Title: [163595] trunk/Source/_javascript_Core
- Revision
- 163595
- Author
- msab...@apple.com
- Date
- 2014-02-06 18:03:26 -0800 (Thu, 06 Feb 2014)
Log Message
Workaround REGRESSION(r163195-r163227): Crash beneath NSErrorUserInfoFromJSException when installing AppleInternal.mpkg
https://bugs.webkit.org/show_bug.cgi?id=128347
Reviewed by Geoffrey Garen.
Added a flag to VM class called m_ignoreStackLimit that disables stack limit checks.
We set this flag in JSContextGroupCreate() and JSGlobalContextCreateInGroup().
Disabled stack overflow tests in testapi.js since it uses these paths.
THis patch will be reverted as part of a comprehensive solution to the problem.
* API/JSContextRef.cpp:
(JSContextGroupCreate):
(JSGlobalContextCreateInGroup):
* API/tests/testapi.js:
* runtime/VM.cpp:
(JSC::VM::VM):
(JSC::VM::updateStackLimitWithReservedZoneSize):
* runtime/VM.h:
(JSC::VM::ignoreStackLimit):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/API/JSContextRef.cpp (163594 => 163595)
--- trunk/Source/_javascript_Core/API/JSContextRef.cpp 2014-02-07 02:01:45 UTC (rev 163594)
+++ trunk/Source/_javascript_Core/API/JSContextRef.cpp 2014-02-07 02:03:26 UTC (rev 163595)
@@ -57,7 +57,9 @@
JSContextGroupRef JSContextGroupCreate()
{
initializeThreading();
- return toRef(VM::createContextGroup().leakRef());
+ VM* vm = VM::createContextGroup().leakRef();
+ vm->ignoreStackLimit();
+ return toRef(vm);
}
JSContextGroupRef JSContextGroupRetain(JSContextGroupRef group)
@@ -129,7 +131,13 @@
{
initializeThreading();
- RefPtr<VM> vm = group ? PassRefPtr<VM>(toJS(group)) : VM::createContextGroup();
+ RefPtr<VM> vm;
+ if (group)
+ vm = PassRefPtr<VM>(toJS(group));
+ else {
+ vm = VM::createContextGroup();
+ vm->ignoreStackLimit();
+ }
APIEntryShim entryShim(vm.get(), false);
vm->makeUsableFromMultipleThreads();
Modified: trunk/Source/_javascript_Core/API/tests/testapi.js (163594 => 163595)
--- trunk/Source/_javascript_Core/API/tests/testapi.js 2014-02-07 02:01:45 UTC (rev 163594)
+++ trunk/Source/_javascript_Core/API/tests/testapi.js 2014-02-07 02:03:26 UTC (rev 163595)
@@ -242,6 +242,7 @@
shouldBe('derivedOnlyDescriptor.enumerable', false);
shouldBe("undefined instanceof MyObject", false);
+/*
EvilExceptionObject.hasInstance = function f() { return f(); };
EvilExceptionObject.__proto__ = undefined;
shouldThrow("undefined instanceof EvilExceptionObject");
@@ -252,6 +253,7 @@
shouldThrow("EvilExceptionObject*5");
EvilExceptionObject.toStringExplicit = function f() { return f(); }
shouldThrow("String(EvilExceptionObject)");
+ */
shouldBe("EmptyObject", "[object CallbackObject]");
Modified: trunk/Source/_javascript_Core/ChangeLog (163594 => 163595)
--- trunk/Source/_javascript_Core/ChangeLog 2014-02-07 02:01:45 UTC (rev 163594)
+++ trunk/Source/_javascript_Core/ChangeLog 2014-02-07 02:03:26 UTC (rev 163595)
@@ -1,3 +1,27 @@
+2014-02-06 Michael Saboff <msab...@apple.com>
+
+ Workaround REGRESSION(r163195-r163227): Crash beneath NSErrorUserInfoFromJSException when installing AppleInternal.mpkg
+ https://bugs.webkit.org/show_bug.cgi?id=128347
+
+ Reviewed by Geoffrey Garen.
+
+ Added a flag to VM class called m_ignoreStackLimit that disables stack limit checks.
+ We set this flag in JSContextGroupCreate() and JSGlobalContextCreateInGroup().
+
+ Disabled stack overflow tests in testapi.js since it uses these paths.
+
+ THis patch will be reverted as part of a comprehensive solution to the problem.
+
+ * API/JSContextRef.cpp:
+ (JSContextGroupCreate):
+ (JSGlobalContextCreateInGroup):
+ * API/tests/testapi.js:
+ * runtime/VM.cpp:
+ (JSC::VM::VM):
+ (JSC::VM::updateStackLimitWithReservedZoneSize):
+ * runtime/VM.h:
+ (JSC::VM::ignoreStackLimit):
+
2014-02-06 Mark Hahnenberg <mhahnenb...@apple.com>
+[JSContext currentCallee] should return the currently executing JS function
Modified: trunk/Source/_javascript_Core/runtime/VM.cpp (163594 => 163595)
--- trunk/Source/_javascript_Core/runtime/VM.cpp 2014-02-07 02:01:45 UTC (rev 163594)
+++ trunk/Source/_javascript_Core/runtime/VM.cpp 2014-02-07 02:03:26 UTC (rev 163595)
@@ -219,6 +219,7 @@
#if ENABLE(GC_VALIDATION)
, m_initializingObjectClass(0)
#endif
+ , m_ignoreStackLimit(false)
, m_stackLimit(0)
#if ENABLE(LLINT_C_LOOP)
, m_jsStackLimit(0)
@@ -738,6 +739,11 @@
size_t VM::updateStackLimitWithReservedZoneSize(size_t reservedZoneSize)
{
+ if (m_ignoreStackLimit) {
+ setStackLimit(0);
+ return 0;
+ }
+
size_t oldReservedZoneSize = m_reservedZoneSize;
m_reservedZoneSize = reservedZoneSize;
Modified: trunk/Source/_javascript_Core/runtime/VM.h (163594 => 163595)
--- trunk/Source/_javascript_Core/runtime/VM.h 2014-02-07 02:01:45 UTC (rev 163594)
+++ trunk/Source/_javascript_Core/runtime/VM.h 2014-02-07 02:03:26 UTC (rev 163595)
@@ -387,6 +387,8 @@
#endif
void* stackLimit() { return m_stackLimit; }
+ void ignoreStackLimit() { m_ignoreStackLimit = true; }
+
bool isSafeToRecurse(size_t neededStackInBytes = 0) const
{
ASSERT(wtfThreadData().stack().isGrowingDownward());
@@ -521,6 +523,7 @@
#if ENABLE(GC_VALIDATION)
const ClassInfo* m_initializingObjectClass;
#endif
+ bool m_ignoreStackLimit;
size_t m_reservedZoneSize;
#if ENABLE(LLINT_C_LOOP)
struct {
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
