- Revision
- 245646
- Author
- tzaga...@apple.com
- Date
- 2019-05-22 14:03:20 -0700 (Wed, 22 May 2019)
Log Message
Fix validateExceptionChecks for CLoop
https://bugs.webkit.org/show_bug.cgi?id=191253
Reviewed by Keith Miller.
validateExceptionChecks relies on the stack position to determine if
an ExceptionScope was going to be handled by LLInt or JIT, but when
running with CLoop, it was comparing VM::topEntryFrame, which was an
address inside the CLoopStack to machine stack. This caused exceptions
to never be checked on x86 and always fail on ARM.
* runtime/CatchScope.h:
* runtime/ExceptionScope.h:
* runtime/ThrowScope.h:
* runtime/VM.cpp:
(JSC::VM::currentCLoopStackPointer const):
* runtime/VM.h:
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (245645 => 245646)
--- trunk/Source/_javascript_Core/ChangeLog 2019-05-22 21:01:40 UTC (rev 245645)
+++ trunk/Source/_javascript_Core/ChangeLog 2019-05-22 21:03:20 UTC (rev 245646)
@@ -1,3 +1,23 @@
+2019-05-22 Zagallo <tzaga...@apple.com>
+
+ Fix validateExceptionChecks for CLoop
+ https://bugs.webkit.org/show_bug.cgi?id=191253
+
+ Reviewed by Keith Miller.
+
+ validateExceptionChecks relies on the stack position to determine if
+ an ExceptionScope was going to be handled by LLInt or JIT, but when
+ running with CLoop, it was comparing VM::topEntryFrame, which was an
+ address inside the CLoopStack to machine stack. This caused exceptions
+ to never be checked on x86 and always fail on ARM.
+
+ * runtime/CatchScope.h:
+ * runtime/ExceptionScope.h:
+ * runtime/ThrowScope.h:
+ * runtime/VM.cpp:
+ (JSC::VM::currentCLoopStackPointer const):
+ * runtime/VM.h:
+
2019-05-22 Tadeu Zagallo <tzaga...@apple.com>
Stack-buffer-overflow in decodeURIComponent
Modified: trunk/Source/_javascript_Core/runtime/CatchScope.h (245645 => 245646)
--- trunk/Source/_javascript_Core/runtime/CatchScope.h 2019-05-22 21:01:40 UTC (rev 245645)
+++ trunk/Source/_javascript_Core/runtime/CatchScope.h 2019-05-22 21:03:20 UTC (rev 245646)
@@ -48,7 +48,7 @@
};
#define DECLARE_CATCH_SCOPE(vm__) \
- JSC::CatchScope((vm__), JSC::ExceptionEventLocation(EXCEPTION_SCOPE_POSITION_FOR_ASAN, __FUNCTION__, __FILE__, __LINE__))
+ JSC::CatchScope((vm__), JSC::ExceptionEventLocation(EXCEPTION_SCOPE_POSITION_FOR_ASAN(vm__), __FUNCTION__, __FILE__, __LINE__))
#else // not ENABLE(EXCEPTION_SCOPE_VERIFICATION)
Modified: trunk/Source/_javascript_Core/runtime/ExceptionScope.h (245645 => 245646)
--- trunk/Source/_javascript_Core/runtime/ExceptionScope.h 2019-05-22 21:01:40 UTC (rev 245645)
+++ trunk/Source/_javascript_Core/runtime/ExceptionScope.h 2019-05-22 21:03:20 UTC (rev 245646)
@@ -38,10 +38,12 @@
#define EXCEPTION_ASSERT_UNUSED(variable, assertion) RELEASE_ASSERT(assertion)
#define EXCEPTION_ASSERT_WITH_MESSAGE(assertion, message) RELEASE_ASSERT_WITH_MESSAGE(assertion, message)
-#if ASAN_ENABLED && COMPILER(GCC_COMPATIBLE)
-#define EXCEPTION_SCOPE_POSITION_FOR_ASAN currentStackPointer()
+#if ENABLE(C_LOOP)
+#define EXCEPTION_SCOPE_POSITION_FOR_ASAN(vm__) (vm__).currentCLoopStackPointer()
+#elif ASAN_ENABLED && COMPILER(GCC_COMPATIBLE)
+#define EXCEPTION_SCOPE_POSITION_FOR_ASAN(vm__) currentStackPointer()
#else
-#define EXCEPTION_SCOPE_POSITION_FOR_ASAN nullptr
+#define EXCEPTION_SCOPE_POSITION_FOR_ASAN(vm__) nullptr
#endif
class ExceptionScope {
@@ -53,7 +55,7 @@
ALWAYS_INLINE void assertNoException() { RELEASE_ASSERT_WITH_MESSAGE(!exception(), "%s", unexpectedExceptionMessage().data()); }
ALWAYS_INLINE void releaseAssertNoException() { RELEASE_ASSERT_WITH_MESSAGE(!exception(), "%s", unexpectedExceptionMessage().data()); }
-#if ASAN_ENABLED
+#if ASAN_ENABLED || ENABLE(C_LOOP)
const void* stackPosition() const { return m_location.stackPosition; }
#else
const void* stackPosition() const { return this; }
Modified: trunk/Source/_javascript_Core/runtime/ThrowScope.h (245645 => 245646)
--- trunk/Source/_javascript_Core/runtime/ThrowScope.h 2019-05-22 21:01:40 UTC (rev 245645)
+++ trunk/Source/_javascript_Core/runtime/ThrowScope.h 2019-05-22 21:03:20 UTC (rev 245646)
@@ -62,7 +62,7 @@
};
#define DECLARE_THROW_SCOPE(vm__) \
- JSC::ThrowScope((vm__), JSC::ExceptionEventLocation(EXCEPTION_SCOPE_POSITION_FOR_ASAN, __FUNCTION__, __FILE__, __LINE__))
+ JSC::ThrowScope((vm__), JSC::ExceptionEventLocation(EXCEPTION_SCOPE_POSITION_FOR_ASAN(vm__), __FUNCTION__, __FILE__, __LINE__))
#define throwScopePrintIfNeedCheck(scope__) \
scope__.printIfNeedCheck(__FUNCTION__, __FILE__, __LINE__)
Modified: trunk/Source/_javascript_Core/runtime/VM.cpp (245645 => 245646)
--- trunk/Source/_javascript_Core/runtime/VM.cpp 2019-05-22 21:01:40 UTC (rev 245645)
+++ trunk/Source/_javascript_Core/runtime/VM.cpp 2019-05-22 21:03:20 UTC (rev 245646)
@@ -1148,6 +1148,11 @@
{
return interpreter->cloopStack().isSafeToRecurse();
}
+
+void* VM::currentCLoopStackPointer() const
+{
+ return interpreter->cloopStack().currentStackPointer();
+}
#endif // ENABLE(C_LOOP)
#if ENABLE(EXCEPTION_SCOPE_VERIFICATION)
Modified: trunk/Source/_javascript_Core/runtime/VM.h (245645 => 245646)
--- trunk/Source/_javascript_Core/runtime/VM.h 2019-05-22 21:01:40 UTC (rev 245645)
+++ trunk/Source/_javascript_Core/runtime/VM.h 2019-05-22 21:03:20 UTC (rev 245646)
@@ -730,6 +730,7 @@
#if ENABLE(C_LOOP)
void* cloopStackLimit() { return m_cloopStackLimit; }
void setCLoopStackLimit(void* limit) { m_cloopStackLimit = limit; }
+ JS_EXPORT_PRIVATE void* currentCLoopStackPointer() const;
#endif
inline bool isSafeToRecurseSoft() const;