Title: [279167] trunk/Source/_javascript_Core
- Revision
- 279167
- Author
- sbar...@apple.com
- Date
- 2021-06-23 08:20:13 -0700 (Wed, 23 Jun 2021)
Log Message
Run lazy properties initializers under a DeferTerminationForAWhile scope
https://bugs.webkit.org/show_bug.cgi?id=227271
Reviewed by Mark Lam.
We don't expect that exceptions can be thrown when initializing
a lazy property. Termination exceptions were preventing this from
being true. The latest example found is inside JSModuleLoader when
it asserts that no exception is thrown when creating its JSMap field.
This patch makes it so termination exceptions can't be thrown when
running lazy property initializers.
* runtime/LazyPropertyInlines.h:
(JSC::ElementType>::initLater):
(JSC::ElementType>::callFunc):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (279166 => 279167)
--- trunk/Source/_javascript_Core/ChangeLog 2021-06-23 06:34:31 UTC (rev 279166)
+++ trunk/Source/_javascript_Core/ChangeLog 2021-06-23 15:20:13 UTC (rev 279167)
@@ -1,3 +1,21 @@
+2021-06-23 Saam Barati <sbar...@apple.com>
+
+ Run lazy properties initializers under a DeferTerminationForAWhile scope
+ https://bugs.webkit.org/show_bug.cgi?id=227271
+
+ Reviewed by Mark Lam.
+
+ We don't expect that exceptions can be thrown when initializing
+ a lazy property. Termination exceptions were preventing this from
+ being true. The latest example found is inside JSModuleLoader when
+ it asserts that no exception is thrown when creating its JSMap field.
+ This patch makes it so termination exceptions can't be thrown when
+ running lazy property initializers.
+
+ * runtime/LazyPropertyInlines.h:
+ (JSC::ElementType>::initLater):
+ (JSC::ElementType>::callFunc):
+
2021-06-22 Yijia Huang <yijia_hu...@apple.com>
Add a new pattern to instruction selector to utilize SMADDL supported by ARM64
Modified: trunk/Source/_javascript_Core/runtime/LazyPropertyInlines.h (279166 => 279167)
--- trunk/Source/_javascript_Core/runtime/LazyPropertyInlines.h 2021-06-23 06:34:31 UTC (rev 279166)
+++ trunk/Source/_javascript_Core/runtime/LazyPropertyInlines.h 2021-06-23 15:20:13 UTC (rev 279167)
@@ -25,7 +25,9 @@
#pragma once
+#include "DeferTermination.h"
#include "Heap.h"
+#include "VMTraps.h"
#include <wtf/StdLibExtras.h>
namespace JSC {
@@ -46,7 +48,7 @@
// may be used for things. We address this problem by indirecting through a global const
// variable. The "theFunc" variable is guaranteed to be native-aligned, i.e. at least a
// multiple of 4.
- static const FuncType theFunc = callFunc<Func>;
+ static const FuncType theFunc = &callFunc<Func>;
m_pointer = lazyTag | bitwise_cast<uintptr_t>(&theFunc);
}
@@ -95,15 +97,12 @@
{
if (initializer.property.m_pointer & initializingTag)
return nullptr;
+
+ DeferTerminationForAWhile deferTerminationForAWhile { initializer.vm };
initializer.property.m_pointer |= initializingTag;
callStatelessLambda<void, Func>(initializer);
- if (UNLIKELY(initializer.property.m_pointer & initializingTag)) {
- VM& vm = initializer.vm;
- RELEASE_ASSERT(vm.hasPendingTerminationException());
- RELEASE_ASSERT(initializer.property.m_pointer & lazyTag);
- return nullptr;
- }
RELEASE_ASSERT(!(initializer.property.m_pointer & lazyTag));
+ RELEASE_ASSERT(!(initializer.property.m_pointer & initializingTag));
return bitwise_cast<ElementType*>(initializer.property.m_pointer);
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
