WebKit Bugzilla
Attachment 339406 Details for
Bug 184074
: We shouldn't recurse into the parser when gathering metadata about various function offsets
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch without the controversial part
bug-184074-20180503161826.patch (text/plain), 113.32 KB, created by
Robin Morisset
on 2018-05-03 07:18:28 PDT
(
hide
)
Description:
Patch without the controversial part
Filename:
MIME Type:
Creator:
Robin Morisset
Created:
2018-05-03 07:18:28 PDT
Size:
113.32 KB
patch
obsolete
>Subversion Revision: 231302 >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index 24706688fbd1e0be8f4ad81701ea561c4f83a7be..db7b2d53fab67be64085dbcb10f5ef39ff8cc05b 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,85 @@ >+2018-05-03 Robin Morisset <rmorisset@apple.com> >+ >+ A stack overflow in the parsing of a builtin (called by createExecutable) cause a crash instead of a catchable js exception >+ https://bugs.webkit.org/show_bug.cgi?id=184074 >+ <rdar://problem/37165897> >+ >+ Reviewed by Keith Miller and JF Bastien. >+ >+ Fixing this requires getting the ParserError (with information about the failure) and an ExecState* (to throw an exception) in the same place. >+ It is surprisingly painful, with quite a long call stack between the last function with an access to an ExecState* and the first function with the ParserError. >+ Even worse, many of these functions are generated by macros, themselves generated by a maze of python scripts. >+ As a result, this patch is grotesquely large, while all it does is adding enough plumbing to throw a proper exception in this specific case. >+ >+ There are now bare calls to '.value()' on several paths that may crash. It is not a problem in my opinion, since we previously crashed in every case regardless of the path that took us to createExecutable when encountering a stack overflow. >+ If we ever find an example that can cause these calls to fail, it should be doable to throw a proper exception there too. >+ Using .value() and not a simple dereference is important as the latter is undefined behaviour if there is no 'value'. >+ >+ Two other minor changes: >+ - I removed BuiltinExecutableCreator.{cpp, h} as it was nearly empty, and only used in one place. That place now includes BuiltinExecutables.h directly instead. >+ - I moved code from ParserError.h into a newly created ParserError.cpp, as I see no need to inline functions that are only used when encountering a parser error, and ParserError.h is now included in quite a few places. >+ >+ * JavaScriptCore.xcodeproj/project.pbxproj: >+ * Scripts/builtins/builtins_generate_combined_header.py: >+ (BuiltinsCombinedHeaderGenerator.generate_forward_declarations): >+ (ParserError): >+ (generate_section_for_object): Deleted. >+ (generate_externs_for_object): Deleted. >+ (generate_macros_for_object): Deleted. >+ (generate_section_for_code_table_macro): Deleted. >+ (generate_section_for_code_name_macro): Deleted. >+ (generate_section_for_global_private_code_name_macro): Deleted. >+ * Scripts/builtins/builtins_generate_separate_header.py: >+ (generate_secondary_header_includes): >+ * Scripts/builtins/builtins_templates.py: >+ * Sources.txt: >+ * builtins/BuiltinExecutableCreator.cpp: Removed. >+ * builtins/BuiltinExecutableCreator.h: Removed. >+ * builtins/BuiltinExecutables.cpp: >+ (JSC::BuiltinExecutables::createDefaultConstructor): >+ (JSC::BuiltinExecutables::createBuiltinExecutable): >+ (JSC::createBuiltinExecutable): >+ (JSC::BuiltinExecutables::createExecutableOrCrash): >+ (JSC::BuiltinExecutables::createExecutable): >+ * builtins/BuiltinExecutables.h: >+ * bytecompiler/BytecodeGenerator.h: >+ * parser/ParserError.cpp: Added. >+ (JSC::ParserError::toErrorObject): >+ (JSC::ParserError::throwStackOverflowOrOutOfMemory): >+ (WTF::printInternal): >+ * parser/ParserError.h: >+ (JSC::ParserError::toErrorObject): Deleted. >+ (WTF::printInternal): Deleted. >+ * runtime/AsyncIteratorPrototype.cpp: >+ (JSC::AsyncIteratorPrototype::finishCreation): >+ * runtime/FunctionPrototype.cpp: >+ (JSC::FunctionPrototype::addFunctionProperties): >+ * runtime/JSGlobalObject.cpp: >+ (JSC::JSGlobalObject::init): >+ * runtime/JSObject.cpp: >+ (JSC::JSObject::getOwnStaticPropertySlot): >+ (JSC::JSObject::reifyAllStaticProperties): >+ * runtime/JSObject.h: >+ (JSC::JSObject::getOwnNonIndexPropertySlot): >+ (JSC::JSObject::getOwnPropertySlot): >+ (JSC::JSObject::getPropertySlot): >+ * runtime/JSObjectInlines.h: >+ (JSC::JSObject::getNonIndexPropertySlot): >+ * runtime/JSTypedArrayViewPrototype.cpp: >+ (JSC::JSTypedArrayViewPrototype::finishCreation): >+ * runtime/Lookup.cpp: >+ (JSC::reifyStaticAccessor): >+ (JSC::setUpStaticFunctionSlot): >+ * runtime/Lookup.h: >+ (JSC::getStaticPropertySlotFromTable): >+ (JSC::reifyStaticProperty): >+ * runtime/MapPrototype.cpp: >+ (JSC::MapPrototype::finishCreation): >+ * runtime/SetPrototype.cpp: >+ (JSC::SetPrototype::finishCreation): >+ * tools/JSDollarVM.cpp: >+ (JSC::functionCreateBuiltin): >+ > 2018-05-03 Dominik Infuehr <dinfuehr@igalia.com> > > Disable usage of fused multiply-add instructions for JSC with compiler flag >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index 5c5f3e29873e8ed8f8513c52dc5cb64ef799a9ff..8d7f58df9b31a7c33880125a0863272861198373 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,26 @@ >+2018-05-03 Robin Morisset <rmorisset@apple.com> >+ >+ A stack overflow in the parsing of a builtin (called by createExecutable) cause a crash instead of a catchable js exception >+ https://bugs.webkit.org/show_bug.cgi?id=184074 >+ <rdar://problem/37165897> >+ >+ Reviewed by Keith Miller and JF Bastien. >+ >+ I had to slightly change the type of some bindings between JSC and WebCore. No functional change intended on the WebCore side. >+ >+ * bindings/js/JSReadableStreamPrivateConstructors.cpp: >+ (WebCore::JSBuiltinReadableStreamDefaultReaderPrivateConstructor::initializeExecutable): >+ (WebCore::JSBuiltinReadableStreamDefaultControllerPrivateConstructor::initializeExecutable): >+ (WebCore::JSBuiltinReadableByteStreamControllerPrivateConstructor::initializeExecutable): >+ (WebCore::JSBuiltinReadableStreamBYOBReaderPrivateConstructor::initializeExecutable): >+ (WebCore::JSBuiltinReadableStreamBYOBRequestPrivateConstructor::initializeExecutable): >+ * bindings/scripts/CodeGeneratorJS.pm: >+ (GenerateConstructorHelperMethods): >+ * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp: >+ (WebCore::JSTestClassWithJSBuiltinConstructorConstructor::initializeExecutable): >+ * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp: >+ (WebCore::JSTestJSBuiltinConstructorConstructor::initializeExecutable): >+ > 2018-05-03 Miguel Gomez <magomez@igalia.com> > > WebCore::TextureMapperLayer object used after freed >diff --git a/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj b/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj >index 0ab6b125654594d778d66aa837f8ac8826ecdb1d..5e48fe8252c1590e5c94febc3ace387b910ae57e 100644 >--- a/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj >+++ b/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj >@@ -1673,7 +1673,6 @@ > DCF3D56D1CD29476003D5C65 /* LazyPropertyInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF3D5681CD29468003D5C65 /* LazyPropertyInlines.h */; }; > DCFDFBD91D1F5D9B00FE3D72 /* B3BottomProvider.h in Headers */ = {isa = PBXBuildFile; fileRef = DCFDFBD71D1F5D9800FE3D72 /* B3BottomProvider.h */; }; > DCFDFBDA1D1F5D9E00FE3D72 /* B3TypeMap.h in Headers */ = {isa = PBXBuildFile; fileRef = DCFDFBD81D1F5D9800FE3D72 /* B3TypeMap.h */; }; >- DE26E9031CB5DD0500D2BE82 /* BuiltinExecutableCreator.h in Headers */ = {isa = PBXBuildFile; fileRef = DE26E9021CB5DD0500D2BE82 /* BuiltinExecutableCreator.h */; }; > DEA7E2451BBC677F00D78440 /* JSTypedArrayViewPrototype.h in Headers */ = {isa = PBXBuildFile; fileRef = 53917E7C1B791106000EBD33 /* JSTypedArrayViewPrototype.h */; settings = {ATTRIBUTES = (Private, ); }; }; > E124A8F70E555775003091F1 /* OpaqueJSString.h in Headers */ = {isa = PBXBuildFile; fileRef = E124A8F50E555775003091F1 /* OpaqueJSString.h */; settings = {ATTRIBUTES = (Private, ); }; }; > E31618131EC5FE170006A218 /* DOMAnnotation.h in Headers */ = {isa = PBXBuildFile; fileRef = E31618101EC5FE080006A218 /* DOMAnnotation.h */; settings = {ATTRIBUTES = (Private, ); }; }; >@@ -3159,6 +3158,7 @@ > 1CAA8B4A0D32C39A0041BCFF /* JavaScript.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JavaScript.h; sourceTree = "<group>"; }; > 1CAA8B4B0D32C39A0041BCFF /* JavaScriptCore.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JavaScriptCore.h; sourceTree = "<group>"; }; > 20ECB15EFC524624BC2F02D5 /* ModuleNamespaceAccessCase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ModuleNamespaceAccessCase.cpp; sourceTree = "<group>"; }; >+ 220C60C6206CEABD00FC4637 /* ParserError.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = ParserError.cpp; sourceTree = "<group>"; }; > 2600B5A4152BAAA70091EE5F /* JSStringJoiner.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSStringJoiner.cpp; sourceTree = "<group>"; }; > 2600B5A5152BAAA70091EE5F /* JSStringJoiner.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSStringJoiner.h; sourceTree = "<group>"; }; > 262D85B41C0D650F006ACB61 /* AirFixPartialRegisterStalls.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = AirFixPartialRegisterStalls.cpp; path = b3/air/AirFixPartialRegisterStalls.cpp; sourceTree = "<group>"; }; >@@ -4516,8 +4516,6 @@ > DCF3D5681CD29468003D5C65 /* LazyPropertyInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = LazyPropertyInlines.h; sourceTree = "<group>"; }; > DCFDFBD71D1F5D9800FE3D72 /* B3BottomProvider.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = B3BottomProvider.h; path = b3/B3BottomProvider.h; sourceTree = "<group>"; }; > DCFDFBD81D1F5D9800FE3D72 /* B3TypeMap.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = B3TypeMap.h; path = b3/B3TypeMap.h; sourceTree = "<group>"; }; >- DE26E9021CB5DD0500D2BE82 /* BuiltinExecutableCreator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BuiltinExecutableCreator.h; sourceTree = "<group>"; }; >- DE26E9061CB5DD9600D2BE82 /* BuiltinExecutableCreator.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = BuiltinExecutableCreator.cpp; sourceTree = "<group>"; }; > DE5A09FF1BA3AC3E003D4424 /* IntrinsicEmitter.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = IntrinsicEmitter.cpp; sourceTree = "<group>"; }; > E124A8F50E555775003091F1 /* OpaqueJSString.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OpaqueJSString.h; sourceTree = "<group>"; }; > E124A8F60E555775003091F1 /* OpaqueJSString.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = OpaqueJSString.cpp; sourceTree = "<group>"; }; >@@ -6365,6 +6363,7 @@ > 93F0B3AA09BB4DC00068FCE3 /* Parser.h */, > 93052C320FB792190048FDC3 /* ParserArena.cpp */, > 93052C330FB792190048FDC3 /* ParserArena.h */, >+ 220C60C6206CEABD00FC4637 /* ParserError.cpp */, > 0FCCAE4316D0CF6E00D0C65B /* ParserError.h */, > 9B4954E81A6640DB002815A6 /* ParserFunctionInfo.h */, > A77F18241641925400640A47 /* ParserModes.h */, >@@ -6670,6 +6669,7 @@ > 865A30F0135007E100CDB49E /* JSCJSValueInlines.h */, > FE2B0B681FD0D2970075DA5F /* JSCPoison.cpp */, > FE2B0B701FD8C4630075DA5F /* JSCPoison.h */, >+ FE7497E5209001B00003565B /* JSCPtrTag.h */, > 72AAF7CB1D0D318B005E60BE /* JSCustomGetterSetterFunction.cpp */, > 72AAF7CC1D0D318B005E60BE /* JSCustomGetterSetterFunction.h */, > 0F2B66BD17B6B5AB00A7AE3F /* JSDataView.cpp */, >@@ -6755,7 +6755,6 @@ > 2A05ABD41961DF2400341750 /* JSPropertyNameEnumerator.h */, > 862553CE16136AA5009F17D0 /* JSProxy.cpp */, > 862553CF16136AA5009F17D0 /* JSProxy.h */, >- FE7497E5209001B00003565B /* JSCPtrTag.h */, > 534638721E70D01500F12AC1 /* JSRunLoopTimer.cpp */, > 534638701E70CF3D00F12AC1 /* JSRunLoopTimer.h */, > 14874AE115EBDE4A002E3587 /* JSScope.cpp */, >@@ -7923,8 +7922,6 @@ > 5B8243041DB7AA4900EA6384 /* AsyncFunctionPrototype.js */, > 8BC064821E180B4A00B2B8CA /* AsyncGeneratorPrototype.js */, > 8BC064951E1D838B00B2B8CA /* AsyncIteratorPrototype.js */, >- DE26E9061CB5DD9600D2BE82 /* BuiltinExecutableCreator.cpp */, >- DE26E9021CB5DD0500D2BE82 /* BuiltinExecutableCreator.h */, > A7D801A11880D66E0026C39B /* BuiltinExecutables.cpp */, > A7D801A21880D66E0026C39B /* BuiltinExecutables.h */, > E380D66B1F19249D00A59095 /* BuiltinNames.cpp */, >@@ -8356,7 +8353,6 @@ > 9B4694391F97439E00CCB3F9 /* BooleanPrototype.h in Headers */, > 996B73191BDA068000331B84 /* BooleanPrototype.lut.h in Headers */, > FEA08620182B7A0400F6D851 /* Breakpoint.h in Headers */, >- DE26E9031CB5DD0500D2BE82 /* BuiltinExecutableCreator.h in Headers */, > A7D801A51880D66E0026C39B /* BuiltinExecutables.h in Headers */, > A75EE9B218AAB7E200AAD043 /* BuiltinNames.h in Headers */, > 99DA00A61BD5993100F4575C /* builtins.py in Headers */, >@@ -9000,6 +8996,7 @@ > A5D2E665195E174000A518E7 /* JSContextRefInternal.h in Headers */, > 148CD1D8108CF902008163C6 /* JSContextRefPrivate.h in Headers */, > FE2B0B731FD9EF700075DA5F /* JSCPoison.h in Headers */, >+ FE7497E6209001B10003565B /* JSCPtrTag.h in Headers */, > A72028B81797601E0098028C /* JSCTestRunnerUtils.h in Headers */, > 72AAF7CE1D0D31B3005E60BE /* JSCustomGetterSetterFunction.h in Headers */, > 0F2B66EC17B6B5AB00A7AE3F /* JSDataView.h in Headers */, >@@ -9075,7 +9072,6 @@ > 7C008CDB187124BB00955C24 /* JSPromiseDeferred.h in Headers */, > 7C184E1F17BEE22E007CB63A /* JSPromisePrototype.h in Headers */, > 996B731F1BDA08EF00331B84 /* JSPromisePrototype.lut.h in Headers */, >- FE7497E6209001B10003565B /* JSCPtrTag.h in Headers */, > 2A05ABD61961DF2400341750 /* JSPropertyNameEnumerator.h in Headers */, > 862553D216136E1A009F17D0 /* JSProxy.h in Headers */, > A552C3801ADDB8FE00139726 /* JSRemoteInspector.h in Headers */, >diff --git a/Source/JavaScriptCore/Scripts/builtins/builtins_generate_combined_header.py b/Source/JavaScriptCore/Scripts/builtins/builtins_generate_combined_header.py >index cde357cd439ceaf446428e68188478073c03c49d..7214cdaa5943b8bccac33e2c07f9ff3ec1277d94 100755 >--- a/Source/JavaScriptCore/Scripts/builtins/builtins_generate_combined_header.py >+++ b/Source/JavaScriptCore/Scripts/builtins/builtins_generate_combined_header.py >@@ -66,12 +66,17 @@ class BuiltinsCombinedHeaderGenerator(BuiltinsGenerator): > return "\n\n".join(sections) > > def generate_forward_declarations(self): >- return """namespace JSC { >+ return """ >+#include <wtf/Expected.h> >+ >+namespace JSC { > class FunctionExecutable; > class VM; >+class ParserError; > > enum class ConstructAbility : unsigned; >-}""" >+} >+""" > > def generate_section_for_object(self, object): > lines = [] >diff --git a/Source/JavaScriptCore/Scripts/builtins/builtins_generate_separate_header.py b/Source/JavaScriptCore/Scripts/builtins/builtins_generate_separate_header.py >index 58c8f2ac8a6415a291cff888cf1f680c1d66047d..18896259b2f3ea6a9604a9c48e0e195d068cbf2a 100755 >--- a/Source/JavaScriptCore/Scripts/builtins/builtins_generate_separate_header.py >+++ b/Source/JavaScriptCore/Scripts/builtins/builtins_generate_separate_header.py >@@ -93,6 +93,10 @@ class FunctionExecutable; > ), > > (["WebCore"], >+ ("JavaScriptCore", "parser/ParserError.h"), >+ ), >+ >+ (["WebCore"], > ("JavaScriptCore", "builtins/BuiltinUtils.h"), > ), > >diff --git a/Source/JavaScriptCore/Scripts/builtins/builtins_templates.py b/Source/JavaScriptCore/Scripts/builtins/builtins_templates.py >index 907a6d717c910cb07299509c61df846a9c701efc..ec6b835bc5fa9324e98fceb4a40013e5ea4d8af1 100644 >--- a/Source/JavaScriptCore/Scripts/builtins/builtins_templates.py >+++ b/Source/JavaScriptCore/Scripts/builtins/builtins_templates.py >@@ -68,14 +68,14 @@ THE POSSIBILITY OF SUCH DAMAGE. > > CombinedHeaderStaticMacros = ( > """#define DECLARE_BUILTIN_GENERATOR(codeName, functionName, overriddenName, argumentCount) \\ >- JSC::FunctionExecutable* codeName##Generator(JSC::VM&); >+ Expected<JSC::FunctionExecutable*, JSC::ParserError> codeName##Generator(JSC::VM&); > > ${macroPrefix}_FOREACH_BUILTIN_CODE(DECLARE_BUILTIN_GENERATOR) > #undef DECLARE_BUILTIN_GENERATOR""") > > SeparateHeaderStaticMacros = ( > """#define DECLARE_BUILTIN_GENERATOR(codeName, functionName, overriddenName, argumentCount) \\ >- JSC::FunctionExecutable* codeName##Generator(JSC::VM&); >+ Expected<JSC::FunctionExecutable*, JSC::ParserError> codeName##Generator(JSC::VM&); > > ${macroPrefix}_FOREACH_${objectMacro}_BUILTIN_CODE(DECLARE_BUILTIN_GENERATOR) > #undef DECLARE_BUILTIN_GENERATOR""") >@@ -83,9 +83,12 @@ ${macroPrefix}_FOREACH_${objectMacro}_BUILTIN_CODE(DECLARE_BUILTIN_GENERATOR) > CombinedJSCImplementationStaticMacros = ( > """ > #define DEFINE_BUILTIN_GENERATOR(codeName, functionName, overriddenName, argumentCount) \\ >-JSC::FunctionExecutable* codeName##Generator(JSC::VM& vm) \\ >+Expected<JSC::FunctionExecutable*, JSC::ParserError> codeName##Generator(JSC::VM& vm) \\ > {\\ >- return vm.builtinExecutables()->codeName##Executable()->link(vm, vm.builtinExecutables()->codeName##Source(), std::nullopt, s_##codeName##Intrinsic); \ >+ if (auto expectedUnlinked = vm.builtinExecutables()->codeName##Executable())\\ >+ return expectedUnlinked.value()->link(vm, vm.builtinExecutables()->codeName##Source(), std::nullopt, s_##codeName##Intrinsic);\\ >+ else\\ >+ return makeUnexpected(expectedUnlinked.error());\\ > } > ${macroPrefix}_FOREACH_BUILTIN_CODE(DEFINE_BUILTIN_GENERATOR) > #undef DEFINE_BUILTIN_GENERATOR >@@ -94,9 +97,12 @@ ${macroPrefix}_FOREACH_BUILTIN_CODE(DEFINE_BUILTIN_GENERATOR) > SeparateJSCImplementationStaticMacros = ( > """ > #define DEFINE_BUILTIN_GENERATOR(codeName, functionName, overriddenName, argumentCount) \\ >-JSC::FunctionExecutable* codeName##Generator(JSC::VM& vm) \\ >+Expected<JSC::FunctionExecutable*, JSC::ParserError> codeName##Generator(JSC::VM& vm) \\ > {\\ >- return vm.builtinExecutables()->codeName##Executable()->link(vm, vm.builtinExecutables()->codeName##Source(), std::nullopt, s_##codeName##Intrinsic); \ >+ if (auto expectedUnlinked = vm.builtinExecutables()->codeName##Executable())\\ >+ return expectedUnlinked.value()->link(vm, vm.builtinExecutables()->codeName##Source(), std::nullopt, s_##codeName##Intrinsic);\\ >+ else\\ >+ return makeUnexpected(expectedUnlinked.error());\\ > } > ${macroPrefix}_FOREACH_${objectMacro}_BUILTIN_CODE(DEFINE_BUILTIN_GENERATOR) > #undef DEFINE_BUILTIN_GENERATOR >@@ -105,10 +111,10 @@ ${macroPrefix}_FOREACH_${objectMacro}_BUILTIN_CODE(DEFINE_BUILTIN_GENERATOR) > CombinedWebCoreImplementationStaticMacros = ( > """ > #define DEFINE_BUILTIN_GENERATOR(codeName, functionName, overriddenName, argumentCount) \\ >-JSC::FunctionExecutable* codeName##Generator(JSC::VM& vm) \\ >+Expected<JSC::FunctionExecutable*, JSC::ParserError> codeName##Generator(JSC::VM& vm) \\ > {\\ > JSVMClientData* clientData = static_cast<JSVMClientData*>(vm.clientData); \\ >- return clientData->builtinFunctions().${objectNameLC}Builtins().codeName##Executable()->link(vm, clientData->builtinFunctions().${objectNameLC}Builtins().codeName##Source(), std::nullopt, s_##codeName##Intrinsic); \\ >+ return clientData->builtinFunctions().${objectNameLC}Builtins().codeName##Executable().value()->link(vm, clientData->builtinFunctions().${objectNameLC}Builtins().codeName##Source(), std::nullopt, s_##codeName##Intrinsic); \\ > } > ${macroPrefix}_FOREACH_BUILTIN_CODE(DEFINE_BUILTIN_GENERATOR) > #undef DEFINE_BUILTIN_GENERATOR >@@ -117,10 +123,10 @@ ${macroPrefix}_FOREACH_BUILTIN_CODE(DEFINE_BUILTIN_GENERATOR) > SeparateWebCoreImplementationStaticMacros = ( > """ > #define DEFINE_BUILTIN_GENERATOR(codeName, functionName, overriddenName, argumentCount) \\ >-JSC::FunctionExecutable* codeName##Generator(JSC::VM& vm) \\ >+Expected<JSC::FunctionExecutable*, JSC::ParserError> codeName##Generator(JSC::VM& vm) \\ > {\\ > JSVMClientData* clientData = static_cast<JSVMClientData*>(vm.clientData); \\ >- return clientData->builtinFunctions().${objectNameLC}Builtins().codeName##Executable()->link(vm, clientData->builtinFunctions().${objectNameLC}Builtins().codeName##Source(), std::nullopt, s_##codeName##Intrinsic); \\ >+ return clientData->builtinFunctions().${objectNameLC}Builtins().codeName##Executable().value()->link(vm, clientData->builtinFunctions().${objectNameLC}Builtins().codeName##Source(), std::nullopt, s_##codeName##Intrinsic); \\ > } > ${macroPrefix}_FOREACH_${objectMacro}_BUILTIN_CODE(DEFINE_BUILTIN_GENERATOR) > #undef DEFINE_BUILTIN_GENERATOR >@@ -139,7 +145,7 @@ public: > } > > #define EXPOSE_BUILTIN_EXECUTABLES(name, functionName, overriddenName, length) \\ >- JSC::UnlinkedFunctionExecutable* name##Executable(); \\ >+Expected<JSC::UnlinkedFunctionExecutable*, JSC::ParserError> name##Executable(); \\ > const JSC::SourceCode& name##Source() const { return m_##name##Source; } > ${macroPrefix}_FOREACH_${objectMacro}_BUILTIN_CODE(EXPOSE_BUILTIN_EXECUTABLES) > #undef EXPOSE_BUILTIN_EXECUTABLES >@@ -162,7 +168,7 @@ private: > }; > > #define DEFINE_BUILTIN_EXECUTABLES(name, functionName, overriddenName, length) \\ >-inline JSC::UnlinkedFunctionExecutable* ${objectName}BuiltinsWrapper::name##Executable() \\ >+inline Expected<JSC::UnlinkedFunctionExecutable*, JSC::ParserError> ${objectName}BuiltinsWrapper::name##Executable() \\ > {\\ > if (!m_##name##Executable) {\\ > JSC::Identifier executableName = functionName##PublicName();\\ >@@ -202,7 +208,7 @@ public: > inline void ${objectName}BuiltinFunctions::init(JSC::JSGlobalObject& globalObject) > { > #define EXPORT_FUNCTION(codeName, functionName, overriddenName, length)\\ >- m_##functionName##Function.set(m_vm, &globalObject, JSC::JSFunction::create(m_vm, codeName##Generator(m_vm), &globalObject)); >+ m_##functionName##Function.set(m_vm, &globalObject, JSC::JSFunction::create(m_vm, codeName##Generator(m_vm).value(), &globalObject)); > ${macroPrefix}_FOREACH_${objectMacro}_BUILTIN_CODE(EXPORT_FUNCTION) > #undef EXPORT_FUNCTION > } >diff --git a/Source/JavaScriptCore/Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Combined.js-result b/Source/JavaScriptCore/Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Combined.js-result >index 08429f4e5261c71b0359b7080c49f79335a84231..e043d10bac4ec1ba03e3e37b322e17df0d89dade 100644 >--- a/Source/JavaScriptCore/Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Combined.js-result >+++ b/Source/JavaScriptCore/Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Combined.js-result >@@ -31,13 +31,18 @@ > > #pragma once > >+ >+#include <wtf/Expected.h> >+ > namespace JSC { > class FunctionExecutable; > class VM; >+class ParserError; > > enum class ConstructAbility : unsigned; > } > >+ > namespace JSC { > > /* Builtin.Promise */ >@@ -63,7 +68,7 @@ extern const JSC::ConstructAbility s_builtinPromiseFulfillPromiseCodeConstructAb > #define JSC_FOREACH_BUILTIN_FUNCTION_PRIVATE_GLOBAL_NAME(macro) \ > > #define DECLARE_BUILTIN_GENERATOR(codeName, functionName, overriddenName, argumentCount) \ >- JSC::FunctionExecutable* codeName##Generator(JSC::VM&); >+ Expected<JSC::FunctionExecutable*, JSC::ParserError> codeName##Generator(JSC::VM&); > > JSC_FOREACH_BUILTIN_CODE(DECLARE_BUILTIN_GENERATOR) > #undef DECLARE_BUILTIN_GENERATOR >@@ -157,9 +162,13 @@ const char* s_builtinPromiseFulfillPromiseCode = > > > #define DEFINE_BUILTIN_GENERATOR(codeName, functionName, overriddenName, argumentCount) \ >-JSC::FunctionExecutable* codeName##Generator(JSC::VM& vm) \ >+Expected<JSC::FunctionExecutable*, JSC::ParserError> codeName##Generator(JSC::VM& vm) \ > {\ >- return vm.builtinExecutables()->codeName##Executable()->link(vm, vm.builtinExecutables()->codeName##Source(), std::nullopt, s_##codeName##Intrinsic); } >+ if (auto expectedUnlinked = vm.builtinExecutables()->codeName##Executable())\ >+ return expectedUnlinked.value()->link(vm, vm.builtinExecutables()->codeName##Source(), std::nullopt, s_##codeName##Intrinsic);\ >+ else\ >+ return makeUnexpected(expectedUnlinked.error());\ >+} > JSC_FOREACH_BUILTIN_CODE(DEFINE_BUILTIN_GENERATOR) > #undef DEFINE_BUILTIN_GENERATOR > >diff --git a/Source/JavaScriptCore/Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Separate.js-result b/Source/JavaScriptCore/Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Separate.js-result >index 4d7cd22dbfd0cb5a96fc74a0af6020ddc7905c2f..de813aa100d6772392ea8ad78399ac7c1021e0da 100644 >--- a/Source/JavaScriptCore/Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Separate.js-result >+++ b/Source/JavaScriptCore/Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Separate.js-result >@@ -63,7 +63,7 @@ extern const JSC::ConstructAbility s_builtinPromiseFulfillPromiseCodeConstructAb > macro(rejectPromise) \ > > #define DECLARE_BUILTIN_GENERATOR(codeName, functionName, overriddenName, argumentCount) \ >- JSC::FunctionExecutable* codeName##Generator(JSC::VM&); >+ Expected<JSC::FunctionExecutable*, JSC::ParserError> codeName##Generator(JSC::VM&); > > JSC_FOREACH_BUILTIN.PROMISE_BUILTIN_CODE(DECLARE_BUILTIN_GENERATOR) > #undef DECLARE_BUILTIN_GENERATOR >@@ -156,9 +156,13 @@ const char* s_builtinPromiseFulfillPromiseCode = > > > #define DEFINE_BUILTIN_GENERATOR(codeName, functionName, overriddenName, argumentCount) \ >-JSC::FunctionExecutable* codeName##Generator(JSC::VM& vm) \ >+Expected<JSC::FunctionExecutable*, JSC::ParserError> codeName##Generator(JSC::VM& vm) \ > {\ >- return vm.builtinExecutables()->codeName##Executable()->link(vm, vm.builtinExecutables()->codeName##Source(), std::nullopt, s_##codeName##Intrinsic); } >+ if (auto expectedUnlinked = vm.builtinExecutables()->codeName##Executable())\ >+ return expectedUnlinked.value()->link(vm, vm.builtinExecutables()->codeName##Source(), std::nullopt, s_##codeName##Intrinsic);\ >+ else\ >+ return makeUnexpected(expectedUnlinked.error());\ >+} > JSC_FOREACH_BUILTIN.PROMISE_BUILTIN_CODE(DEFINE_BUILTIN_GENERATOR) > #undef DEFINE_BUILTIN_GENERATOR > >diff --git a/Source/JavaScriptCore/Scripts/tests/builtins/expected/JavaScriptCore-Builtin.prototype-Combined.js-result b/Source/JavaScriptCore/Scripts/tests/builtins/expected/JavaScriptCore-Builtin.prototype-Combined.js-result >index 7b776020537d06f0d77cd06be8d2b6a7bacfda68..5f74084151a137aaf8938513efe4a1d5867079ca 100644 >--- a/Source/JavaScriptCore/Scripts/tests/builtins/expected/JavaScriptCore-Builtin.prototype-Combined.js-result >+++ b/Source/JavaScriptCore/Scripts/tests/builtins/expected/JavaScriptCore-Builtin.prototype-Combined.js-result >@@ -31,13 +31,18 @@ > > #pragma once > >+ >+#include <wtf/Expected.h> >+ > namespace JSC { > class FunctionExecutable; > class VM; >+class ParserError; > > enum class ConstructAbility : unsigned; > } > >+ > namespace JSC { > > /* Builtin.prototype */ >@@ -75,7 +80,7 @@ extern const JSC::ConstructAbility s_builtinPrototypeTestCodeConstructAbility; > #define JSC_FOREACH_BUILTIN_FUNCTION_PRIVATE_GLOBAL_NAME(macro) \ > > #define DECLARE_BUILTIN_GENERATOR(codeName, functionName, overriddenName, argumentCount) \ >- JSC::FunctionExecutable* codeName##Generator(JSC::VM&); >+ Expected<JSC::FunctionExecutable*, JSC::ParserError> codeName##Generator(JSC::VM&); > > JSC_FOREACH_BUILTIN_CODE(DECLARE_BUILTIN_GENERATOR) > #undef DECLARE_BUILTIN_GENERATOR >@@ -279,9 +284,13 @@ const char* s_builtinPrototypeTestCode = > > > #define DEFINE_BUILTIN_GENERATOR(codeName, functionName, overriddenName, argumentCount) \ >-JSC::FunctionExecutable* codeName##Generator(JSC::VM& vm) \ >+Expected<JSC::FunctionExecutable*, JSC::ParserError> codeName##Generator(JSC::VM& vm) \ > {\ >- return vm.builtinExecutables()->codeName##Executable()->link(vm, vm.builtinExecutables()->codeName##Source(), std::nullopt, s_##codeName##Intrinsic); } >+ if (auto expectedUnlinked = vm.builtinExecutables()->codeName##Executable())\ >+ return expectedUnlinked.value()->link(vm, vm.builtinExecutables()->codeName##Source(), std::nullopt, s_##codeName##Intrinsic);\ >+ else\ >+ return makeUnexpected(expectedUnlinked.error());\ >+} > JSC_FOREACH_BUILTIN_CODE(DEFINE_BUILTIN_GENERATOR) > #undef DEFINE_BUILTIN_GENERATOR > >diff --git a/Source/JavaScriptCore/Scripts/tests/builtins/expected/JavaScriptCore-Builtin.prototype-Separate.js-result b/Source/JavaScriptCore/Scripts/tests/builtins/expected/JavaScriptCore-Builtin.prototype-Separate.js-result >index b2b72cdbb89af041d4972d1f9b8d170a95f6b41b..a234a3d738f47df3808e0158392acaf0d65a7a0a 100644 >--- a/Source/JavaScriptCore/Scripts/tests/builtins/expected/JavaScriptCore-Builtin.prototype-Separate.js-result >+++ b/Source/JavaScriptCore/Scripts/tests/builtins/expected/JavaScriptCore-Builtin.prototype-Separate.js-result >@@ -77,7 +77,7 @@ extern const JSC::ConstructAbility s_builtinPrototypeTestCodeConstructAbility; > macro(test) \ > > #define DECLARE_BUILTIN_GENERATOR(codeName, functionName, overriddenName, argumentCount) \ >- JSC::FunctionExecutable* codeName##Generator(JSC::VM&); >+ Expected<JSC::FunctionExecutable*, JSC::ParserError> codeName##Generator(JSC::VM&); > > JSC_FOREACH_BUILTIN.PROTOTYPE_BUILTIN_CODE(DECLARE_BUILTIN_GENERATOR) > #undef DECLARE_BUILTIN_GENERATOR >@@ -280,9 +280,13 @@ const char* s_builtinPrototypeTestCode = > > > #define DEFINE_BUILTIN_GENERATOR(codeName, functionName, overriddenName, argumentCount) \ >-JSC::FunctionExecutable* codeName##Generator(JSC::VM& vm) \ >+Expected<JSC::FunctionExecutable*, JSC::ParserError> codeName##Generator(JSC::VM& vm) \ > {\ >- return vm.builtinExecutables()->codeName##Executable()->link(vm, vm.builtinExecutables()->codeName##Source(), std::nullopt, s_##codeName##Intrinsic); } >+ if (auto expectedUnlinked = vm.builtinExecutables()->codeName##Executable())\ >+ return expectedUnlinked.value()->link(vm, vm.builtinExecutables()->codeName##Source(), std::nullopt, s_##codeName##Intrinsic);\ >+ else\ >+ return makeUnexpected(expectedUnlinked.error());\ >+} > JSC_FOREACH_BUILTIN.PROTOTYPE_BUILTIN_CODE(DEFINE_BUILTIN_GENERATOR) > #undef DEFINE_BUILTIN_GENERATOR > >diff --git a/Source/JavaScriptCore/Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Combined.js-result b/Source/JavaScriptCore/Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Combined.js-result >index 921426dfbcbfd4eb204696213b5100b656688500..56691718bb46ff43e99ac22813eea02f00f99d4e 100644 >--- a/Source/JavaScriptCore/Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Combined.js-result >+++ b/Source/JavaScriptCore/Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Combined.js-result >@@ -30,13 +30,18 @@ > > #pragma once > >+ >+#include <wtf/Expected.h> >+ > namespace JSC { > class FunctionExecutable; > class VM; >+class ParserError; > > enum class ConstructAbility : unsigned; > } > >+ > namespace JSC { > > /* BuiltinConstructor */ >@@ -62,7 +67,7 @@ extern const JSC::ConstructAbility s_builtinConstructorFromCodeConstructAbility; > #define JSC_FOREACH_BUILTIN_FUNCTION_PRIVATE_GLOBAL_NAME(macro) \ > > #define DECLARE_BUILTIN_GENERATOR(codeName, functionName, overriddenName, argumentCount) \ >- JSC::FunctionExecutable* codeName##Generator(JSC::VM&); >+ Expected<JSC::FunctionExecutable*, JSC::ParserError> codeName##Generator(JSC::VM&); > > JSC_FOREACH_BUILTIN_CODE(DECLARE_BUILTIN_GENERATOR) > #undef DECLARE_BUILTIN_GENERATOR >@@ -211,9 +216,13 @@ const char* s_builtinConstructorFromCode = > > > #define DEFINE_BUILTIN_GENERATOR(codeName, functionName, overriddenName, argumentCount) \ >-JSC::FunctionExecutable* codeName##Generator(JSC::VM& vm) \ >+Expected<JSC::FunctionExecutable*, JSC::ParserError> codeName##Generator(JSC::VM& vm) \ > {\ >- return vm.builtinExecutables()->codeName##Executable()->link(vm, vm.builtinExecutables()->codeName##Source(), std::nullopt, s_##codeName##Intrinsic); } >+ if (auto expectedUnlinked = vm.builtinExecutables()->codeName##Executable())\ >+ return expectedUnlinked.value()->link(vm, vm.builtinExecutables()->codeName##Source(), std::nullopt, s_##codeName##Intrinsic);\ >+ else\ >+ return makeUnexpected(expectedUnlinked.error());\ >+} > JSC_FOREACH_BUILTIN_CODE(DEFINE_BUILTIN_GENERATOR) > #undef DEFINE_BUILTIN_GENERATOR > >diff --git a/Source/JavaScriptCore/Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Separate.js-result b/Source/JavaScriptCore/Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Separate.js-result >index 6ff597f54e62f7d160b829f3adc8fd9ccd3a6d92..cc6425902e76d5d7f36a89ba70408d0fa4b5b11d 100644 >--- a/Source/JavaScriptCore/Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Separate.js-result >+++ b/Source/JavaScriptCore/Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Separate.js-result >@@ -62,7 +62,7 @@ extern const JSC::ConstructAbility s_builtinConstructorFromCodeConstructAbility; > macro(of) \ > > #define DECLARE_BUILTIN_GENERATOR(codeName, functionName, overriddenName, argumentCount) \ >- JSC::FunctionExecutable* codeName##Generator(JSC::VM&); >+ Expected<JSC::FunctionExecutable*, JSC::ParserError> codeName##Generator(JSC::VM&); > > JSC_FOREACH_BUILTINCONSTRUCTOR_BUILTIN_CODE(DECLARE_BUILTIN_GENERATOR) > #undef DECLARE_BUILTIN_GENERATOR >@@ -210,9 +210,13 @@ const char* s_builtinConstructorFromCode = > > > #define DEFINE_BUILTIN_GENERATOR(codeName, functionName, overriddenName, argumentCount) \ >-JSC::FunctionExecutable* codeName##Generator(JSC::VM& vm) \ >+Expected<JSC::FunctionExecutable*, JSC::ParserError> codeName##Generator(JSC::VM& vm) \ > {\ >- return vm.builtinExecutables()->codeName##Executable()->link(vm, vm.builtinExecutables()->codeName##Source(), std::nullopt, s_##codeName##Intrinsic); } >+ if (auto expectedUnlinked = vm.builtinExecutables()->codeName##Executable())\ >+ return expectedUnlinked.value()->link(vm, vm.builtinExecutables()->codeName##Source(), std::nullopt, s_##codeName##Intrinsic);\ >+ else\ >+ return makeUnexpected(expectedUnlinked.error());\ >+} > JSC_FOREACH_BUILTINCONSTRUCTOR_BUILTIN_CODE(DEFINE_BUILTIN_GENERATOR) > #undef DEFINE_BUILTIN_GENERATOR > >diff --git a/Source/JavaScriptCore/Scripts/tests/builtins/expected/JavaScriptCore-InternalClashingNames-Combined.js-result b/Source/JavaScriptCore/Scripts/tests/builtins/expected/JavaScriptCore-InternalClashingNames-Combined.js-result >index bb121175be8d8f296ceadd146e89d30cacf933dd..a498d6abbed9d8faddcc5e20b686b33e9ddd8e90 100644 >--- a/Source/JavaScriptCore/Scripts/tests/builtins/expected/JavaScriptCore-InternalClashingNames-Combined.js-result >+++ b/Source/JavaScriptCore/Scripts/tests/builtins/expected/JavaScriptCore-InternalClashingNames-Combined.js-result >@@ -31,13 +31,18 @@ > > #pragma once > >+ >+#include <wtf/Expected.h> >+ > namespace JSC { > class FunctionExecutable; > class VM; >+class ParserError; > > enum class ConstructAbility : unsigned; > } > >+ > namespace JSC { > > /* InternalClashingNames */ >@@ -62,7 +67,7 @@ extern const JSC::ConstructAbility s_internalClashingNamesIsReadableStreamLocked > #define JSC_FOREACH_BUILTIN_FUNCTION_PRIVATE_GLOBAL_NAME(macro) \ > > #define DECLARE_BUILTIN_GENERATOR(codeName, functionName, overriddenName, argumentCount) \ >- JSC::FunctionExecutable* codeName##Generator(JSC::VM&); >+ Expected<JSC::FunctionExecutable*, JSC::ParserError> codeName##Generator(JSC::VM&); > > JSC_FOREACH_BUILTIN_CODE(DECLARE_BUILTIN_GENERATOR) > #undef DECLARE_BUILTIN_GENERATOR >@@ -140,9 +145,13 @@ const char* s_internalClashingNamesIsReadableStreamLockedCode = > > > #define DEFINE_BUILTIN_GENERATOR(codeName, functionName, overriddenName, argumentCount) \ >-JSC::FunctionExecutable* codeName##Generator(JSC::VM& vm) \ >+Expected<JSC::FunctionExecutable*, JSC::ParserError> codeName##Generator(JSC::VM& vm) \ > {\ >- return vm.builtinExecutables()->codeName##Executable()->link(vm, vm.builtinExecutables()->codeName##Source(), std::nullopt, s_##codeName##Intrinsic); } >+ if (auto expectedUnlinked = vm.builtinExecutables()->codeName##Executable())\ >+ return expectedUnlinked.value()->link(vm, vm.builtinExecutables()->codeName##Source(), std::nullopt, s_##codeName##Intrinsic);\ >+ else\ >+ return makeUnexpected(expectedUnlinked.error());\ >+} > JSC_FOREACH_BUILTIN_CODE(DEFINE_BUILTIN_GENERATOR) > #undef DEFINE_BUILTIN_GENERATOR > >diff --git a/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-AnotherGuardedInternalBuiltin-Separate.js-result b/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-AnotherGuardedInternalBuiltin-Separate.js-result >index b8bcfb847e015052ea669f312f5f35ffedcd86c8..cfd75f7179242a84ba010038f290935835c01ab8 100644 >--- a/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-AnotherGuardedInternalBuiltin-Separate.js-result >+++ b/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-AnotherGuardedInternalBuiltin-Separate.js-result >@@ -35,6 +35,7 @@ > #include <JavaScriptCore/BuiltinUtils.h> > #include <JavaScriptCore/Identifier.h> > #include <JavaScriptCore/JSFunction.h> >+#include <JavaScriptCore/ParserError.h> > #include <JavaScriptCore/UnlinkedFunctionExecutable.h> > > namespace JSC { >@@ -60,7 +61,7 @@ extern const JSC::ConstructAbility s_anotherGuardedInternalBuiltinLetsFetchCodeC > macro(letsFetch) \ > > #define DECLARE_BUILTIN_GENERATOR(codeName, functionName, overriddenName, argumentCount) \ >- JSC::FunctionExecutable* codeName##Generator(JSC::VM&); >+ Expected<JSC::FunctionExecutable*, JSC::ParserError> codeName##Generator(JSC::VM&); > > WEBCORE_FOREACH_ANOTHERGUARDEDINTERNALBUILTIN_BUILTIN_CODE(DECLARE_BUILTIN_GENERATOR) > #undef DECLARE_BUILTIN_GENERATOR >@@ -77,7 +78,7 @@ public: > } > > #define EXPOSE_BUILTIN_EXECUTABLES(name, functionName, overriddenName, length) \ >- JSC::UnlinkedFunctionExecutable* name##Executable(); \ >+Expected<JSC::UnlinkedFunctionExecutable*, JSC::ParserError> name##Executable(); \ > const JSC::SourceCode& name##Source() const { return m_##name##Source; } > WEBCORE_FOREACH_ANOTHERGUARDEDINTERNALBUILTIN_BUILTIN_CODE(EXPOSE_BUILTIN_EXECUTABLES) > #undef EXPOSE_BUILTIN_EXECUTABLES >@@ -100,7 +101,7 @@ private: > }; > > #define DEFINE_BUILTIN_EXECUTABLES(name, functionName, overriddenName, length) \ >-inline JSC::UnlinkedFunctionExecutable* AnotherGuardedInternalBuiltinBuiltinsWrapper::name##Executable() \ >+inline Expected<JSC::UnlinkedFunctionExecutable*, JSC::ParserError> AnotherGuardedInternalBuiltinBuiltinsWrapper::name##Executable() \ > {\ > if (!m_##name##Executable) {\ > JSC::Identifier executableName = functionName##PublicName();\ >@@ -139,7 +140,7 @@ public: > inline void AnotherGuardedInternalBuiltinBuiltinFunctions::init(JSC::JSGlobalObject& globalObject) > { > #define EXPORT_FUNCTION(codeName, functionName, overriddenName, length)\ >- m_##functionName##Function.set(m_vm, &globalObject, JSC::JSFunction::create(m_vm, codeName##Generator(m_vm), &globalObject)); >+ m_##functionName##Function.set(m_vm, &globalObject, JSC::JSFunction::create(m_vm, codeName##Generator(m_vm).value(), &globalObject)); > WEBCORE_FOREACH_ANOTHERGUARDEDINTERNALBUILTIN_BUILTIN_CODE(EXPORT_FUNCTION) > #undef EXPORT_FUNCTION > } >@@ -217,10 +218,10 @@ const char* s_anotherGuardedInternalBuiltinLetsFetchCode = > > > #define DEFINE_BUILTIN_GENERATOR(codeName, functionName, overriddenName, argumentCount) \ >-JSC::FunctionExecutable* codeName##Generator(JSC::VM& vm) \ >+Expected<JSC::FunctionExecutable*, JSC::ParserError> codeName##Generator(JSC::VM& vm) \ > {\ > JSVMClientData* clientData = static_cast<JSVMClientData*>(vm.clientData); \ >- return clientData->builtinFunctions().anotherGuardedInternalBuiltinBuiltins().codeName##Executable()->link(vm, clientData->builtinFunctions().anotherGuardedInternalBuiltinBuiltins().codeName##Source(), std::nullopt, s_##codeName##Intrinsic); \ >+ return clientData->builtinFunctions().anotherGuardedInternalBuiltinBuiltins().codeName##Executable().value()->link(vm, clientData->builtinFunctions().anotherGuardedInternalBuiltinBuiltins().codeName##Source(), std::nullopt, s_##codeName##Intrinsic); \ > } > WEBCORE_FOREACH_ANOTHERGUARDEDINTERNALBUILTIN_BUILTIN_CODE(DEFINE_BUILTIN_GENERATOR) > #undef DEFINE_BUILTIN_GENERATOR >diff --git a/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-ArbitraryConditionalGuard-Separate.js-result b/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-ArbitraryConditionalGuard-Separate.js-result >index d4d41bf0c3dc7155b14ccc14872f4a650b4db919..7f564ceab117db14669601fbafc0e71f0bc848da 100644 >--- a/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-ArbitraryConditionalGuard-Separate.js-result >+++ b/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-ArbitraryConditionalGuard-Separate.js-result >@@ -36,6 +36,7 @@ > #include <JavaScriptCore/BuiltinUtils.h> > #include <JavaScriptCore/Identifier.h> > #include <JavaScriptCore/JSFunction.h> >+#include <JavaScriptCore/ParserError.h> > #include <JavaScriptCore/UnlinkedFunctionExecutable.h> > > namespace JSC { >@@ -61,7 +62,7 @@ extern const JSC::ConstructAbility s_arbitraryConditionalGuardIsReadableStreamLo > macro(isReadableStreamLocked) \ > > #define DECLARE_BUILTIN_GENERATOR(codeName, functionName, overriddenName, argumentCount) \ >- JSC::FunctionExecutable* codeName##Generator(JSC::VM&); >+ Expected<JSC::FunctionExecutable*, JSC::ParserError> codeName##Generator(JSC::VM&); > > WEBCORE_FOREACH_ARBITRARYCONDITIONALGUARD_BUILTIN_CODE(DECLARE_BUILTIN_GENERATOR) > #undef DECLARE_BUILTIN_GENERATOR >@@ -78,7 +79,7 @@ public: > } > > #define EXPOSE_BUILTIN_EXECUTABLES(name, functionName, overriddenName, length) \ >- JSC::UnlinkedFunctionExecutable* name##Executable(); \ >+Expected<JSC::UnlinkedFunctionExecutable*, JSC::ParserError> name##Executable(); \ > const JSC::SourceCode& name##Source() const { return m_##name##Source; } > WEBCORE_FOREACH_ARBITRARYCONDITIONALGUARD_BUILTIN_CODE(EXPOSE_BUILTIN_EXECUTABLES) > #undef EXPOSE_BUILTIN_EXECUTABLES >@@ -101,7 +102,7 @@ private: > }; > > #define DEFINE_BUILTIN_EXECUTABLES(name, functionName, overriddenName, length) \ >-inline JSC::UnlinkedFunctionExecutable* ArbitraryConditionalGuardBuiltinsWrapper::name##Executable() \ >+inline Expected<JSC::UnlinkedFunctionExecutable*, JSC::ParserError> ArbitraryConditionalGuardBuiltinsWrapper::name##Executable() \ > {\ > if (!m_##name##Executable) {\ > JSC::Identifier executableName = functionName##PublicName();\ >@@ -187,10 +188,10 @@ const char* s_arbitraryConditionalGuardIsReadableStreamLockedCode = > > > #define DEFINE_BUILTIN_GENERATOR(codeName, functionName, overriddenName, argumentCount) \ >-JSC::FunctionExecutable* codeName##Generator(JSC::VM& vm) \ >+Expected<JSC::FunctionExecutable*, JSC::ParserError> codeName##Generator(JSC::VM& vm) \ > {\ > JSVMClientData* clientData = static_cast<JSVMClientData*>(vm.clientData); \ >- return clientData->builtinFunctions().arbitraryConditionalGuardBuiltins().codeName##Executable()->link(vm, clientData->builtinFunctions().arbitraryConditionalGuardBuiltins().codeName##Source(), std::nullopt, s_##codeName##Intrinsic); \ >+ return clientData->builtinFunctions().arbitraryConditionalGuardBuiltins().codeName##Executable().value()->link(vm, clientData->builtinFunctions().arbitraryConditionalGuardBuiltins().codeName##Source(), std::nullopt, s_##codeName##Intrinsic); \ > } > WEBCORE_FOREACH_ARBITRARYCONDITIONALGUARD_BUILTIN_CODE(DEFINE_BUILTIN_GENERATOR) > #undef DEFINE_BUILTIN_GENERATOR >diff --git a/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result b/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result >index 59254ce2ce09116f20d6c5a1b64d511f255d58d7..a51390aa909e04d4b95581e526d90f1f808094cf 100644 >--- a/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result >+++ b/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result >@@ -36,6 +36,7 @@ > #include <JavaScriptCore/BuiltinUtils.h> > #include <JavaScriptCore/Identifier.h> > #include <JavaScriptCore/JSFunction.h> >+#include <JavaScriptCore/ParserError.h> > #include <JavaScriptCore/UnlinkedFunctionExecutable.h> > > namespace JSC { >@@ -61,7 +62,7 @@ extern const JSC::ConstructAbility s_guardedBuiltinIsReadableStreamLockedCodeCon > macro(isReadableStreamLocked) \ > > #define DECLARE_BUILTIN_GENERATOR(codeName, functionName, overriddenName, argumentCount) \ >- JSC::FunctionExecutable* codeName##Generator(JSC::VM&); >+ Expected<JSC::FunctionExecutable*, JSC::ParserError> codeName##Generator(JSC::VM&); > > WEBCORE_FOREACH_GUARDEDBUILTIN_BUILTIN_CODE(DECLARE_BUILTIN_GENERATOR) > #undef DECLARE_BUILTIN_GENERATOR >@@ -78,7 +79,7 @@ public: > } > > #define EXPOSE_BUILTIN_EXECUTABLES(name, functionName, overriddenName, length) \ >- JSC::UnlinkedFunctionExecutable* name##Executable(); \ >+Expected<JSC::UnlinkedFunctionExecutable*, JSC::ParserError> name##Executable(); \ > const JSC::SourceCode& name##Source() const { return m_##name##Source; } > WEBCORE_FOREACH_GUARDEDBUILTIN_BUILTIN_CODE(EXPOSE_BUILTIN_EXECUTABLES) > #undef EXPOSE_BUILTIN_EXECUTABLES >@@ -101,7 +102,7 @@ private: > }; > > #define DEFINE_BUILTIN_EXECUTABLES(name, functionName, overriddenName, length) \ >-inline JSC::UnlinkedFunctionExecutable* GuardedBuiltinBuiltinsWrapper::name##Executable() \ >+inline Expected<JSC::UnlinkedFunctionExecutable*, JSC::ParserError> GuardedBuiltinBuiltinsWrapper::name##Executable() \ > {\ > if (!m_##name##Executable) {\ > JSC::Identifier executableName = functionName##PublicName();\ >@@ -187,10 +188,10 @@ const char* s_guardedBuiltinIsReadableStreamLockedCode = > > > #define DEFINE_BUILTIN_GENERATOR(codeName, functionName, overriddenName, argumentCount) \ >-JSC::FunctionExecutable* codeName##Generator(JSC::VM& vm) \ >+Expected<JSC::FunctionExecutable*, JSC::ParserError> codeName##Generator(JSC::VM& vm) \ > {\ > JSVMClientData* clientData = static_cast<JSVMClientData*>(vm.clientData); \ >- return clientData->builtinFunctions().guardedBuiltinBuiltins().codeName##Executable()->link(vm, clientData->builtinFunctions().guardedBuiltinBuiltins().codeName##Source(), std::nullopt, s_##codeName##Intrinsic); \ >+ return clientData->builtinFunctions().guardedBuiltinBuiltins().codeName##Executable().value()->link(vm, clientData->builtinFunctions().guardedBuiltinBuiltins().codeName##Source(), std::nullopt, s_##codeName##Intrinsic); \ > } > WEBCORE_FOREACH_GUARDEDBUILTIN_BUILTIN_CODE(DEFINE_BUILTIN_GENERATOR) > #undef DEFINE_BUILTIN_GENERATOR >diff --git a/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result b/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result >index 65dd3e843105cc9bedd733416a11f57b71c98011..a88486b756ed0dd804828b25aa39192263882cd6 100644 >--- a/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result >+++ b/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result >@@ -36,6 +36,7 @@ > #include <JavaScriptCore/BuiltinUtils.h> > #include <JavaScriptCore/Identifier.h> > #include <JavaScriptCore/JSFunction.h> >+#include <JavaScriptCore/ParserError.h> > #include <JavaScriptCore/UnlinkedFunctionExecutable.h> > > namespace JSC { >@@ -61,7 +62,7 @@ extern const JSC::ConstructAbility s_guardedInternalBuiltinIsReadableStreamLocke > macro(isReadableStreamLocked) \ > > #define DECLARE_BUILTIN_GENERATOR(codeName, functionName, overriddenName, argumentCount) \ >- JSC::FunctionExecutable* codeName##Generator(JSC::VM&); >+ Expected<JSC::FunctionExecutable*, JSC::ParserError> codeName##Generator(JSC::VM&); > > WEBCORE_FOREACH_GUARDEDINTERNALBUILTIN_BUILTIN_CODE(DECLARE_BUILTIN_GENERATOR) > #undef DECLARE_BUILTIN_GENERATOR >@@ -78,7 +79,7 @@ public: > } > > #define EXPOSE_BUILTIN_EXECUTABLES(name, functionName, overriddenName, length) \ >- JSC::UnlinkedFunctionExecutable* name##Executable(); \ >+Expected<JSC::UnlinkedFunctionExecutable*, JSC::ParserError> name##Executable(); \ > const JSC::SourceCode& name##Source() const { return m_##name##Source; } > WEBCORE_FOREACH_GUARDEDINTERNALBUILTIN_BUILTIN_CODE(EXPOSE_BUILTIN_EXECUTABLES) > #undef EXPOSE_BUILTIN_EXECUTABLES >@@ -101,7 +102,7 @@ private: > }; > > #define DEFINE_BUILTIN_EXECUTABLES(name, functionName, overriddenName, length) \ >-inline JSC::UnlinkedFunctionExecutable* GuardedInternalBuiltinBuiltinsWrapper::name##Executable() \ >+inline Expected<JSC::UnlinkedFunctionExecutable*, JSC::ParserError> GuardedInternalBuiltinBuiltinsWrapper::name##Executable() \ > {\ > if (!m_##name##Executable) {\ > JSC::Identifier executableName = functionName##PublicName();\ >@@ -140,7 +141,7 @@ public: > inline void GuardedInternalBuiltinBuiltinFunctions::init(JSC::JSGlobalObject& globalObject) > { > #define EXPORT_FUNCTION(codeName, functionName, overriddenName, length)\ >- m_##functionName##Function.set(m_vm, &globalObject, JSC::JSFunction::create(m_vm, codeName##Generator(m_vm), &globalObject)); >+ m_##functionName##Function.set(m_vm, &globalObject, JSC::JSFunction::create(m_vm, codeName##Generator(m_vm).value(), &globalObject)); > WEBCORE_FOREACH_GUARDEDINTERNALBUILTIN_BUILTIN_CODE(EXPORT_FUNCTION) > #undef EXPORT_FUNCTION > } >@@ -219,10 +220,10 @@ const char* s_guardedInternalBuiltinIsReadableStreamLockedCode = > > > #define DEFINE_BUILTIN_GENERATOR(codeName, functionName, overriddenName, argumentCount) \ >-JSC::FunctionExecutable* codeName##Generator(JSC::VM& vm) \ >+Expected<JSC::FunctionExecutable*, JSC::ParserError> codeName##Generator(JSC::VM& vm) \ > {\ > JSVMClientData* clientData = static_cast<JSVMClientData*>(vm.clientData); \ >- return clientData->builtinFunctions().guardedInternalBuiltinBuiltins().codeName##Executable()->link(vm, clientData->builtinFunctions().guardedInternalBuiltinBuiltins().codeName##Source(), std::nullopt, s_##codeName##Intrinsic); \ >+ return clientData->builtinFunctions().guardedInternalBuiltinBuiltins().codeName##Executable().value()->link(vm, clientData->builtinFunctions().guardedInternalBuiltinBuiltins().codeName##Source(), std::nullopt, s_##codeName##Intrinsic); \ > } > WEBCORE_FOREACH_GUARDEDINTERNALBUILTIN_BUILTIN_CODE(DEFINE_BUILTIN_GENERATOR) > #undef DEFINE_BUILTIN_GENERATOR >diff --git a/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result b/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result >index 06c935ac814982a8917b146ac00161d83efdf4b7..4abb1e0e2b81f0cce4120c95a67a072294180eb5 100644 >--- a/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result >+++ b/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result >@@ -34,6 +34,7 @@ > #include <JavaScriptCore/BuiltinUtils.h> > #include <JavaScriptCore/Identifier.h> > #include <JavaScriptCore/JSFunction.h> >+#include <JavaScriptCore/ParserError.h> > #include <JavaScriptCore/UnlinkedFunctionExecutable.h> > > namespace JSC { >@@ -59,7 +60,7 @@ extern const JSC::ConstructAbility s_unguardedBuiltinIsReadableStreamLockedCodeC > macro(isReadableStreamLocked) \ > > #define DECLARE_BUILTIN_GENERATOR(codeName, functionName, overriddenName, argumentCount) \ >- JSC::FunctionExecutable* codeName##Generator(JSC::VM&); >+ Expected<JSC::FunctionExecutable*, JSC::ParserError> codeName##Generator(JSC::VM&); > > WEBCORE_FOREACH_UNGUARDEDBUILTIN_BUILTIN_CODE(DECLARE_BUILTIN_GENERATOR) > #undef DECLARE_BUILTIN_GENERATOR >@@ -76,7 +77,7 @@ public: > } > > #define EXPOSE_BUILTIN_EXECUTABLES(name, functionName, overriddenName, length) \ >- JSC::UnlinkedFunctionExecutable* name##Executable(); \ >+Expected<JSC::UnlinkedFunctionExecutable*, JSC::ParserError> name##Executable(); \ > const JSC::SourceCode& name##Source() const { return m_##name##Source; } > WEBCORE_FOREACH_UNGUARDEDBUILTIN_BUILTIN_CODE(EXPOSE_BUILTIN_EXECUTABLES) > #undef EXPOSE_BUILTIN_EXECUTABLES >@@ -99,7 +100,7 @@ private: > }; > > #define DEFINE_BUILTIN_EXECUTABLES(name, functionName, overriddenName, length) \ >-inline JSC::UnlinkedFunctionExecutable* UnguardedBuiltinBuiltinsWrapper::name##Executable() \ >+inline Expected<JSC::UnlinkedFunctionExecutable*, JSC::ParserError> UnguardedBuiltinBuiltinsWrapper::name##Executable() \ > {\ > if (!m_##name##Executable) {\ > JSC::Identifier executableName = functionName##PublicName();\ >@@ -181,10 +182,10 @@ const char* s_unguardedBuiltinIsReadableStreamLockedCode = > > > #define DEFINE_BUILTIN_GENERATOR(codeName, functionName, overriddenName, argumentCount) \ >-JSC::FunctionExecutable* codeName##Generator(JSC::VM& vm) \ >+Expected<JSC::FunctionExecutable*, JSC::ParserError> codeName##Generator(JSC::VM& vm) \ > {\ > JSVMClientData* clientData = static_cast<JSVMClientData*>(vm.clientData); \ >- return clientData->builtinFunctions().unguardedBuiltinBuiltins().codeName##Executable()->link(vm, clientData->builtinFunctions().unguardedBuiltinBuiltins().codeName##Source(), std::nullopt, s_##codeName##Intrinsic); \ >+ return clientData->builtinFunctions().unguardedBuiltinBuiltins().codeName##Executable().value()->link(vm, clientData->builtinFunctions().unguardedBuiltinBuiltins().codeName##Source(), std::nullopt, s_##codeName##Intrinsic); \ > } > WEBCORE_FOREACH_UNGUARDEDBUILTIN_BUILTIN_CODE(DEFINE_BUILTIN_GENERATOR) > #undef DEFINE_BUILTIN_GENERATOR >diff --git a/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result b/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result >index b24bca3caa5cd008dc88c29675d4341a3801fbb6..44944e88deb5ebcc28556f159af45c4256ece1c9 100644 >--- a/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result >+++ b/Source/JavaScriptCore/Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result >@@ -36,6 +36,7 @@ > #include <JavaScriptCore/BuiltinUtils.h> > #include <JavaScriptCore/Identifier.h> > #include <JavaScriptCore/JSFunction.h> >+#include <JavaScriptCore/ParserError.h> > #include <JavaScriptCore/UnlinkedFunctionExecutable.h> > > namespace JSC { >@@ -75,7 +76,7 @@ extern const JSC::ConstructAbility s_xmlCasingTestUrlCasingTestCodeConstructAbil > macro(xmlCasingTest) \ > > #define DECLARE_BUILTIN_GENERATOR(codeName, functionName, overriddenName, argumentCount) \ >- JSC::FunctionExecutable* codeName##Generator(JSC::VM&); >+ Expected<JSC::FunctionExecutable*, JSC::ParserError> codeName##Generator(JSC::VM&); > > WEBCORE_FOREACH_XMLCASINGTEST_BUILTIN_CODE(DECLARE_BUILTIN_GENERATOR) > #undef DECLARE_BUILTIN_GENERATOR >@@ -92,7 +93,7 @@ public: > } > > #define EXPOSE_BUILTIN_EXECUTABLES(name, functionName, overriddenName, length) \ >- JSC::UnlinkedFunctionExecutable* name##Executable(); \ >+Expected<JSC::UnlinkedFunctionExecutable*, JSC::ParserError> name##Executable(); \ > const JSC::SourceCode& name##Source() const { return m_##name##Source; } > WEBCORE_FOREACH_XMLCASINGTEST_BUILTIN_CODE(EXPOSE_BUILTIN_EXECUTABLES) > #undef EXPOSE_BUILTIN_EXECUTABLES >@@ -115,7 +116,7 @@ private: > }; > > #define DEFINE_BUILTIN_EXECUTABLES(name, functionName, overriddenName, length) \ >-inline JSC::UnlinkedFunctionExecutable* xmlCasingTestBuiltinsWrapper::name##Executable() \ >+inline Expected<JSC::UnlinkedFunctionExecutable*, JSC::ParserError> xmlCasingTestBuiltinsWrapper::name##Executable() \ > {\ > if (!m_##name##Executable) {\ > JSC::Identifier executableName = functionName##PublicName();\ >@@ -154,7 +155,7 @@ public: > inline void xmlCasingTestBuiltinFunctions::init(JSC::JSGlobalObject& globalObject) > { > #define EXPORT_FUNCTION(codeName, functionName, overriddenName, length)\ >- m_##functionName##Function.set(m_vm, &globalObject, JSC::JSFunction::create(m_vm, codeName##Generator(m_vm), &globalObject)); >+ m_##functionName##Function.set(m_vm, &globalObject, JSC::JSFunction::create(m_vm, codeName##Generator(m_vm).value(), &globalObject)); > WEBCORE_FOREACH_XMLCASINGTEST_BUILTIN_CODE(EXPORT_FUNCTION) > #undef EXPORT_FUNCTION > } >@@ -272,10 +273,10 @@ const char* s_xmlCasingTestUrlCasingTestCode = > > > #define DEFINE_BUILTIN_GENERATOR(codeName, functionName, overriddenName, argumentCount) \ >-JSC::FunctionExecutable* codeName##Generator(JSC::VM& vm) \ >+Expected<JSC::FunctionExecutable*, JSC::ParserError> codeName##Generator(JSC::VM& vm) \ > {\ > JSVMClientData* clientData = static_cast<JSVMClientData*>(vm.clientData); \ >- return clientData->builtinFunctions().xmlCasingTestBuiltins().codeName##Executable()->link(vm, clientData->builtinFunctions().xmlCasingTestBuiltins().codeName##Source(), std::nullopt, s_##codeName##Intrinsic); \ >+ return clientData->builtinFunctions().xmlCasingTestBuiltins().codeName##Executable().value()->link(vm, clientData->builtinFunctions().xmlCasingTestBuiltins().codeName##Source(), std::nullopt, s_##codeName##Intrinsic); \ > } > WEBCORE_FOREACH_XMLCASINGTEST_BUILTIN_CODE(DEFINE_BUILTIN_GENERATOR) > #undef DEFINE_BUILTIN_GENERATOR >diff --git a/Source/JavaScriptCore/Sources.txt b/Source/JavaScriptCore/Sources.txt >index eb467ea98139dfbcad9021ee1812192906e51b35..9ec00eb14ca1d7e0dcab52bf4ef5455f153ec192 100644 >--- a/Source/JavaScriptCore/Sources.txt >+++ b/Source/JavaScriptCore/Sources.txt >@@ -179,7 +179,6 @@ bindings/ScriptObject.cpp > bindings/ScriptValue.cpp > > builtins/BuiltinExecutables.cpp >-builtins/BuiltinExecutableCreator.cpp > builtins/BuiltinNames.cpp > > bytecode/AccessCase.cpp >@@ -654,6 +653,7 @@ parser/Nodes.cpp > parser/NodesAnalyzeModule.cpp > parser/Parser.cpp > parser/ParserArena.cpp >+parser/ParserError.cpp > parser/SourceProvider.cpp > parser/SourceProviderCache.cpp > parser/UnlinkedSourceCode.cpp >diff --git a/Source/JavaScriptCore/builtins/BuiltinExecutableCreator.cpp b/Source/JavaScriptCore/builtins/BuiltinExecutableCreator.cpp >deleted file mode 100644 >index 2b79e7e6ef95ce21c44323a6ea41d36a33fa3595..0000000000000000000000000000000000000000 >--- a/Source/JavaScriptCore/builtins/BuiltinExecutableCreator.cpp >+++ /dev/null >@@ -1,38 +0,0 @@ >-/* >- * Copyright (C) 2016 Apple Inc. All rights reserved. >- * >- * Redistribution and use in source and binary forms, with or without >- * modification, are permitted provided that the following conditions >- * are met: >- * 1. Redistributions of source code must retain the above copyright >- * notice, this list of conditions and the following disclaimer. >- * 2. Redistributions in binary form must reproduce the above copyright >- * notice, this list of conditions and the following disclaimer in the >- * documentation and/or other materials provided with the distribution. >- * >- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY >- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE >- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR >- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, >- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR >- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY >- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE >- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >- */ >- >-#include "config.h" >-#include "BuiltinExecutableCreator.h" >- >-#include "BuiltinExecutables.h" >- >-namespace JSC { >- >-UnlinkedFunctionExecutable* createBuiltinExecutable(VM& vm, const SourceCode& source, const Identifier& ident, ConstructorKind kind, ConstructAbility ability) >-{ >- return BuiltinExecutables::createExecutable(vm, source, ident, kind, ability); >-} >- >-} // namespace JSC >diff --git a/Source/JavaScriptCore/builtins/BuiltinExecutableCreator.h b/Source/JavaScriptCore/builtins/BuiltinExecutableCreator.h >deleted file mode 100644 >index 19c0884b7b61df080cdac3ae5cb2d06ee335ae12..0000000000000000000000000000000000000000 >--- a/Source/JavaScriptCore/builtins/BuiltinExecutableCreator.h >+++ /dev/null >@@ -1,36 +0,0 @@ >-/* >- * Copyright (C) 2016 Apple Inc. All rights reserved. >- * >- * Redistribution and use in source and binary forms, with or without >- * modification, are permitted provided that the following conditions >- * are met: >- * 1. Redistributions of source code must retain the above copyright >- * notice, this list of conditions and the following disclaimer. >- * 2. Redistributions in binary form must reproduce the above copyright >- * notice, this list of conditions and the following disclaimer in the >- * documentation and/or other materials provided with the distribution. >- * >- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY >- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE >- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR >- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, >- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR >- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY >- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE >- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >- */ >- >-#pragma once >- >-#include "ConstructAbility.h" >-#include "ParserModes.h" >-#include "SourceCode.h" >- >-namespace JSC { >- >-JS_EXPORT_PRIVATE UnlinkedFunctionExecutable* createBuiltinExecutable(VM&, const SourceCode&, const Identifier&, ConstructorKind, ConstructAbility); >- >-} // namespace JSC >diff --git a/Source/JavaScriptCore/builtins/BuiltinExecutables.cpp b/Source/JavaScriptCore/builtins/BuiltinExecutables.cpp >index ad0d839ae191840493c65fc4282d4755210716dc..54059eeb4a8086b060a064308ed8e97cedd1513e 100644 >--- a/Source/JavaScriptCore/builtins/BuiltinExecutables.cpp >+++ b/Source/JavaScriptCore/builtins/BuiltinExecutables.cpp >@@ -30,6 +30,7 @@ > #include "BuiltinNames.h" > #include "JSCInlines.h" > #include "Parser.h" >+#include <wtf/Expected.h> > #include <wtf/NeverDestroyed.h> > > namespace JSC { >@@ -51,25 +52,32 @@ UnlinkedFunctionExecutable* BuiltinExecutables::createDefaultConstructor(Constru > case ConstructorKind::None: > break; > case ConstructorKind::Base: >- return createExecutable(m_vm, makeSource(baseConstructorCode, { }), name, constructorKind, ConstructAbility::CanConstruct); >+ return createExecutableOrCrash(m_vm, makeSource(baseConstructorCode, { }), name, constructorKind, ConstructAbility::CanConstruct); > case ConstructorKind::Extends: >- return createExecutable(m_vm, makeSource(derivedConstructorCode, { }), name, constructorKind, ConstructAbility::CanConstruct); >+ return createExecutableOrCrash(m_vm, makeSource(derivedConstructorCode, { }), name, constructorKind, ConstructAbility::CanConstruct); > } >- ASSERT_NOT_REACHED(); >- return nullptr; >+ RELEASE_ASSERT_NOT_REACHED(); > } > >-UnlinkedFunctionExecutable* BuiltinExecutables::createBuiltinExecutable(const SourceCode& code, const Identifier& name, ConstructAbility constructAbility) >+ExpectedUnlinkedFunctionExecutable BuiltinExecutables::createBuiltinExecutable(const SourceCode& code, const Identifier& name, ConstructAbility constructAbility) > { > return createExecutable(m_vm, code, name, ConstructorKind::None, constructAbility); > } > > UnlinkedFunctionExecutable* createBuiltinExecutable(VM& vm, const SourceCode& code, const Identifier& name, ConstructAbility constructAbility) > { >- return BuiltinExecutables::createExecutable(vm, code, name, ConstructorKind::None, constructAbility); >+ return BuiltinExecutables::createExecutableOrCrash(vm, code, name, ConstructorKind::None, constructAbility); > } > >-UnlinkedFunctionExecutable* BuiltinExecutables::createExecutable(VM& vm, const SourceCode& source, const Identifier& name, ConstructorKind constructorKind, ConstructAbility constructAbility) >+UnlinkedFunctionExecutable* BuiltinExecutables::createExecutableOrCrash(VM& vm, const SourceCode& source, const Identifier& name, ConstructorKind constructorKind, ConstructAbility constructAbility) >+{ >+ if (auto expected = BuiltinExecutables::createExecutable(vm, source, name, constructorKind, constructAbility)) >+ return expected.value(); >+ dataLogLn("Fatal error compiling builtin function '", name.string(), "'"); >+ CRASH(); >+} >+ >+ExpectedUnlinkedFunctionExecutable BuiltinExecutables::createExecutable(VM& vm, const SourceCode& source, const Identifier& name, ConstructorKind constructorKind, ConstructAbility constructAbility) > { > JSTextPosition positionBeforeLastNewline; > ParserError error; >@@ -83,8 +91,8 @@ UnlinkedFunctionExecutable* BuiltinExecutables::createExecutable(VM& vm, const S > &positionBeforeLastNewline, constructorKind); > > if (!program) { >- dataLog("Fatal error compiling builtin function '", name.string(), "': ", error.message()); >- CRASH(); >+ RELEASE_ASSERT(error.isValid()); >+ return makeUnexpected(WTFMove(error)); > } > > StatementNode* exprStatement = program->singleStatement(); >@@ -106,7 +114,7 @@ UnlinkedFunctionExecutable* BuiltinExecutables::createExecutable(VM& vm, const S > metadata->overrideName(name); > VariableEnvironment dummyTDZVariables; > UnlinkedFunctionExecutable* functionExecutable = UnlinkedFunctionExecutable::create(&vm, source, metadata, kind, constructAbility, JSParserScriptMode::Classic, dummyTDZVariables, DerivedContextType::None, WTFMove(parentSourceOverride)); >- return functionExecutable; >+ return ExpectedUnlinkedFunctionExecutable(functionExecutable); > } > > void BuiltinExecutables::finalize(Handle<Unknown>, void* context) >@@ -115,15 +123,18 @@ void BuiltinExecutables::finalize(Handle<Unknown>, void* context) > } > > #define DEFINE_BUILTIN_EXECUTABLES(name, functionName, overrideName, length) \ >-UnlinkedFunctionExecutable* BuiltinExecutables::name##Executable() \ >+ExpectedUnlinkedFunctionExecutable BuiltinExecutables::name##Executable() \ > {\ > if (!m_##name##Executable) {\ > Identifier executableName = m_vm.propertyNames->builtinNames().functionName##PublicName();\ > if (overrideName)\ > executableName = Identifier::fromString(&m_vm, overrideName);\ >- m_##name##Executable = Weak<UnlinkedFunctionExecutable>(createBuiltinExecutable(m_##name##Source, executableName, s_##name##ConstructAbility), this, &m_##name##Executable);\ >+ ExpectedUnlinkedFunctionExecutable f = createBuiltinExecutable(m_##name##Source, executableName, s_##name##ConstructAbility);\ >+ if (!f.has_value())\ >+ return f;\ >+ m_##name##Executable = Weak<UnlinkedFunctionExecutable>(f.value(), this, &m_##name##Executable);\ > }\ >- return m_##name##Executable.get();\ >+ return ExpectedUnlinkedFunctionExecutable(m_##name##Executable.get());\ > } > JSC_FOREACH_BUILTIN_CODE(DEFINE_BUILTIN_EXECUTABLES) > #undef EXPOSE_BUILTIN_SOURCES >diff --git a/Source/JavaScriptCore/builtins/BuiltinExecutables.h b/Source/JavaScriptCore/builtins/BuiltinExecutables.h >index 368a31b7acb6a32c9d58e5de2801c289bbf52a2f..ce508be36404cf25f8596a18fc3e0fe559b682b0 100644 >--- a/Source/JavaScriptCore/builtins/BuiltinExecutables.h >+++ b/Source/JavaScriptCore/builtins/BuiltinExecutables.h >@@ -26,10 +26,11 @@ > #pragma once > > #include "JSCBuiltins.h" >-#include "ParserModes.h" >+#include "Parser.h" > #include "SourceCode.h" > #include "Weak.h" > #include "WeakHandleOwner.h" >+#include <wtf/Expected.h> > > namespace JSC { > >@@ -37,13 +38,15 @@ class UnlinkedFunctionExecutable; > class Identifier; > class VM; > >+using ExpectedUnlinkedFunctionExecutable = Expected<UnlinkedFunctionExecutable*, ParserError>; >+ > class BuiltinExecutables final: private WeakHandleOwner { > WTF_MAKE_FAST_ALLOCATED; > public: > explicit BuiltinExecutables(VM&); > > #define EXPOSE_BUILTIN_EXECUTABLES(name, functionName, overriddenName, length) \ >-UnlinkedFunctionExecutable* name##Executable(); \ >+ExpectedUnlinkedFunctionExecutable name##Executable(); \ > const SourceCode& name##Source() { return m_##name##Source; } > > JSC_FOREACH_BUILTIN_CODE(EXPOSE_BUILTIN_EXECUTABLES) >@@ -51,13 +54,14 @@ const SourceCode& name##Source() { return m_##name##Source; } > > UnlinkedFunctionExecutable* createDefaultConstructor(ConstructorKind, const Identifier& name); > >- static UnlinkedFunctionExecutable* createExecutable(VM&, const SourceCode&, const Identifier&, ConstructorKind, ConstructAbility); >+ static ExpectedUnlinkedFunctionExecutable createExecutable(VM&, const SourceCode&, const Identifier&, ConstructorKind, ConstructAbility); >+ static UnlinkedFunctionExecutable* createExecutableOrCrash(VM&, const SourceCode&, const Identifier&, ConstructorKind, ConstructAbility); > private: > void finalize(Handle<Unknown>, void* context) override; > > VM& m_vm; > >- UnlinkedFunctionExecutable* createBuiltinExecutable(const SourceCode&, const Identifier&, ConstructAbility); >+ ExpectedUnlinkedFunctionExecutable createBuiltinExecutable(const SourceCode&, const Identifier&, ConstructAbility); > > #define DECLARE_BUILTIN_SOURCE_MEMBERS(name, functionName, overriddenName, length)\ > SourceCode m_##name##Source; \ >diff --git a/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h b/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h >index b7255ac6216e09dce1ad4d7c669ec546a2cb4673..e8bbde6b64a76d7c4128bd2eccdcc7d42e45aee0 100644 >--- a/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h >+++ b/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h >@@ -31,6 +31,7 @@ > #pragma once > > #include "CodeBlock.h" >+#include "Error.h" > #include "Instruction.h" > #include "Interpreter.h" > #include "JSAsyncGeneratorFunction.h" >diff --git a/Source/JavaScriptCore/parser/ParserError.cpp b/Source/JavaScriptCore/parser/ParserError.cpp >new file mode 100644 >index 0000000000000000000000000000000000000000..e52798e7afc247e1f47f5728baef55a40c204f57 >--- /dev/null >+++ b/Source/JavaScriptCore/parser/ParserError.cpp >@@ -0,0 +1,94 @@ >+/* >+ * Copyright (C) 2018 Apple Inc. All Rights Reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * 1. Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * 2. Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in the >+ * documentation and/or other materials provided with the distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY >+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE >+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR >+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, >+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR >+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY >+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE >+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >+ */ >+ >+#include "config.h" >+#include "ParserError.h" >+ >+#include "ErrorHandlingScope.h" >+#include "ExceptionHelpers.h" >+#include "HeapCellInlines.h" >+#include <wtf/text/WTFString.h> >+ >+namespace JSC { >+ >+JSObject* ParserError::toErrorObject(JSGlobalObject* globalObject, const SourceCode& source, int overrideLineNumber) >+{ >+ ExecState* exec = globalObject->globalExec(); >+ switch (m_type) { >+ case ErrorNone: >+ return nullptr; >+ case SyntaxError: { >+ auto syntaxError = createSyntaxError(exec, m_message); >+ auto line = overrideLineNumber == -1 ? m_line : overrideLineNumber; >+ return addErrorInfo(exec, syntaxError, line, source); >+ } >+ case EvalError: >+ return createSyntaxError(exec, m_message); >+ case StackOverflow: { >+ ErrorHandlingScope errorScope(globalObject->vm()); >+ return createStackOverflowError(exec); >+ } >+ case OutOfMemory: >+ return createOutOfMemoryError(exec); >+ } >+ RELEASE_ASSERT_NOT_REACHED(); >+} >+ >+} // namespace JSC >+ >+namespace WTF { >+ >+const char* toString(JSC::ParserError::SyntaxErrorType type) >+{ >+ switch (type) { >+ case JSC::ParserError::SyntaxErrorNone: return "SyntaxErrorNone"; >+ case JSC::ParserError::SyntaxErrorIrrecoverable: return "SyntaxErrorIrrecoverable"; >+ case JSC::ParserError::SyntaxErrorUnterminatedLiteral: return "SyntaxErrorUnterminatedLiteral"; >+ case JSC::ParserError::SyntaxErrorRecoverable: return "SyntaxErrorRecoverable"; >+ } >+ RELEASE_ASSERT_NOT_REACHED(); >+} >+void printInternal(PrintStream& out, JSC::ParserError::SyntaxErrorType type) >+{ >+ out.print(toString(type)); >+} >+ >+const char* toString(JSC::ParserError::ErrorType type) >+{ >+ switch (type) { >+ case JSC::ParserError::ErrorNone: return "ErrorNone"; >+ case JSC::ParserError::StackOverflow: return "StackOverflow"; >+ case JSC::ParserError::EvalError: return "EvalError"; >+ case JSC::ParserError::OutOfMemory: return "OutOfMemory"; >+ case JSC::ParserError::SyntaxError: return "SyntaxError"; >+ } >+ RELEASE_ASSERT_NOT_REACHED(); >+} >+void printInternal(PrintStream& out, JSC::ParserError::ErrorType type) >+{ >+ out.print(toString(type)); >+} >+ >+} // namespace WTF >diff --git a/Source/JavaScriptCore/parser/ParserError.h b/Source/JavaScriptCore/parser/ParserError.h >index 7883efed225022c0206b78640b5a71789d9cea52..e451a2c25de45e07adcba0c3ded9bf37a8fb3f24 100644 >--- a/Source/JavaScriptCore/parser/ParserError.h >+++ b/Source/JavaScriptCore/parser/ParserError.h >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2013 Apple Inc. All Rights Reserved. >+ * Copyright (C) 2013, 2018 Apple Inc. All Rights Reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -25,9 +25,6 @@ > > #pragma once > >-#include "Error.h" >-#include "ErrorHandlingScope.h" >-#include "ExceptionHelpers.h" > #include "ParserTokens.h" > #include <wtf/text/WTFString.h> > >@@ -82,33 +79,10 @@ public: > SyntaxErrorType syntaxErrorType() const { return m_syntaxErrorType; } > const JSToken& token() const { return m_token; } > const String& message() const { return m_message; } >+ ErrorType type() const {return m_type; } > int line() const { return m_line; } > >- JSObject* toErrorObject( >- JSGlobalObject* globalObject, const SourceCode& source, >- int overrideLineNumber = -1) >- { >- ExecState* exec = globalObject->globalExec(); >- switch (m_type) { >- case ErrorNone: >- return nullptr; >- case SyntaxError: >- return addErrorInfo( >- exec, >- createSyntaxError(exec, m_message), >- overrideLineNumber == -1 ? m_line : overrideLineNumber, source); >- case EvalError: >- return createSyntaxError(exec, m_message); >- case StackOverflow: { >- ErrorHandlingScope errorScope(globalObject->vm()); >- return createStackOverflowError(exec); >- } >- case OutOfMemory: >- return createOutOfMemoryError(exec); >- } >- CRASH(); >- return nullptr; >- } >+ JSObject* toErrorObject(JSGlobalObject*, const SourceCode&, int overrideLineNumber = -1); > > private: > JSToken m_token; >@@ -121,48 +95,8 @@ private: > } // namespace JSC > > namespace WTF { >- >-inline void printInternal(PrintStream& out, JSC::ParserError::SyntaxErrorType type) >-{ >- switch (type) { >- case JSC::ParserError::SyntaxErrorNone: >- out.print("SyntaxErrorNone"); >- return; >- case JSC::ParserError::SyntaxErrorIrrecoverable: >- out.print("SyntaxErrorIrrecoverable"); >- return; >- case JSC::ParserError::SyntaxErrorUnterminatedLiteral: >- out.print("SyntaxErrorUnterminatedLiteral"); >- return; >- case JSC::ParserError::SyntaxErrorRecoverable: >- out.print("SyntaxErrorRecoverable"); >- return; >- } >- >- RELEASE_ASSERT_NOT_REACHED(); >-} >- >-inline void printInternal(PrintStream& out, JSC::ParserError::ErrorType type) >-{ >- switch (type) { >- case JSC::ParserError::ErrorNone: >- out.print("ErrorNone"); >- return; >- case JSC::ParserError::StackOverflow: >- out.print("StackOverflow"); >- return; >- case JSC::ParserError::EvalError: >- out.print("EvalError"); >- return; >- case JSC::ParserError::OutOfMemory: >- out.print("OutOfMemory"); >- return; >- case JSC::ParserError::SyntaxError: >- out.print("SyntaxError"); >- return; >- } >- >- RELEASE_ASSERT_NOT_REACHED(); >-} >- >+const char* toString(JSC::ParserError::SyntaxErrorType); >+void printInternal(PrintStream&, JSC::ParserError::SyntaxErrorType); >+const char* toString(JSC::ParserError::ErrorType); >+void printInternal(PrintStream&, JSC::ParserError::ErrorType); > } // namespace WTF >diff --git a/Source/JavaScriptCore/runtime/AsyncIteratorPrototype.cpp b/Source/JavaScriptCore/runtime/AsyncIteratorPrototype.cpp >index 800cfa09641c0ca2808f056012eda3d0232237f7..17619909c53f4fd50cb2d34cb4d8a24b472b913b 100644 >--- a/Source/JavaScriptCore/runtime/AsyncIteratorPrototype.cpp >+++ b/Source/JavaScriptCore/runtime/AsyncIteratorPrototype.cpp >@@ -41,7 +41,7 @@ void AsyncIteratorPrototype::finishCreation(VM& vm, JSGlobalObject* globalObject > ASSERT(inherits(vm, info())); > didBecomePrototype(); > >- JSFunction* asyncIteratorPrototypeFunction = JSFunction::create(vm, asyncIteratorPrototypeSymbolAsyncIteratorGetterCodeGenerator(vm), globalObject); >+ JSFunction* asyncIteratorPrototypeFunction = JSFunction::create(vm, asyncIteratorPrototypeSymbolAsyncIteratorGetterCodeGenerator(vm).value(), globalObject); > putDirectWithoutTransition(vm, vm.propertyNames->asyncIteratorSymbol, asyncIteratorPrototypeFunction, static_cast<unsigned>(PropertyAttribute::DontEnum)); > } > >diff --git a/Source/JavaScriptCore/runtime/FunctionPrototype.cpp b/Source/JavaScriptCore/runtime/FunctionPrototype.cpp >index a39539bd0146e397c51164763b574aeb02d4c2fb..e5c839e21ec546a842641791263186b6c7b10818 100644 >--- a/Source/JavaScriptCore/runtime/FunctionPrototype.cpp >+++ b/Source/JavaScriptCore/runtime/FunctionPrototype.cpp >@@ -63,11 +63,11 @@ void FunctionPrototype::addFunctionProperties(ExecState* exec, JSGlobalObject* g > JSFunction* toStringFunction = JSFunction::create(vm, globalObject, 0, vm.propertyNames->toString.string(), functionProtoFuncToString); > putDirectWithoutTransition(vm, vm.propertyNames->toString, toStringFunction, static_cast<unsigned>(PropertyAttribute::DontEnum)); > >- *applyFunction = putDirectBuiltinFunctionWithoutTransition(vm, globalObject, vm.propertyNames->builtinNames().applyPublicName(), functionPrototypeApplyCodeGenerator(vm), static_cast<unsigned>(PropertyAttribute::DontEnum)); >- *callFunction = putDirectBuiltinFunctionWithoutTransition(vm, globalObject, vm.propertyNames->builtinNames().callPublicName(), functionPrototypeCallCodeGenerator(vm), static_cast<unsigned>(PropertyAttribute::DontEnum)); >- putDirectBuiltinFunctionWithoutTransition(vm, globalObject, vm.propertyNames->bind, functionPrototypeBindCodeGenerator(vm), static_cast<unsigned>(PropertyAttribute::DontEnum)); >+ *applyFunction = putDirectBuiltinFunctionWithoutTransition(vm, globalObject, vm.propertyNames->builtinNames().applyPublicName(), functionPrototypeApplyCodeGenerator(vm).value(), static_cast<unsigned>(PropertyAttribute::DontEnum)); >+ *callFunction = putDirectBuiltinFunctionWithoutTransition(vm, globalObject, vm.propertyNames->builtinNames().callPublicName(), functionPrototypeCallCodeGenerator(vm).value(), static_cast<unsigned>(PropertyAttribute::DontEnum)); >+ putDirectBuiltinFunctionWithoutTransition(vm, globalObject, vm.propertyNames->bind, functionPrototypeBindCodeGenerator(vm).value(), static_cast<unsigned>(PropertyAttribute::DontEnum)); > >- *hasInstanceSymbolFunction = JSFunction::create(vm, functionPrototypeSymbolHasInstanceCodeGenerator(vm), globalObject); >+ *hasInstanceSymbolFunction = JSFunction::create(vm, functionPrototypeSymbolHasInstanceCodeGenerator(vm).value(), globalObject); > putDirectWithoutTransition(vm, vm.propertyNames->hasInstanceSymbol, *hasInstanceSymbolFunction, PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly | PropertyAttribute::DontEnum); > } > >diff --git a/Source/JavaScriptCore/runtime/JSGlobalObject.cpp b/Source/JavaScriptCore/runtime/JSGlobalObject.cpp >index e1398e2f74e825c4b221ac0dc5b4abee9197fafe..492ac4a8afa153bb9ff5ebfe486cfee7237124e9 100644 >--- a/Source/JavaScriptCore/runtime/JSGlobalObject.cpp >+++ b/Source/JavaScriptCore/runtime/JSGlobalObject.cpp >@@ -444,24 +444,24 @@ void JSGlobalObject::init(VM& vm) > }); > m_arrayProtoValuesFunction.initLater( > [] (const Initializer<JSFunction>& init) { >- init.set(JSFunction::create(init.vm, arrayPrototypeValuesCodeGenerator(init.vm), init.owner)); >+ init.set(JSFunction::create(init.vm, arrayPrototypeValuesCodeGenerator(init.vm).value(), init.owner)); > }); > m_initializePromiseFunction.initLater( > [] (const Initializer<JSFunction>& init) { >- init.set(JSFunction::create(init.vm, promiseOperationsInitializePromiseCodeGenerator(init.vm), init.owner)); >+ init.set(JSFunction::create(init.vm, promiseOperationsInitializePromiseCodeGenerator(init.vm).value(), init.owner)); > }); > > m_iteratorProtocolFunction.initLater( > [] (const Initializer<JSFunction>& init) { >- init.set(JSFunction::create(init.vm, iteratorHelpersPerformIterationCodeGenerator(init.vm), init.owner)); >+ init.set(JSFunction::create(init.vm, iteratorHelpersPerformIterationCodeGenerator(init.vm).value(), init.owner)); > }); > > m_promiseResolveFunction.initLater( > [] (const Initializer<JSFunction>& init) { >- init.set(JSFunction::create(init.vm, promiseConstructorResolveCodeGenerator(init.vm), init.owner)); >+ init.set(JSFunction::create(init.vm, promiseConstructorResolveCodeGenerator(init.vm).value(), init.owner)); > }); > >- m_newPromiseCapabilityFunction.set(vm, this, JSFunction::create(vm, promiseOperationsNewPromiseCapabilityCodeGenerator(vm), this)); >+ m_newPromiseCapabilityFunction.set(vm, this, JSFunction::create(vm, promiseOperationsNewPromiseCapabilityCodeGenerator(vm).value(), this)); > m_functionProtoHasInstanceSymbolFunction.set(vm, this, hasInstanceSymbolFunction); > m_throwTypeErrorGetterSetter.initLater( > [] (const Initializer<GetterSetter>& init) { >@@ -492,7 +492,7 @@ void JSGlobalObject::init(VM& vm) > m_functionPrototype->initRestrictedProperties(exec, this); > > m_speciesGetterSetter.set(vm, this, GetterSetter::create(vm, this)); >- m_speciesGetterSetter->setGetter(vm, this, JSFunction::create(vm, globalOperationsSpeciesGetterCodeGenerator(vm), this)); >+ m_speciesGetterSetter->setGetter(vm, this, JSFunction::create(vm, globalOperationsSpeciesGetterCodeGenerator(vm).value(), this)); > > m_typedArrayProto.initLater( > [] (const Initializer<JSTypedArrayViewPrototype>& init) { >@@ -514,7 +514,7 @@ void JSGlobalObject::init(VM& vm) > [] (LazyClassStructure::Initializer& init) { \ > init.setPrototype(JS ## type ## ArrayPrototype::create(init.vm, init.global, JS ## type ## ArrayPrototype::createStructure(init.vm, init.global, init.global->m_typedArrayProto.get(init.global)))); \ > init.setStructure(JS ## type ## Array::createStructure(init.vm, init.global, init.prototype)); \ >- init.setConstructor(JS ## type ## ArrayConstructor::create(init.vm, init.global, JS ## type ## ArrayConstructor::createStructure(init.vm, init.global, init.global->m_typedArraySuperConstructor.get(init.global)), init.prototype, ASCIILiteral(#type "Array"), typedArrayConstructorAllocate ## type ## ArrayCodeGenerator(init.vm))); \ >+ init.setConstructor(JS ## type ## ArrayConstructor::create(init.vm, init.global, JS ## type ## ArrayConstructor::createStructure(init.vm, init.global, init.global->m_typedArraySuperConstructor.get(init.global)), init.prototype, ASCIILiteral(#type "Array"), typedArrayConstructorAllocate ## type ## ArrayCodeGenerator(init.vm).value())); \ > init.global->putDirectWithoutTransition(init.vm, init.vm.propertyNames->builtinNames().type ## ArrayPrivateName(), init.constructor, static_cast<unsigned>(PropertyAttribute::DontEnum)); \ > }); > FOR_EACH_TYPED_ARRAY_TYPE_EXCLUDING_DATA_VIEW(INIT_TYPED_ARRAY_LATER) >@@ -836,7 +836,7 @@ putDirectWithoutTransition(vm, vm.propertyNames-> jsName, lowerName ## Construct > JSObject* regExpSymbolReplace = asObject(m_regExpPrototype->getDirect(vm, vm.propertyNames->replaceSymbol).asCell()); > m_regExpProtoSymbolReplace.set(vm, this, regExpSymbolReplace); > >-#define CREATE_PRIVATE_GLOBAL_FUNCTION(name, code) JSFunction* name ## PrivateFunction = JSFunction::create(vm, code ## CodeGenerator(vm), this); >+#define CREATE_PRIVATE_GLOBAL_FUNCTION(name, code) JSFunction* name ## PrivateFunction = JSFunction::create(vm, code ## CodeGenerator(vm).value(), this); > JSC_FOREACH_BUILTIN_FUNCTION_PRIVATE_GLOBAL_NAME(CREATE_PRIVATE_GLOBAL_FUNCTION) > #undef CREATE_PRIVATE_GLOBAL_FUNCTION > >diff --git a/Source/JavaScriptCore/runtime/JSObject.cpp b/Source/JavaScriptCore/runtime/JSObject.cpp >index 42c888e6c494e6d4973e6aac36931c83bc9ac90d..6ad6a305aed29d3a7f598bfc2bd900630a915ad1 100644 >--- a/Source/JavaScriptCore/runtime/JSObject.cpp >+++ b/Source/JavaScriptCore/runtime/JSObject.cpp >@@ -2029,12 +2029,17 @@ bool JSObject::getPrimitiveNumber(ExecState* exec, double& number, JSValue& resu > return !result.isString(); > } > >-bool JSObject::getOwnStaticPropertySlot(VM& vm, PropertyName propertyName, PropertySlot& slot) >+bool JSObject::getOwnStaticPropertySlot(ExecState* exec, PropertyName propertyName, PropertySlot& slot) > { >+ VM& vm = exec->vm(); >+ auto scope = DECLARE_THROW_SCOPE(vm); > for (auto* info = classInfo(vm); info; info = info->parentClass) { > if (auto* table = info->staticPropHashTable) { >- if (getStaticPropertySlotFromTable(vm, table->classForThis, *table, this, propertyName, slot)) >+ if (getStaticPropertySlotFromTable(exec, table->classForThis, *table, this, propertyName, slot)) { >+ EXCEPTION_ASSERT(!scope.exception()); > return true; >+ } >+ RETURN_IF_EXCEPTION(scope, false); > } > } > return false; >@@ -2320,6 +2325,7 @@ void JSObject::reifyAllStaticProperties(ExecState* exec) > { > ASSERT(!staticPropertiesReified()); > VM& vm = exec->vm(); >+ auto scope = DECLARE_THROW_SCOPE(vm); > > // If this object's ClassInfo has no static properties, then nothing to reify! > // We can safely set the flag to avoid the expensive check again in the future. >@@ -2340,8 +2346,10 @@ void JSObject::reifyAllStaticProperties(ExecState* exec) > unsigned attributes; > auto key = Identifier::fromString(&vm, value.m_key); > PropertyOffset offset = getDirectOffset(vm, key, attributes); >- if (!isValidOffset(offset)) >- reifyStaticProperty(vm, hashTable->classForThis, key, value, *this); >+ if (!isValidOffset(offset)) { >+ reifyStaticProperty(vm, exec, hashTable->classForThis, key, value, *this); >+ RETURN_IF_EXCEPTION(scope, void()); >+ } > } > } > >diff --git a/Source/JavaScriptCore/runtime/JSObject.h b/Source/JavaScriptCore/runtime/JSObject.h >index c2eb8e6936429f4f6acef77754bf636d33ea3674..0245e5a6ee80c8a5d79313708665220bd32f6116 100644 >--- a/Source/JavaScriptCore/runtime/JSObject.h >+++ b/Source/JavaScriptCore/runtime/JSObject.h >@@ -94,7 +94,7 @@ class JSObject : public JSCell { > friend class JSCell; > friend class JSFinalObject; > friend class MarkedBlock; >- JS_EXPORT_PRIVATE friend bool setUpStaticFunctionSlot(VM&, const HashTableValue*, JSObject*, PropertyName, PropertySlot&); >+ JS_EXPORT_PRIVATE friend bool setUpStaticFunctionSlot(ExecState*, const HashTableValue*, JSObject*, PropertyName, PropertySlot&); > > enum PutMode { > PutModePut, >@@ -1022,11 +1022,11 @@ private: > JS_EXPORT_PRIVATE NEVER_INLINE bool putInlineSlow(ExecState*, PropertyName, JSValue, PutPropertySlot&); > > bool getNonIndexPropertySlot(ExecState*, PropertyName, PropertySlot&); >- bool getOwnNonIndexPropertySlot(VM&, Structure*, PropertyName, PropertySlot&); >+ bool getOwnNonIndexPropertySlot(ExecState*, Structure*, PropertyName, PropertySlot&); > JS_EXPORT_PRIVATE void fillGetterPropertySlot(PropertySlot&, JSCell*, unsigned, PropertyOffset); > void fillCustomGetterPropertySlot(VM&, PropertySlot&, CustomGetterSetter*, unsigned, Structure*); > >- JS_EXPORT_PRIVATE bool getOwnStaticPropertySlot(VM&, PropertyName, PropertySlot&); >+ JS_EXPORT_PRIVATE bool getOwnStaticPropertySlot(ExecState*, PropertyName, PropertySlot&); > struct PropertyHashEntry { > const HashTable* table; > const HashTableValue* value; >@@ -1313,14 +1313,15 @@ inline JSValue JSObject::getPrototype(VM& vm, ExecState* exec) > > // It is safe to call this method with a PropertyName that is actually an index, > // but if so will always return false (doesn't search index storage). >-ALWAYS_INLINE bool JSObject::getOwnNonIndexPropertySlot(VM& vm, Structure* structure, PropertyName propertyName, PropertySlot& slot) >+ALWAYS_INLINE bool JSObject::getOwnNonIndexPropertySlot(ExecState* exec, Structure* structure, PropertyName propertyName, PropertySlot& slot) > { >+ VM& vm = exec->vm(); > unsigned attributes; > PropertyOffset offset = structure->get(vm, propertyName, attributes); > if (!isValidOffset(offset)) { > if (!TypeInfo::hasStaticPropertyTable(inlineTypeFlags())) > return false; >- return getOwnStaticPropertySlot(vm, propertyName, slot); >+ return getOwnStaticPropertySlot(exec, propertyName, slot); > } > > // getPropertySlot relies on this method never returning index properties! >@@ -1370,19 +1371,24 @@ ALWAYS_INLINE void JSObject::fillCustomGetterPropertySlot(VM& vm, PropertySlot& > ALWAYS_INLINE bool JSObject::getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyName propertyName, PropertySlot& slot) > { > VM& vm = exec->vm(); >+ auto scope = DECLARE_THROW_SCOPE(vm); > Structure* structure = object->structure(vm); >- if (object->getOwnNonIndexPropertySlot(vm, structure, propertyName, slot)) >+ if (object->getOwnNonIndexPropertySlot(exec, structure, propertyName, slot)) { >+ EXCEPTION_ASSERT(!scope.exception()); > return true; >+ } >+ RETURN_IF_EXCEPTION(scope, false); > if (std::optional<uint32_t> index = parseIndex(propertyName)) > return getOwnPropertySlotByIndex(object, exec, index.value(), slot); > return false; > } > > // It may seem crazy to inline a function this large but it makes a big difference >-// since this is function very hot in variable lookup >+// since this function is very hot in variable lookup > ALWAYS_INLINE bool JSObject::getPropertySlot(ExecState* exec, PropertyName propertyName, PropertySlot& slot) > { > VM& vm = exec->vm(); >+ auto scope = DECLARE_THROW_SCOPE(vm); > auto& structureIDTable = vm.heap.structureIDTable(); > JSObject* object = this; > while (true) { >@@ -1395,12 +1401,16 @@ ALWAYS_INLINE bool JSObject::getPropertySlot(ExecState* exec, PropertyName prope > return getPropertySlot(exec, index.value(), slot); > // Safe to continue searching from current position; call getNonIndexPropertySlot to avoid > // parsing the int again. >+ scope.release(); > return object->getNonIndexPropertySlot(exec, propertyName, slot); > } > ASSERT(object->type() != ProxyObjectType); > Structure* structure = structureIDTable.get(object->structureID()); >- if (object->getOwnNonIndexPropertySlot(vm, structure, propertyName, slot)) >+ if (object->getOwnNonIndexPropertySlot(exec, structure, propertyName, slot)) { >+ EXCEPTION_ASSERT(!scope.exception()); > return true; >+ } >+ RETURN_IF_EXCEPTION(scope, false); > // FIXME: This doesn't look like it's following the specification: > // https://bugs.webkit.org/show_bug.cgi?id=172572 > JSValue prototype = structure->storedPrototype(object); >@@ -1601,7 +1611,7 @@ JS_EXPORT_PRIVATE NEVER_INLINE bool ordinarySetSlow(ExecState*, JSObject*, Prope > > #define JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(jsName, generatorName, attributes) \ > putDirectBuiltinFunctionWithoutTransition(\ >- vm, globalObject, makeIdentifier(vm, (jsName)), (generatorName)(vm), (attributes)) >+ vm, globalObject, makeIdentifier(vm, (jsName)), (generatorName)(vm).value(), (attributes)) > > // Helper for defining native getters on properties. > #define JSC_NATIVE_INTRINSIC_GETTER(jsName, cppName, attributes, intrinsic) \ >diff --git a/Source/JavaScriptCore/runtime/JSObjectInlines.h b/Source/JavaScriptCore/runtime/JSObjectInlines.h >index 5e2701f17a433e32d1bc6e9c87a4a5589d4f3f8f..3f09a81b05f6079db72fc63c72e8d59e9f5d6960 100644 >--- a/Source/JavaScriptCore/runtime/JSObjectInlines.h >+++ b/Source/JavaScriptCore/runtime/JSObjectInlines.h >@@ -140,8 +140,11 @@ ALWAYS_INLINE bool JSObject::getNonIndexPropertySlot(ExecState* exec, PropertyNa > while (true) { > Structure* structure = structureIDTable.get(object->structureID()); > if (LIKELY(!TypeInfo::overridesGetOwnPropertySlot(object->inlineTypeFlags()))) { >- if (object->getOwnNonIndexPropertySlot(vm, structure, propertyName, slot)) >+ if (object->getOwnNonIndexPropertySlot(exec, structure, propertyName, slot)) { >+ EXCEPTION_ASSERT(!scope.exception()); > return true; >+ } >+ RETURN_IF_EXCEPTION(scope, false); > } else { > bool hasSlot = structure->classInfo()->methodTable.getOwnPropertySlot(object, exec, propertyName, slot); > RETURN_IF_EXCEPTION(scope, false); >diff --git a/Source/JavaScriptCore/runtime/JSScope.cpp b/Source/JavaScriptCore/runtime/JSScope.cpp >index 3f7f3f1497d0aa2c9e5344e7a3a8ef40b160f80c..0a99d80f9b14b67a07e7c0228109ae086c79033b 100644 >--- a/Source/JavaScriptCore/runtime/JSScope.cpp >+++ b/Source/JavaScriptCore/runtime/JSScope.cpp >@@ -156,6 +156,7 @@ static inline bool abstractAccess(ExecState* exec, JSScope* scope, const Identif > > PropertySlot slot(globalObject, PropertySlot::InternalMethodType::VMInquiry); > bool hasOwnProperty = globalObject->getOwnPropertySlot(globalObject, exec, ident, slot); >+ RETURN_IF_EXCEPTION(throwScope, false); > if (!hasOwnProperty) { > op = ResolveOp(makeType(UnresolvedProperty, needsVarInjectionChecks), 0, 0, 0, 0, 0); > return true; >diff --git a/Source/JavaScriptCore/runtime/JSTypedArrayViewPrototype.cpp b/Source/JavaScriptCore/runtime/JSTypedArrayViewPrototype.cpp >index 75b0c11f36e26a7ba4934158552638b81e15f1e2..87fda3af8d93037eacd2da2687ea250407966def 100644 >--- a/Source/JavaScriptCore/runtime/JSTypedArrayViewPrototype.cpp >+++ b/Source/JavaScriptCore/runtime/JSTypedArrayViewPrototype.cpp >@@ -330,7 +330,7 @@ void JSTypedArrayViewPrototype::finishCreation(VM& vm, JSGlobalObject* globalObj > toStringTagAccessor->setGetter(vm, globalObject, toStringTagFunction); > putDirectNonIndexAccessor(vm, vm.propertyNames->toStringTagSymbol, toStringTagAccessor, PropertyAttribute::DontEnum | PropertyAttribute::ReadOnly | PropertyAttribute::Accessor); > >- JSFunction* valuesFunction = JSFunction::create(vm, typedArrayPrototypeValuesCodeGenerator(vm), globalObject); >+ JSFunction* valuesFunction = JSFunction::create(vm, typedArrayPrototypeValuesCodeGenerator(vm).value(), globalObject); > > putDirectWithoutTransition(vm, vm.propertyNames->builtinNames().valuesPublicName(), valuesFunction, static_cast<unsigned>(PropertyAttribute::DontEnum)); > putDirectWithoutTransition(vm, vm.propertyNames->iteratorSymbol, valuesFunction, static_cast<unsigned>(PropertyAttribute::DontEnum)); >diff --git a/Source/JavaScriptCore/runtime/Lookup.cpp b/Source/JavaScriptCore/runtime/Lookup.cpp >index 966c71eb10a8a84847e87cb6123e40875178bf06..8eac0f94c5761481a07f30b2b2a55c6c489572e1 100644 >--- a/Source/JavaScriptCore/runtime/Lookup.cpp >+++ b/Source/JavaScriptCore/runtime/Lookup.cpp >@@ -33,7 +33,7 @@ void reifyStaticAccessor(VM& vm, const HashTableValue& value, JSObject& thisObje > if (value.accessorGetter()) { > JSFunction* function = nullptr; > if (value.attributes() & PropertyAttribute::Builtin) >- function = JSFunction::create(vm, value.builtinAccessorGetterGenerator()(vm), globalObject); >+ function = JSFunction::create(vm, value.builtinAccessorGetterGenerator()(vm).value(), globalObject); > else { > String getterName = tryMakeString(ASCIILiteral("get "), String(*propertyName.publicName())); > if (!getterName) >@@ -45,8 +45,10 @@ void reifyStaticAccessor(VM& vm, const HashTableValue& value, JSObject& thisObje > thisObject.putDirectNonIndexAccessor(vm, propertyName, accessor, attributesForStructure(value.attributes())); > } > >-bool setUpStaticFunctionSlot(VM& vm, const ClassInfo* classInfo, const HashTableValue* entry, JSObject* thisObject, PropertyName propertyName, PropertySlot& slot) >+bool setUpStaticFunctionSlot(ExecState* exec, const ClassInfo* classInfo, const HashTableValue* entry, JSObject* thisObject, PropertyName propertyName, PropertySlot& slot) > { >+ VM& vm = exec->vm(); >+ auto scope = DECLARE_THROW_SCOPE(vm); > ASSERT(thisObject->globalObject()); > ASSERT(entry->attributes() & PropertyAttribute::BuiltinOrFunctionOrAccessorOrLazyProperty); > unsigned attributes; >@@ -59,7 +61,8 @@ bool setUpStaticFunctionSlot(VM& vm, const ClassInfo* classInfo, const HashTable > if (thisObject->staticPropertiesReified()) > return false; > >- reifyStaticProperty(vm, classInfo, propertyName, *entry, *thisObject); >+ reifyStaticProperty(vm, exec, classInfo, propertyName, *entry, *thisObject); >+ RETURN_IF_EXCEPTION(scope, false); > > offset = thisObject->getDirectOffset(vm, propertyName, attributes); > if (!isValidOffset(offset)) { >diff --git a/Source/JavaScriptCore/runtime/Lookup.h b/Source/JavaScriptCore/runtime/Lookup.h >index bfee51e0b1acb446a35082b45bf01e938a688af7..85fbe1dbfaa16b9be87c656b8af6bc4d657a3614 100644 >--- a/Source/JavaScriptCore/runtime/Lookup.h >+++ b/Source/JavaScriptCore/runtime/Lookup.h >@@ -31,10 +31,12 @@ > #include "JSFunction.h" > #include "JSGlobalObject.h" > #include "LazyProperty.h" >+#include "ParserError.h" > #include "PropertySlot.h" > #include "PutPropertySlot.h" > #include "TypeError.h" > #include <wtf/Assertions.h> >+#include <wtf/Expected.h> > > namespace JSC { > >@@ -47,7 +49,7 @@ struct CompactHashIndex { > // ie. typedef JSValue (*GetFunction)(ExecState*, JSObject* baseObject) > typedef PropertySlot::GetValueFunc GetFunction; > typedef PutPropertySlot::PutValueFunc PutFunction; >-typedef FunctionExecutable* (*BuiltinGenerator)(VM&); >+typedef Expected<FunctionExecutable*, ParserError> (*BuiltinGenerator)(VM&); > typedef JSValue (*LazyPropertyCallback)(VM&, JSObject*); > > // Hash table generated by the create_hash_table script. >@@ -203,7 +205,7 @@ struct HashTable { > } > }; > >-JS_EXPORT_PRIVATE bool setUpStaticFunctionSlot(VM&, const ClassInfo*, const HashTableValue*, JSObject* thisObject, PropertyName, PropertySlot&); >+JS_EXPORT_PRIVATE bool setUpStaticFunctionSlot(ExecState*, const ClassInfo*, const HashTableValue*, JSObject* thisObject, PropertyName, PropertySlot&); > JS_EXPORT_PRIVATE void reifyStaticAccessor(VM&, const HashTableValue&, JSObject& thisObject, PropertyName); > > inline BuiltinGenerator HashTableValue::builtinAccessorGetterGenerator() const >@@ -220,7 +222,7 @@ inline BuiltinGenerator HashTableValue::builtinAccessorSetterGenerator() const > return reinterpret_cast<BuiltinGenerator>(m_values.value2); > } > >-inline bool getStaticPropertySlotFromTable(VM& vm, const ClassInfo* classInfo, const HashTable& table, JSObject* thisObject, PropertyName propertyName, PropertySlot& slot) >+inline bool getStaticPropertySlotFromTable(ExecState* exec, const ClassInfo* classInfo, const HashTable& table, JSObject* thisObject, PropertyName propertyName, PropertySlot& slot) > { > if (thisObject->staticPropertiesReified()) > return false; >@@ -230,7 +232,7 @@ inline bool getStaticPropertySlotFromTable(VM& vm, const ClassInfo* classInfo, c > return false; > > if (entry->attributes() & PropertyAttribute::BuiltinOrFunctionOrAccessorOrLazyProperty) >- return setUpStaticFunctionSlot(vm, classInfo, entry, thisObject, propertyName, slot); >+ return setUpStaticFunctionSlot(exec, classInfo, entry, thisObject, propertyName, slot); > > if (entry->attributes() & PropertyAttribute::ConstantInteger) { > slot.setValue(thisObject, attributesForStructure(entry->attributes()), jsNumber(entry->constantInteger())); >@@ -319,13 +321,33 @@ inline bool lookupPut(ExecState* exec, PropertyName propertyName, JSObject* base > return true; > } > >-inline void reifyStaticProperty(VM& vm, const ClassInfo* classInfo, const PropertyName& propertyName, const HashTableValue& value, JSObject& thisObj) >+inline void reifyStaticProperty(VM& vm, ExecState* execIfAvailable, const ClassInfo* classInfo, const PropertyName& propertyName, const HashTableValue& value, JSObject& thisObj) > { >+ ASSERT(execIfAvailable == nullptr || &vm == &(execIfAvailable->vm())); >+ auto scope = DECLARE_THROW_SCOPE(vm); >+ > if (value.attributes() & PropertyAttribute::Builtin) { > if (value.attributes() & PropertyAttribute::Accessor) > reifyStaticAccessor(vm, value, thisObj, propertyName); >- else >- thisObj.putDirectBuiltinFunction(vm, thisObj.globalObject(), propertyName, value.builtinGenerator()(vm), attributesForStructure(value.attributes())); >+ else { >+ if (Expected<FunctionExecutable*, ParserError> f = value.builtinGenerator()(vm)) >+ thisObj.putDirectBuiltinFunction(vm, thisObj.globalObject(), propertyName, f.value(), attributesForStructure(value.attributes())); >+ else if (execIfAvailable) { >+ switch (f.error().type()) { >+ case ParserError::StackOverflow: >+ throwStackOverflowError(execIfAvailable, scope); >+ return; >+ case ParserError::OutOfMemory: >+ throwOutOfMemoryError(execIfAvailable, scope); >+ return; >+ default: >+ RELEASE_ASSERT_NOT_REACHED(); >+ } >+ } else { >+ dataLogLn("Fatal parser error (probably a stack overflow), and no ExecState available for throwing a JS exception"); >+ CRASH(); >+ } >+ } > return; > } > >@@ -400,7 +422,7 @@ inline void reifyStaticProperties(VM& vm, const ClassInfo* classInfo, const Hash > if (!value.m_key) > continue; > auto key = Identifier::fromString(&vm, reinterpret_cast<const LChar*>(value.m_key), strlen(value.m_key)); >- reifyStaticProperty(vm, classInfo, key, value, thisObj); >+ reifyStaticProperty(vm, nullptr, classInfo, key, value, thisObj); > } > } > >diff --git a/Source/JavaScriptCore/runtime/MapPrototype.cpp b/Source/JavaScriptCore/runtime/MapPrototype.cpp >index 53568b7a3aae4b126cce339d32d0470eea76a183..fe2b6bee1320cb2557a7de532ffd9804db325daa 100644 >--- a/Source/JavaScriptCore/runtime/MapPrototype.cpp >+++ b/Source/JavaScriptCore/runtime/MapPrototype.cpp >@@ -71,7 +71,7 @@ void MapPrototype::finishCreation(VM& vm, JSGlobalObject* globalObject) > JSC_NATIVE_INTRINSIC_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().getPrivateName(), mapProtoFuncGet, static_cast<unsigned>(PropertyAttribute::DontEnum), 1, JSMapGetIntrinsic); > JSC_NATIVE_INTRINSIC_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().setPrivateName(), mapProtoFuncSet, static_cast<unsigned>(PropertyAttribute::DontEnum), 2, JSMapSetIntrinsic); > >- JSFunction* entries = JSFunction::create(vm, mapPrototypeEntriesCodeGenerator(vm), globalObject); >+ JSFunction* entries = JSFunction::create(vm, mapPrototypeEntriesCodeGenerator(vm).value(), globalObject); > putDirectWithoutTransition(vm, vm.propertyNames->builtinNames().entriesPublicName(), entries, static_cast<unsigned>(PropertyAttribute::DontEnum)); > putDirectWithoutTransition(vm, vm.propertyNames->iteratorSymbol, entries, static_cast<unsigned>(PropertyAttribute::DontEnum)); > putDirectWithoutTransition(vm, vm.propertyNames->toStringTagSymbol, jsString(&vm, "Map"), PropertyAttribute::DontEnum | PropertyAttribute::ReadOnly); >diff --git a/Source/JavaScriptCore/runtime/SetPrototype.cpp b/Source/JavaScriptCore/runtime/SetPrototype.cpp >index 2934396087e68bf38c918731804f6f6e70b07d6c..f2f05e3ff0fe4c3ab9f2cb6be0529a440c2fd840 100644 >--- a/Source/JavaScriptCore/runtime/SetPrototype.cpp >+++ b/Source/JavaScriptCore/runtime/SetPrototype.cpp >@@ -68,7 +68,7 @@ void SetPrototype::finishCreation(VM& vm, JSGlobalObject* globalObject) > JSC_NATIVE_INTRINSIC_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().hasPrivateName(), setProtoFuncHas, static_cast<unsigned>(PropertyAttribute::DontEnum), 1, JSSetHasIntrinsic); > JSC_NATIVE_INTRINSIC_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().addPrivateName(), setProtoFuncAdd, static_cast<unsigned>(PropertyAttribute::DontEnum), 1, JSSetAddIntrinsic); > >- JSFunction* values = JSFunction::create(vm, setPrototypeValuesCodeGenerator(vm), globalObject); >+ JSFunction* values = JSFunction::create(vm, setPrototypeValuesCodeGenerator(vm).value(), globalObject); > putDirectWithoutTransition(vm, vm.propertyNames->builtinNames().valuesPublicName(), values, static_cast<unsigned>(PropertyAttribute::DontEnum)); > putDirectWithoutTransition(vm, vm.propertyNames->builtinNames().keysPublicName(), values, static_cast<unsigned>(PropertyAttribute::DontEnum)); > putDirectWithoutTransition(vm, vm.propertyNames->iteratorSymbol, values, static_cast<unsigned>(PropertyAttribute::DontEnum)); >diff --git a/Source/JavaScriptCore/tools/JSDollarVM.cpp b/Source/JavaScriptCore/tools/JSDollarVM.cpp >index 5ae0b0825374a41119d6103f4a51dbab8b1d7338..a1d6df8991b2f4b4742e2d46b8e9214683c76766 100644 >--- a/Source/JavaScriptCore/tools/JSDollarVM.cpp >+++ b/Source/JavaScriptCore/tools/JSDollarVM.cpp >@@ -26,7 +26,7 @@ > #include "config.h" > #include "JSDollarVM.h" > >-#include "BuiltinExecutableCreator.h" >+#include "BuiltinExecutables.h" > #include "CodeBlock.h" > #include "DOMAttributeGetterSetter.h" > #include "DOMJITGetterSetter.h" >@@ -1522,9 +1522,8 @@ static EncodedJSValue JSC_HOST_CALL functionCreateBuiltin(ExecState* exec) > RETURN_IF_EXCEPTION(scope, encodedJSValue()); > > const SourceCode& source = makeSource(functionText, { }); >- JSFunction* func = JSFunction::create(vm, createBuiltinExecutable(vm, source, Identifier::fromString(&vm, "foo"), ConstructorKind::None, ConstructAbility::CannotConstruct)->link(vm, source), exec->lexicalGlobalObject()); >- >- return JSValue::encode(func); >+ auto unlinked = BuiltinExecutables::createExecutableOrCrash(vm, source, Identifier::fromString(&vm, "foo"), ConstructorKind::None, ConstructAbility::CannotConstruct); >+ return JSValue::encode(JSFunction::create(vm, unlinked->link(vm, source), exec->lexicalGlobalObject())); > } > > static EncodedJSValue JSC_HOST_CALL functionCreateRoot(ExecState* exec) >diff --git a/Source/WebCore/bindings/js/JSReadableStreamPrivateConstructors.cpp b/Source/WebCore/bindings/js/JSReadableStreamPrivateConstructors.cpp >index ca97e9611d0322b652dcce4f6ef98e48a2d7336d..14c2bcde69257bac2416dbe7a3c3ad6bd3bdbb00 100644 >--- a/Source/WebCore/bindings/js/JSReadableStreamPrivateConstructors.cpp >+++ b/Source/WebCore/bindings/js/JSReadableStreamPrivateConstructors.cpp >@@ -124,27 +124,27 @@ template<> const ClassInfo JSBuiltinReadableStreamBYOBRequestPrivateConstructor: > > template<> FunctionExecutable* JSBuiltinReadableStreamDefaultReaderPrivateConstructor::initializeExecutable(JSC::VM& vm) > { >- return readableStreamInternalsPrivateInitializeReadableStreamDefaultReaderCodeGenerator(vm); >+ return readableStreamInternalsPrivateInitializeReadableStreamDefaultReaderCodeGenerator(vm).value(); > } > > template<> FunctionExecutable* JSBuiltinReadableStreamDefaultControllerPrivateConstructor::initializeExecutable(JSC::VM& vm) > { >- return readableStreamInternalsPrivateInitializeReadableStreamDefaultControllerCodeGenerator(vm); >+ return readableStreamInternalsPrivateInitializeReadableStreamDefaultControllerCodeGenerator(vm).value(); > } > > template<> FunctionExecutable* JSBuiltinReadableByteStreamControllerPrivateConstructor::initializeExecutable(JSC::VM& vm) > { >- return readableByteStreamInternalsPrivateInitializeReadableByteStreamControllerCodeGenerator(vm); >+ return readableByteStreamInternalsPrivateInitializeReadableByteStreamControllerCodeGenerator(vm).value(); > } > > template<> FunctionExecutable* JSBuiltinReadableStreamBYOBReaderPrivateConstructor::initializeExecutable(JSC::VM& vm) > { >- return readableByteStreamInternalsPrivateInitializeReadableStreamBYOBReaderCodeGenerator(vm); >+ return readableByteStreamInternalsPrivateInitializeReadableStreamBYOBReaderCodeGenerator(vm).value(); > } > > template<> FunctionExecutable* JSBuiltinReadableStreamBYOBRequestPrivateConstructor::initializeExecutable(JSC::VM& vm) > { >- return readableByteStreamInternalsPrivateInitializeReadableStreamBYOBRequestCodeGenerator(vm); >+ return readableByteStreamInternalsPrivateInitializeReadableStreamBYOBRequestCodeGenerator(vm).value(); > } > > JSObject* createReadableStreamDefaultReaderPrivateConstructor(VM& vm, JSDOMGlobalObject& globalObject) >diff --git a/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm b/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm >index 30a374c2824fa2608242aa38710984202b5d0ec0..02ed3e096bb941daf9f34b9849eb52604dd6c682 100644 >--- a/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm >+++ b/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm >@@ -7178,7 +7178,7 @@ sub GenerateConstructorHelperMethods > if (IsJSBuiltinConstructor($interface)) { > push(@$outputArray, "template<> FunctionExecutable* ${constructorClassName}::initializeExecutable(VM& vm)\n"); > push(@$outputArray, "{\n"); >- push(@$outputArray, " return " . GetJSBuiltinFunctionNameFromString($interface->type->name, "initialize" . $interface->type->name) . "(vm);\n"); >+ push(@$outputArray, " return " . GetJSBuiltinFunctionNameFromString($interface->type->name, "initialize" . $interface->type->name) . "(vm).value();\n"); > push(@$outputArray, "}\n"); > push(@$outputArray, "\n"); > } >diff --git a/Source/WebCore/bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp b/Source/WebCore/bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp >index 15e2e4005e5e5d9443b3e69ab0608fbf64236368..50feffbb1af3070e04353ef2d3d8f6330dff7863 100644 >--- a/Source/WebCore/bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp >+++ b/Source/WebCore/bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp >@@ -82,7 +82,7 @@ template<> void JSTestClassWithJSBuiltinConstructorConstructor::initializeProper > > template<> FunctionExecutable* JSTestClassWithJSBuiltinConstructorConstructor::initializeExecutable(VM& vm) > { >- return testClassWithJSBuiltinConstructorInitializeTestClassWithJSBuiltinConstructorCodeGenerator(vm); >+ return testClassWithJSBuiltinConstructorInitializeTestClassWithJSBuiltinConstructorCodeGenerator(vm).value(); > } > > template<> const ClassInfo JSTestClassWithJSBuiltinConstructorConstructor::s_info = { "TestClassWithJSBuiltinConstructor", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(JSTestClassWithJSBuiltinConstructorConstructor) }; >diff --git a/Source/WebCore/bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp b/Source/WebCore/bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp >index e2ae5bd8a43cc1dc9574bb63fa4f365ffa361652..8253babf2158b2c28f79bdae0f600b8e3dbc9b0a 100644 >--- a/Source/WebCore/bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp >+++ b/Source/WebCore/bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp >@@ -91,7 +91,7 @@ template<> void JSTestJSBuiltinConstructorConstructor::initializeProperties(VM& > > template<> FunctionExecutable* JSTestJSBuiltinConstructorConstructor::initializeExecutable(VM& vm) > { >- return testJSBuiltinConstructorInitializeTestJSBuiltinConstructorCodeGenerator(vm); >+ return testJSBuiltinConstructorInitializeTestJSBuiltinConstructorCodeGenerator(vm).value(); > } > > template<> const ClassInfo JSTestJSBuiltinConstructorConstructor::s_info = { "TestJSBuiltinConstructor", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(JSTestJSBuiltinConstructorConstructor) }; >diff --git a/JSTests/ChangeLog b/JSTests/ChangeLog >index 23aede92fb3ff1513a286e6eb803f842ec75245b..cc720d9cb4fd172224026fffbb61b665bd7522df 100644 >--- a/JSTests/ChangeLog >+++ b/JSTests/ChangeLog >@@ -1,3 +1,14 @@ >+2018-05-03 Robin Morisset <rmorisset@apple.com> >+ >+ A stack overflow in the parsing of a builtin (called by createExecutable) cause a crash instead of a catchable js exception >+ https://bugs.webkit.org/show_bug.cgi?id=184074 >+ <rdar://problem/37165897> >+ >+ Reviewed by Keith Miller and JF Bastien. >+ >+ * stress/stack-overflow-while-parsing-builtin.js: Added. >+ (f): >+ > 2018-05-02 Filip Pizlo <fpizlo@apple.com> > > JSC should know how to cache custom getter accesses on the prototype chain >diff --git a/JSTests/stress/stack-overflow-while-parsing-builtin.js b/JSTests/stress/stack-overflow-while-parsing-builtin.js >new file mode 100644 >index 0000000000000000000000000000000000000000..f22106f43bcf293c5e2b8507b010e7e7c4564fd0 >--- /dev/null >+++ b/JSTests/stress/stack-overflow-while-parsing-builtin.js >@@ -0,0 +1,13 @@ >+//@ runDefault("--maxPerThreadStackUsage=1000000", "--reservedZoneSize=0") >+ >+function f() { >+ try { >+ f(); >+ } catch (e) { >+ try { >+ Map.prototype.forEach.call('', {}); >+ } catch {} >+ } >+} >+ >+f()
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=339406">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
rmorisset
:
review-
rmorisset
:
commit-queue-
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 184074
:
336656
|
336770
|
336771
|
336775
|
336848
|
336849
|
338407
|
338584
|
339406
|
343216
|
343842
|
343871
|
343926
|
343927