Bug 180139 - [ESNext] Enables a way to throw an error on ByteCodeGenerator step
Summary: [ESNext] Enables a way to throw an error on ByteCodeGenerator step
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Robin Morisset
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2017-11-29 05:56 PST by Caio Lima
Modified: 2020-01-16 23:17 PST (History)
9 users (show)

See Also:

Attachments
Patch (4.35 KB, patch)
2020-01-16 16:33 PST, Robin Morisset 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Caio Lima 2017-11-29 05:56:56 PST 
When generating bytecode into ByteCodeGenerator, we aren't considering cases where we doesn't have memory for constants like String. The same is true for BigInt, but we could throw OOM instead of use RELEASE_ASSERT in such cases. Here is a sample of program that crashes due to OOM.

```
var longStr = "f";
for (var i = 0; i < 30; ++i)
    longStr = longStr + longStr;

let sub = longStr.substring(0, longStr.length - 4)
let mscript = "0x" + longStr + sub + "n";

eval(mscript);
```
Comment 1 Robin Morisset 2020-01-16 16:33:19 PST 
Created attachment 387982 [details]
Patch
Comment 2 Robin Morisset 2020-01-16 16:34:25 PST 
rdar://problem/58160800
Comment 3 Mark Lam 2020-01-16 16:48:03 PST 
Comment on attachment 387982 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=387982&action=review

r=me

> Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp:125
> +        return generator.emitThrowExpressionTooDeepException();

It's hokey that we use "ExpressionTooDeepException" to mean OutOfMemoryError.  Maybe we should change this later (in another patch) especially now that we're using in a case that has nothing to do with recursing into nested expressions.
Comment 4 WebKit Commit Bot 2020-01-16 23:16:40 PST 
Comment on attachment 387982 [details]
Patch

Clearing flags on attachment: 387982

Committed r254738: <https://trac.webkit.org/changeset/254738>
Comment 5 WebKit Commit Bot 2020-01-16 23:16:41 PST 
All reviewed patches have been landed.  Closing bug.
Comment 6 Radar WebKit Bug Importer 2020-01-16 23:17:16 PST 
<rdar://problem/58673144>