Changeset 206643 in webkit


Ignore:
Timestamp:
Sep 30, 2016 11:15:38 AM (8 years ago)
Author:
mark.lam@apple.com
Message:

Use topVMEntryFrame to determine whether to skip the re-throw of a simulated throw.
https://bugs.webkit.org/show_bug.cgi?id=162793

Reviewed by Saam Barati.

Change the ThrowScope destructor to use topVMEntryFrame (instead of topCallFrame)
in the determination of whether to skip the re-throw of a simulated throw. This
is needed because the topCallFrame is not updated in operationConstructArityCheck()
(and does not need to be), whereas topVMEntryFrame is always updated properly.
Hence, we should just switch to using the more reliable topVMEntryFrame instead.

This issue was discovered by existing JSC tests when exception check validation
is enabled.

  • runtime/ThrowScope.cpp:

(JSC::ThrowScope::~ThrowScope):

Location:
trunk/Source/JavaScriptCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ChangeLog

    r206642 r206643  
     12016-09-30  Mark Lam  <mark.lam@apple.com>
     2
     3        Use topVMEntryFrame to determine whether to skip the re-throw of a simulated throw.
     4        https://bugs.webkit.org/show_bug.cgi?id=162793
     5
     6        Reviewed by Saam Barati.
     7
     8        Change the ThrowScope destructor to use topVMEntryFrame (instead of topCallFrame)
     9        in the determination of whether to skip the re-throw of a simulated throw.  This
     10        is needed because the topCallFrame is not updated in operationConstructArityCheck()
     11        (and does not need to be), whereas topVMEntryFrame is always updated properly.
     12        Hence, we should just switch to using the more reliable topVMEntryFrame instead.
     13
     14        This issue was discovered by existing JSC tests when exception check validation
     15        is enabled.
     16
     17        * runtime/ThrowScope.cpp:
     18        (JSC::ThrowScope::~ThrowScope):
     19
    1202016-09-30  Filip Pizlo  <fpizlo@apple.com>
    221

  • trunk/Source/JavaScriptCore/runtime/ThrowScope.cpp

    r205569 r206643  
    5858    bool willBeHandleByLLIntOrJIT = false;
    5959    void* previousScope = m_previousScope;
    60     void* topCallFrame = m_vm.topCallFrame;
    61    
    62     // If the topCallFrame was pushed on the stack after the previousScope was instantiated,
     60    void* topVMEntryFrame = m_vm.topVMEntryFrame;
     61
     62    // If the topVMEntryFrame was pushed on the stack after the previousScope was instantiated,
    6363    // then this throwScope will be returning to LLINT or JIT code that always do an exception
    6464    // check. In that case, skip the simulated throw because the LLInt and JIT will be
    6565    // checking for the exception their own way instead of calling ThrowScope::exception().
    66     if (topCallFrame && previousScope > topCallFrame)
     66    if (topVMEntryFrame && previousScope > topVMEntryFrame)
    6767        willBeHandleByLLIntOrJIT = true;
    6868   
Note: See TracChangeset for help on using the changeset viewer.