[webkit-changes] [208950] trunk/Source/JavaScriptCore

Mon, 21 Nov 2016 09:20:07 -0800

Title: [208950] trunk/Source/_javascript_Core
Revision
208950
Author
mark....@apple.com
Date
2016-11-21 09:19:30 -0800 (Mon, 21 Nov 2016)

Log Message

Fix exception scope verification failures in *Executable.cpp files.
https://bugs.webkit.org/show_bug.cgi?id=164996

Reviewed by Darin Adler.

* runtime/DirectEvalExecutable.cpp:
(JSC::DirectEvalExecutable::create):
* runtime/IndirectEvalExecutable.cpp:
(JSC::IndirectEvalExecutable::create):
* runtime/ProgramExecutable.cpp:
(JSC::ProgramExecutable::initializeGlobalProperties):
* runtime/ScriptExecutable.cpp:
(JSC::ScriptExecutable::prepareForExecutionImpl):

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (208949 => 208950)


--- trunk/Source/_javascript_Core/ChangeLog	2016-11-21 16:58:00 UTC (rev 208949)
+++ trunk/Source/_javascript_Core/ChangeLog	2016-11-21 17:19:30 UTC (rev 208950)
@@ -1,3 +1,19 @@
+2016-11-21  Mark Lam  <mark....@apple.com>
+
+        Fix exception scope verification failures in *Executable.cpp files.
+        https://bugs.webkit.org/show_bug.cgi?id=164996
+
+        Reviewed by Darin Adler.
+
+        * runtime/DirectEvalExecutable.cpp:
+        (JSC::DirectEvalExecutable::create):
+        * runtime/IndirectEvalExecutable.cpp:
+        (JSC::IndirectEvalExecutable::create):
+        * runtime/ProgramExecutable.cpp:
+        (JSC::ProgramExecutable::initializeGlobalProperties):
+        * runtime/ScriptExecutable.cpp:
+        (JSC::ScriptExecutable::prepareForExecutionImpl):
+
 2016-11-20  Zan Dobersek  <zdober...@igalia.com>
 
         [EncryptedMedia] Make EME API runtime-enabled

Modified: trunk/Source/_javascript_Core/runtime/DirectEvalExecutable.cpp (208949 => 208950)


--- trunk/Source/_javascript_Core/runtime/DirectEvalExecutable.cpp	2016-11-21 16:58:00 UTC (rev 208949)
+++ trunk/Source/_javascript_Core/runtime/DirectEvalExecutable.cpp	2016-11-21 17:19:30 UTC (rev 208950)
@@ -47,6 +47,7 @@
     executable->finishCreation(vm);
 
     UnlinkedEvalCodeBlock* unlinkedEvalCode = globalObject->createLocalEvalCodeBlock(exec, executable, variablesUnderTDZ);
+    ASSERT(!!scope.exception() == !unlinkedEvalCode);
     if (!unlinkedEvalCode)
         return 0;

Modified: trunk/Source/_javascript_Core/runtime/IndirectEvalExecutable.cpp (208949 => 208950)


--- trunk/Source/_javascript_Core/runtime/IndirectEvalExecutable.cpp	2016-11-21 16:58:00 UTC (rev 208949)
+++ trunk/Source/_javascript_Core/runtime/IndirectEvalExecutable.cpp	2016-11-21 17:19:30 UTC (rev 208950)
@@ -47,6 +47,7 @@
     executable->finishCreation(vm);
 
     UnlinkedEvalCodeBlock* unlinkedEvalCode = globalObject->createGlobalEvalCodeBlock(exec, executable);
+    ASSERT(!!scope.exception() == !unlinkedEvalCode);
     if (!unlinkedEvalCode)
         return 0;

Modified: trunk/Source/_javascript_Core/runtime/ProgramExecutable.cpp (208949 => 208950)


--- trunk/Source/_javascript_Core/runtime/ProgramExecutable.cpp	2016-11-21 16:58:00 UTC (rev 208949)
+++ trunk/Source/_javascript_Core/runtime/ProgramExecutable.cpp	2016-11-21 17:19:30 UTC (rev 208950)
@@ -28,6 +28,7 @@
 #include "BatchedTransitionOptimizer.h"
 #include "CodeBlock.h"
 #include "Debugger.h"
+#include "Exception.h"
 #include "JIT.h"
 #include "JSCInlines.h"
 #include "LLIntEntrypoint.h"
@@ -72,14 +73,15 @@
 
 JSObject* ProgramExecutable::initializeGlobalProperties(VM& vm, CallFrame* callFrame, JSScope* scope)
 {
+    auto throwScope = DECLARE_THROW_SCOPE(vm);
     RELEASE_ASSERT(scope);
     JSGlobalObject* globalObject = scope->globalObject();
     RELEASE_ASSERT(globalObject);
     ASSERT(&globalObject->vm() == &vm);
 
-    JSObject* exception = 0;
+    JSObject* exception = nullptr;
     UnlinkedProgramCodeBlock* unlinkedCodeBlock = globalObject->createProgramCodeBlock(callFrame, this, &exception);
-    if (exception)
+    if (UNLIKELY(exception))
         return exception;
 
     JSGlobalLexicalEnvironment* globalLexicalEnvironment = globalObject->globalLexicalEnvironment();
@@ -98,7 +100,9 @@
         // Check if any new "let"/"const"/"class" will shadow any pre-existing global property names, or "var"/"let"/"const" variables.
         // It's an error to introduce a shadow.
         for (auto& entry : lexicalDeclarations) {
-            if (globalObject->hasProperty(exec, entry.key.get())) {
+            bool hasProperty = globalObject->hasProperty(exec, entry.key.get());
+            RETURN_IF_EXCEPTION(throwScope, throwScope.exception());
+            if (hasProperty) {
                 // The ES6 spec says that just RestrictedGlobalProperty can't be shadowed
                 // This carried out section 8.1.1.4.14 of the ES6 spec: http://www.ecma-international.org/ecma-262/6.0/index.html#sec-hasrestrictedglobalproperty
                 PropertyDescriptor descriptor;
@@ -107,8 +111,10 @@
                 if (descriptor.value() != jsUndefined() && !descriptor.configurable())
                     return createSyntaxError(exec, makeString("Can't create duplicate variable that shadows a global property: '", String(entry.key.get()), "'"));
             }
-                
-            if (globalLexicalEnvironment->hasProperty(exec, entry.key.get())) {
+
+            hasProperty = globalLexicalEnvironment->hasProperty(exec, entry.key.get());
+            RETURN_IF_EXCEPTION(throwScope, throwScope.exception());
+            if (hasProperty) {
                 if (UNLIKELY(entry.value.isConst() && !vm.globalConstRedeclarationShouldThrow() && !isStrictMode())) {
                     // We only allow "const" duplicate declarations under this setting.
                     // For example, we don't "let" variables to be overridden by "const" variables.
@@ -123,7 +129,9 @@
         // It's an error to introduce a shadow.
         if (!globalLexicalEnvironment->isEmpty()) {
             for (auto& entry : variableDeclarations) {
-                if (globalLexicalEnvironment->hasProperty(exec, entry.key.get()))
+                bool hasProperty = globalLexicalEnvironment->hasProperty(exec, entry.key.get());
+                RETURN_IF_EXCEPTION(throwScope, throwScope.exception());
+                if (hasProperty)
                     return createSyntaxError(exec, makeString("Can't create duplicate variable: '", String(entry.key.get()), "'"));
             }
         }
@@ -148,6 +156,7 @@
     for (auto& entry : variableDeclarations) {
         ASSERT(entry.value.isVar());
         globalObject->addVar(callFrame, Identifier::fromUid(&vm, entry.key.get()));
+        ASSERT(!throwScope.exception());
     }
 
     {

Modified: trunk/Source/_javascript_Core/runtime/ScriptExecutable.cpp (208949 => 208950)


--- trunk/Source/_javascript_Core/runtime/ScriptExecutable.cpp	2016-11-21 16:58:00 UTC (rev 208949)
+++ trunk/Source/_javascript_Core/runtime/ScriptExecutable.cpp	2016-11-21 17:19:30 UTC (rev 208950)
@@ -307,18 +307,20 @@
 JSObject* ScriptExecutable::prepareForExecutionImpl(
     VM& vm, JSFunction* function, JSScope* scope, CodeSpecializationKind kind, CodeBlock*& resultCodeBlock)
 {
+    auto throwScope = DECLARE_THROW_SCOPE(vm);
     DeferGCForAWhile deferGC(vm.heap);
 
-    if (vm.getAndClearFailNextNewCodeBlock())
-        return createError(scope->globalObject()->globalExec(), ASCIILiteral("Forced Failure"));
+    if (vm.getAndClearFailNextNewCodeBlock()) {
+        auto& state = *scope->globalObject()->globalExec();
+        return throwException(&state, throwScope, createError(&state, ASCIILiteral("Forced Failure")));
+    }
 
-    JSObject* exception = 0;
+    JSObject* exception = nullptr;
     CodeBlock* codeBlock = newCodeBlockFor(kind, function, scope, exception);
     resultCodeBlock = codeBlock;
-    if (!codeBlock) {
-        RELEASE_ASSERT(exception);
+    ASSERT(!!throwScope.exception() == !codeBlock);
+    if (UNLIKELY(!codeBlock))
         return exception;
-    }
     
     if (Options::validateBytecode())
         codeBlock->validate();

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to