Bug 165012 - Fix exception scope verification failures in GenericArgumentsInlines.h.
Summary: Fix exception scope verification failures in GenericArgumentsInlines.h.
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Local Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Mark Lam
URL:
Keywords:
Depends on:
Blocks: 162351
  Show dependency treegraph
 
Reported: 2016-11-21 15:03 PST by Mark Lam
Modified: 2017-03-16 17:51 PDT (History)
7 users (show)

See Also:

Attachments
proposed patch. (1.72 KB, patch)
2016-11-21 15:06 PST, Mark Lam 		saam: review+
Details | Formatted Diff | Diff
Patch for landing. (1.85 KB, patch)
2017-03-16 17:48 PDT, Mark Lam 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Lam 2016-11-21 15:03:36 PST 
Patch coming.
Comment 1 Mark Lam 2016-11-21 15:06:36 PST 
Created attachment 295315 [details]
proposed patch.
Comment 2 Saam Barati 2016-11-21 15:10:20 PST 
Comment on attachment 295315 [details]
proposed patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=295315&action=review

> Source/JavaScriptCore/runtime/GenericArgumentsInlines.h:213
> +            RETURN_IF_EXCEPTION(scope, false);

I wonder if this should be an assertion instead of a return. Why would this fail?
Comment 3 Mark Lam 2017-03-16 17:38:44 PDT 
Comment on attachment 295315 [details]
proposed patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=295315&action=review

>> Source/JavaScriptCore/runtime/GenericArgumentsInlines.h:213
>> +            RETURN_IF_EXCEPTION(scope, false);
> 
> I wonder if this should be an assertion instead of a return. Why would this fail?

I think you're right.  As far as I can remember, the reason I added this check was because:
1. putDirectMayBeIndex() may call putDirectIndex() with mode PutDirectIndexLikePutDirect.
2. putDirectIndex() may call putDirectIndexBeyondVectorLength().
3. putDirectIndexBeyondVectorLength() may call putDirectIndexBeyondVectorLengthWithArrayStorage().
4. putDirectIndexBeyondVectorLengthWithArrayStorage() may throw if mode == PutDirectIndexShouldThrow.

So, in our case here, we wouldn't expect an exception because the PutDirectIndexMode is never PutDirectIndexShouldThrow.  I'll change this to an assert.
Comment 4 Mark Lam 2017-03-16 17:48:24 PDT 
Created attachment 304729 [details]
Patch for landing.
Comment 5 Mark Lam 2017-03-16 17:51:45 PDT 
Thanks for the review.  Landed in r214085: <http://trac.webkit.org/r214085>.