VMTraps shouldn't crash if it sees an exception it doesn't understand.
authorkeith_miller@apple.com <keith_miller@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 2 Oct 2017 21:58:50 +0000 (21:58 +0000)
committerkeith_miller@apple.com <keith_miller@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 2 Oct 2017 21:58:50 +0000 (21:58 +0000)
https://bugs.webkit.org/show_bug.cgi?id=177780

Reviewed by Mark Lam.

VMTraps could see a JIT breakpoint (SegV) for any number of
reasons it doesn't understand. e.g.  a bug in JIT code, Wasm OOB,
etc. This patch makes it handle that case gracefully. It's worth
noting that this means there's no way to know if, due to a bug, we
didn't accurately track all the VMTraps we installed. I'm not sure
if there is a good solution to that problem though.

* runtime/VMTraps.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@222748 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/VMTraps.cpp

index 2926f20..6c169bc 100644 (file)
@@ -1,3 +1,19 @@
+2017-10-02  Keith Miller  <keith_miller@apple.com>
+
+        VMTraps shouldn't crash if it sees an exception it doesn't understand.
+        https://bugs.webkit.org/show_bug.cgi?id=177780
+
+        Reviewed by Mark Lam.
+
+        VMTraps could see a JIT breakpoint (SegV) for any number of
+        reasons it doesn't understand. e.g.  a bug in JIT code, Wasm OOB,
+        etc. This patch makes it handle that case gracefully. It's worth
+        noting that this means there's no way to know if, due to a bug, we
+        didn't accurately track all the VMTraps we installed. I'm not sure
+        if there is a good solution to that problem though.
+
+        * runtime/VMTraps.cpp:
+
 2017-10-02  Saam Barati  <sbarati@apple.com>
 
         Unreviewed. Add missing exception check for the custom-get-set-inline-caching-one-level-up-proto-chain.js
index deaa449..e236ed3 100644 (file)
@@ -211,6 +211,10 @@ public:
                     return SignalAction::NotHandled;
 
                 CodeBlock* currentCodeBlock = DFG::codeBlockForVMTrapPC(context.trapPC);
+                if (!currentCodeBlock) {
+                    // Either we trapped for some other reason, e.g. Wasm OOB, or we didn't properly monitor the PC. Regardless, we can't do much now...
+                    return SignalAction::NotHandled;
+                }
                 ASSERT(currentCodeBlock->hasInstalledVMTrapBreakpoints());
                 VM& vm = *currentCodeBlock->vm();
                 ASSERT(vm.traps().needTrapHandling()); // We should have already jettisoned this code block when we handled the trap.