158962 – LLInt doesn't throw stack exception overflow from parent frame

Bug 158962 - LLInt doesn't throw stack exception overflow from parent frame

Summary: LLInt doesn't throw stack exception overflow from parent frame

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	WebKit Local Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Saam Barati

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2016-06-20 17:50 PDT by Saam Barati
Modified:	2016-06-21 12:03 PDT (History)
CC List:	15 users (show)

See Also:

Attachments
patch (3.87 KB, patch) 2016-06-20 18:24 PDT, Saam Barati	fpizlo: review+ buildbot: commit-queue-	Details \| Formatted Diff \| Diff
Archive of layout-test-results from ews105 for mac-yosemite-wk2 (1.10 MB, application/zip) 2016-06-20 18:58 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews100 for mac-yosemite (935.81 KB, application/zip) 2016-06-20 19:11 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews125 for ios-simulator-wk2 (716.12 KB, application/zip) 2016-06-20 19:19 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews115 for mac-yosemite (1.55 MB, application/zip) 2016-06-20 19:23 PDT, Build Bot	no flags	Details
patch for landing (3.75 KB, patch) 2016-06-20 19:37 PDT, Saam Barati	buildbot: commit-queue-	Details \| Formatted Diff \| Diff
Archive of layout-test-results from ews100 for mac-yosemite (1.22 MB, application/zip) 2016-06-20 20:06 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews106 for mac-yosemite-wk2 (1.04 MB, application/zip) 2016-06-20 20:09 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews114 for mac-yosemite (1.48 MB, application/zip) 2016-06-20 20:34 PDT, Build Bot	no flags	Details
patch for landing (4.47 KB, patch) 2016-06-21 10:57 PDT, Saam Barati	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (9) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Saam Barati 2016-06-20 17:50:11 PDT

...

Comment 1 Saam Barati 2016-06-20 18:03:03 PDT

<rdar://problem/26902188>

Comment 2 Saam Barati 2016-06-20 18:24:23 PDT

Created attachment 281689 [details]
patch

Comment 3 Build Bot 2016-06-20 18:58:32 PDT

Comment on attachment 281689 [details]
patch

Attachment 281689 [details] did not pass mac-wk2-ews (mac-wk2):
Output: http://webkit-queues.webkit.org/results/1539234

New failing tests:
js/regress-141098.html
http/tests/misc/large-js-program.php

Comment 4 Build Bot 2016-06-20 18:58:36 PDT

Created attachment 281694 [details]
Archive of layout-test-results from ews105 for mac-yosemite-wk2

The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews.
Bot: ews105  Port: mac-yosemite-wk2  Platform: Mac OS X 10.10.5

Comment 5 Build Bot 2016-06-20 19:11:56 PDT

Comment on attachment 281689 [details]
patch

Attachment 281689 [details] did not pass mac-ews (mac):
Output: http://webkit-queues.webkit.org/results/1539263

New failing tests:
js/regress-141098.html
http/tests/misc/large-js-program.php

Comment 6 Build Bot 2016-06-20 19:11:59 PDT

Created attachment 281697 [details]
Archive of layout-test-results from ews100 for mac-yosemite

The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: ews100  Port: mac-yosemite  Platform: Mac OS X 10.10.5

Comment 7 Build Bot 2016-06-20 19:19:22 PDT

Comment on attachment 281689 [details]
patch

Attachment 281689 [details] did not pass ios-sim-ews (ios-simulator-wk2):
Output: http://webkit-queues.webkit.org/results/1539266

New failing tests:
js/regress-141098.html

Comment 8 Build Bot 2016-06-20 19:19:26 PDT

Created attachment 281698 [details]
Archive of layout-test-results from ews125 for ios-simulator-wk2

The attached test failures were seen while running run-webkit-tests on the ios-sim-ews.
Bot: ews125  Port: ios-simulator-wk2  Platform: Mac OS X 10.11.4

Comment 9 Build Bot 2016-06-20 19:23:44 PDT

Comment on attachment 281689 [details]
patch

Attachment 281689 [details] did not pass mac-debug-ews (mac):
Output: http://webkit-queues.webkit.org/results/1539278

New failing tests:
js/regress-141098.html
http/tests/misc/large-js-program.php

Comment 10 Build Bot 2016-06-20 19:23:47 PDT

Created attachment 281699 [details]
Archive of layout-test-results from ews115 for mac-yosemite

The attached test failures were seen while running run-webkit-tests on the mac-debug-ews.
Bot: ews115  Port: mac-yosemite  Platform: Mac OS X 10.10.5

Comment 11 Saam Barati 2016-06-20 19:27:57 PDT

Comment on attachment 281689 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=281689&action=review

> Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:507
> +    LLINT_RETURN_TWO(pc, callerFrame);

Oops.
This should be:
LLINT_RETURN_TWO(pc, exec)

Comment 12 Saam Barati 2016-06-20 19:37:16 PDT

Created attachment 281701 [details]
patch for landing

Comment 13 Build Bot 2016-06-20 20:06:15 PDT

Comment on attachment 281701 [details]
patch for landing

Attachment 281701 [details] did not pass mac-ews (mac):
Output: http://webkit-queues.webkit.org/results/1539472

New failing tests:
http/tests/misc/large-js-program.php

Comment 14 Build Bot 2016-06-20 20:06:18 PDT

Created attachment 281703 [details]
Archive of layout-test-results from ews100 for mac-yosemite

The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: ews100  Port: mac-yosemite  Platform: Mac OS X 10.10.5

Comment 15 Build Bot 2016-06-20 20:09:40 PDT

Comment on attachment 281701 [details]
patch for landing

Attachment 281701 [details] did not pass mac-wk2-ews (mac-wk2):
Output: http://webkit-queues.webkit.org/results/1539479

New failing tests:
http/tests/misc/large-js-program.php

Comment 16 Build Bot 2016-06-20 20:09:43 PDT

Created attachment 281705 [details]
Archive of layout-test-results from ews106 for mac-yosemite-wk2

The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews.
Bot: ews106  Port: mac-yosemite-wk2  Platform: Mac OS X 10.10.5

Comment 17 Build Bot 2016-06-20 20:34:18 PDT

Comment on attachment 281701 [details]
patch for landing

Attachment 281701 [details] did not pass mac-debug-ews (mac):
Output: http://webkit-queues.webkit.org/results/1539546

New failing tests:
http/tests/misc/large-js-program.php

Comment 18 Build Bot 2016-06-20 20:34:22 PDT

Created attachment 281708 [details]
Archive of layout-test-results from ews114 for mac-yosemite

The attached test failures were seen while running run-webkit-tests on the mac-debug-ews.
Bot: ews114  Port: mac-yosemite  Platform: Mac OS X 10.10.5

Comment 19 Saam Barati 2016-06-21 10:56:27 PDT

Comment on attachment 281701 [details]
patch for landing

View in context: https://bugs.webkit.org/attachment.cgi?id=281701&action=review

> Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:473
> +    if (!callerFrame)
> +        callerFrame = exec;

This code pattern is wrong. I used it from JITOperations.
It must also restore vmEntryFrame or we will end up in a state in the VM where topVMEntryFrame and topCallFrame are not consistent with each other.
I'm going to upload a patch that also fixes this pattern inside JITOperations.

Comment 20 Saam Barati 2016-06-21 10:57:11 PDT

Created attachment 281759 [details]
patch for landing

Comment 21 WebKit Commit Bot 2016-06-21 12:03:32 PDT

Comment on attachment 281759 [details]
patch for landing

Clearing flags on attachment: 281759

Committed r202286: <http://trac.webkit.org/changeset/202286>

Comment 22 WebKit Commit Bot 2016-06-21 12:03:38 PDT

All reviewed patches have been landed.  Closing bug.