Bug 123209

Summary:

LLInt arity check exception processing should start unwinding from caller

Product:

WebKit

Reporter:

Michael Saboff <msaboff>

Component:

JavaScriptCore

Assignee:

Michael Saboff <msaboff>

Status:

RESOLVED FIXED

Severity:

Normal

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Bug Depends on:

Bug Blocks:

123182

Attachments:

Description	Flags
Patch	oliver: review+

Michael Saboff

Reported 2013-10-23 08:38:47 PDT

When an exception is thrown due to stack exhaustion during the call out to slow_path_call_arityCheck(), the exception unwind should start with the caller.

Attachments
Patch (2.01 KB, patch) 2013-10-23 08:49 PDT, Michael Saboff	oliver: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Michael Saboff

Comment 1 2013-10-23 08:49:21 PDT

Created attachment 214966 [details] Patch

Oliver Hunt

Comment 2 2013-10-23 10:19:11 PDT

Comment on attachment 214966 [details] Patch Is it possible to make a test that hits this path?

Michael Saboff

Comment 3 2013-10-23 10:27:27 PDT

(In reply to comment #2) > (From update of attachment 214966 [details]) > Is it possible to make a test that hits this path? I found it because LayoutTests/js/script-tests/function-apply-aliased.js was hitting it in 32 bit while testing the other changes. The crash I was getting was in unwindCallFrame() wanting to tear off an activation based on the contents of the activation register which hadn't been initialized. A reliable test would need to scribble right at the end of the stack, back up and then cause a stack overflow exception during arity check.

Michael Saboff

Comment 4 2013-10-23 11:41:15 PDT

Committed r157875: <http://trac.webkit.org/changeset/157875>

Note You need to log in before you can comment on or make changes to this bug.