Changeset 209018 in webkit

Timestamp:

Nov 28, 2016 2:21:29 PM (7 years ago)

Author:

mark.lam@apple.com

Message:

Fix exception scope verification failures in miscellaneous files.
​https://bugs.webkit.org/show_bug.cgi?id=165055

Reviewed by Saam Barati.

• runtime/MathObject.cpp:

(JSC::mathProtoFuncIMul):

• runtime/ModuleLoaderPrototype.cpp:

(JSC::moduleLoaderPrototypeParseModule):
(JSC::moduleLoaderPrototypeRequestedModules):

• runtime/NativeErrorConstructor.cpp:

(JSC::Interpreter::constructWithNativeErrorConstructor):

• runtime/NumberConstructor.cpp:

(JSC::constructWithNumberConstructor):

• runtime/SetConstructor.cpp:

(JSC::constructSet):

• runtime/SetIteratorPrototype.cpp:

(JSC::SetIteratorPrototypeFuncNext):

• runtime/SparseArrayValueMap.cpp:

(JSC::SparseArrayValueMap::putEntry):
(JSC::SparseArrayEntry::put):

• runtime/TemplateRegistry.cpp:

(JSC::TemplateRegistry::getTemplateObject):

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• runtime/MathObject.cpp (modified) (1 diff)
• runtime/ModuleLoaderPrototype.cpp (modified) (2 diffs)
• runtime/NativeErrorConstructor.cpp (modified) (1 diff)
• runtime/NumberConstructor.cpp (modified) (1 diff)
• runtime/SetConstructor.cpp (modified) (1 diff)
• runtime/SetIteratorPrototype.cpp (modified) (2 diffs)
• runtime/SparseArrayValueMap.cpp (modified) (2 diffs)
• runtime/TemplateRegistry.cpp (modified) (2 diffs)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2016-11-26  Mark Lam  <mark.lam@apple.com>
+
+        Fix exception scope verification failures in miscellaneous files.
+        https://bugs.webkit.org/show_bug.cgi?id=165055
+
+        Reviewed by Saam Barati.
+
+        * runtime/MathObject.cpp:
+        (JSC::mathProtoFuncIMul):
+        * runtime/ModuleLoaderPrototype.cpp:
+        (JSC::moduleLoaderPrototypeParseModule):
+        (JSC::moduleLoaderPrototypeRequestedModules):
+        * runtime/NativeErrorConstructor.cpp:
+        (JSC::Interpreter::constructWithNativeErrorConstructor):
+        * runtime/NumberConstructor.cpp:
+        (JSC::constructWithNumberConstructor):
+        * runtime/SetConstructor.cpp:
+        (JSC::constructSet):
+        * runtime/SetIteratorPrototype.cpp:
+        (JSC::SetIteratorPrototypeFuncNext):
+        * runtime/SparseArrayValueMap.cpp:
+        (JSC::SparseArrayValueMap::putEntry):
+        (JSC::SparseArrayEntry::put):
+        * runtime/TemplateRegistry.cpp:
+        (JSC::TemplateRegistry::getTemplateObject):
+
 2016-11-28  Mark Lam  <mark.lam@apple.com>
 

trunk/Source/JavaScriptCore/runtime/MathObject.cpp

@@ -298 +298 @@
     int32_t left = exec->argument(0).toInt32(exec);
     RETURN_IF_EXCEPTION(scope, encodedJSValue());
+    scope.release();
     int32_t right = exec->argument(1).toInt32(exec);
     return JSValue::encode(jsNumber(left * right));

trunk/Source/JavaScriptCore/runtime/ModuleLoaderPrototype.cpp

@@ -134 +134 @@
 
     ModuleAnalyzer moduleAnalyzer(exec, moduleKey, sourceCode, moduleProgramNode->varDeclarations(), moduleProgramNode->lexicalVariables());
+    RETURN_IF_EXCEPTION(scope, encodedJSValue());
     JSModuleRecord* moduleRecord = moduleAnalyzer.analyze(*moduleProgramNode);
 
@@ -144 +145 @@
     auto scope = DECLARE_THROW_SCOPE(vm);
     JSModuleRecord* moduleRecord = jsDynamicCast<JSModuleRecord*>(exec->argument(0));
-    if (!moduleRecord)
+    if (!moduleRecord) {
+        scope.release();
         return JSValue::encode(constructEmptyArray(exec, nullptr));
+    }
 
     JSArray* result = constructEmptyArray(exec, nullptr, moduleRecord->requestedModules().size());
     RETURN_IF_EXCEPTION(scope, encodedJSValue());
     size_t i = 0;
-    for (auto& key : moduleRecord->requestedModules())
+    for (auto& key : moduleRecord->requestedModules()) {
         result->putDirectIndex(exec, i++, jsString(exec, key.get()));
-
+        RETURN_IF_EXCEPTION(scope, encodedJSValue());
+    }
     return JSValue::encode(result);
 }

trunk/Source/JavaScriptCore/runtime/NativeErrorConstructor.cpp

@@ -70 +70 @@
     RETURN_IF_EXCEPTION(scope, encodedJSValue());
     ASSERT(errorStructure);
+    scope.release();
     return JSValue::encode(ErrorInstance::create(exec, errorStructure, message, nullptr, TypeNothing, false));
 }

trunk/Source/JavaScriptCore/runtime/NumberConstructor.cpp

@@ -89 +89 @@
     auto scope = DECLARE_THROW_SCOPE(vm);
     double n = exec->argumentCount() ? exec->uncheckedArgument(0).toNumber(exec) : 0;
+    RETURN_IF_EXCEPTION(scope, encodedJSValue());
     Structure* structure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), exec->lexicalGlobalObject()->numberObjectStructure());
     RETURN_IF_EXCEPTION(scope, encodedJSValue());
 
-    NumberObject* object = NumberObject::create(exec->vm(), structure);
-    object->setInternalValue(exec->vm(), jsNumber(n));
+    NumberObject* object = NumberObject::create(vm, structure);
+    object->setInternalValue(vm, jsNumber(n));
     return JSValue::encode(object);
 }

trunk/Source/JavaScriptCore/runtime/SetConstructor.cpp

@@ -69 +69 @@
         return JSValue::encode(set);
 
-    JSValue adderFunction = set->get(exec, exec->propertyNames().add);
+    JSValue adderFunction = set->get(exec, vm.propertyNames->add);
     RETURN_IF_EXCEPTION(scope, encodedJSValue());
 
     CallData adderFunctionCallData;
     CallType adderFunctionCallType = getCallData(adderFunction, adderFunctionCallData);
-    if (adderFunctionCallType == CallType::None)
+    if (UNLIKELY(adderFunctionCallType == CallType::None))
         return JSValue::encode(throwTypeError(exec, scope));
 
+    scope.release();
     forEachInIterable(exec, iterable, [&](VM&, ExecState* exec, JSValue nextValue) {
         MarkedArgumentBuffer arguments;

trunk/Source/JavaScriptCore/runtime/SetIteratorPrototype.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2013 Apple, Inc. All rights reserved.
+ * Copyright (C) 2013, 2016 Apple, Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -57 +57 @@
         return JSValue::encode(throwTypeError(callFrame, scope, ASCIILiteral("Cannot call SetIterator.next() on a non-SetIterator object")));
 
-    if (iterator->next(callFrame, result))
+    if (iterator->next(callFrame, result)) {
+        scope.release();
         return JSValue::encode(createIteratorResultObject(callFrame, result, false));
+    }
+    scope.release();
     return JSValue::encode(createIteratorResultObject(callFrame, jsUndefined(), true));
 }

trunk/Source/JavaScriptCore/runtime/SparseArrayValueMap.cpp

@@ -106 +106 @@
     }
     
+    scope.release();
     return entry.put(exec, array, this, value, shouldThrow);
 }
@@ -167 +168 @@
     }
 
+    scope.release();
     return callSetter(exec, thisValue, Base::get(), value, shouldThrow ? StrictMode : NotStrictMode);
 }

trunk/Source/JavaScriptCore/runtime/TemplateRegistry.cpp

@@ -60 +60 @@
     for (unsigned index = 0; index < count; ++index) {
         templateObject->putDirectIndex(exec, index, jsString(exec, templateKey.cookedStrings()[index]), ReadOnly | DontDelete, PutDirectIndexLikePutDirect);
+        RETURN_IF_EXCEPTION(scope, nullptr);
         rawObject->putDirectIndex(exec, index, jsString(exec, templateKey.rawStrings()[index]), ReadOnly | DontDelete, PutDirectIndexLikePutDirect);
+        RETURN_IF_EXCEPTION(scope, nullptr);
     }
 
@@ -66 +68 @@
     ASSERT(!scope.exception());
 
-    templateObject->putDirect(vm, exec->propertyNames().raw, rawObject, ReadOnly | DontEnum | DontDelete);
+    templateObject->putDirect(vm, vm.propertyNames->raw, rawObject, ReadOnly | DontEnum | DontDelete);
 
     // Template JSArray hold the reference to JSTemplateRegistryKey to make TemplateRegistryKey pointer live until this JSArray is collected.