Changeset 209022 in webkit
- Timestamp:
- Nov 28, 2016 2:35:39 PM (7 years ago)
- Location:
- trunk/Source/JavaScriptCore
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/ChangeLog
r209020 r209022 1 2016-11-28 Mark Lam <mark.lam@apple.com> 2 3 Fix exception scope verification failures in runtime/String* files. 4 https://bugs.webkit.org/show_bug.cgi?id=165067 5 6 Reviewed by Saam Barati. 7 8 * runtime/StringConstructor.cpp: 9 (JSC::stringFromCodePoint): 10 (JSC::constructWithStringConstructor): 11 * runtime/StringObject.cpp: 12 (JSC::StringObject::put): 13 (JSC::StringObject::putByIndex): 14 (JSC::StringObject::defineOwnProperty): 15 * runtime/StringPrototype.cpp: 16 (JSC::jsSpliceSubstrings): 17 (JSC::jsSpliceSubstringsWithSeparators): 18 (JSC::replaceUsingRegExpSearch): 19 (JSC::replaceUsingStringSearch): 20 (JSC::repeatCharacter): 21 (JSC::replace): 22 (JSC::stringProtoFuncReplaceUsingStringSearch): 23 (JSC::stringProtoFuncCharAt): 24 (JSC::stringProtoFuncCodePointAt): 25 (JSC::stringProtoFuncConcat): 26 (JSC::stringProtoFuncIndexOf): 27 (JSC::stringProtoFuncLastIndexOf): 28 (JSC::splitStringByOneCharacterImpl): 29 (JSC::stringProtoFuncSplitFast): 30 (JSC::stringProtoFuncSubstring): 31 (JSC::stringProtoFuncToLowerCase): 32 (JSC::stringProtoFuncToUpperCase): 33 (JSC::toLocaleCase): 34 (JSC::trimString): 35 (JSC::stringProtoFuncIncludes): 36 (JSC::builtinStringIncludesInternal): 37 (JSC::stringProtoFuncIterator): 38 (JSC::normalize): 39 (JSC::stringProtoFuncNormalize): 40 1 41 2016-11-28 Mark Lam <mark.lam@apple.com> 2 42 -
trunk/Source/JavaScriptCore/runtime/StringConstructor.cpp
r208063 r209022 115 115 } 116 116 117 scope.release(); 117 118 return JSValue::encode(jsString(exec, builder.toString())); 118 119 } … … 129 130 if (!exec->argumentCount()) 130 131 return JSValue::encode(StringObject::create(vm, structure)); 131 return JSValue::encode(StringObject::create(vm, structure, exec->uncheckedArgument(0).toString(exec))); 132 JSString* str = exec->uncheckedArgument(0).toString(exec); 133 RETURN_IF_EXCEPTION(scope, encodedJSValue()); 134 return JSValue::encode(StringObject::create(vm, structure, str)); 132 135 } 133 136 -
trunk/Source/JavaScriptCore/runtime/StringObject.cpp
r208985 r209022 68 68 StringObject* thisObject = jsCast<StringObject*>(cell); 69 69 70 if (UNLIKELY(isThisValueAltered(slot, thisObject))) 70 if (UNLIKELY(isThisValueAltered(slot, thisObject))) { 71 scope.release(); 71 72 return ordinarySetSlow(exec, thisObject, propertyName, value, slot.thisValue(), slot.isStrictMode()); 73 } 72 74 73 75 if (propertyName == vm.propertyNames->length) 74 76 return typeError(exec, scope, slot.isStrictMode(), ASCIILiteral(ReadonlyPropertyWriteError)); 75 if (std::optional<uint32_t> index = parseIndex(propertyName)) 77 if (std::optional<uint32_t> index = parseIndex(propertyName)) { 78 scope.release(); 76 79 return putByIndex(cell, exec, index.value(), value, slot.isStrictMode()); 80 } 81 scope.release(); 77 82 return JSObject::put(cell, exec, propertyName, value, slot); 78 83 } … … 86 91 if (thisObject->internalValue()->canGetIndex(propertyName)) 87 92 return typeError(exec, scope, shouldThrow, ASCIILiteral(ReadonlyPropertyWriteError)); 93 scope.release(); 88 94 return JSObject::putByIndex(cell, exec, propertyName, value, shouldThrow); 89 95 } … … 117 123 bool isExtensible = thisObject->isExtensible(exec); 118 124 RETURN_IF_EXCEPTION(scope, false); 125 scope.release(); 119 126 return validateAndApplyPropertyDescriptor(exec, nullptr, propertyName, isExtensible, descriptor, isCurrentDefined, current, throwException); 120 127 } 121 128 129 scope.release(); 122 130 return Base::defineOwnProperty(object, exec, propertyName, descriptor, throwException); 123 131 } -
trunk/Source/JavaScriptCore/runtime/StringPrototype.cpp
r208767 r209022 298 298 return sourceVal; 299 299 // We could call String::substringSharingImpl(), but this would result in redundant checks. 300 scope.release(); 300 301 return jsString(exec, StringImpl::createSubstringSharingImpl(*source.impl(), std::max(0, position), std::min(sourceSize, length))); 301 302 } … … 323 324 } 324 325 326 scope.release(); 325 327 return jsString(exec, WTFMove(impl)); 326 328 } … … 341 343 } 342 344 345 scope.release(); 343 346 return jsString(exec, WTFMove(impl)); 344 347 } … … 356 359 return sourceVal; 357 360 // We could call String::substringSharingImpl(), but this would result in redundant checks. 361 scope.release(); 358 362 return jsString(exec, StringImpl::createSubstringSharingImpl(*source.impl(), std::max(0, position), std::min(sourceSize, length))); 359 363 } … … 399 403 } 400 404 405 scope.release(); 401 406 return jsString(exec, WTFMove(impl)); 402 407 } … … 430 435 } 431 436 437 scope.release(); 432 438 return jsString(exec, WTFMove(impl)); 433 439 } … … 628 634 args.append(string); 629 635 630 JSValue value= call(exec, replaceValue, callType, callData, jsUndefined(), args);636 JSValue replacement = call(exec, replaceValue, callType, callData, jsUndefined(), args); 631 637 RETURN_IF_EXCEPTION(scope, encodedJSValue()); 632 replacements.append(value.toString(exec)->value(exec)); 638 String replacementString = replacement.toString(exec)->value(exec); 639 RETURN_IF_EXCEPTION(scope, encodedJSValue()); 640 replacements.append(replacementString); 633 641 RETURN_IF_EXCEPTION(scope, encodedJSValue()); 634 642 } else { … … 664 672 OUT_OF_MEMORY(exec, scope); 665 673 } 674 scope.release(); 666 675 return JSValue::encode(jsSpliceSubstringsWithSeparators(exec, string, source, sourceRanges.data(), sourceRanges.size(), replacements.data(), replacements.size())); 667 676 } … … 755 764 size_t leftLength = stringImpl->length() - matchEnd; 756 765 String rightPart(StringImpl::createSubstringSharingImpl(*stringImpl, matchEnd, leftLength)); 766 scope.release(); 757 767 return JSValue::encode(JSC::jsString(exec, leftPart, middlePart, rightPart)); 758 768 } … … 787 797 std::fill_n(buffer, repeatCount, character); 788 798 799 scope.release(); 789 800 return jsString(&exec, WTFMove(impl)); 790 801 } … … 840 851 JSString* string = thisValue.toString(exec); 841 852 RETURN_IF_EXCEPTION(scope, encodedJSValue()); 853 scope.release(); 842 854 return replace(vm, exec, string, searchValue, replaceValue); 843 855 } … … 867 879 RETURN_IF_EXCEPTION(scope, encodedJSValue()); 868 880 881 scope.release(); 869 882 return replaceUsingStringSearch(vm, exec, string, exec->argument(0), exec->argument(1)); 870 883 } … … 910 923 RETURN_IF_EXCEPTION(scope, encodedJSValue()); 911 924 StringView view = viewWithString.view; 925 RETURN_IF_EXCEPTION(scope, encodedJSValue()); 912 926 JSValue a0 = exec->argument(0); 913 927 if (a0.isUInt32()) { … … 967 981 968 982 String string = thisValue.toWTFString(exec); 983 RETURN_IF_EXCEPTION(scope, encodedJSValue()); 969 984 unsigned length = string.length(); 970 985 … … 980 995 981 996 double doublePosition = argument0.toInteger(exec); 997 RETURN_IF_EXCEPTION(scope, encodedJSValue()); 982 998 if (doublePosition >= 0 && doublePosition < length) 983 999 return JSValue::encode(jsNumber(codePointAt(string, static_cast<unsigned>(doublePosition), length))); … … 991 1007 992 1008 JSValue thisValue = exec->thisValue(); 993 if (thisValue.isString() && exec->argumentCount() == 1) 994 return JSValue::encode(jsString(exec, asString(thisValue), exec->uncheckedArgument(0).toString(exec))); 995 996 if (!checkObjectCoercible(thisValue)) 997 return throwVMTypeError(exec, scope); 1009 if (thisValue.isString() && exec->argumentCount() == 1) { 1010 JSString* str = exec->uncheckedArgument(0).toString(exec); 1011 RETURN_IF_EXCEPTION(scope, encodedJSValue()); 1012 scope.release(); 1013 return JSValue::encode(jsString(exec, asString(thisValue), str)); 1014 } 1015 1016 if (!checkObjectCoercible(thisValue)) 1017 return throwVMTypeError(exec, scope); 1018 scope.release(); 998 1019 return JSValue::encode(jsStringFromArguments(exec, thisValue)); 999 1020 } … … 1012 1033 1013 1034 JSString* thisJSString = thisValue.toString(exec); 1035 RETURN_IF_EXCEPTION(scope, encodedJSValue()); 1014 1036 JSString* otherJSString = a0.toString(exec); 1037 RETURN_IF_EXCEPTION(scope, encodedJSValue()); 1015 1038 1016 1039 unsigned pos = 0; … … 1056 1079 1057 1080 JSString* thisJSString = thisValue.toString(exec); 1081 RETURN_IF_EXCEPTION(scope, encodedJSValue()); 1058 1082 unsigned len = thisJSString->length(); 1059 1083 JSString* otherJSString = a0.toString(exec); 1084 RETURN_IF_EXCEPTION(scope, encodedJSValue()); 1060 1085 1061 1086 double dpos = a1.toIntegerPreserveNaN(exec); … … 1120 1145 static ALWAYS_INLINE bool splitStringByOneCharacterImpl(ExecState* exec, JSArray* result, JSValue originalValue, const String& input, StringImpl* string, UChar separatorCharacter, size_t& position, unsigned& resultLength, unsigned limitLength) 1121 1146 { 1147 VM& vm = exec->vm(); 1148 auto scope = DECLARE_THROW_SCOPE(vm); 1149 1122 1150 // 12. Let q = p. 1123 1151 size_t matchPosition; … … 1133 1161 // Property Descriptor {[[Value]]: T, [[Writable]]: true, [[Enumerable]]: true, [[Configurable]]: true}, and false. 1134 1162 result->putDirectIndex(exec, resultLength, jsSubstring(exec, originalValue, input, position, matchPosition - position)); 1163 RETURN_IF_EXCEPTION(scope, false); 1135 1164 // 3. Increment lengthA by 1. 1136 1165 // 4. If lengthA == lim, return A. … … 1187 1216 if (separatorValue.isUndefined()) { 1188 1217 // a. Call the [[DefineOwnProperty]] internal method of A with arguments "0", 1218 scope.release(); 1189 1219 result->putDirectIndex(exec, 0, jsStringWithReuse(exec, thisValue, input)); 1190 1220 // b. Return A. … … 1198 1228 // c. Call CreateDataProperty(A, "0", S). 1199 1229 // d. Return A. 1200 if (!separator.isEmpty()) 1230 if (!separator.isEmpty()) { 1231 scope.release(); 1201 1232 result->putDirectIndex(exec, 0, jsStringWithReuse(exec, thisValue, input)); 1233 } 1202 1234 return JSValue::encode(result); 1203 1235 } … … 1211 1243 do { 1212 1244 result->putDirectIndex(exec, position, jsSingleCharacterString(exec, input[position])); 1245 RETURN_IF_EXCEPTION(scope, encodedJSValue()); 1213 1246 } while (++position < limit); 1214 1247 … … 1232 1265 1233 1266 if (stringImpl->is8Bit()) { 1234 if (splitStringByOneCharacterImpl<LChar>(exec, result, thisValue, input, stringImpl, separatorCharacter, position, resultLength, limit)) 1267 if (splitStringByOneCharacterImpl<LChar>(exec, result, thisValue, input, stringImpl, separatorCharacter, position, resultLength, limit)) { 1268 scope.release(); 1235 1269 return JSValue::encode(result); 1270 } 1236 1271 } else { 1237 if (splitStringByOneCharacterImpl<UChar>(exec, result, thisValue, input, stringImpl, separatorCharacter, position, resultLength, limit)) 1272 if (splitStringByOneCharacterImpl<UChar>(exec, result, thisValue, input, stringImpl, separatorCharacter, position, resultLength, limit)) { 1273 scope.release(); 1238 1274 return JSValue::encode(result); 1275 } 1239 1276 } 1277 RETURN_IF_EXCEPTION(scope, encodedJSValue()); 1240 1278 } else { 1241 1279 // 13. Let q = p. … … 1250 1288 // 2. Call CreateDataProperty(A, ToString(lengthA), T). 1251 1289 result->putDirectIndex(exec, resultLength, jsSubstring(exec, thisValue, input, position, matchPosition - position)); 1290 RETURN_IF_EXCEPTION(scope, encodedJSValue()); 1252 1291 // 3. Increment lengthA by 1. 1253 1292 // 4. If lengthA == lim, return A. … … 1264 1303 // through s (exclusive). 1265 1304 // 16. Call CreateDataProperty(A, ToString(lengthA), T). 1305 scope.release(); 1266 1306 result->putDirectIndex(exec, resultLength++, jsSubstring(exec, thisValue, input, position, input.length() - position)); 1267 1307 … … 1346 1386 1347 1387 double start = a0.toNumber(exec); 1388 RETURN_IF_EXCEPTION(scope, encodedJSValue()); 1348 1389 double end; 1349 1390 if (!(start >= 0)) // check for negative values or NaN … … 1355 1396 else { 1356 1397 end = a1.toNumber(exec); 1398 RETURN_IF_EXCEPTION(scope, encodedJSValue()); 1357 1399 if (!(end >= 0)) // check for negative values or NaN 1358 1400 end = 0; … … 1379 1421 return throwVMTypeError(exec, scope); 1380 1422 JSString* sVal = thisValue.toString(exec); 1423 RETURN_IF_EXCEPTION(scope, encodedJSValue()); 1381 1424 const String& s = sVal->value(exec); 1382 1425 String lowercasedString = s.convertToLowercaseWithoutLocale(); 1383 1426 if (lowercasedString.impl() == s.impl()) 1384 1427 return JSValue::encode(sVal); 1428 scope.release(); 1385 1429 return JSValue::encode(jsString(exec, lowercasedString)); 1386 1430 } … … 1395 1439 return throwVMTypeError(exec, scope); 1396 1440 JSString* sVal = thisValue.toString(exec); 1441 RETURN_IF_EXCEPTION(scope, encodedJSValue()); 1397 1442 const String& s = sVal->value(exec); 1398 1443 String uppercasedString = s.convertToUppercaseWithoutLocale(); 1399 1444 if (uppercasedString.impl() == s.impl()) 1400 1445 return JSValue::encode(sVal); 1446 scope.release(); 1401 1447 return JSValue::encode(jsString(exec, uppercasedString)); 1402 1448 } … … 1432 1478 // 2. Let S be ToString(O). 1433 1479 JSString* sVal = thisValue.toString(state); 1480 RETURN_IF_EXCEPTION(scope, encodedJSValue()); 1434 1481 const String& s = sVal->value(state); 1435 1482 … … 1500 1547 1501 1548 // 18. Return L. 1549 scope.release(); 1502 1550 return JSValue::encode(jsString(state, lower)); 1503 1551 } … … 1794 1842 return throwTypeError(exec, scope); 1795 1843 String str = thisValue.toString(exec)->value(exec); 1796 RETURN_IF_EXCEPTION(scope, JSValue());1844 RETURN_IF_EXCEPTION(scope, { }); 1797 1845 1798 1846 unsigned left = 0; … … 1811 1859 return thisValue; 1812 1860 1861 scope.release(); 1813 1862 return jsString(exec, str.substringSharingImpl(left, right - left)); 1814 1863 } … … 1948 1997 JSValue positionArg = exec->argument(1); 1949 1998 1999 scope.release(); 1950 2000 return stringIncludesImpl(vm, exec, stringToSearchIn, searchString, positionArg); 1951 2001 } … … 1968 2018 JSValue positionArg = exec->argument(1); 1969 2019 2020 scope.release(); 1970 2021 return stringIncludesImpl(vm, exec, stringToSearchIn, searchString, positionArg); 1971 2022 } … … 1980 2031 return throwVMTypeError(exec, scope); 1981 2032 JSString* string = thisValue.toString(exec); 2033 RETURN_IF_EXCEPTION(scope, encodedJSValue()); 1982 2034 return JSValue::encode(JSStringIterator::create(exec, exec->callee()->globalObject()->stringIteratorStructure(), string)); 1983 2035 } … … 2007 2059 return throwTypeError(exec, scope); 2008 2060 2061 scope.release(); 2009 2062 return jsString(exec, WTFMove(impl)); 2010 2063 } … … 2040 2093 } 2041 2094 2095 scope.release(); 2042 2096 return JSValue::encode(normalize(exec, view.upconvertedCharacters(), view.length(), form)); 2043 2097 }
Note: See TracChangeset
for help on using the changeset viewer.