Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 0693d90fa79881a734fa412c7717f2575f398789
https://github.com/WebKit/WebKit/commit/0693d90fa79881a734fa412c7717f2575f398789
Author: Yijia Huang <[email protected]>
Date: 2025-08-25 (Mon, 25 Aug 2025)
Changed paths:
M Source/JavaScriptCore/llint/LLIntSlowPaths.cpp
Log Message:
-----------
[JSC] Fix exception scope handling in llint_check_stack_and_vm_traps
https://bugs.webkit.org/show_bug.cgi?id=297794
rdar://158958322
Reviewed by Mark Lam.
The bug in timer-exception.js is an unchecked exception validation failure where
llint_check_stack_and_vm_traps calls handleTraps which can throw a termination
exception, but the exception is never checked before the ThrowScope destructor
runs, causing the assertion "exception check validation failed" when the
watchdog
timer fires during JavaScript function prologue execution.
This patch fixes exception scope validation failures on throwScope in
llint_check_stack_and_vm_traps since handleTrapsIfNeeded can throw a
termination exception.
1. When a termination exception is pending after trap handling, we now
properly release the throwScope before propagating the exception.
2. When no traps are handled, we assert that no exceptions should be
present, updating m_needExceptionCheck to false.
The fix ensures proper exception scope lifecycle management while
maintaining the integrity of the exception handling system for both normal
execution and termination scenarios.
Canonical link: https://commits.webkit.org/299116@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
