Bug 123209 - LLInt arity check exception processing should start unwinding from caller
Summary: LLInt arity check exception processing should start unwinding from caller
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Michael Saboff
URL:
Keywords:
Depends on:
Blocks: 123182
  Show dependency treegraph
 
Reported: 2013-10-23 08:38 PDT by Michael Saboff
Modified: 2013-10-23 11:41 PDT (History)
0 users

See Also:

Attachments
Patch (2.01 KB, patch)
2013-10-23 08:49 PDT, Michael Saboff 		oliver: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Saboff 2013-10-23 08:38:47 PDT 
When an exception is thrown due to stack exhaustion during the call out to slow_path_call_arityCheck(), the exception unwind should start with the caller.
Comment 1 Michael Saboff 2013-10-23 08:49:21 PDT 
Created attachment 214966 [details]
Patch
Comment 2 Oliver Hunt 2013-10-23 10:19:11 PDT 
Comment on attachment 214966 [details]
Patch

Is it possible to make a test that hits this path?
Comment 3 Michael Saboff 2013-10-23 10:27:27 PDT 
(In reply to comment #2)
> (From update of attachment 214966 [details])
> Is it possible to make a test that hits this path?

I found it because LayoutTests/js/script-tests/function-apply-aliased.js was hitting it in 32 bit while testing the other changes.

The crash I was getting was in unwindCallFrame() wanting to tear off an activation based on the contents of the activation register which hadn't been initialized.  A reliable test would need to scribble right at the end of the stack, back up and then cause a stack overflow exception during arity check.
Comment 4 Michael Saboff 2013-10-23 11:41:15 PDT 
Committed r157875: <http://trac.webkit.org/changeset/157875>