Reviewed by Geoffrey Garen.
ASSERTION Failure in JSC::binaryChop
https://bugs.webkit.org/show_bug.cgi?id=25614
Changed JITStubs::cti_register_file_check() to use the current stack's
return PC to find the bytecode for handling the exception in the prior
frame. Also added the appropriate arrity check routine call to the
JIT to bytecode vector (m_callReturnIndexVector) in the CodeBlock.
* jit/JIT.cpp:
(JSC::JIT::privateCompile): Changed the arrity check call location
so that it gets added to the m_calls list so that it's included in
CodeBlock::m_callReturnIndexVector.
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION): Use the current call frame's return PC.
2011-01-11 Michael Saboff <msaboff@apple.com>
Reviewed by Geoffrey Garen.
ASSERTION Failure in JSC::binaryChop
https://bugs.webkit.org/show_bug.cgi?id=25614
Added new test to check for proper handling of stack overflow
exceptions and arrity exceptions while close to the top of the stack.
* fast/js/script-tests/stack-overflow-arrity-catch.js: Added.
(fWithTwoArgs):
(test):
* fast/js/script-tests/stack-overflow-catch.js: Added.
(test):
* fast/js/stack-overflow-arrity-catch-expected.txt: Added.
* fast/js/stack-overflow-arrity-catch.html: Added.
* fast/js/stack-overflow-catch-expected.txt: Added.
* fast/js/stack-overflow-catch.html: Added.
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@75510
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2011-01-11 Michael Saboff <msaboff@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ ASSERTION Failure in JSC::binaryChop
+ https://bugs.webkit.org/show_bug.cgi?id=25614
+
+ Added new test to check for proper handling of stack overflow
+ exceptions and arrity exceptions while close to the top of the stack.
+
+ * fast/js/script-tests/stack-overflow-arrity-catch.js: Added.
+ (fWithTwoArgs):
+ (test):
+ * fast/js/script-tests/stack-overflow-catch.js: Added.
+ (test):
+ * fast/js/stack-overflow-arrity-catch-expected.txt: Added.
+ * fast/js/stack-overflow-arrity-catch.html: Added.
+ * fast/js/stack-overflow-catch-expected.txt: Added.
+ * fast/js/stack-overflow-catch.html: Added.
+
2011-01-11 Stephen White <senorblanco@chromium.org>
Unreviewed; new chromium GPU test baselines.
--- /dev/null
+description('Test that if an arrity check causes a stack overflow, the exception goes to the right catch');
+
+function funcWith20Args(arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8,
+ arg9, arg10, arg11, arg12, arg13, arg14, arg15,
+ arg16, arg17, arg18, arg19, arg20)
+{
+ debug("ERROR: Shouldn't arrive in 20 arg function!");
+}
+
+gotRightCatch = false;
+
+function test1()
+{
+ try {
+ test2();
+ } catch (err) {
+ // Should get here because of stack overflow,
+ // now cause a stack overflow exception due to arrity processing
+ try {
+ var dummy = new RegExp('a|b|c');
+ } catch(err) {
+ debug('Should not get here #1!');
+ }
+
+ try {
+ funcWith20Args(1, 2, 3);
+ } catch (err2) {
+ gotRightCatch = true;
+ }
+ }
+}
+
+function test2()
+{
+ try {
+ var dummy = new Date();
+ } catch(err) {
+ debug('Should not get here #2!');
+ }
+
+ try {
+ test1();
+ } catch (err) {
+ // Should get here because of stack overflow,
+ // now cause a stack overflow exception due to arrity processing
+ try {
+ funcWith20Args(1, 2, 3, 4, 5, 6);
+ } catch (err2) {
+ gotRightCatch = true;
+ }
+ }
+}
+
+test1();
+
+shouldBeTrue("gotRightCatch");
+
+var successfullyParsed = true;
--- /dev/null
+description('Test that when the stack overflows, the exception goes to the last frame before the overflow');
+
+var level = 0;
+var stackLevel = 0;
+var gotWrongCatch = false;
+
+function test1()
+{
+ var myLevel = level;
+ var dummy;
+
+ try {
+ level = level + 1;
+ // Dummy code to make this funciton different from test2()
+ dummy = level * level + 1;
+ if (dummy == 0)
+ debug('Should never get here!!!!');
+ } catch(err) {
+ gotWrongCatch = true;
+ }
+
+ try {
+ test2();
+ } catch(err) {
+ stackLevel = myLevel;
+ }
+}
+
+function test2()
+{
+ var myLevel = level;
+
+ // Dummy code to make this funciton different from test1()
+ if (gotWrongCatch)
+ debug('Should never get here!!!!');
+
+ try {
+ level = level + 1;
+ } catch(err) {
+ gotWrongCatch = true;
+ }
+
+ try {
+ test1();
+ } catch(err) {
+ stackLevel = myLevel;
+ }
+}
+
+test1();
+
+shouldBeFalse("gotWrongCatch");
+shouldBe("(stackLevel)", "(level - 1)");
+
+var successfullyParsed = true;
--- /dev/null
+Test that if an arrity check causes a stack overflow, the exception goes to the right catch
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS gotRightCatch is true
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<link rel="stylesheet" href="resources/js-test-style.css">
+<script src="resources/js-test-pre.js"></script>
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+<script src="script-tests/stack-overflow-arrity-catch.js"></script>
+<script src="resources/js-test-post.js"></script>
+</body>
+</html>
--- /dev/null
+Test that when the stack overflows, the exception goes to the last frame before the overflow
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS gotWrongCatch is false
+PASS (stackLevel) is (level - 1)
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<link rel="stylesheet" href="resources/js-test-style.css">
+<script src="resources/js-test-pre.js"></script>
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+<script src="script-tests/stack-overflow-catch.js"></script>
+<script src="resources/js-test-post.js"></script>
+</body>
+</html>
+2011-01-10 Michael Saboff <msaboff@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ ASSERTION Failure in JSC::binaryChop
+ https://bugs.webkit.org/show_bug.cgi?id=25614
+
+ Changed JITStubs::cti_register_file_check() to use the current stack's
+ return PC to find the bytecode for handling the exception in the prior
+ frame. Also added the appropriate arrity check routine call to the
+ JIT to bytecode vector (m_callReturnIndexVector) in the CodeBlock.
+
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile): Changed the arrity check call location
+ so that it gets added to the m_calls list so that it's included in
+ CodeBlock::m_callReturnIndexVector.
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION): Use the current call frame's return PC.
+
2011-01-10 Daniel Bates <dbates@rim.com>
Reviewed by Martin Robinson.
privateCompileSlowCases();
Label arityCheck;
- Call callArityCheck;
if (m_codeBlock->codeType() == FunctionCode) {
registerFileCheck.link(this);
m_bytecodeOffset = 0;
emitPutToCallFrameHeader(regT2, RegisterFile::ReturnPC);
branch32(Equal, regT1, Imm32(m_codeBlock->m_numParameters)).linkTo(beginLabel, this);
restoreArgumentReference();
- callArityCheck = call();
- move(regT0, callFrameRegister);
+
+ JITStubCall(this, m_codeBlock->m_isConstructor ? cti_op_construct_arityCheck : cti_op_call_arityCheck).call(callFrameRegister);
+
jump(beginLabel);
}
info.callReturnLocation = m_codeBlock->structureStubInfo(m_methodCallCompilationInfo[i].propertyAccessIndex).callReturnLocation;
}
- if (m_codeBlock->codeType() == FunctionCode && functionEntryArityCheck) {
- patchBuffer.link(callArityCheck, FunctionPtr(m_codeBlock->m_isConstructor ? cti_op_construct_arityCheck : cti_op_call_arityCheck));
+ if (m_codeBlock->codeType() == FunctionCode && functionEntryArityCheck)
*functionEntryArityCheck = patchBuffer.locationOf(arityCheck);
- }
return patchBuffer.finalizeCode();
}
// Rewind to the previous call frame because op_call already optimistically
// moved the call frame forward.
CallFrame* oldCallFrame = callFrame->callerFrame();
- ExceptionHandler handler = jitThrow(stackFrame.globalData, oldCallFrame, createStackOverflowError(oldCallFrame), ReturnAddressPtr(oldCallFrame->returnPC()));
+ ExceptionHandler handler = jitThrow(stackFrame.globalData, oldCallFrame, createStackOverflowError(oldCallFrame), ReturnAddressPtr(callFrame->returnPC()));
STUB_SET_RETURN_ADDRESS(handler.catchRoutine);
callFrame = handler.callFrame;
}
git://git.webkit.org / WebKit-https.git / commitdiff