Changeset 209030 in webkit

Timestamp:

Nov 28, 2016 3:23:40 PM (7 years ago)

Author:

mark.lam@apple.com

Message:

Fix exception scope verification failures in runtime/Operations.cpp/h.
​https://bugs.webkit.org/show_bug.cgi?id=165046

Reviewed by Saam Barati.

Also switched to using returning { } instead of JSValue().

• runtime/Operations.cpp:

(JSC::jsAddSlowCase):
(JSC::jsIsObjectTypeOrNull):

• runtime/Operations.h:

(JSC::jsStringFromRegisterArray):
(JSC::jsStringFromArguments):
(JSC::jsLess):
(JSC::jsLessEq):

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• runtime/Operations.cpp (modified) (3 diffs)
• runtime/Operations.h (modified) (6 diffs)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2016-11-28  Mark Lam  <mark.lam@apple.com>
+
+        Fix exception scope verification failures in runtime/Operations.cpp/h.
+        https://bugs.webkit.org/show_bug.cgi?id=165046
+
+        Reviewed by Saam Barati.
+
+        Also switched to using returning { } instead of JSValue().
+
+        * runtime/Operations.cpp:
+        (JSC::jsAddSlowCase):
+        (JSC::jsIsObjectTypeOrNull):
+        * runtime/Operations.h:
+        (JSC::jsStringFromRegisterArray):
+        (JSC::jsStringFromArguments):
+        (JSC::jsLess):
+        (JSC::jsLessEq):
+
 2016-11-28  Mark Lam  <mark.lam@apple.com>
 

trunk/Source/JavaScriptCore/runtime/Operations.cpp

@@ -47 +47 @@
     auto scope = DECLARE_THROW_SCOPE(vm);
     JSValue p1 = v1.toPrimitive(callFrame);
-    RETURN_IF_EXCEPTION(scope, JSValue());
+    RETURN_IF_EXCEPTION(scope, { });
     JSValue p2 = v2.toPrimitive(callFrame);
-    RETURN_IF_EXCEPTION(scope, JSValue());
+    RETURN_IF_EXCEPTION(scope, { });
 
-    if (p1.isString())
-        return jsString(callFrame, asString(p1), p2.toString(callFrame));
+    if (p1.isString()) {
+        JSString* p2String = p2.toString(callFrame);
+        RETURN_IF_EXCEPTION(scope, { });
+        scope.release();
+        return jsString(callFrame, asString(p1), p2String);
+    }
 
-    if (p2.isString())
-        return jsString(callFrame, p1.toString(callFrame), asString(p2));
+    if (p2.isString()) {
+        JSString* p1String = p1.toString(callFrame);
+        RETURN_IF_EXCEPTION(scope, { });
+        scope.release();
+        return jsString(callFrame, p1String, asString(p2));
+    }
 
-    return jsNumber(p1.toNumber(callFrame) + p2.toNumber(callFrame));
+    double p1Number = p1.toNumber(callFrame);
+    RETURN_IF_EXCEPTION(scope, { });
+    scope.release();
+    return jsNumber(p1Number + p2.toNumber(callFrame));
 }
 
@@ -97 +108 @@
 bool jsIsObjectTypeOrNull(CallFrame* callFrame, JSValue v)
 {
+    VM& vm = callFrame->vm();
     if (!v.isCell())
         return v.isNull();
@@ -104 +116 @@
         return false;
     if (type >= ObjectType) {
-        if (asObject(v)->structure(callFrame->vm())->masqueradesAsUndefined(callFrame->lexicalGlobalObject()))
+        if (asObject(v)->structure(vm)->masqueradesAsUndefined(callFrame->lexicalGlobalObject()))
             return false;
         CallData callData;
         JSObject* object = asObject(v);
-        if (object->methodTable(callFrame->vm())->getCallData(object, callData) != CallType::None)
+        if (object->methodTable(vm)->getCallData(object, callData) != CallType::None)
             return false;
     }

trunk/Source/JavaScriptCore/runtime/Operations.h

@@ -127 +127 @@
     for (unsigned i = 0; i < count; ++i) {
         JSValue v = strings[-static_cast<int>(i)].jsValue();
-        if (!ropeBuilder.append(v.toString(exec)))
+        JSString* string = v.toString(exec);
+        RETURN_IF_EXCEPTION(scope, { });
+        if (!ropeBuilder.append(string))
             return throwOutOfMemoryError(exec, scope);
     }
@@ -139 +141 @@
     auto scope = DECLARE_THROW_SCOPE(*vm);
     JSRopeString::RopeBuilder ropeBuilder(*vm);
-    ropeBuilder.append(thisValue.toString(exec));
+    JSString* str = thisValue.toString(exec);
+    RETURN_IF_EXCEPTION(scope, { });
+    ropeBuilder.append(str);
 
     for (unsigned i = 0; i < exec->argumentCount(); ++i) {
         JSValue v = exec->argument(i);
-        if (!ropeBuilder.append(v.toString(exec)))
+        JSString* str = v.toString(exec);
+        RETURN_IF_EXCEPTION(scope, { });
+        if (UNLIKELY(!ropeBuilder.append(str)))
             return throwOutOfMemoryError(exec, scope);
     }
@@ -156 +162 @@
 ALWAYS_INLINE bool jsLess(CallFrame* callFrame, JSValue v1, JSValue v2)
 {
+    VM& vm = callFrame->vm();
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
     if (v1.isInt32() && v2.isInt32())
         return v1.asInt32() < v2.asInt32();
@@ -173 +182 @@
     if (leftFirst) {
         wasNotString1 = v1.getPrimitiveNumber(callFrame, n1, p1);
+        RETURN_IF_EXCEPTION(scope, false);
         wasNotString2 = v2.getPrimitiveNumber(callFrame, n2, p2);
     } else {
         wasNotString2 = v2.getPrimitiveNumber(callFrame, n2, p2);
-        wasNotString1 = v1.getPrimitiveNumber(callFrame, n1, p1);
-    }
+        RETURN_IF_EXCEPTION(scope, false);
+        wasNotString1 = v1.getPrimitiveNumber(callFrame, n1, p1);
+    }
+    RETURN_IF_EXCEPTION(scope, false);
 
     if (wasNotString1 | wasNotString2)
@@ -190 +202 @@
 ALWAYS_INLINE bool jsLessEq(CallFrame* callFrame, JSValue v1, JSValue v2)
 {
+    VM& vm = callFrame->vm();
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
     if (v1.isInt32() && v2.isInt32())
         return v1.asInt32() <= v2.asInt32();
@@ -207 +222 @@
     if (leftFirst) {
         wasNotString1 = v1.getPrimitiveNumber(callFrame, n1, p1);
+        RETURN_IF_EXCEPTION(scope, false);
         wasNotString2 = v2.getPrimitiveNumber(callFrame, n2, p2);
     } else {
         wasNotString2 = v2.getPrimitiveNumber(callFrame, n2, p2);
-        wasNotString1 = v1.getPrimitiveNumber(callFrame, n1, p1);
-    }
+        RETURN_IF_EXCEPTION(scope, false);
+        wasNotString1 = v1.getPrimitiveNumber(callFrame, n1, p1);
+    }
+    RETURN_IF_EXCEPTION(scope, false);
 
     if (wasNotString1 | wasNotString2)