Context Navigation

Changeset 247194 in webkit

Timestamp:

Jul 6, 2019 6:34:51 AM (5 years ago)

Author:

msaboff@apple.com

Message:

switch(String) needs to check for exceptions when resolving the string
https://bugs.webkit.org/show_bug.cgi?id=199541

Reviewed by Mark Lam.

JSTests:

New tests.

(test):
(testLowerTiers):
(testFTL):

Source/JavaScriptCore:

Added exception checks for resolved Strings in switch processing for all tiers.

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

Location:

trunk

Files:

-                      r247183
+                      r247194
+-07-06  Michael Saboff  <msaboff@apple.com>
+        switch(String) needs to check for exceptions when resolving the string
+        https://bugs.webkit.org/show_bug.cgi?id=199541
+        Reviewed by Mark Lam.
+        New tests.
+        * stress/switch-string-oom.js: Added.
+        (test):
+        (testLowerTiers):
+        (testFTL):
 -07-05  Mark Lam  <mark.lam@apple.com>

-                      r247183
+                      r247194
+-07-06  Michael Saboff  <msaboff@apple.com>
+        switch(String) needs to check for exceptions when resolving the string
+        https://bugs.webkit.org/show_bug.cgi?id=199541
+        Reviewed by Mark Lam.
+        Added exception checks for resolved Strings in switch processing for all tiers.
+        * dfg/DFGOperations.cpp:
+        * jit/JITOperations.cpp:
+        * llint/LLIntSlowPaths.cpp:
+        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
 -07-05  Mark Lam  <mark.lam@apple.com>

-                      r246490
+                      r247194
     VM& vm = exec->vm();
     NativeCallFrameTracer tracer(&vm, exec);
     CodeBlock* codeBlock = exec->codeBlock();
     SimpleJumpTable& table = codeBlock->switchJumpTable(tableIndex);
 …
     VM& vm = exec->vm();
     NativeCallFrameTracer tracer(&vm, exec);
+    return exec->codeBlock()->stringSwitchJumpTable(tableIndex).ctiForValue(string->value(exec).impl()).executableAddress<char*>();
+    auto throwScope = DECLARE_THROW_SCOPE(vm);
+    StringImpl* strImpl = string->value(exec).impl();
+    RETURN_IF_EXCEPTION(throwScope, nullptr);
+    return exec->codeBlock()->stringSwitchJumpTable(tableIndex).ctiForValue(strImpl).executableAddress<char*>();
+}
 …
     VM& vm = exec->vm();
     NativeCallFrameTracer tracer(&vm, exec);
+    return exec->codeBlock()->stringSwitchJumpTable(tableIndex).offsetForValue(string->value(exec).impl(), std::numeric_limits<int32_t>::min());
+    auto throwScope = DECLARE_THROW_SCOPE(vm);
+    StringImpl* strImpl = string->value(exec).impl();
+    RETURN_IF_EXCEPTION(throwScope, 0);
+    return exec->codeBlock()->stringSwitchJumpTable(tableIndex).offsetForValue(strImpl, std::numeric_limits<int32_t>::min());
+}

-                      r246490
+                      r247194
     JSValue key = JSValue::decode(encodedKey);
     CodeBlock* codeBlock = exec->codeBlock();
+    auto throwScope = DECLARE_THROW_SCOPE(vm);
     void* result;
 …
     if (key.isString()) {
         StringImpl* value = asString(key)->value(exec).impl();
+        RETURN_IF_EXCEPTION(throwScope, nullptr);
         result = jumpTable.ctiForValue(value).executableAddress();
     } else

-                      r246490
+                      r247194
         JUMP_TO(defaultOffset);
     else {
+        StringImpl* scrutineeStringImpl = asString(scrutinee)->value(exec).impl();
+        LLINT_CHECK_EXCEPTION();
         CodeBlock* codeBlock = exec->codeBlock();
+        JUMP_TO(codeBlock->stringSwitchJumpTable(bytecode.m_tableIndex).offsetForValue(asString(scrutinee)->value(exec).impl(), defaultOffset));
+        JUMP_TO(codeBlock->stringSwitchJumpTable(bytecode.m_tableIndex).offsetForValue(scrutineeStringImpl, defaultOffset));
+    }
     LLINT_END();

Note: See TracChangeset for help on using the changeset viewer.