Changeset 222617 in webkit


Ignore:
Timestamp:
Sep 28, 2017 11:09:09 AM (7 years ago)
Author:
mark.lam@apple.com
Message:

Add missing exception checks and book-keeping for exception check validation.
https://bugs.webkit.org/show_bug.cgi?id=177609
<rdar://problem/34717972>

Reviewed by Keith Miller.

This resolves exception check validation failures when running test262 tests and
a few other tests.

  • API/APIUtils.h:

(handleExceptionIfNeeded):

  • API/JSObjectRef.cpp:

(JSObjectMakeFunction):
(JSObjectMakeArray):
(JSObjectMakeDate):
(JSObjectMakeError):
(JSObjectMakeRegExp):
(JSObjectSetPrototype):
(JSObjectGetProperty):
(JSObjectSetProperty):
(JSObjectGetPropertyAtIndex):
(JSObjectSetPropertyAtIndex):
(JSObjectDeleteProperty):
(JSObjectCallAsFunction):
(JSObjectCallAsConstructor):

  • API/JSTypedArray.cpp:

(JSObjectMakeTypedArray):
(JSObjectMakeTypedArrayWithBytesNoCopy):
(JSObjectMakeTypedArrayWithArrayBuffer):
(JSObjectMakeTypedArrayWithArrayBufferAndOffset):
(JSObjectMakeArrayBufferWithBytesNoCopy):

  • API/JSValueRef.cpp:

(JSValueIsEqual):
(JSValueIsInstanceOfConstructor):
(JSValueCreateJSONString):
(JSValueToNumber):
(JSValueToStringCopy):
(JSValueToObject):

  • interpreter/Interpreter.cpp:

(JSC::Interpreter::executeProgram):

  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

  • runtime/ArrayPrototype.cpp:

(JSC::arrayProtoFuncIndexOf):
(JSC::arrayProtoFuncLastIndexOf):

  • runtime/DatePrototype.cpp:

(JSC::fillStructuresUsingTimeArgs):
(JSC::setNewValueFromDateArgs):
(JSC::dateProtoFuncSetYear):

  • runtime/JSGenericTypedArrayViewConstructorInlines.h:

(JSC::constructGenericTypedArrayViewWithArguments):

  • runtime/JSModuleEnvironment.cpp:

(JSC::JSModuleEnvironment::put):

  • runtime/ProgramExecutable.cpp:

(JSC::ProgramExecutable::initializeGlobalProperties):

  • runtime/ProxyObject.cpp:

(JSC::ProxyObject::toStringName):

  • runtime/StringPrototype.cpp:

(JSC::stringProtoFuncCharAt):
(JSC::stringProtoFuncCharCodeAt):
(JSC::stringProtoFuncIndexOf):
(JSC::stringProtoFuncLastIndexOf):
(JSC::stringProtoFuncSlice):
(JSC::stringProtoFuncSplitFast):
(JSC::stringProtoFuncSubstr):

Location:
trunk/Source/JavaScriptCore
Files:
14 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/API/APIUtils.h

    r218794 r222617  
    3838};
    3939
    40 inline ExceptionStatus handleExceptionIfNeeded(JSC::ExecState* exec, JSValueRef* returnedExceptionRef)
     40inline ExceptionStatus handleExceptionIfNeeded(JSC::CatchScope& scope, JSC::ExecState* exec, JSValueRef* returnedExceptionRef)
    4141{
    42     JSC::VM& vm = exec->vm();
    43     auto scope = DECLARE_CATCH_SCOPE(vm);
    4442    if (UNLIKELY(scope.exception())) {
    4543        JSC::Exception* exception = scope.exception();

  • trunk/Source/JavaScriptCore/API/JSObjectRef.cpp

    r222473 r222617  
    143143    VM& vm = exec->vm();
    144144    JSLockHolder locker(vm);
     145    auto scope = DECLARE_CATCH_SCOPE(vm);
    145146
    146147    startingLineNumber = std::max(1, startingLineNumber);
     
    154155    auto sourceURLString = sourceURL ? sourceURL->string() : String();
    155156    JSObject* result = constructFunction(exec, exec->lexicalGlobalObject(), args, nameID, SourceOrigin { sourceURLString }, sourceURLString, TextPosition(OrdinalNumber::fromOneBasedInt(startingLineNumber), OrdinalNumber()));
    156     if (handleExceptionIfNeeded(exec, exception) == ExceptionStatus::DidThrow)
     157    if (handleExceptionIfNeeded(scope, exec, exception) == ExceptionStatus::DidThrow)
    157158        result = 0;
    158159    return toRef(result);
     
    166167    }
    167168    ExecState* exec = toJS(ctx);
    168     JSLockHolder locker(exec);
     169    VM& vm = exec->vm();
     170    JSLockHolder locker(vm);
     171    auto scope = DECLARE_CATCH_SCOPE(vm);
    169172
    170173    JSObject* result;
     
    178181        result = constructEmptyArray(exec, 0);
    179182
    180     if (handleExceptionIfNeeded(exec, exception) == ExceptionStatus::DidThrow)
     183    if (handleExceptionIfNeeded(scope, exec, exception) == ExceptionStatus::DidThrow)
    181184        result = 0;
    182185
     
    191194    }
    192195    ExecState* exec = toJS(ctx);
    193     JSLockHolder locker(exec);
     196    VM& vm = exec->vm();
     197    JSLockHolder locker(vm);
     198    auto scope = DECLARE_CATCH_SCOPE(vm);
    194199
    195200    MarkedArgumentBuffer argList;
     
    198203
    199204    JSObject* result = constructDate(exec, exec->lexicalGlobalObject(), JSValue(), argList);
    200     if (handleExceptionIfNeeded(exec, exception) == ExceptionStatus::DidThrow)
     205    if (handleExceptionIfNeeded(scope, exec, exception) == ExceptionStatus::DidThrow)
    201206        result = 0;
    202207
     
    211216    }
    212217    ExecState* exec = toJS(ctx);
    213     JSLockHolder locker(exec);
     218    VM& vm = exec->vm();
     219    JSLockHolder locker(vm);
     220    auto scope = DECLARE_CATCH_SCOPE(vm);
    214221
    215222    JSValue message = argumentCount ? toJS(exec, arguments[0]) : jsUndefined();
     
    217224    JSObject* result = ErrorInstance::create(exec, errorStructure, message);
    218225
    219     if (handleExceptionIfNeeded(exec, exception) == ExceptionStatus::DidThrow)
     226    if (handleExceptionIfNeeded(scope, exec, exception) == ExceptionStatus::DidThrow)
    220227        result = 0;
    221228
     
    230237    }
    231238    ExecState* exec = toJS(ctx);
    232     JSLockHolder locker(exec);
     239    VM& vm = exec->vm();
     240    JSLockHolder locker(vm);
     241    auto scope = DECLARE_CATCH_SCOPE(vm);
    233242
    234243    MarkedArgumentBuffer argList;
     
    237246
    238247    JSObject* result = constructRegExp(exec, exec->lexicalGlobalObject(), argList);
    239     if (handleExceptionIfNeeded(exec, exception) == ExceptionStatus::DidThrow)
     248    if (handleExceptionIfNeeded(scope, exec, exception) == ExceptionStatus::DidThrow)
    240249        result = 0;
    241250   
     
    265274    VM& vm = exec->vm();
    266275    JSLockHolder locker(vm);
     276    auto scope = DECLARE_CATCH_SCOPE(vm);
    267277
    268278    JSObject* jsObject = toJS(object);
    269279    JSValue jsValue = toJS(exec, value);
    270280    jsObject->setPrototype(vm, exec, jsValue.isObject() ? jsValue : jsNull());
    271     handleExceptionIfNeeded(exec, nullptr);
     281    handleExceptionIfNeeded(scope, exec, nullptr);
    272282}
    273283
     
    296306    VM& vm = exec->vm();
    297307    JSLockHolder locker(vm);
     308    auto scope = DECLARE_CATCH_SCOPE(vm);
    298309
    299310    JSObject* jsObject = toJS(object);
    300311
    301312    JSValue jsValue = jsObject->get(exec, propertyName->identifier(&vm));
    302     handleExceptionIfNeeded(exec, exception);
     313    handleExceptionIfNeeded(scope, exec, exception);
    303314    return toRef(exec, jsValue);
    304315}
     
    329340        }
    330341    }
    331     handleExceptionIfNeeded(exec, exception);
     342    handleExceptionIfNeeded(scope, exec, exception);
    332343}
    333344
     
    339350    }
    340351    ExecState* exec = toJS(ctx);
    341     JSLockHolder locker(exec);
     352    VM& vm = exec->vm();
     353    JSLockHolder locker(vm);
     354    auto scope = DECLARE_CATCH_SCOPE(vm);
    342355
    343356    JSObject* jsObject = toJS(object);
    344357
    345358    JSValue jsValue = jsObject->get(exec, propertyIndex);
    346     handleExceptionIfNeeded(exec, exception);
     359    handleExceptionIfNeeded(scope, exec, exception);
    347360    return toRef(exec, jsValue);
    348361}
     
    358371    VM& vm = exec->vm();
    359372    JSLockHolder locker(vm);
     373    auto scope = DECLARE_CATCH_SCOPE(vm);
    360374
    361375    JSObject* jsObject = toJS(object);
     
    363377   
    364378    jsObject->methodTable(vm)->putByIndex(jsObject, exec, propertyIndex, jsValue, false);
    365     handleExceptionIfNeeded(exec, exception);
     379    handleExceptionIfNeeded(scope, exec, exception);
    366380}
    367381
     
    375389    VM& vm = exec->vm();
    376390    JSLockHolder locker(vm);
     391    auto scope = DECLARE_CATCH_SCOPE(vm);
    377392
    378393    JSObject* jsObject = toJS(object);
    379394
    380395    bool result = jsObject->methodTable(vm)->deleteProperty(jsObject, exec, propertyName->identifier(&vm));
    381     handleExceptionIfNeeded(exec, exception);
     396    handleExceptionIfNeeded(scope, exec, exception);
    382397    return result;
    383398}
     
    553568    VM& vm = exec->vm();
    554569    JSLockHolder locker(vm);
     570    auto scope = DECLARE_CATCH_SCOPE(vm);
    555571
    556572    if (!object)
     
    573589
    574590    JSValueRef result = toRef(exec, profiledCall(exec, ProfilingReason::API, jsObject, callType, callData, jsThisObject, argList));
    575     if (handleExceptionIfNeeded(exec, exception) == ExceptionStatus::DidThrow)
     591    if (handleExceptionIfNeeded(scope, exec, exception) == ExceptionStatus::DidThrow)
    576592        result = 0;
    577593    return result;
     
    592608    VM& vm = exec->vm();
    593609    JSLockHolder locker(vm);
     610    auto scope = DECLARE_CATCH_SCOPE(vm);
    594611
    595612    if (!object)
     
    608625
    609626    JSObjectRef result = toRef(profiledConstruct(exec, ProfilingReason::API, jsObject, constructType, constructData, argList));
    610     if (handleExceptionIfNeeded(exec, exception) == ExceptionStatus::DidThrow)
     627    if (handleExceptionIfNeeded(scope, exec, exception) == ExceptionStatus::DidThrow)
    611628        result = 0;
    612629    return result;

  • trunk/Source/JavaScriptCore/API/JSTypedArray.cpp

    r221822 r222617  
    158158{
    159159    ExecState* exec = toJS(ctx);
    160     JSLockHolder locker(exec);
     160    VM& vm = exec->vm();
     161    JSLockHolder locker(vm);
     162    auto scope = DECLARE_CATCH_SCOPE(vm);
    161163
    162164    if (arrayType == kJSTypedArrayTypeNone || arrayType == kJSTypedArrayTypeArrayBuffer)
     
    167169    auto buffer = ArrayBuffer::tryCreate(length, elementByteSize);
    168170    JSObject* result = createTypedArray(exec, arrayType, WTFMove(buffer), 0, length);
    169     if (handleExceptionIfNeeded(exec, exception) == ExceptionStatus::DidThrow)
     171    if (handleExceptionIfNeeded(scope, exec, exception) == ExceptionStatus::DidThrow)
    170172        return nullptr;
    171173    return toRef(result);
     
    175177{
    176178    ExecState* exec = toJS(ctx);
    177     JSLockHolder locker(exec);
     179    VM& vm = exec->vm();
     180    JSLockHolder locker(vm);
     181    auto scope = DECLARE_CATCH_SCOPE(vm);
    178182
    179183    if (arrayType == kJSTypedArrayTypeNone || arrayType == kJSTypedArrayTypeArrayBuffer)
     
    187191    });
    188192    JSObject* result = createTypedArray(exec, arrayType, WTFMove(buffer), 0, length / elementByteSize);
    189     if (handleExceptionIfNeeded(exec, exception) == ExceptionStatus::DidThrow)
     193    if (handleExceptionIfNeeded(scope, exec, exception) == ExceptionStatus::DidThrow)
    190194        return nullptr;
    191195    return toRef(result);
     
    197201    VM& vm = exec->vm();
    198202    JSLockHolder locker(vm);
     203    auto scope = DECLARE_CATCH_SCOPE(vm);
    199204
    200205    if (arrayType == kJSTypedArrayTypeNone || arrayType == kJSTypedArrayTypeArrayBuffer)
     
    211216
    212217    JSObject* result = createTypedArray(exec, arrayType, WTFMove(buffer), 0, buffer->byteLength() / elementByteSize);
    213     if (handleExceptionIfNeeded(exec, exception) == ExceptionStatus::DidThrow)
     218    if (handleExceptionIfNeeded(scope, exec, exception) == ExceptionStatus::DidThrow)
    214219        return nullptr;
    215220    return toRef(result);
     
    221226    VM& vm = exec->vm();
    222227    JSLockHolder locker(vm);
     228    auto scope = DECLARE_CATCH_SCOPE(vm);
    223229
    224230    if (arrayType == kJSTypedArrayTypeNone || arrayType == kJSTypedArrayTypeArrayBuffer)
     
    232238
    233239    JSObject* result = createTypedArray(exec, arrayType, jsBuffer->impl(), offset, length);
    234     if (handleExceptionIfNeeded(exec, exception) == ExceptionStatus::DidThrow)
     240    if (handleExceptionIfNeeded(scope, exec, exception) == ExceptionStatus::DidThrow)
    235241        return nullptr;
    236242    return toRef(result);
     
    306312    VM& vm = exec->vm();
    307313    JSLockHolder locker(vm);
     314    auto scope = DECLARE_CATCH_SCOPE(vm);
    308315
    309316    auto buffer = ArrayBuffer::createFromBytes(bytes, byteLength, [=](void* p) {
     
    313320
    314321    JSArrayBuffer* jsBuffer = JSArrayBuffer::create(vm, exec->lexicalGlobalObject()->arrayBufferStructure(ArrayBufferSharingMode::Default), WTFMove(buffer));
    315     if (handleExceptionIfNeeded(exec, exception) == ExceptionStatus::DidThrow)
     322    if (handleExceptionIfNeeded(scope, exec, exception) == ExceptionStatus::DidThrow)
    316323        return nullptr;
    317324

  • trunk/Source/JavaScriptCore/API/JSValueRef.cpp

    r211247 r222617  
    224224    }
    225225    ExecState* exec = toJS(ctx);
    226     JSLockHolder locker(exec);
     226    VM& vm = exec->vm();
     227    JSLockHolder locker(vm);
     228    auto scope = DECLARE_CATCH_SCOPE(vm);
    227229
    228230    JSValue jsA = toJS(exec, a);
     
    230232
    231233    bool result = JSValue::equal(exec, jsA, jsB); // false if an exception is thrown
    232     handleExceptionIfNeeded(exec, exception);
     234    handleExceptionIfNeeded(scope, exec, exception);
    233235   
    234236    return result;
     
    257259    }
    258260    ExecState* exec = toJS(ctx);
    259     JSLockHolder locker(exec);
     261    VM& vm = exec->vm();
     262    JSLockHolder locker(vm);
     263    auto scope = DECLARE_CATCH_SCOPE(vm);
    260264
    261265    JSValue jsValue = toJS(exec, value);
     
    265269        return false;
    266270    bool result = jsConstructor->hasInstance(exec, jsValue); // false if an exception is thrown
    267     handleExceptionIfNeeded(exec, exception);
     271    handleExceptionIfNeeded(scope, exec, exception);
    268272    return result;
    269273}
     
    354358    }
    355359    ExecState* exec = toJS(ctx);
    356     JSLockHolder locker(exec);
     360    VM& vm = exec->vm();
     361    JSLockHolder locker(vm);
     362    auto scope = DECLARE_CATCH_SCOPE(vm);
     363
    357364    JSValue value = toJS(exec, apiValue);
    358365    String result = JSONStringify(exec, value, indent);
    359366    if (exception)
    360367        *exception = 0;
    361     if (handleExceptionIfNeeded(exec, exception) == ExceptionStatus::DidThrow)
     368    if (handleExceptionIfNeeded(scope, exec, exception) == ExceptionStatus::DidThrow)
    362369        return 0;
    363370    return OpaqueJSString::create(result).leakRef();
     
    384391    }
    385392    ExecState* exec = toJS(ctx);
    386     JSLockHolder locker(exec);
     393    VM& vm = exec->vm();
     394    JSLockHolder locker(vm);
     395    auto scope = DECLARE_CATCH_SCOPE(vm);
    387396
    388397    JSValue jsValue = toJS(exec, value);
    389398
    390399    double number = jsValue.toNumber(exec);
    391     if (handleExceptionIfNeeded(exec, exception) == ExceptionStatus::DidThrow)
     400    if (handleExceptionIfNeeded(scope, exec, exception) == ExceptionStatus::DidThrow)
    392401        number = PNaN;
    393402    return number;
     
    401410    }
    402411    ExecState* exec = toJS(ctx);
    403     JSLockHolder locker(exec);
     412    VM& vm = exec->vm();
     413    JSLockHolder locker(vm);
     414    auto scope = DECLARE_CATCH_SCOPE(vm);
    404415
    405416    JSValue jsValue = toJS(exec, value);
    406417   
    407418    auto stringRef(OpaqueJSString::create(jsValue.toWTFString(exec)));
    408     if (handleExceptionIfNeeded(exec, exception) == ExceptionStatus::DidThrow)
     419    if (handleExceptionIfNeeded(scope, exec, exception) == ExceptionStatus::DidThrow)
    409420        stringRef = nullptr;
    410421    return stringRef.leakRef();
     
    418429    }
    419430    ExecState* exec = toJS(ctx);
    420     JSLockHolder locker(exec);
     431    VM& vm = exec->vm();
     432    JSLockHolder locker(vm);
     433    auto scope = DECLARE_CATCH_SCOPE(vm);
    421434
    422435    JSValue jsValue = toJS(exec, value);
    423436   
    424437    JSObjectRef objectRef = toRef(jsValue.toObject(exec));
    425     if (handleExceptionIfNeeded(exec, exception) == ExceptionStatus::DidThrow)
     438    if (handleExceptionIfNeeded(scope, exec, exception) == ExceptionStatus::DidThrow)
    426439        objectRef = 0;
    427440    return objectRef;

  • trunk/Source/JavaScriptCore/ChangeLog

    r222607 r222617  
     12017-09-28  Mark Lam  <mark.lam@apple.com>
     2
     3        Add missing exception checks and book-keeping for exception check validation.
     4        https://bugs.webkit.org/show_bug.cgi?id=177609
     5        <rdar://problem/34717972>
     6
     7        Reviewed by Keith Miller.
     8
     9        This resolves exception check validation failures when running test262 tests and
     10        a few other tests.
     11
     12        * API/APIUtils.h:
     13        (handleExceptionIfNeeded):
     14        * API/JSObjectRef.cpp:
     15        (JSObjectMakeFunction):
     16        (JSObjectMakeArray):
     17        (JSObjectMakeDate):
     18        (JSObjectMakeError):
     19        (JSObjectMakeRegExp):
     20        (JSObjectSetPrototype):
     21        (JSObjectGetProperty):
     22        (JSObjectSetProperty):
     23        (JSObjectGetPropertyAtIndex):
     24        (JSObjectSetPropertyAtIndex):
     25        (JSObjectDeleteProperty):
     26        (JSObjectCallAsFunction):
     27        (JSObjectCallAsConstructor):
     28        * API/JSTypedArray.cpp:
     29        (JSObjectMakeTypedArray):
     30        (JSObjectMakeTypedArrayWithBytesNoCopy):
     31        (JSObjectMakeTypedArrayWithArrayBuffer):
     32        (JSObjectMakeTypedArrayWithArrayBufferAndOffset):
     33        (JSObjectMakeArrayBufferWithBytesNoCopy):
     34        * API/JSValueRef.cpp:
     35        (JSValueIsEqual):
     36        (JSValueIsInstanceOfConstructor):
     37        (JSValueCreateJSONString):
     38        (JSValueToNumber):
     39        (JSValueToStringCopy):
     40        (JSValueToObject):
     41        * interpreter/Interpreter.cpp:
     42        (JSC::Interpreter::executeProgram):
     43        * llint/LLIntSlowPaths.cpp:
     44        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
     45        * runtime/ArrayPrototype.cpp:
     46        (JSC::arrayProtoFuncIndexOf):
     47        (JSC::arrayProtoFuncLastIndexOf):
     48        * runtime/DatePrototype.cpp:
     49        (JSC::fillStructuresUsingTimeArgs):
     50        (JSC::setNewValueFromDateArgs):
     51        (JSC::dateProtoFuncSetYear):
     52        * runtime/JSGenericTypedArrayViewConstructorInlines.h:
     53        (JSC::constructGenericTypedArrayViewWithArguments):
     54        * runtime/JSModuleEnvironment.cpp:
     55        (JSC::JSModuleEnvironment::put):
     56        * runtime/ProgramExecutable.cpp:
     57        (JSC::ProgramExecutable::initializeGlobalProperties):
     58        * runtime/ProxyObject.cpp:
     59        (JSC::ProxyObject::toStringName):
     60        * runtime/StringPrototype.cpp:
     61        (JSC::stringProtoFuncCharAt):
     62        (JSC::stringProtoFuncCharCodeAt):
     63        (JSC::stringProtoFuncIndexOf):
     64        (JSC::stringProtoFuncLastIndexOf):
     65        (JSC::stringProtoFuncSlice):
     66        (JSC::stringProtoFuncSplitFast):
     67        (JSC::stringProtoFuncSubstr):
     68
    1692017-09-27  Michael Saboff  <msaboff@apple.com>
    270

  • trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp

    r221849 r222617  
    816816            if (JSONPPath.size() == 1 && JSONPPath[0].m_type == JSONPPathEntryTypeDeclare) {
    817817                globalObject->addVar(callFrame, JSONPPath[0].m_pathEntryName);
     818                RETURN_IF_EXCEPTION(throwScope, { });
    818819                PutPropertySlot slot(globalObject);
    819820                globalObject->methodTable(vm)->put(globalObject, callFrame, JSONPPath[0].m_pathEntryName, JSONPValue, slot);
     821                RETURN_IF_EXCEPTION(throwScope, { });
    820822                result = jsUndefined();
    821823                continue;

  • trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp

    r221849 r222617  
    932932        couldDelete = baseObject->methodTable(vm)->deleteProperty(baseObject, exec, property);
    933933    }
    934    
     934    LLINT_CHECK_EXCEPTION();
     935
    935936    if (!couldDelete && exec->codeBlock()->isStrictMode())
    936937        LLINT_THROW(createTypeError(exec, UnableToDeletePropertyError));

  • trunk/Source/JavaScriptCore/runtime/ArrayPrototype.cpp

    r222563 r222617  
    11211121        if (!e)
    11221122            continue;
    1123         if (JSValue::strictEqual(exec, searchElement, e))
     1123        bool isEqual = JSValue::strictEqual(exec, searchElement, e);
     1124        RETURN_IF_EXCEPTION(scope, encodedJSValue());
     1125        if (isEqual)
    11241126            return JSValue::encode(jsNumber(index));
    1125         RETURN_IF_EXCEPTION(scope, encodedJSValue());
    11261127    }
    11271128
     
    11471148        JSValue fromValue = exec->uncheckedArgument(1);
    11481149        double fromDouble = fromValue.toInteger(exec);
     1150        RETURN_IF_EXCEPTION(scope, encodedJSValue());
    11491151        if (fromDouble < 0) {
    11501152            fromDouble += length;

  • trunk/Source/JavaScriptCore/runtime/DatePrototype.cpp

    r222473 r222617  
    344344static bool fillStructuresUsingTimeArgs(ExecState* exec, int maxArgs, double* ms, GregorianDateTime* t)
    345345{
     346    VM& vm = exec->vm();
     347    auto scope = DECLARE_THROW_SCOPE(vm);
     348
    346349    double milliseconds = 0;
    347350    bool ok = true;
     
    357360        t->setHour(0);
    358361        double hours = exec->uncheckedArgument(idx++).toIntegerPreserveNaN(exec);
     362        RETURN_IF_EXCEPTION(scope, false);
    359363        ok = std::isfinite(hours);
    360364        milliseconds += hours * msPerHour;
     
    365369        t->setMinute(0);
    366370        double minutes = exec->uncheckedArgument(idx++).toIntegerPreserveNaN(exec);
     371        RETURN_IF_EXCEPTION(scope, false);
    367372        ok = std::isfinite(minutes);
    368373        milliseconds += minutes * msPerMinute;
     
    373378        t->setSecond(0);
    374379        double seconds = exec->uncheckedArgument(idx++).toIntegerPreserveNaN(exec);
     380        RETURN_IF_EXCEPTION(scope, false);
    375381        ok = std::isfinite(seconds);
    376382        milliseconds += seconds * msPerSecond;
     
    383389    if (idx < numArgs) {
    384390        double millis = exec->uncheckedArgument(idx).toIntegerPreserveNaN(exec);
     391        RETURN_IF_EXCEPTION(scope, false);
    385392        ok = std::isfinite(millis);
    386393        milliseconds += millis;
     
    10071014    }
    10081015   
    1009     if (!fillStructuresUsingDateArgs(exec, numArgsToUse, &ms, &gregorianDateTime)) {
     1016    bool success = fillStructuresUsingDateArgs(exec, numArgsToUse, &ms, &gregorianDateTime);
     1017    RETURN_IF_EXCEPTION(scope, encodedJSValue());
     1018    if (!success) {
    10101019        JSValue result = jsNaN();
    10111020        thisDateObj->setInternalValue(vm, result);
     
    11201129
    11211130    double year = exec->argument(0).toIntegerPreserveNaN(exec);
     1131    RETURN_IF_EXCEPTION(scope, encodedJSValue());
    11221132    if (!std::isfinite(year)) {
    11231133        JSValue result = jsNaN();

  • trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewConstructorInlines.h

    r222473 r222617  
    162162                    || hasAnyArrayStorage(object->indexingType()))) {
    163163
     164                    scope.release();
    164165                    return constructGenericTypedArrayViewFromIterator<ViewClass>(exec, structure, object, iteratorFunc);
    165166            }

  • trunk/Source/JavaScriptCore/runtime/JSModuleEnvironment.cpp

    r222136 r222617  
    127127        return false;
    128128    }
     129    scope.release();
    129130    return Base::put(thisObject, exec, propertyName, value, slot);
    130131}

  • trunk/Source/JavaScriptCore/runtime/ProgramExecutable.cpp

    r222473 r222617  
    131131        for (auto& entry : lexicalDeclarations) {
    132132            // The ES6 spec says that RestrictedGlobalProperty can't be shadowed.
    133             if (hasRestrictedGlobalProperty(exec, globalObject, entry.key.get()))
     133            bool hasProperty = hasRestrictedGlobalProperty(exec, globalObject, entry.key.get());
     134            RETURN_IF_EXCEPTION(throwScope, throwScope.exception());
     135            if (hasProperty)
    134136                return createSyntaxError(exec, makeString("Can't create duplicate variable that shadows a global property: '", String(entry.key.get()), "'"));
    135137
    136             bool hasProperty = globalLexicalEnvironment->hasProperty(exec, entry.key.get());
     138            hasProperty = globalLexicalEnvironment->hasProperty(exec, entry.key.get());
    137139            RETURN_IF_EXCEPTION(throwScope, throwScope.exception());
    138140            if (hasProperty) {

  • trunk/Source/JavaScriptCore/runtime/ProxyObject.cpp

    r222473 r222617  
    5959    while (proxy) {
    6060        const JSObject* target = proxy->target();
    61         if (isArray(exec, target))
    62             return target->classInfo(vm)->methodTable.toStringName(target, exec);
     61        bool targetIsArray = isArray(exec, target);
    6362        if (UNLIKELY(scope.exception()))
    6463            break;
     64        if (targetIsArray) {
     65            scope.release();
     66            return target->classInfo(vm)->methodTable.toStringName(target, exec);
     67        }
    6568
    6669        proxy = jsDynamicCast<const ProxyObject*>(vm, target);

  • trunk/Source/JavaScriptCore/runtime/StringPrototype.cpp

    r222473 r222617  
    10211021    }
    10221022    double dpos = a0.toInteger(exec);
     1023    RETURN_IF_EXCEPTION(scope, encodedJSValue());
    10231024    if (dpos >= 0 && dpos < view.length())
    10241025        return JSValue::encode(jsSingleCharacterString(exec, view[static_cast<unsigned>(dpos)]));
     
    10451046    }
    10461047    double dpos = a0.toInteger(exec);
     1048    RETURN_IF_EXCEPTION(scope, encodedJSValue());
    10471049    if (dpos >= 0 && dpos < view.length())
    10481050        return JSValue::encode(jsNumber(view[static_cast<int>(dpos)]));
     
    11151117        else {
    11161118            double dpos = a1.toInteger(exec);
     1119            RETURN_IF_EXCEPTION(scope, encodedJSValue());
    11171120            if (dpos < 0)
    11181121                dpos = 0;
     
    11551158
    11561159    double dpos = a1.toIntegerPreserveNaN(exec);
     1160    RETURN_IF_EXCEPTION(scope, encodedJSValue());
    11571161    unsigned startPosition;
    11581162    if (dpos < 0)
     
    11971201    // The arg processing is very much like ArrayProtoFunc::Slice
    11981202    double start = a0.toInteger(exec);
     1203    RETURN_IF_EXCEPTION(scope, encodedJSValue());
    11991204    double end = a1.isUndefined() ? len : a1.toInteger(exec);
     1205    RETURN_IF_EXCEPTION(scope, encodedJSValue());
    12001206    double from = start < 0 ? len + start : start;
    12011207    double to = end < 0 ? len + end : end;
     
    12691275    JSValue limitValue = exec->uncheckedArgument(1);
    12701276    unsigned limit = limitValue.isUndefined() ? 0xFFFFFFFFu : limitValue.toUInt32(exec);
     1277    RETURN_IF_EXCEPTION(scope, encodedJSValue());
    12711278
    12721279    // 8. Let p = 0.
     
    14041411
    14051412    double start = a0.toInteger(exec);
     1413    RETURN_IF_EXCEPTION(scope, encodedJSValue());
    14061414    double length = a1.isUndefined() ? len : a1.toInteger(exec);
     1415    RETURN_IF_EXCEPTION(scope, encodedJSValue());
    14071416    if (start >= len || length <= 0)
    14081417        return JSValue::encode(jsEmptyString(exec));
Note: See TracChangeset for help on using the changeset viewer.