Changeset 70673 in webkit


Ignore:
Timestamp:
Oct 27, 2010 10:59:57 AM (14 years ago)
Author:
ggaren@apple.com
Message:

JavaScriptCore: https://bugs.webkit.org/show_bug.cgi?id=41948
REGRESSION(r60392): Registerfile can be unwound too far following an exception

Reviewed by Oliver Hunt.

SunSpider reports no change.

  • interpreter/Interpreter.cpp:

(JSC::Interpreter::throwException): Walk the stack to calculate the high
water mark currently in use. It's not safe to assume that the current
CallFrame's high water mark is the highest high water mark because
calls do not always set up at the end of a CallFrame. A large caller
CallFrame can encompass a small callee CallFrame.

  • jit/JITOpcodes.cpp:

(JSC::JIT::privateCompileCTINativeCall):

  • jit/JITOpcodes32_64.cpp:

(JSC::JIT::privateCompileCTINativeCall): Make sure to set a 0 CodeBlock
in the CallFrame of a host call, like the Interpreter does, instead of
leaving the CodeBlock field uninitialized. The backtracing code requires
a valid CodeBlock field in each CallFrame.

LayoutTests: Added a test for:

Reviewed by Oliver Hunt.

https://bugs.webkit.org/show_bug.cgi?id=41948
REGRESSION(r60392): Registerfile can be unwound too far following an exception

  • fast/js/exception-registerfile-shrink-expected.txt: Added.
  • fast/js/exception-registerfile-shrink.html: Added.
  • fast/js/script-tests/exception-registerfile-shrink.js: Added.
Location:
trunk
Files:
3 added
5 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/ChangeLog

    r70642 r70673  
     12010-10-25  Geoffrey Garen  <ggaren@apple.com>
     2
     3        Reviewed by Oliver Hunt.
     4
     5        https://bugs.webkit.org/show_bug.cgi?id=41948
     6        REGRESSION(r60392): Registerfile can be unwound too far following an exception
     7       
     8        SunSpider reports no change.
     9
     10        * interpreter/Interpreter.cpp:
     11        (JSC::Interpreter::throwException): Walk the stack to calculate the high
     12        water mark currently in use. It's not safe to assume that the current
     13        CallFrame's high water mark is the highest high water mark because
     14        calls do not always set up at the end of a CallFrame. A large caller
     15        CallFrame can encompass a small callee CallFrame.
     16
     17        * jit/JITOpcodes.cpp:
     18        (JSC::JIT::privateCompileCTINativeCall):
     19        * jit/JITOpcodes32_64.cpp:
     20        (JSC::JIT::privateCompileCTINativeCall): Make sure to set a 0 CodeBlock
     21        in the CallFrame of a host call, like the Interpreter does, instead of
     22        leaving the CodeBlock field uninitialized. The backtracing code requires
     23        a valid CodeBlock field in each CallFrame.
     24
    1252010-10-27  Gabor Loki  <loki@webkit.org>
    226

  • trunk/JavaScriptCore/interpreter/Interpreter.cpp

    r70588 r70673  
    677677
    678678    // Shrink the JS stack, in case stack overflow made it huge.
    679     m_registerFile.shrink(callFrame->registers() + callFrame->codeBlock()->m_numCalleeRegisters);
     679    Register* highWaterMark = 0;
     680    for (CallFrame* callerFrame = callFrame; callerFrame; callerFrame = callerFrame->callerFrame()->removeHostCallFrameFlag()) {
     681        CodeBlock* codeBlock = callerFrame->codeBlock();
     682        if (!codeBlock)
     683            continue;
     684        Register* callerHighWaterMark = callerFrame->registers() + codeBlock->m_numCalleeRegisters;
     685        highWaterMark = max(highWaterMark, callerHighWaterMark);
     686    }
     687    m_registerFile.shrink(highWaterMark);
    680688
    681689    // Unwind the scope chain within the exception handler's call frame.
     
    10021010        return CallFrameClosure();
    10031011    }
    1004     // a 0 codeBlock indicates a built-in caller
    10051012    newCallFrame->init(codeBlock, 0, scopeChain, callFrame->addHostCallFrameFlag(), argc, function); 
    10061013    CallFrameClosure result = { callFrame, newCallFrame, function, FunctionExecutable, scopeChain->globalData, oldEnd, scopeChain, codeBlock->m_numParameters, argc };
     
    11221129    CallFrame* newCallFrame = CallFrame::create(m_registerFile.start() + globalRegisterOffset);
    11231130
    1124     // a 0 codeBlock indicates a built-in caller
    11251131    ASSERT(codeBlock->m_numParameters == 1); // 1 parameter for 'this'.
    11261132    newCallFrame->init(codeBlock, 0, scopeChain, callFrame->addHostCallFrameFlag(), codeBlock->m_numParameters, 0);

  • trunk/JavaScriptCore/jit/JITOpcodes.cpp

    r70496 r70673  
    199199
    200200    Label nativeCallThunk = align();
     201   
     202    emitPutImmediateToCallFrameHeader(0, RegisterFile::CodeBlock);
    201203
    202204#if CPU(X86_64)

  • trunk/JavaScriptCore/jit/JITOpcodes32_64.cpp

    r69940 r70673  
    199199    Label nativeCallThunk = align();
    200200
     201    emitPutImmediateToCallFrameHeader(0, RegisterFile::CodeBlock);
     202
    201203#if CPU(X86)
    202204    // Load caller frame's scope chain into this callframe so that whatever we call can
     
    312314    Call nativeCall;
    313315    Label nativeCallThunk = align();
     316
     317    emitPutImmediateToCallFrameHeader(0, RegisterFile::CodeBlock);
    314318
    315319#if CPU(X86)

  • trunk/LayoutTests/ChangeLog

    r70671 r70673  
     12010-10-25  Geoffrey Garen  <ggaren@apple.com>
     2
     3        Reviewed by Oliver Hunt.
     4
     5        Added a test for:
     6
     7        https://bugs.webkit.org/show_bug.cgi?id=41948
     8        REGRESSION(r60392): Registerfile can be unwound too far following an exception
     9
     10        * fast/js/exception-registerfile-shrink-expected.txt: Added.
     11        * fast/js/exception-registerfile-shrink.html: Added.
     12        * fast/js/script-tests/exception-registerfile-shrink.js: Added.
     13
    1142010-10-27  Ryosuke Niwa  <rniwa@webkit.org>
    215
Note: See TracChangeset for help on using the changeset viewer.