Bug 191579

Summary: LLIntSlowPath's llint_loop_osr and llint_replace should set the topCallFrame.
Product: WebKit Reporter: Mark Lam <mark.lam>
Component: JavaScriptCoreAssignee: Mark Lam <mark.lam>
Status: RESOLVED FIXED    
Severity: Normal CC: ews-watchlist, keith_miller, msaboff, saam, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=192018
Bug Depends on:    
Bug Blocks: 191594    
Attachments:
Description Flags
proposed patch.
none
proposed patch.
none
proposed patch. none

Mark Lam
Reported 2018-11-12 23:51:18 PST
Both of these functions do a lot of work. It would be good for the topCallFrame to be correct should we need to throw an exception. <rdar://problem/45942472>
Attachments
proposed patch. (9.50 KB, patch)
2018-11-13 00:11 PST, Mark Lam 		no flags
DetailsFormatted DiffDiff
proposed patch. (9.56 KB, patch)
2018-11-13 00:22 PST, Mark Lam 		no flags
DetailsFormatted DiffDiff
proposed patch. (9.56 KB, patch)
2018-11-13 00:50 PST, Mark Lam 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Mark Lam
Comment 1 2018-11-13 00:11:42 PST
Created attachment 354655 [details] proposed patch.
Mark Lam
Comment 2 2018-11-13 00:22:20 PST
Created attachment 354656 [details] proposed patch.
Mark Lam
Comment 3 2018-11-13 00:50:37 PST
Created attachment 354658 [details] proposed patch.
Saam Barati
Comment 4 2018-11-13 07:36:39 PST
Comment on attachment 354658 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=354658&action=review > Source/JavaScriptCore/ChangeLog:39 > + frame #25: JSC::ProxyObject::getOwnPropertySlotCommon(this=0x000062d000200e40, exec=0x000062d00002c048, propertyName=PropertyName @ 0x00007ffeefbbba80, slot=0x00007ffeefbbc720) at ProxyObject.cpp:372 Can you also file a bug and assign it to me with a reproducible test case. calculatedClassName should not do anything effectful. So it’s wrong that it calls into JS
Saam Barati
Comment 5 2018-11-13 07:37:09 PST
r=me if you want to land this patch
Mark Lam
Comment 6 2018-11-13 12:53:43 PST
(In reply to Saam Barati from comment #4) > Can you also file a bug and assign it to me with a reproducible test case. > calculatedClassName should not do anything effectful. So it’s wrong that it > calls into JS I've filed https://bugs.webkit.org/show_bug.cgi?id=191594 to capture this issue. Thanks for the review. Landed in r238141: <http://trac.webkit.org/r238141>.
Note You need to log in before you can comment on or make changes to this bug.