Bug 164969

Summary: Fix exception scope verification failures in LLIntSlowPaths.cpp
Product: WebKit Reporter: Mark Lam <mark.lam>
Component: JavaScriptCoreAssignee: Mark Lam <mark.lam>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, fpizlo, ggaren, jfbastien, keith_miller, msaboff, saam, ysuzuki
Priority: P2    
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 162351    
Attachments:
Description Flags
proposed patch. ggaren: review+

Mark Lam
Reported 2016-11-18 16:47:15 PST
Patch coming.
Attachments
proposed patch. (3.07 KB, patch)
2016-11-18 16:50 PST, Mark Lam 		ggaren: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mark Lam
Comment 1 2016-11-18 16:50:38 PST
Created attachment 295223 [details] proposed patch.
Geoffrey Garen
Comment 2 2016-11-28 12:12:06 PST
Comment on attachment 295223 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=295223&action=review > Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1452 > + throwScope.release(); > return setUpCall(execCallee, pc, kind, calleeAsValue); I think the throwScope.release() function should assert that there is no pending exception. Otherwise, this release point is an opportunity to make an error when calling into setUpCall.
Mark Lam
Comment 3 2016-11-28 12:32:26 PST
(In reply to comment #2) > Comment on attachment 295223 [details] > proposed patch. > > View in context: > https://bugs.webkit.org/attachment.cgi?id=295223&action=review > > > Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1452 > > + throwScope.release(); > > return setUpCall(execCallee, pc, kind, calleeAsValue); > > I think the throwScope.release() function should assert that there is no > pending exception. Otherwise, this release point is an opportunity to make > an error when calling into setUpCall. I agree. but I'll do this in a separate patch because I think this will result in some failures due to some old scope.release() being added this way (for various reasons): result = callSomethingThatThrows(); scope.release(); return result; These need to be fixed like so: scope.release(); return callSomethingThatThrows(); I'll do that fix up along with adding the assertion to scope.release() in one patch.
Mark Lam
Comment 4 2016-11-28 12:37:40 PST
(In reply to comment #3) > I'll do that fix up along with adding the assertion to scope.release() in > one patch. Bug for making scope.release() assert no pending exceptions is https://bugs.webkit.org/show_bug.cgi?id=165105.
Mark Lam
Comment 5 2016-11-28 12:45:12 PST
Thanks for the review. Landed in r209007: <http://trac.webkit.org/r209007>.
Note You need to log in before you can comment on or make changes to this bug.