[webkit-changes] [163606] tags/Safari-538.17.1/Source/JavaScriptCore

Thu, 06 Feb 2014 19:11:30 -0800

Title: [163606] tags/Safari-538.17.1/Source/_javascript_Core

Diff

Modified: tags/Safari-538.17.1/Source/_javascript_Core/API/JSContextRef.cpp (163605 => 163606)


--- tags/Safari-538.17.1/Source/_javascript_Core/API/JSContextRef.cpp	2014-02-07 03:04:23 UTC (rev 163605)
+++ tags/Safari-538.17.1/Source/_javascript_Core/API/JSContextRef.cpp	2014-02-07 03:10:59 UTC (rev 163606)
@@ -57,7 +57,9 @@
 JSContextGroupRef JSContextGroupCreate()
 {
     initializeThreading();
-    return toRef(VM::createContextGroup().leakRef());
+    VM* vm = VM::createContextGroup().leakRef();
+    vm->ignoreStackLimit();
+    return toRef(vm);
 }
 
 JSContextGroupRef JSContextGroupRetain(JSContextGroupRef group)
@@ -129,7 +131,13 @@
 {
     initializeThreading();
 
-    RefPtr<VM> vm = group ? PassRefPtr<VM>(toJS(group)) : VM::createContextGroup();
+    RefPtr<VM> vm;
+    if (group)
+        vm = PassRefPtr<VM>(toJS(group));
+    else {
+        vm = VM::createContextGroup();
+        vm->ignoreStackLimit();
+    }
 
     APIEntryShim entryShim(vm.get(), false);
     vm->makeUsableFromMultipleThreads();

Modified: tags/Safari-538.17.1/Source/_javascript_Core/API/tests/testapi.js (163605 => 163606)


--- tags/Safari-538.17.1/Source/_javascript_Core/API/tests/testapi.js	2014-02-07 03:04:23 UTC (rev 163605)
+++ tags/Safari-538.17.1/Source/_javascript_Core/API/tests/testapi.js	2014-02-07 03:10:59 UTC (rev 163606)
@@ -242,6 +242,7 @@
 shouldBe('derivedOnlyDescriptor.enumerable', false);
 
 shouldBe("undefined instanceof MyObject", false);
+/*
 EvilExceptionObject.hasInstance = function f() { return f(); };
 EvilExceptionObject.__proto__ = undefined;
 shouldThrow("undefined instanceof EvilExceptionObject");
@@ -252,6 +253,7 @@
 shouldThrow("EvilExceptionObject*5");
 EvilExceptionObject.toStringExplicit = function f() { return f(); }
 shouldThrow("String(EvilExceptionObject)");
+ */
 
 shouldBe("EmptyObject", "[object CallbackObject]");

Modified: tags/Safari-538.17.1/Source/_javascript_Core/ChangeLog (163605 => 163606)


--- tags/Safari-538.17.1/Source/_javascript_Core/ChangeLog	2014-02-07 03:04:23 UTC (rev 163605)
+++ tags/Safari-538.17.1/Source/_javascript_Core/ChangeLog	2014-02-07 03:10:59 UTC (rev 163606)
@@ -1,3 +1,31 @@
+2014-02-06  Babak Shafiei  <[email protected]>
+
+        Merge r163595
+
+    2014-02-06  Michael Saboff  <[email protected]>
+
+            Workaround REGRESSION(r163195-r163227): Crash beneath NSErrorUserInfoFromJSException when installing AppleInternal.mpkg
+            https://bugs.webkit.org/show_bug.cgi?id=128347
+
+            Reviewed by Geoffrey Garen.
+
+            Added a flag to VM class called m_ignoreStackLimit that disables stack limit checks.
+            We set this flag in JSContextGroupCreate() and JSGlobalContextCreateInGroup().
+
+            Disabled stack overflow tests in testapi.js since it uses these paths.
+
+            THis patch will be reverted as part of a comprehensive solution to the problem.
+
+            * API/JSContextRef.cpp:
+            (JSContextGroupCreate):
+            (JSGlobalContextCreateInGroup):
+            * API/tests/testapi.js:
+            * runtime/VM.cpp:
+            (JSC::VM::VM):
+            (JSC::VM::updateStackLimitWithReservedZoneSize):
+            * runtime/VM.h:
+            (JSC::VM::ignoreStackLimit):
+
 2014-02-04  Filip Pizlo  <[email protected]>
 
         Make FTL OSR entry something we only try after we've already compiled the function with the FTL and it still got stuck in a loop after that without ever returning like a sensible function oughta have

Modified: tags/Safari-538.17.1/Source/_javascript_Core/runtime/VM.cpp (163605 => 163606)


--- tags/Safari-538.17.1/Source/_javascript_Core/runtime/VM.cpp	2014-02-07 03:04:23 UTC (rev 163605)
+++ tags/Safari-538.17.1/Source/_javascript_Core/runtime/VM.cpp	2014-02-07 03:10:59 UTC (rev 163606)
@@ -219,6 +219,7 @@
 #if ENABLE(GC_VALIDATION)
     , m_initializingObjectClass(0)
 #endif
+    , m_ignoreStackLimit(false)
     , m_stackLimit(0)
 #if ENABLE(LLINT_C_LOOP)
     , m_jsStackLimit(0)
@@ -738,6 +739,11 @@
 
 size_t VM::updateStackLimitWithReservedZoneSize(size_t reservedZoneSize)
 {
+    if (m_ignoreStackLimit) {
+        setStackLimit(0);
+        return 0;
+    }
+
     size_t oldReservedZoneSize = m_reservedZoneSize;
     m_reservedZoneSize = reservedZoneSize;

Modified: tags/Safari-538.17.1/Source/_javascript_Core/runtime/VM.h (163605 => 163606)


--- tags/Safari-538.17.1/Source/_javascript_Core/runtime/VM.h	2014-02-07 03:04:23 UTC (rev 163605)
+++ tags/Safari-538.17.1/Source/_javascript_Core/runtime/VM.h	2014-02-07 03:10:59 UTC (rev 163606)
@@ -387,6 +387,8 @@
 #endif
         void* stackLimit() { return m_stackLimit; }
 
+        void ignoreStackLimit() { m_ignoreStackLimit = true; }
+
         bool isSafeToRecurse(size_t neededStackInBytes = 0) const
         {
             ASSERT(wtfThreadData().stack().isGrowingDownward());
@@ -521,6 +523,7 @@
 #if ENABLE(GC_VALIDATION)
         const ClassInfo* m_initializingObjectClass;
 #endif
+        bool m_ignoreStackLimit;
         size_t m_reservedZoneSize;
 #if ENABLE(LLINT_C_LOOP)
         struct {

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to