Attempting to create Error objects may re-enter the VM, which we should not do when termination is pending.
Created attachment 446853 [details] [fast-cq] proposed patch.
Comment on attachment 446853 [details] [fast-cq] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=446853&action=review > Source/WebCore/bindings/js/JSDOMExceptionHandling.cpp:145 > + VM& vm = lexicalGlobalObject->vm(); > + if (UNLIKELY(vm.hasPendingTerminationException())) > + return jsUndefined(); What about the other similar functions, like the ones called by this function? For example, createSyntaxError? I don’t think we need to put "vm" into a local variable, even though we do that often, since we are only using it once here.
I suspect we’ll need this test for hasPendingTerminationException in more places. I don’t think this one function could possibly be the only one with a unique need for it.
We should think about exactly which level is responsible for this check, and possibly move it elsewhere.
I was hoping createDOMException() would be a good choke point, but I didn't do the due diligence. You are correct: the underlying factory methods are called from so many places in WebCore. On JSC side, we have regimented exception checks which would prevent these from being called. But on WebCore side, perhaps we need something more. I'll look into to moving the check lower, or see if I can think of a more elegant solution.
On second thought, this fix works, and will prevent http/wpt/fetch/ tests from failing flakily due to this issue. So, let's land this first to help alleviate the bots while we think of better solutions.
Committed r286912 (245138@main): <https://commits.webkit.org/245138@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 446853 [details].
<rdar://problem/86365930>