Bug 268942 - REGRESSION(273782@main): Missing exception check in commonCallDirectEval()
Summary: REGRESSION(273782@main): Missing exception check in commonCallDirectEval()
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: All All
: P2 Normal
Assignee: Alexey Shvayka
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2024-02-07 13:25 PST by Alexey Shvayka
Modified: 2024-02-07 19:09 PST (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexey Shvayka 2024-02-07 13:25:15 PST 
stress/regress-187074.js.default:     This scope can throw a JS exception: eval @ ./interpreter/Interpreter.cpp:114
stress/regress-187074.js.default:         (ExceptionScope::m_recursionDepth was 4)
stress/regress-187074.js.default:     But the exception was unchecked as of this scope: setUpCall @ ./llint/LLIntSlowPaths.cpp:1957
stress/regress-187074.js.default:         (ExceptionScope::m_recursionDepth was 4)
stress/regress-187074.js.default: 
stress/regress-187074.js.default: Unchecked exception detected at:
stress/regress-187074.js.default:     1   0x10e5b5e48 JSC::VM::verifyExceptionCheckNeedIsSatisfied(unsigned int, JSC::ExceptionEventLocation&)
stress/regress-187074.js.default:     2   0x10e59d918 JSC::ThrowScope::ThrowScope(JSC::VM&, JSC::ExceptionEventLocation)
stress/regress-187074.js.default:     3   0x10e5962d0 JSC::ThrowScope::ThrowScope(JSC::VM&, JSC::ExceptionEventLocation)
stress/regress-187074.js.default:     4   0x10df47dd8 JSC::LLInt::setUpCall(JSC::CallFrame*, JSC::CodeSpecializationKind, JSC::JSValue)
stress/regress-187074.js.default:     5   0x10df39720 JSC::LLInt::commonCallDirectEval(JSC::CallFrame*, JSC::BaseInstruction<JSC::JSOpcodeTraits> const*, JSC::MacroAssemblerCodeRef<(WTF::PtrTag)1427>)
stress/regress-187074.js.default:     6   0x10df394a4 llint_slow_path_call_direct_eval
stress/regress-187074.js.default:     7   0x10ed105c4 llint_function_for_construct_arity_checkTagGateAfter
Comment 1 Radar WebKit Bug Importer 2024-02-07 13:25:44 PST 
<rdar://problem/122493988>
Comment 2 Alexey Shvayka 2024-02-07 13:57:33 PST 
Pull request: https://github.com/WebKit/WebKit/pull/24032
Comment 3 EWS 2024-02-07 19:09:03 PST 
Committed 274264@main (0bf37696c4bd): <https://commits.webkit.org/274264@main>

Reviewed commits have been landed. Closing PR #24032 and removing active labels.