webkitgtk-2.12.3webkitgtk-2.12.3

author: Lorry Tar Creator <lorry-tar-importer@lorry> 2016-05-24 08:28:08 +0000
committer: Lorry Tar Creator <lorry-tar-importer@lorry> 2016-05-24 08:28:08 +0000
commit: a4e969f4965059196ca948db781e52f7cfebf19e (patch)
tree: 6ca352808c8fdc52006a0f33f6ae3c593b23867d /Source/JavaScriptCore/jit/JITExceptions.cpp
parent: 41386e9cb918eed93b3f13648cbef387e371e451 (diff)
download: WebKitGtk-tarball-a4e969f4965059196ca948db781e52f7cfebf19e.tar.gz
1 files changed, 24 insertions, 9 deletions
diff --git a/Source/JavaScriptCore/jit/JITExceptions.cpp b/Source/JavaScriptCore/jit/JITExceptions.cpp
index 8084f773b..cf2ea28af 100644
--- a/Source/JavaScriptCore/jit/JITExceptions.cpp
+++ b/Source/JavaScriptCore/jit/JITExceptions.cpp
@@ -27,38 +27,53 @@
 #include "JITExceptions.h"
 
 #include "CallFrame.h"
-#include "CallFrameInlines.h"
 #include "CodeBlock.h"
 #include "Interpreter.h"
-#include "JITStubs.h"
 #include "JSCJSValue.h"
 #include "LLIntData.h"
 #include "LLIntOpcode.h"
 #include "LLIntThunks.h"
 #include "Opcode.h"
-#include "Operations.h"
+#include "JSCInlines.h"
 #include "VM.h"
 
 namespace JSC {
 
-void genericUnwind(VM* vm, ExecState* callFrame, JSValue exceptionValue)
+void genericUnwind(VM* vm, ExecState* callFrame, UnwindStart unwindStart)
 {
-    RELEASE_ASSERT(exceptionValue);
-    HandlerInfo* handler = vm->interpreter->unwind(callFrame, exceptionValue); // This may update callFrame.
+    if (Options::breakOnThrow()) {
+        CodeBlock* codeBlock = callFrame->codeBlock();
+        if (codeBlock)
+            dataLog("In call frame ", RawPointer(callFrame), " for code block ", *codeBlock, "\n");
+        else
+            dataLog("In call frame ", RawPointer(callFrame), " with null CodeBlock\n");
+        CRASH();
+    }
+    
+    Exception* exception = vm->exception();
+    RELEASE_ASSERT(exception);
+    HandlerInfo* handler = vm->interpreter->unwind(*vm, callFrame, exception, unwindStart); // This may update callFrame.
 
     void* catchRoutine;
     Instruction* catchPCForInterpreter = 0;
     if (handler) {
-        catchPCForInterpreter = &callFrame->codeBlock()->instructions()[handler->target];
+        // handler->target is meaningless for getting a code offset when catching
+        // the exception in a DFG/FTL frame. This bytecode target offset could be
+        // something that's in an inlined frame, which means an array access
+        // with this bytecode offset in the machine frame is utterly meaningless
+        // and can cause an overflow. OSR exit properly exits to handler->target
+        // in the proper frame.
+        if (!JITCode::isOptimizingJIT(callFrame->codeBlock()->jitType()))
+            catchPCForInterpreter = &callFrame->codeBlock()->instructions()[handler->target];
 #if ENABLE(JIT)
         catchRoutine = handler->nativeCode.executableAddress();
 #else
         catchRoutine = catchPCForInterpreter->u.pointer;
 #endif
     } else
-        catchRoutine = LLInt::getCodePtr(returnFromJavaScript);
+        catchRoutine = LLInt::getCodePtr(handleUncaughtException);
     
-    vm->callFrameForThrow = callFrame;
+    vm->callFrameForCatch = callFrame;
     vm->targetMachinePCForThrow = catchRoutine;
     vm->targetInterpreterPCForThrow = catchPCForInterpreter;
author	Lorry Tar Creator <lorry-tar-importer@lorry>	2016-05-24 08:28:08 +0000
committer	Lorry Tar Creator <lorry-tar-importer@lorry>	2016-05-24 08:28:08 +0000
commit	a4e969f4965059196ca948db781e52f7cfebf19e (patch)
tree	6ca352808c8fdc52006a0f33f6ae3c593b23867d /Source/JavaScriptCore/jit/JITExceptions.cpp
parent	41386e9cb918eed93b3f13648cbef387e371e451 (diff)
download	WebKitGtk-tarball-a4e969f4965059196ca948db781e52f7cfebf19e.tar.gz