​https://bugs.webkit.org/show_bug.cgi?id=128347

Reviewed by Geoffrey Garen.

Added a flag to VM class called m_ignoreStackLimit that disables stack limit checks.
We set this flag in JSContextGroupCreate() and JSGlobalContextCreateInGroup().

Disabled stack overflow tests in testapi.js since it uses these paths.

THis patch will be reverted as part of a comprehensive solution to the problem.

• API/JSContextRef.cpp:

(JSContextGroupCreate):
(JSGlobalContextCreateInGroup):

• API/tests/testapi.js:
• runtime/VM.cpp:

(JSC::VM::VM):
(JSC::VM::updateStackLimitWithReservedZoneSize):

• runtime/VM.h:

(JSC::VM::ignoreStackLimit):

Location:

trunk/Source/JavaScriptCore

Files:

• API/JSContextRef.cpp (modified) (2 diffs)
• API/tests/testapi.js (modified) (2 diffs)
• ChangeLog (modified) (1 diff)
• runtime/VM.cpp (modified) (2 diffs)
• runtime/VM.h (modified) (2 diffs)

trunk/Source/JavaScriptCore/API/JSContextRef.cpp

@@ -58 +58 @@
 {
     initializeThreading();
-    return toRef(VM::createContextGroup().leakRef());
+    VM* vm = VM::createContextGroup().leakRef();
+    vm->ignoreStackLimit();
+    return toRef(vm);
 }
 
@@ -130 +132 @@
     initializeThreading();
 
-    RefPtr<VM> vm = group ? PassRefPtr<VM>(toJS(group)) : VM::createContextGroup();
+    RefPtr<VM> vm;
+    if (group)
+        vm = PassRefPtr<VM>(toJS(group));
+    else {
+        vm = VM::createContextGroup();
+        vm->ignoreStackLimit();
+    }
 
     APIEntryShim entryShim(vm.get(), false);

trunk/Source/JavaScriptCore/API/tests/testapi.js

@@ -243 +243 @@
 
 shouldBe("undefined instanceof MyObject", false);
+/*
 EvilExceptionObject.hasInstance = function f() { return f(); };
 EvilExceptionObject.__proto__ = undefined;
@@ -253 +254 @@
 EvilExceptionObject.toStringExplicit = function f() { return f(); }
 shouldThrow("String(EvilExceptionObject)");
+ */
 
 shouldBe("EmptyObject", "[object CallbackObject]");

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2014-02-06  Michael Saboff  <msaboff@apple.com>
+
+        Workaround REGRESSION(r163195-r163227): Crash beneath NSErrorUserInfoFromJSException when installing AppleInternal.mpkg
+        https://bugs.webkit.org/show_bug.cgi?id=128347
+
+        Reviewed by Geoffrey Garen.
+
+        Added a flag to VM class called m_ignoreStackLimit that disables stack limit checks.
+        We set this flag in JSContextGroupCreate() and JSGlobalContextCreateInGroup().
+
+        Disabled stack overflow tests in testapi.js since it uses these paths.
+
+        THis patch will be reverted as part of a comprehensive solution to the problem.
+
+        * API/JSContextRef.cpp:
+        (JSContextGroupCreate):
+        (JSGlobalContextCreateInGroup):
+        * API/tests/testapi.js:
+        * runtime/VM.cpp:
+        (JSC::VM::VM):
+        (JSC::VM::updateStackLimitWithReservedZoneSize):
+        * runtime/VM.h:
+        (JSC::VM::ignoreStackLimit):
+
 2014-02-06  Mark Hahnenberg  <mhahnenberg@apple.com>
 

trunk/Source/JavaScriptCore/runtime/VM.cpp

@@ -220 +220 @@
     , m_initializingObjectClass(0)
 #endif
+    , m_ignoreStackLimit(false)
     , m_stackLimit(0)
 #if ENABLE(LLINT_C_LOOP)
@@ -739 +740 @@
 size_t VM::updateStackLimitWithReservedZoneSize(size_t reservedZoneSize)
 {
+    if (m_ignoreStackLimit) {
+        setStackLimit(0);
+        return 0;
+    }
+
     size_t oldReservedZoneSize = m_reservedZoneSize;
     m_reservedZoneSize = reservedZoneSize;

trunk/Source/JavaScriptCore/runtime/VM.h

@@ -388 +388 @@
         void* stackLimit() { return m_stackLimit; }
 
+        void ignoreStackLimit() { m_ignoreStackLimit = true; }
+
         bool isSafeToRecurse(size_t neededStackInBytes = 0) const
         {
@@ -522 +524 @@
         const ClassInfo* m_initializingObjectClass;
 #endif
+        bool m_ignoreStackLimit;
         size_t m_reservedZoneSize;
 #if ENABLE(LLINT_C_LOOP)