Fix exception scope verification failures in miscellaneous files.
authormark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 28 Nov 2016 22:21:29 +0000 (22:21 +0000)
committermark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 28 Nov 2016 22:21:29 +0000 (22:21 +0000)
https://bugs.webkit.org/show_bug.cgi?id=165055

Reviewed by Saam Barati.

* runtime/MathObject.cpp:
(JSC::mathProtoFuncIMul):
* runtime/ModuleLoaderPrototype.cpp:
(JSC::moduleLoaderPrototypeParseModule):
(JSC::moduleLoaderPrototypeRequestedModules):
* runtime/NativeErrorConstructor.cpp:
(JSC::Interpreter::constructWithNativeErrorConstructor):
* runtime/NumberConstructor.cpp:
(JSC::constructWithNumberConstructor):
* runtime/SetConstructor.cpp:
(JSC::constructSet):
* runtime/SetIteratorPrototype.cpp:
(JSC::SetIteratorPrototypeFuncNext):
* runtime/SparseArrayValueMap.cpp:
(JSC::SparseArrayValueMap::putEntry):
(JSC::SparseArrayEntry::put):
* runtime/TemplateRegistry.cpp:
(JSC::TemplateRegistry::getTemplateObject):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@209018 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/MathObject.cpp
Source/JavaScriptCore/runtime/ModuleLoaderPrototype.cpp
Source/JavaScriptCore/runtime/NativeErrorConstructor.cpp
Source/JavaScriptCore/runtime/NumberConstructor.cpp
Source/JavaScriptCore/runtime/SetConstructor.cpp
Source/JavaScriptCore/runtime/SetIteratorPrototype.cpp
Source/JavaScriptCore/runtime/SparseArrayValueMap.cpp
Source/JavaScriptCore/runtime/TemplateRegistry.cpp

index 1ec913e..07629d4 100644 (file)
@@ -1,3 +1,29 @@
+2016-11-26  Mark Lam  <mark.lam@apple.com>
+
+        Fix exception scope verification failures in miscellaneous files.
+        https://bugs.webkit.org/show_bug.cgi?id=165055
+
+        Reviewed by Saam Barati.
+
+        * runtime/MathObject.cpp:
+        (JSC::mathProtoFuncIMul):
+        * runtime/ModuleLoaderPrototype.cpp:
+        (JSC::moduleLoaderPrototypeParseModule):
+        (JSC::moduleLoaderPrototypeRequestedModules):
+        * runtime/NativeErrorConstructor.cpp:
+        (JSC::Interpreter::constructWithNativeErrorConstructor):
+        * runtime/NumberConstructor.cpp:
+        (JSC::constructWithNumberConstructor):
+        * runtime/SetConstructor.cpp:
+        (JSC::constructSet):
+        * runtime/SetIteratorPrototype.cpp:
+        (JSC::SetIteratorPrototypeFuncNext):
+        * runtime/SparseArrayValueMap.cpp:
+        (JSC::SparseArrayValueMap::putEntry):
+        (JSC::SparseArrayEntry::put):
+        * runtime/TemplateRegistry.cpp:
+        (JSC::TemplateRegistry::getTemplateObject):
+
 2016-11-28  Mark Lam  <mark.lam@apple.com>
 
         Fix exception scope verification failures in ReflectObject.cpp.
index d9052f0..c810b94 100644 (file)
@@ -297,6 +297,7 @@ EncodedJSValue JSC_HOST_CALL mathProtoFuncIMul(ExecState* exec)
     auto scope = DECLARE_THROW_SCOPE(vm);
     int32_t left = exec->argument(0).toInt32(exec);
     RETURN_IF_EXCEPTION(scope, encodedJSValue());
+    scope.release();
     int32_t right = exec->argument(1).toInt32(exec);
     return JSValue::encode(jsNumber(left * right));
 }
index 79e6848..850049a 100644 (file)
@@ -133,6 +133,7 @@ EncodedJSValue JSC_HOST_CALL moduleLoaderPrototypeParseModule(ExecState* exec)
     ASSERT(moduleProgramNode);
 
     ModuleAnalyzer moduleAnalyzer(exec, moduleKey, sourceCode, moduleProgramNode->varDeclarations(), moduleProgramNode->lexicalVariables());
+    RETURN_IF_EXCEPTION(scope, encodedJSValue());
     JSModuleRecord* moduleRecord = moduleAnalyzer.analyze(*moduleProgramNode);
 
     return JSValue::encode(moduleRecord);
@@ -143,15 +144,18 @@ EncodedJSValue JSC_HOST_CALL moduleLoaderPrototypeRequestedModules(ExecState* ex
     VM& vm = exec->vm();
     auto scope = DECLARE_THROW_SCOPE(vm);
     JSModuleRecord* moduleRecord = jsDynamicCast<JSModuleRecord*>(exec->argument(0));
-    if (!moduleRecord)
+    if (!moduleRecord) {
+        scope.release();
         return JSValue::encode(constructEmptyArray(exec, nullptr));
+    }
 
     JSArray* result = constructEmptyArray(exec, nullptr, moduleRecord->requestedModules().size());
     RETURN_IF_EXCEPTION(scope, encodedJSValue());
     size_t i = 0;
-    for (auto& key : moduleRecord->requestedModules())
+    for (auto& key : moduleRecord->requestedModules()) {
         result->putDirectIndex(exec, i++, jsString(exec, key.get()));
-
+        RETURN_IF_EXCEPTION(scope, encodedJSValue());
+    }
     return JSValue::encode(result);
 }
 
index 0a87991..eec435d 100644 (file)
@@ -69,6 +69,7 @@ EncodedJSValue JSC_HOST_CALL Interpreter::constructWithNativeErrorConstructor(Ex
     Structure* errorStructure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), jsCast<NativeErrorConstructor*>(exec->callee())->errorStructure());
     RETURN_IF_EXCEPTION(scope, encodedJSValue());
     ASSERT(errorStructure);
+    scope.release();
     return JSValue::encode(ErrorInstance::create(exec, errorStructure, message, nullptr, TypeNothing, false));
 }
 
index c2d8d70..8ad9ec0 100644 (file)
@@ -88,11 +88,12 @@ static EncodedJSValue JSC_HOST_CALL constructWithNumberConstructor(ExecState* ex
     VM& vm = exec->vm();
     auto scope = DECLARE_THROW_SCOPE(vm);
     double n = exec->argumentCount() ? exec->uncheckedArgument(0).toNumber(exec) : 0;
+    RETURN_IF_EXCEPTION(scope, encodedJSValue());
     Structure* structure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), exec->lexicalGlobalObject()->numberObjectStructure());
     RETURN_IF_EXCEPTION(scope, encodedJSValue());
 
-    NumberObject* object = NumberObject::create(exec->vm(), structure);
-    object->setInternalValue(exec->vm(), jsNumber(n));
+    NumberObject* object = NumberObject::create(vm, structure);
+    object->setInternalValue(vm, jsNumber(n));
     return JSValue::encode(object);
 }
 
index 98bb1e8..4cf4c43 100644 (file)
@@ -68,14 +68,15 @@ static EncodedJSValue JSC_HOST_CALL constructSet(ExecState* exec)
     if (iterable.isUndefinedOrNull())
         return JSValue::encode(set);
 
-    JSValue adderFunction = set->get(exec, exec->propertyNames().add);
+    JSValue adderFunction = set->get(exec, vm.propertyNames->add);
     RETURN_IF_EXCEPTION(scope, encodedJSValue());
 
     CallData adderFunctionCallData;
     CallType adderFunctionCallType = getCallData(adderFunction, adderFunctionCallData);
-    if (adderFunctionCallType == CallType::None)
+    if (UNLIKELY(adderFunctionCallType == CallType::None))
         return JSValue::encode(throwTypeError(exec, scope));
 
+    scope.release();
     forEachInIterable(exec, iterable, [&](VM&, ExecState* exec, JSValue nextValue) {
         MarkedArgumentBuffer arguments;
         arguments.append(nextValue);
index 5128710..ccbbb0e 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Apple, Inc. All rights reserved.
+ * Copyright (C) 2013, 2016 Apple, Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -56,8 +56,11 @@ EncodedJSValue JSC_HOST_CALL SetIteratorPrototypeFuncNext(CallFrame* callFrame)
     if (!iterator)
         return JSValue::encode(throwTypeError(callFrame, scope, ASCIILiteral("Cannot call SetIterator.next() on a non-SetIterator object")));
 
-    if (iterator->next(callFrame, result))
+    if (iterator->next(callFrame, result)) {
+        scope.release();
         return JSValue::encode(createIteratorResultObject(callFrame, result, false));
+    }
+    scope.release();
     return JSValue::encode(createIteratorResultObject(callFrame, jsUndefined(), true));
 }
 
index 9bfb03d..2d44ac0 100644 (file)
@@ -105,6 +105,7 @@ bool SparseArrayValueMap::putEntry(ExecState* exec, JSObject* array, unsigned i,
         return typeError(exec, scope, shouldThrow, ASCIILiteral(ReadonlyPropertyWriteError));
     }
     
+    scope.release();
     return entry.put(exec, array, this, value, shouldThrow);
 }
 
@@ -166,6 +167,7 @@ bool SparseArrayEntry::put(ExecState* exec, JSValue thisValue, SparseArrayValueM
         return true;
     }
 
+    scope.release();
     return callSetter(exec, thisValue, Base::get(), value, shouldThrow ? StrictMode : NotStrictMode);
 }
 
index 37ce437..54ae07d 100644 (file)
@@ -59,13 +59,15 @@ JSArray* TemplateRegistry::getTemplateObject(ExecState* exec, JSTemplateRegistry
 
     for (unsigned index = 0; index < count; ++index) {
         templateObject->putDirectIndex(exec, index, jsString(exec, templateKey.cookedStrings()[index]), ReadOnly | DontDelete, PutDirectIndexLikePutDirect);
+        RETURN_IF_EXCEPTION(scope, nullptr);
         rawObject->putDirectIndex(exec, index, jsString(exec, templateKey.rawStrings()[index]), ReadOnly | DontDelete, PutDirectIndexLikePutDirect);
+        RETURN_IF_EXCEPTION(scope, nullptr);
     }
 
     objectConstructorFreeze(exec, rawObject);
     ASSERT(!scope.exception());
 
-    templateObject->putDirect(vm, exec->propertyNames().raw, rawObject, ReadOnly | DontEnum | DontDelete);
+    templateObject->putDirect(vm, vm.propertyNames->raw, rawObject, ReadOnly | DontEnum | DontDelete);
 
     // Template JSArray hold the reference to JSTemplateRegistryKey to make TemplateRegistryKey pointer live until this JSArray is collected.
     // TemplateRegistryKey pointer is used for TemplateRegistry's key.