Changeset 153612 in webkit


Ignore:
Timestamp:
Aug 1, 2013 2:57:38 PM (11 years ago)
Author:
msaboff@apple.com
Message:

REGRESSION: Crash beneath cti_vm_throw_slowpath due to invalid CallFrame pointer
https://bugs.webkit.org/show_bug.cgi?id=119140

Reviewed by Filip Pizlo.

Ensure that ExceptionHandler is returned by functions in two registers by encoding the value as a 64 bit int.

  • jit/JITExceptions.cpp:

(JSC::encode):

  • jit/JITExceptions.h:
  • jit/JITStubs.cpp:

(JSC::cti_vm_throw_slowpath):

  • jit/JITStubs.h:
Location:
trunk/Source/JavaScriptCore
Files:
5 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ChangeLog

    r153583 r153612  
     12013-08-01  Michael Saboff  <msaboff@apple.com>
     2
     3        REGRESSION: Crash beneath cti_vm_throw_slowpath due to invalid CallFrame pointer
     4        https://bugs.webkit.org/show_bug.cgi?id=119140
     5
     6        Reviewed by Filip Pizlo.
     7
     8        Ensure that ExceptionHandler is returned by functions in two registers by encoding the value as a 64 bit int.
     9
     10        * jit/JITExceptions.cpp:
     11        (JSC::encode):
     12        * jit/JITExceptions.h:
     13        * jit/JITStubs.cpp:
     14        (JSC::cti_vm_throw_slowpath):
     15        * jit/JITStubs.h:
     16
    1172013-08-01  Julien Brianceau  <jbrianceau@nds.com>
    218

  • trunk/Source/JavaScriptCore/jit/JITExceptions.cpp

    r153273 r153612  
    5252}
    5353
     54EncodedExceptionHandler encode(ExceptionHandler handler)
     55{
     56    ExceptionHandlerUnion u;
     57    u.handler = handler;
     58    return u.encodedHandler;
     59}
     60
    5461ExceptionHandler genericThrow(VM* vm, ExecState* callFrame, JSValue exceptionValue, unsigned vPCIndex)
    5562{

  • trunk/Source/JavaScriptCore/jit/JITExceptions.h

    r153222 r153612  
    4545};
    4646
     47// EncodedExceptionHandler is used to convince the compiler to return an ExceptionHander
     48// struct in two registers for 32 bit builds.
     49typedef int64_t EncodedExceptionHandler;
     50
     51union ExceptionHandlerUnion {
     52    ExceptionHandler handler;
     53    EncodedExceptionHandler encodedHandler;
     54};
     55
     56EncodedExceptionHandler encode(ExceptionHandler);
     57
    4758ExceptionHandler genericThrow(VM*, ExecState*, JSValue exceptionValue, unsigned vPCIndex);
    4859

  • trunk/Source/JavaScriptCore/jit/JITStubs.cpp

    r153556 r153612  
    21572157}
    21582158
    2159 ExceptionHandler JIT_STUB cti_vm_throw_slowpath(CallFrame* callFrame)
     2159EncodedExceptionHandler JIT_STUB cti_vm_throw_slowpath(CallFrame* callFrame)
    21602160{
    21612161    VM* vm = callFrame->codeBlock()->vm();
    21622162    vm->topCallFrame = callFrame;
    2163     return jitThrowNew(vm, callFrame, vm->exception);
     2163    return encode(jitThrowNew(vm, callFrame, vm->exception));
    21642164}
    21652165

  • trunk/Source/JavaScriptCore/jit/JITStubs.h

    r153232 r153612  
    417417void JIT_STUB cti_op_put_to_scope(STUB_ARGS_DECLARATION) WTF_INTERNAL;
    418418
    419 ExceptionHandler JIT_STUB cti_vm_throw_slowpath(CallFrame*) REFERENCED_FROM_ASM WTF_INTERNAL;
     419EncodedExceptionHandler JIT_STUB cti_vm_throw_slowpath(CallFrame*) REFERENCED_FROM_ASM WTF_INTERNAL;
    420420} // extern "C"
    421421
Note: See TracChangeset for help on using the changeset viewer.