225565 – [JSC] Fix invalid exception checks after recent ErrorInstance changes

Bug 225565 - [JSC] Fix invalid exception checks after recent ErrorInstance changes

Summary: [JSC] Fix invalid exception checks after recent ErrorInstance changes

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Ross Kirsling

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2021-05-08 16:33 PDT by Ross Kirsling
Modified:	2021-05-08 19:19 PDT (History)
CC List:	8 users (show)

See Also:

Attachments
Patch (20.28 KB, patch) 2021-05-08 16:45 PDT, Ross Kirsling	no flags	Details \| Formatted Diff \| Diff
Patch for landing (20.24 KB, patch) 2021-05-08 18:27 PDT, Ross Kirsling	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ross Kirsling 2021-05-08 16:33:44 PDT

[JSC] Fix invalid exception checks after recent ErrorInstance changes

Comment 1 Ross Kirsling 2021-05-08 16:45:21 PDT

Created attachment 428096 [details]
Patch

Comment 2 Alexey Shvayka 2021-05-08 17:40:43 PDT

Comment on attachment 428096 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=428096&action=review

Fancy! r=me with nits.

> Source/JavaScriptCore/runtime/JSObjectInlines.h:201
> +    EXCEPTION_ASSERT(!scope.exception() || !hasProperty);

Please consider exception check in JSObject::get(): https://github.com/WebKit/WebKit/blob/f418737fae10f605d08e4de1a2ea0f37d977b28f/Source/JavaScriptCore/runtime/JSObject.h#L1500.
I wonder if we need to handle termination exception as well, since HasProperty can be implemented by userland code?

> Source/JavaScriptCore/runtime/JSObjectInlines.h:204
> +

scope.release();

> Source/JavaScriptCore/runtime/JSObjectInlines.h:206
> +        RELEASE_AND_RETURN(scope, get(globalObject, propertyName));

return get(globalObject, propertyName);

> Source/JavaScriptCore/runtime/JSObjectInlines.h:208
> +    RELEASE_AND_RETURN(scope, slot.getValue(globalObject, propertyName));

return slot.getValue(globalObject, propertyName);

Comment 3 Ross Kirsling 2021-05-08 18:27:06 PDT

Created attachment 428106 [details]
Patch for landing

Comment 4 EWS 2021-05-08 19:18:32 PDT

Committed r277238 (237507@main): <https://commits.webkit.org/237507@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 428106 [details].

Comment 5 Radar WebKit Bug Importer 2021-05-08 19:19:12 PDT

<rdar://problem/77703038>