119900 2013-08-16 10:49:26 -0700 Exception in global setter doesn't unwind correctly 2013-08-21 16:33:37 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 oliver webkit-unassigned commit-queue fpizlo ggaren max.hong.shen mhahnenberg oliver webkit-bug-importer oldest_to_newest 918009 0 oliver 2013-08-16 10:49:26 -0700 this.__defineSetter__("d", function h(){ throw ""}); function g() { d = 0; } for (;;) try { g() } catch(e){ } Crashes on an assertion due to us not catching the exception properly. some print debugging shows that we continue executing after d=0 918011 1 webkit-bug-importer 2013-08-16 10:49:55 -0700 <rdar://problem/14758580> 919305 2 209242 max.hong.shen 2013-08-20 18:13:06 -0700 Created attachment 209242 proposal patch 919317 3 209242 oliver 2013-08-20 19:16:54 -0700 Comment on attachment 209242 proposal patch Can you check the dfg path as well? otherwise this looks good 919324 4 ggaren 2013-08-20 20:27:27 -0700 Thanks for the patch. I think you missed slow_path_put_to_scope in LLIntSlowPaths.cpp (the LLInt version of the same bug). Can you add that to your patch and your test case? 919555 5 max.hong.shen 2013-08-21 11:49:40 -0700 The slow_path_put_to_scope calls the LLINT_END before exiting, which invokes llint_throw_from_slow_path_trampoline to handle the exception if the vm.exception is not null. So, no fix needed here. (In reply to comment #4) > Thanks for the patch. > > I think you missed slow_path_put_to_scope in LLIntSlowPaths.cpp (the LLInt version of the same bug). Can you add that to your patch and your test case? 919556 6 max.hong.shen 2013-08-21 11:50:19 -0700 Sure, I will check the dfg path. (In reply to comment #3) > (From update of attachment 209242 [details]) > Can you check the dfg path as well? otherwise this looks good 919574 7 ggaren 2013-08-21 12:25:17 -0700 > The slow_path_put_to_scope calls the LLINT_END before exiting, which invokes llint_throw_from_slow_path_trampoline to handle the exception if the vm.exception is not null. So, no fix needed here. Nice! 919660 8 max.hong.shen 2013-08-21 15:54:09 -0700 It seems dfg path already providers exception handler by calling JITCompiler::compileExceptionHandlers() when generating dfg jit code. After applied my patch, I ran your test function g() in a loop for 100,000 times and saw dfg path (debugged in xcode) works fine without any assertion failure. (In reply to comment #3) > (From update of attachment 209242 [details]) > Can you check the dfg path as well? otherwise this looks good 919664 9 209242 ggaren 2013-08-21 16:09:29 -0700 Comment on attachment 209242 proposal patch r=me Thanks! 919665 10 max.hong.shen 2013-08-21 16:10:58 -0700 Thanks for review :) (In reply to comment #9) > (From update of attachment 209242 [details]) > r=me > > Thanks! 919677 11 209242 commit-queue 2013-08-21 16:33:34 -0700 Comment on attachment 209242 proposal patch Clearing flags on attachment: 209242 Committed r154429: <http://trac.webkit.org/changeset/154429> 919678 12 commit-queue 2013-08-21 16:33:37 -0700 All reviewed patches have been landed. Closing bug. 209242 2013-08-20 18:13:06 -0700 2013-08-21 16:33:34 -0700 proposal patch 119900.patch text/plain 4166 max.hong.shen ZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL0NoYW5nZUxvZyBiL0xheW91dFRlc3RzL0NoYW5nZUxv ZwppbmRleCBlOTk3ZGRhLi5mOGUyYTYzIDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0cy9DaGFuZ2VM b2cKKysrIGIvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTcgQEAKKzIwMTMtMDgt MjAgIFlpIFNoZW4gIDxtYXguaG9uZy5zaGVuQGdtYWlsLmNvbT4KKworICAgICAgICBodHRwczov L2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTE5OTAwCisgICAgICAgIEV4Y2VwdGlv biBpbiBnbG9iYWwgc2V0dGVyIGRvZXNuJ3QgdW53aW5kIGNvcnJlY3RseQorCisgICAgICAgIFJl dmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIEFkZCB0ZXN0IGZvciBjYWxsaW5n IGdsb2JhbCBzZXR0ZXIgd2hpY2ggdGhyb3dzIGV4Y2VwdGlvbi4KKworICAgICAgICAqIGZhc3Qv anMvc2NyaXB0LXRlc3RzL3Rocm93LWV4Y2VwdGlvbi1pbi1nbG9iYWwtc2V0dGVyLmpzOiBBZGRl ZC4KKyAgICAgICAgKGcpOgorICAgICAgICAqIGZhc3QvanMvdGhyb3ctZXhjZXB0aW9uLWluLWds b2JhbC1zZXR0ZXItZXhwZWN0ZWQudHh0OiBBZGRlZC4KKyAgICAgICAgKiBmYXN0L2pzL3Rocm93 LWV4Y2VwdGlvbi1pbi1nbG9iYWwtc2V0dGVyLmh0bWw6IEFkZGVkLgorCiAyMDEzLTA4LTIwICBG aWxpcCBQaXpsbyAgPGZwaXpsb0BhcHBsZS5jb20+CiAKICAgICAgICAgZmFzdC9qcy9yZWdyZXNz L2Vtc2NyaXB0ZW4tY3ViZTJoYXNoIGlzIGZhaWxpbmcgb24gYWxsIHRoZSBNYWMgYm90cwpkaWZm IC0tZ2l0IGEvTGF5b3V0VGVzdHMvZmFzdC9qcy9zY3JpcHQtdGVzdHMvdGhyb3ctZXhjZXB0aW9u LWluLWdsb2JhbC1zZXR0ZXIuanMgYi9MYXlvdXRUZXN0cy9mYXN0L2pzL3NjcmlwdC10ZXN0cy90 aHJvdy1leGNlcHRpb24taW4tZ2xvYmFsLXNldHRlci5qcwppbmRleCBlNjlkZTI5Li5kYmJiNjY2 IDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0cy9mYXN0L2pzL3NjcmlwdC10ZXN0cy90aHJvdy1leGNl cHRpb24taW4tZ2xvYmFsLXNldHRlci5qcworKysgYi9MYXlvdXRUZXN0cy9mYXN0L2pzL3Njcmlw dC10ZXN0cy90aHJvdy1leGNlcHRpb24taW4tZ2xvYmFsLXNldHRlci5qcwpAQCAtMCwwICsxLDEx IEBACitkZXNjcmlwdGlvbignVGVzdCBmb3IgPGEgaHJlZj0iaHR0cHM6Ly9idWdzLndlYmtpdC5v cmcvc2hvd19idWcuY2dpP2lkPTExOTkwMCI+YnVnIDExOTkwMDwvYT46IEV4Y2VwdGlvbiBpbiBn bG9iYWwgc2V0dGVyIGRvZXNuXCd0IHVud2luZCBjb3JyZWN0bHkuJyk7CisKK2RlYnVnKCJQYXNz ZWQgaWYgbm8gYXNzZXJ0aW9uIGZhaWx1cmUuIik7CisKK3RoaXMuX19kZWZpbmVTZXR0ZXJfXygi c2V0dGVyVGhyb3dzRXhjZXB0aW9uIiwgZnVuY3Rpb24gdGhyb3dFbXB0eUV4Y2VwdGlvbigpeyB0 aHJvdyAiIn0pOworCitmdW5jdGlvbiBjYWxsU2V0dGVyKCkgeworICAgIHNldHRlclRocm93c0V4 Y2VwdGlvbiA9IDA7Cit9CisKK2ZvciAodmFyIGkgPSAwOyBpIDwgMTAwOyArK2kpIHRyeSB7IGNh bGxTZXR0ZXIoKSB9IGNhdGNoKGUpIHsgfQpkaWZmIC0tZ2l0IGEvTGF5b3V0VGVzdHMvZmFzdC9q cy90aHJvdy1leGNlcHRpb24taW4tZ2xvYmFsLXNldHRlci1leHBlY3RlZC50eHQgYi9MYXlvdXRU ZXN0cy9mYXN0L2pzL3Rocm93LWV4Y2VwdGlvbi1pbi1nbG9iYWwtc2V0dGVyLWV4cGVjdGVkLnR4 dAppbmRleCBlNjlkZTI5Li5lYzYzYmFkIDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0cy9mYXN0L2pz L3Rocm93LWV4Y2VwdGlvbi1pbi1nbG9iYWwtc2V0dGVyLWV4cGVjdGVkLnR4dAorKysgYi9MYXlv dXRUZXN0cy9mYXN0L2pzL3Rocm93LWV4Y2VwdGlvbi1pbi1nbG9iYWwtc2V0dGVyLWV4cGVjdGVk LnR4dApAQCAtMCwwICsxLDEwIEBACitUZXN0IGZvciBidWcgMTE5OTAwOiBFeGNlcHRpb24gaW4g Z2xvYmFsIHNldHRlciBkb2Vzbid0IHVud2luZCBjb3JyZWN0bHkuCisKK09uIHN1Y2Nlc3MsIHlv dSB3aWxsIHNlZSBhIHNlcmllcyBvZiAiUEFTUyIgbWVzc2FnZXMsIGZvbGxvd2VkIGJ5ICJURVNU IENPTVBMRVRFIi4KKworCitQYXNzZWQgaWYgbm8gYXNzZXJ0aW9uIGZhaWx1cmUuCitQQVNTIHN1 Y2Nlc3NmdWxseVBhcnNlZCBpcyB0cnVlCisKK1RFU1QgQ09NUExFVEUKKwpkaWZmIC0tZ2l0IGEv TGF5b3V0VGVzdHMvZmFzdC9qcy90aHJvdy1leGNlcHRpb24taW4tZ2xvYmFsLXNldHRlci5odG1s IGIvTGF5b3V0VGVzdHMvZmFzdC9qcy90aHJvdy1leGNlcHRpb24taW4tZ2xvYmFsLXNldHRlci5o dG1sCmluZGV4IGU2OWRlMjkuLjMwNTFkNDkgMTAwNjQ0Ci0tLSBhL0xheW91dFRlc3RzL2Zhc3Qv anMvdGhyb3ctZXhjZXB0aW9uLWluLWdsb2JhbC1zZXR0ZXIuaHRtbAorKysgYi9MYXlvdXRUZXN0 cy9mYXN0L2pzL3Rocm93LWV4Y2VwdGlvbi1pbi1nbG9iYWwtc2V0dGVyLmh0bWwKQEAgLTAsMCAr MSwxMCBAQAorPCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9JRVRGLy9EVEQgSFRNTC8vRU4iPgor PGh0bWw+Cis8aGVhZD4KKzxzY3JpcHQgc3JjPSJyZXNvdXJjZXMvanMtdGVzdC1wcmUuanMiPjwv c2NyaXB0PgorPC9oZWFkPgorPGJvZHk+Cis8c2NyaXB0IHNyYz0ic2NyaXB0LXRlc3RzL3Rocm93 LWV4Y2VwdGlvbi1pbi1nbG9iYWwtc2V0dGVyLmpzIj48L3NjcmlwdD4KKzxzY3JpcHQgc3JjPSJy ZXNvdXJjZXMvanMtdGVzdC1wb3N0LmpzIj48L3NjcmlwdD4KKzwvYm9keT4KKzwvaHRtbD4KZGlm ZiAtLWdpdCBhL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cgYi9Tb3VyY2UvSmF2YVNj cmlwdENvcmUvQ2hhbmdlTG9nCmluZGV4IGFhYjU5OWMuLjAzNjMzYWIgMTAwNjQ0Ci0tLSBhL1Nv dXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKKysrIGIvU291cmNlL0phdmFTY3JpcHRDb3Jl L0NoYW5nZUxvZwpAQCAtMSwzICsxLDE1IEBACisyMDEzLTA4LTIwICBZaSBTaGVuICA8bWF4Lmhv bmcuc2hlbkBnbWFpbC5jb20+CisKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hv d19idWcuY2dpP2lkPTExOTkwMAorICAgICAgICBFeGNlcHRpb24gaW4gZ2xvYmFsIHNldHRlciBk b2Vzbid0IHVud2luZCBjb3JyZWN0bHkKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9P UFMhKS4KKworICAgICAgICBDYWxsIFZNX1RIUk9XX0VYQ0VQVElPTl9BVF9FTkQgaW4gb3BfcHV0 X3RvX3Njb3BlIGlmIHRoZSBzZXR0ZXIgdGhyb3dzIGV4Y2VwdGlvbi4KKworICAgICAgICAqIGpp dC9KSVRTdHVicy5jcHA6CisgICAgICAgIChKU0M6OkRFRklORV9TVFVCX0ZVTkNUSU9OKToKKwog MjAxMy0wOC0yMCAgR2F2aW4gQmFycmFjbG91Z2ggIDxiYXJyYWNsb3VnaEBhcHBsZS5jb20+CiAK ICAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTEyMDA5Mwpk aWZmIC0tZ2l0IGEvU291cmNlL0phdmFTY3JpcHRDb3JlL2ppdC9KSVRTdHVicy5jcHAgYi9Tb3Vy Y2UvSmF2YVNjcmlwdENvcmUvaml0L0pJVFN0dWJzLmNwcAppbmRleCA2N2JiZGFkLi44OGVkNzBi IDEwMDY0NAotLS0gYS9Tb3VyY2UvSmF2YVNjcmlwdENvcmUvaml0L0pJVFN0dWJzLmNwcAorKysg Yi9Tb3VyY2UvSmF2YVNjcmlwdENvcmUvaml0L0pJVFN0dWJzLmNwcApAQCAtMjI2OCw2ICsyMjY4 LDExIEBAIERFRklORV9TVFVCX0ZVTkNUSU9OKHZvaWQsIG9wX3B1dF90b19zY29wZSkKIAogICAg IFB1dFByb3BlcnR5U2xvdCBzbG90KGNvZGVCbG9jay0+aXNTdHJpY3RNb2RlKCkpOwogICAgIHNj b3BlLT5tZXRob2RUYWJsZSgpLT5wdXQoc2NvcGUsIGV4ZWMsIGlkZW50LCB2YWx1ZSwgc2xvdCk7 CisgICAgCisgICAgaWYgKGV4ZWMtPnZtKCkuZXhjZXB0aW9uKSB7CisgICAgICAgIFZNX1RIUk9X X0VYQ0VQVElPTl9BVF9FTkQoKTsKKyAgICAgICAgcmV0dXJuOworICAgIH0KIAogICAgIC8vIENv dmVycyBpbXBsaWNpdCBnbG9iYWxzLiBTaW5jZSB0aGV5IGRvbid0IGV4aXN0IHVudGlsIHRoZXkg Zmlyc3QgZXhlY3V0ZSwgd2UgZGlkbid0IGtub3cgaG93IHRvIGNhY2hlIHRoZW0gYXQgY29tcGls ZSB0aW1lLgogICAgIGlmIChtb2RlQW5kVHlwZS50eXBlKCkgPT0gR2xvYmFsUHJvcGVydHkgfHwg bW9kZUFuZFR5cGUudHlwZSgpID09IEdsb2JhbFByb3BlcnR5V2l0aFZhckluamVjdGlvbkNoZWNr cykgewo=