RESOLVED FIXED 176662
Fix all ExceptionScope verification failures in JavaScriptCore. 
https://bugs.webkit.org/show_bug.cgi?id=176662
Summary Fix all ExceptionScope verification failures in JavaScriptCore.
Mark Lam
Reported 2017-09-09 16:34:46 PDT
This is in preparation to turn on exception scope verification for JSC tests.
Attachments
proposed patch. (164.18 KB, patch)
2017-09-09 16:58 PDT, Mark Lam 		no flags
DetailsFormatted DiffDiff
proposed patch. (167.52 KB, patch)
2017-09-09 17:27 PDT, Mark Lam 		no flags
DetailsFormatted DiffDiff
proposed patch. (167.51 KB, patch)
2017-09-09 17:31 PDT, Mark Lam 		fpizlo: review+
DetailsFormatted DiffDiff
patch for landing. (167.91 KB, patch)
2017-09-09 20:48 PDT, Mark Lam 		buildbot: commit-queue-
DetailsFormatted DiffDiff
Archive of layout-test-results from ews117 for mac-elcapitan (2.29 MB, application/zip)
2017-09-09 22:35 PDT, Build Bot 		no flags
Details
patch for landing (again). (167.91 KB, patch)
2017-09-10 00:08 PDT, Mark Lam 		buildbot: commit-queue-
DetailsFormatted DiffDiff
Archive of layout-test-results from ews117 for mac-elcapitan (2.28 MB, application/zip)
2017-09-10 01:57 PDT, Build Bot 		no flags
Details
patch for landing (w/ an exception check fix in JSDOMConvertRecord.h's convert(). (168.93 KB, patch)
2017-09-10 18:20 PDT, Mark Lam 		no flags
DetailsFormatted DiffDiff
Show Obsolete (7) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2017-09-09 16:38:16 PDT
<rdar://problem/34352085>
Mark Lam
Comment 2 2017-09-09 16:58:17 PDT
Created attachment 320365 [details] proposed patch.
Mark Lam
Comment 3 2017-09-09 17:27:56 PDT
Created attachment 320368 [details] proposed patch.
Build Bot
Comment 4 2017-09-09 17:30:36 PDT
Attachment 320368 [details] did not pass style-queue: ERROR: Source/JavaScriptCore/ChangeLog:91: Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: fuzzing [changelog/unwantedsecurityterms] [3] Total errors found: 1 in 71 files If any of these errors are false positives, please file a bug against check-webkit-style.
Mark Lam
Comment 5 2017-09-09 17:31:12 PDT
Created attachment 320369 [details] proposed patch.
Build Bot
Comment 6 2017-09-09 17:33:53 PDT
Attachment 320369 [details] did not pass style-queue: ERROR: Source/JavaScriptCore/ChangeLog:91: Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: fuzzing [changelog/unwantedsecurityterms] [3] Total errors found: 1 in 71 files If any of these errors are false positives, please file a bug against check-webkit-style.
Filip Pizlo
Comment 7 2017-09-09 19:00:29 PDT
Comment on attachment 320369 [details] proposed patch. R=me with build fixes.
Mark Lam
Comment 8 2017-09-09 20:48:57 PDT
Created attachment 320376 [details] patch for landing. Thanks for the review. Here's the patch for landing: added a #include in JSDOMMapLike.cpp to fix the build, and a scope.release() in jsc.cpp's functionDollarAgentReceiveBroadcast() to fix an intermittent failure in the stress/lars-sab-workers.js test.
Build Bot
Comment 9 2017-09-09 20:50:38 PDT
Attachment 320376 [details] did not pass style-queue: ERROR: Source/JavaScriptCore/ChangeLog:91: Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: fuzzing [changelog/unwantedsecurityterms] [3] Total errors found: 1 in 71 files If any of these errors are false positives, please file a bug against check-webkit-style.
Mark Lam
Comment 10 2017-09-09 20:51:14 PDT
*** Bug 165035 has been marked as a duplicate of this bug. ***
Build Bot
Comment 11 2017-09-09 22:35:05 PDT
Comment on attachment 320376 [details] patch for landing. Attachment 320376 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/4501545 New failing tests: imported/w3c/web-platform-tests/fetch/api/headers/headers-record.html js/dom/webidl-type-mapping.html
Build Bot
Comment 12 2017-09-09 22:35:06 PDT
Created attachment 320382 [details] Archive of layout-test-results from ews117 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews117 Port: mac-elcapitan Platform: Mac OS X 10.11.6
Mark Lam
Comment 13 2017-09-09 22:53:07 PDT
(In reply to Build Bot from comment #11) > New failing tests: > imported/w3c/web-platform-tests/fetch/api/headers/headers-record.html > js/dom/webidl-type-mapping.html I'm investigating these.
Mark Lam
Comment 14 2017-09-10 00:08:06 PDT
Created attachment 320384 [details] patch for landing (again). I applied the same patch on a different workspace (same revision) and cannot reproduce these 2 crashes. I suspect the issue isn't due to my patch. Let's try re-uploading it and trying on the EWS again.
Build Bot
Comment 15 2017-09-10 00:10:06 PDT
Attachment 320384 [details] did not pass style-queue: ERROR: Source/JavaScriptCore/ChangeLog:91: Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: fuzzing [changelog/unwantedsecurityterms] [3] Total errors found: 1 in 71 files If any of these errors are false positives, please file a bug against check-webkit-style.
Build Bot
Comment 16 2017-09-10 01:57:50 PDT
Comment on attachment 320384 [details] patch for landing (again). Attachment 320384 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/4502530 New failing tests: imported/w3c/web-platform-tests/fetch/api/headers/headers-record.html js/dom/webidl-type-mapping.html
Build Bot
Comment 17 2017-09-10 01:57:51 PDT
Created attachment 320390 [details] Archive of layout-test-results from ews117 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews117 Port: mac-elcapitan Platform: Mac OS X 10.11.6
Mark Lam
Comment 18 2017-09-10 18:20:30 PDT
Created attachment 320411 [details] patch for landing (w/ an exception check fix in JSDOMConvertRecord.h's convert(). Let's try this on the EWS again.
Build Bot
Comment 19 2017-09-10 18:21:51 PDT
Attachment 320411 [details] did not pass style-queue: ERROR: Source/JavaScriptCore/ChangeLog:91: Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: fuzzing [changelog/unwantedsecurityterms] [3] Total errors found: 1 in 72 files If any of these errors are false positives, please file a bug against check-webkit-style.
Mark Lam
Comment 20 2017-09-10 23:25:08 PDT
The EWS bots and my local testing says that tests are passing now with the latest patch. Landed in r221849: <http://trac.webkit.org/r221849>.
Saam Barati
Comment 21 2018-02-14 18:41:13 PST
Comment on attachment 320411 [details] patch for landing (w/ an exception check fix in JSDOMConvertRecord.h's convert(). View in context: https://bugs.webkit.org/attachment.cgi?id=320411&action=review > Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp:788 > + CLEAR_AND_RETURN_IF_EXCEPTION(catchScope, encodedJSValue()); These look wrong. You're returning JSValue() to a JS caller *without* an exception. > Source/JavaScriptCore/wasm/js/WebAssemblyPrototype.cpp:86 > + CLEAR_AND_RETURN_IF_EXCEPTION(scope, encodedJSValue()); ditto > Source/JavaScriptCore/wasm/js/WebAssemblyPrototype.cpp:187 > + CLEAR_AND_RETURN_IF_EXCEPTION(scope, encodedJSValue()); ditto > Source/JavaScriptCore/wasm/js/WebAssemblyPrototype.cpp:194 > + CLEAR_AND_RETURN_IF_EXCEPTION(scope, encodedJSValue()); ditto
Note You need to log in before you can comment on or make changes to this bug.