129134 2014-02-20 17:55:20 -0800 virtualForWithFunction() should not throw an exception with a partially initialized frame 2014-02-20 22:02:21 -0800 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 mark.lam mark.lam commit-queue fpizlo ggaren mhahnenberg mmirman msaboff oliver oldest_to_newest 983055 0 mark.lam 2014-02-20 17:55:20 -0800 Currently, when JITOperations.cpp’s virtualForWithFunction() fails to prepare the callee function for execution, it proceeds to throw the exception using the callee frame which is only partially initialized thus far. Instead, we should be throwing the exception using the caller frame because: 1. the error happened "in" the caller while preparing the callee for execution i.e. the caller frame is the top fully initialized frame on the stack. 2. the callee frame is not fully initialized yet, and the unwind mechanism cannot depend on the data in it. This patch will provide the fix. I’ll work on creating a regression test in another bug. I’ve been encountering some difficulty composing a regression test for the issue. So, I’m going to defer it till later. In the meantime, we can manually test this fix by navigating to jsfiddle.net with a debug build. It will crash with an assertion almost instantly. ref: <rdar://problem/15843028> 983060 1 mark.lam 2014-02-20 17:59:34 -0800 bug for writing the regression test: <https://webkit.org/b/129136>. 983076 2 224822 mark.lam 2014-02-20 19:52:31 -0800 Created attachment 224822 The patch 983106 3 224822 msaboff 2014-02-20 21:30:46 -0800 Comment on attachment 224822 The patch r=me 983110 4 224822 commit-queue 2014-02-20 22:02:18 -0800 Comment on attachment 224822 The patch Clearing flags on attachment: 224822 Committed r164472: <http://trac.webkit.org/changeset/164472> 983111 5 commit-queue 2014-02-20 22:02:21 -0800 All reviewed patches have been landed. Closing bug. 224822 2014-02-20 19:52:31 -0800 2014-02-20 22:02:18 -0800 The patch bug-129134.patch text/plain 2000 mark.lam SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTY0NDYzKQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDIzIEBA CisyMDE0LTAyLTIwICBNYXJrIExhbSAgPG1hcmsubGFtQGFwcGxlLmNvbT4KKworICAgICAgICB2 aXJ0dWFsRm9yV2l0aEZ1bmN0aW9uKCkgc2hvdWxkIG5vdCB0aHJvdyBhbiBleGNlcHRpb24gd2l0 aCBhIHBhcnRpYWxseSBpbml0aWFsaXplZCBmcmFtZS4KKyAgICAgICAgPGh0dHBzOi8vd2Via2l0 Lm9yZy9iLzEyOTEzND4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKwor ICAgICAgICBDdXJyZW50bHksIHdoZW4gSklUT3BlcmF0aW9ucy5jcHAncyB2aXJ0dWFsRm9yV2l0 aEZ1bmN0aW9uKCkgZmFpbHMgdG8KKyAgICAgICAgcHJlcGFyZSB0aGUgY2FsbGVlIGZ1bmN0aW9u IGZvciBleGVjdXRpb24sIGl0IHByb2NlZWRzIHRvIHRocm93IHRoZQorICAgICAgICBleGNlcHRp b24gdXNpbmcgdGhlIGNhbGxlZSBmcmFtZSB3aGljaCBpcyBvbmx5IHBhcnRpYWxseSBpbml0aWFs aXplZAorICAgICAgICB0aHVzIGZhci4gSW5zdGVhZCwgaXQgc2hvdWxkIGJlIHRocm93aW5nIHRo ZSBleGNlcHRpb24gdXNpbmcgdGhlIGNhbGxlcgorICAgICAgICBmcmFtZSBiZWNhdXNlOgorICAg ICAgICAxLiB0aGUgZXJyb3IgaGFwcGVuZWQgImluIiB0aGUgY2FsbGVyIHdoaWxlIHByZXBhcmlu ZyB0aGUgY2FsbGVlIGZvcgorICAgICAgICAgICBleGVjdXRpb24gaS5lLiB0aGUgY2FsbGVyIGZy YW1lIGlzIHRoZSB0b3AgZnVsbHkgaW5pdGlhbGl6ZWQgZnJhbWUKKyAgICAgICAgICAgb24gdGhl IHN0YWNrLgorICAgICAgICAyLiB0aGUgY2FsbGVlIGZyYW1lIGlzIG5vdCBmdWxseSBpbml0aWFs aXplZCB5ZXQsIGFuZCB0aGUgdW53aW5kCisgICAgICAgICAgIG1lY2hhbmlzbSBjYW5ub3QgZGVw ZW5kIG9uIHRoZSBkYXRhIGluIGl0LgorCisgICAgICAgICogaml0L0pJVE9wZXJhdGlvbnMuY3Bw OgorCiAyMDE0LTAyLTIwICBNYXJrIExhbSAgPG1hcmsubGFtQGFwcGxlLmNvbT4KIAogICAgICAg ICBEZWZhdWx0R0NBY3Rpdml0eUNhbGxiYWNrOjpkb1dvcmsoKSBzaG91bGQgcmVzY2hlZHVsZSBp ZiBHQyBpcyBkZWZlcnJlZC4KSW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9qaXQvSklUT3Bl cmF0aW9ucy5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL0phdmFTY3JpcHRDb3JlL2ppdC9KSVRP cGVyYXRpb25zLmNwcAkocmV2aXNpb24gMTY0NDYyKQorKysgU291cmNlL0phdmFTY3JpcHRDb3Jl L2ppdC9KSVRPcGVyYXRpb25zLmNwcAkod29ya2luZyBjb3B5KQpAQCAtNzU4LDcgKzc1OCw3IEBA IGlubGluZSBjaGFyKiB2aXJ0dWFsRm9yV2l0aEZ1bmN0aW9uKAogICAgICAgICBKU09iamVjdCog ZXJyb3IgPSBmdW5jdGlvbkV4ZWN1dGFibGUtPnByZXBhcmVGb3JFeGVjdXRpb24oZXhlY0NhbGxl ZSwgZnVuY3Rpb24sICZzY29wZSwga2luZCk7CiAgICAgICAgIGV4ZWNDYWxsZWUtPnNldFNjb3Bl KHNjb3BlKTsKICAgICAgICAgaWYgKGVycm9yKSB7Ci0gICAgICAgICAgICBleGVjLT52bSgpLnRo cm93RXhjZXB0aW9uKGV4ZWNDYWxsZWUsIGVycm9yKTsKKyAgICAgICAgICAgIGV4ZWMtPnZtKCku dGhyb3dFeGNlcHRpb24oZXhlYywgZXJyb3IpOwogICAgICAgICAgICAgcmV0dXJuIHJlaW50ZXJw cmV0X2Nhc3Q8Y2hhcio+KHZtLT5nZXRDVElTdHViKHRocm93RXhjZXB0aW9uRnJvbUNhbGxTbG93 UGF0aEdlbmVyYXRvcikuY29kZSgpLmV4ZWN1dGFibGVBZGRyZXNzKCkpOwogICAgICAgICB9CiAg ICAgfQo=