Changeset 262064 in webkit

Timestamp:

May 22, 2020 11:01:21 AM (4 years ago)

Author:

keith_miller@apple.com

Message:

Checkpoint inlined call return handler needs an exception check when dispatching
​https://bugs.webkit.org/show_bug.cgi?id=212104

Reviewed by Yusuke Suzuki.

JSTests:

• stress/for-of-done-getter-osr-exits-inlined-to-value-getter-with-exception.js: Added.

(let.d.get done):
(let.d.get value):
(foo):
(catch):

Source/JavaScriptCore:

• llint/LLIntSlowPaths.cpp:

(JSC::LLInt::dispatchToNextInstruction):
(JSC::LLInt::slow_path_checkpoint_osr_exit_from_inlined_call):
(JSC::LLInt::slow_path_checkpoint_osr_exit):

Location:

trunk

Files:

• JSTests/ChangeLog (modified) (1 diff)
• JSTests/stress/for-of-done-getter-osr-exits-inlined-to-value-getter-with-exception.js (added)
• Source/JavaScriptCore/ChangeLog (modified) (1 diff)
• Source/JavaScriptCore/llint/LLIntSlowPaths.cpp (modified) (4 diffs)

trunk/JSTests/ChangeLog

@@ +1 @@
+2020-05-22  Keith Miller  <keith_miller@apple.com>
+
+        Checkpoint inlined call return handler needs an exception check when dispatching
+        https://bugs.webkit.org/show_bug.cgi?id=212104
+
+        Reviewed by Yusuke Suzuki.
+
+        * stress/for-of-done-getter-osr-exits-inlined-to-value-getter-with-exception.js: Added.
+        (let.d.get done):
+        (let.d.get value):
+        (foo):
+        (catch):
+
 2020-05-21  Alexey Shvayka  <shvaikalesh@gmail.com>
 

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2020-05-22  Keith Miller  <keith_miller@apple.com>
+
+        Checkpoint inlined call return handler needs an exception check when dispatching
+        https://bugs.webkit.org/show_bug.cgi?id=212104
+
+        Reviewed by Yusuke Suzuki.
+
+        * llint/LLIntSlowPaths.cpp:
+        (JSC::LLInt::dispatchToNextInstruction):
+        (JSC::LLInt::slow_path_checkpoint_osr_exit_from_inlined_call):
+        (JSC::LLInt::slow_path_checkpoint_osr_exit):
+
 2020-05-22  Paulo Matos  <pmatos@igalia.com>
 

trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp

@@ -2087 +2087 @@
 }
 
-inline SlowPathReturnType dispatchToNextInstruction(CodeBlock* codeBlock, InstructionStream::Ref pc)
-{
-    RELEASE_ASSERT(!codeBlock->vm().exceptionForInspection());
+inline SlowPathReturnType dispatchToNextInstruction(ThrowScope& scope, CodeBlock* codeBlock, InstructionStream::Ref pc)
+{
+    if (scope.exception())
+        return encodeResult(returnToThrow(scope.vm()), nullptr);
+
     if (Options::forceOSRExitToLLInt() || codeBlock->jitType() == JITType::InterpreterThunk) {
         const Instruction* nextPC = pc.next().ptr();
@@ -2111 +2113 @@
     VM& vm = codeBlock->vm();
     SlowPathFrameTracer tracer(vm, callFrame);
+    auto scope = DECLARE_THROW_SCOPE(vm);
 
     std::unique_ptr<CheckpointOSRExitSideState> sideState = vm.findCheckpointOSRSideState(callFrame);
@@ -2151 +2154 @@
     }
 
-    return dispatchToNextInstruction(codeBlock, pc);
+    return dispatchToNextInstruction(scope, codeBlock, pc);
 }
 
@@ -2195 +2198 @@
         break;
     }
-    if (UNLIKELY(scope.exception()))
-        return encodeResult(returnToThrow(vm), nullptr);
-
-    return dispatchToNextInstruction(codeBlock, pc);
+
+    return dispatchToNextInstruction(scope, codeBlock, pc);
 }