We shouldn't recurse into the parser when gathering metadata about various function...
authorsbarati@apple.com <sbarati@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 29 Jun 2018 23:40:25 +0000 (23:40 +0000)
committersbarati@apple.com <sbarati@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 29 Jun 2018 23:40:25 +0000 (23:40 +0000)
commit65626b0c67b0540cd1cab27efe3f34dea0ad04c5
tree5dd46c25d3adfb9d680da2ea24b8d5e48449ca47
parentd38444bb594a0c76ade323b3fdfc6900d46b6bc0
We shouldn't recurse into the parser when gathering metadata about various function offsets
https://bugs.webkit.org/show_bug.cgi?id=184074
<rdar://problem/37165897>

Reviewed by Mark Lam.

JSTests:

* microbenchmarks/try-get-by-id-basic.js:
(const.bench.f.const.fooPlusBar.createBuiltin):
* microbenchmarks/try-get-by-id-polymorphic.js:
(fooPlusBar.createBuiltin):
* stress/array-push-with-force-exit.js:
* stress/dont-crash-on-stack-overflow-when-parsing-builtin.js: Added.
(f):
* stress/dont-crash-on-stack-overflow-when-parsing-default-constructor.js: Added.
(foo):
(prototype.runNearStackLimit):
* stress/is-constructor.js:
* stress/tailCallForwardArguments.js:
(putFuncToPrivateName.createBuiltin):

Source/JavaScriptCore:

Prior to this patch, when we made a builtin, we had to make an UnlinkedFunctionExecutable
for that builtin. This required calling into the parser. However, the parser
may throw a stack overflow. We were not able to recover from that. The only
reason we called into the parser here is that we were gathering text offsets
and various metadata for things in the builtin function. This patch writes a
mini parser that figures this information out without calling into the full
parser. (I've also added a debug assert that verifies the mini parser stays in
sync with the full parser.) The result of this is that BuiltinExecutbles::createExecutable
always succeeds.

* builtins/AsyncFromSyncIteratorPrototype.js:
(globalPrivate.createAsyncFromSyncIterator):
(globalPrivate.AsyncFromSyncIteratorConstructor):
* builtins/BuiltinExecutables.cpp:
(JSC::BuiltinExecutables::createExecutable):
* builtins/GlobalOperations.js:
(globalPrivate.getter.overriddenName.string_appeared_here.speciesGetter):
(globalPrivate.speciesConstructor):
(globalPrivate.copyDataProperties):
(globalPrivate.copyDataPropertiesNoExclusions):
* builtins/PromiseOperations.js:
(globalPrivate.newHandledRejectedPromise):
* builtins/RegExpPrototype.js:
(globalPrivate.hasObservableSideEffectsForRegExpMatch):
(globalPrivate.hasObservableSideEffectsForRegExpSplit):
* builtins/StringPrototype.js:
(globalPrivate.hasObservableSideEffectsForStringReplace):
(globalPrivate.getDefaultCollator):
* parser/Nodes.cpp:
(JSC::FunctionMetadataNode::FunctionMetadataNode):
(JSC::FunctionMetadataNode::operator== const):
(JSC::FunctionMetadataNode::dump const):
* parser/Nodes.h:
* parser/Parser.h:
(JSC::parse):
* parser/ParserError.h:
(JSC::ParserError::type const):
* parser/ParserTokens.h:
(JSC::JSTextPosition::operator== const):
(JSC::JSTextPosition::operator!= const):
* parser/SourceCode.h:
(JSC::SourceCode::operator== const):
(JSC::SourceCode::operator!= const):
(JSC::SourceCode::subExpression const):
(JSC::SourceCode::subExpression): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@233377 268f45cc-cd09-0410-ab3c-d52691b4dbfc
21 files changed:
JSTests/ChangeLog
JSTests/microbenchmarks/try-get-by-id-basic.js
JSTests/microbenchmarks/try-get-by-id-polymorphic.js
JSTests/stress/array-push-with-force-exit.js
JSTests/stress/dont-crash-on-stack-overflow-when-parsing-builtin.js [new file with mode: 0644]
JSTests/stress/dont-crash-on-stack-overflow-when-parsing-default-constructor.js [new file with mode: 0644]
JSTests/stress/is-constructor.js
JSTests/stress/tailCallForwardArguments.js
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/builtins/AsyncFromSyncIteratorPrototype.js
Source/JavaScriptCore/builtins/BuiltinExecutables.cpp
Source/JavaScriptCore/builtins/GlobalOperations.js
Source/JavaScriptCore/builtins/PromiseOperations.js
Source/JavaScriptCore/builtins/RegExpPrototype.js
Source/JavaScriptCore/builtins/StringPrototype.js
Source/JavaScriptCore/parser/Nodes.cpp
Source/JavaScriptCore/parser/Nodes.h
Source/JavaScriptCore/parser/Parser.h
Source/JavaScriptCore/parser/ParserError.h
Source/JavaScriptCore/parser/ParserTokens.h
Source/JavaScriptCore/parser/SourceCode.h