-
commit-queue@webkit.org authored
https://bugs.webkit.org/show_bug.cgi?id=118498 Patch by Chris Curtis <chris_curtis@apple.com> on 2013-07-18 Reviewed by Geoffrey Garen. Source/JavaScriptCore: * jit/JITStubs.cpp: (throwExceptionFromOpCall): Created new throwExceptionFromOpCall that takes in a functor that contains a function pointer (to create the errorObject) instead of a JSValue. Inside of throwExceptionFromOpCall the topCallFrame is being rolled back in order to handle the error throw. By passing the function pointer in, we can defer the creation of the error object until after topCallFrame has been rolled back. This allows the error object to be created with the appropriate top frame. DEFINE_STUB_FUNCTION(void*, stack_check): DEFINE_STUB_FUNCTION(void*, op_call_arityCheck): DEFINE_STUB_FUNCTION(void*, op_construct_arityCheck): DEFINE_STUB_FUNCTION(EncodedJSValue, op_call_NotJSFunction): DEFINE_STUB_FUNCTION(EncodedJSValue, op_construct_NotJSConstruct): (JSC::ErrorFunctor::~ErrorFunctor): (JSC::ErrorWithExecFunctor::ErrorWithExecFunctor): (JSC::ErrorWithExecFunctor::operator()): (JSC::ErrorWithExecAndCalleeFunctor::ErrorWithExecAndCalleeFunctor): (JSC::ErrorWithExecAndCalleeFunctor::operator()): (JSC::ErrorWithExceptionFunctor::ErrorWithExceptionFunctor): (JSC::ErrorWithExceptionFunctor::operator()): (JSC::throwExceptionFromOpCall): In order to eliminate the need to duplicate code, an error functor was created for the 3 different throwExceptionFromOpCall handles. 1. The exception needs to be created, and the function pointer takes 1 parameter(callFrame->callerFrame()). 2. The exception needs to be created, and the function pointer takes 2 parameters (callFrame->callerFrame(), callFrame.calleeAsValue()). 3. The exception is already created. In this case, At the time when the error functor is called, vm.exception is returned. * llint/LLIntSlowPaths.cpp: (JSC::LLInt::LLINT_SLOW_PATH_DECL): * runtime/ExceptionHelpers.cpp: (JSC::errorDescriptionForValue): (JSC::createError): (JSC::createInvalidParameterError): (JSC::createNotAConstructorError): (JSC::createNotAFunctionError): (JSC::createNotAnObjectError): * runtime/ExceptionHelpers.h: The function toString() was being used to stringify an object for an exception message. If the user wrote a toString() for that object, then the system would continue to evaluate that code. A new helper function was created to prevent the system to continue execution and exception creation from that execution. LayoutTests: New Tests to see if JSC evaluates user code after exception creation * fast/js/not-a-constructor-to-string-expected.txt: Added. * fast/js/not-a-constructor-to-string.html: Added. * fast/js/not-a-function-to-string-expected.txt: Added. * fast/js/not-a-function-to-string.html: Added. Modified test output of the object that was being evaluated at the time of the error. Only the error message has changed. * fast/dom/MutationObserver/mutation-record-constructor-expected.txt: * fast/dom/NodeList/nodelist-item-call-as-function-expected.txt: * fast/dom/Range/getClientRects-expected.txt: * fast/dom/SelectorAPI/dumpNodeList-almost-strict-expected.txt: * fast/dom/SelectorAPI/dumpNodeList-expected.txt: * fast/dom/call-a-constructor-as-a-function-expected.txt: * fast/dom/setPrimitiveValue-exceptions-expected.txt: * fast/events/window-onerror-exception-in-attr-expected.txt: * fast/forms/select-namedItem-expected.txt: * fast/js/arguments-expected.txt: * fast/js/array-prototype-properties-expected.txt: * fast/js/basic-strict-mode-expected.txt: * fast/js/date-toisostring-expected.txt: * fast/js/delete-getters-setters-expected.txt: * fast/js/dfg-check-structure-elimination-for-non-cell-expected.txt: * fast/js/dfg-compare-final-object-to-final-object-or-other-when-both-proven-final-object-expected.txt: * fast/js/dfg-compare-final-object-to-final-object-or-other-when-proven-final-object-expected.txt: * fast/js/dfg-inline-arguments-use-from-all-the-places-broken-expected.txt: * fast/js/dfg-peephole-compare-final-object-to-final-object-or-other-when-both-proven-final-object-expected.txt: * fast/js/dfg-peephole-compare-final-object-to-final-object-or-other-when-proven-final-object-expected.txt: * fast/js/exception-expression-offset-expected.txt: * fast/js/exception-for-nonobject-expected.txt: * fast/js/exception-thrown-from-new-expected.txt: * fast/js/function-bind-expected.txt: * fast/js/instance-of-immediates-expected.txt: * fast/js/object-prototype-properties-expected.txt: * fast/regex/cross-frame-callable-expected.txt: * fast/xsl/transform-xhr-doc-expected.txt: * http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write-expected.txt: * http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url-expected.txt: * http/tests/security/aboutBlank/xss-DENIED-set-opener-expected.txt: * http/tests/security/document-all-expected.txt: * http/tests/security/srcdoc-in-sandbox-cannot-access-parent-expected.txt: * http/tests/security/window-named-proto-expected.txt: * inspector/console/console-exception-stack-traces-expected.txt: * platform/efl/css3/selectors3/xhtml/css3-modsel-15c-expected.txt: * platform/efl/css3/selectors3/xml/css3-modsel-15c-expected.txt: * platform/efl/fast/events/updateLayoutForHitTest-expected.txt: * platform/efl/tables/mozilla_expected_failures/bugs/bug92868_1-expected.txt: * platform/gtk/css3/selectors3/xhtml/css3-modsel-15c-expected.txt: * platform/gtk/css3/selectors3/xml/css3-modsel-15c-expected.txt: * platform/gtk/fast/events/updateLayoutForHitTest-expected.txt: * platform/gtk/svg/custom/createelement-expected.txt: * platform/gtk/tables/mozilla_expected_failures/bugs/bug92868_1-expected.txt: * platform/mac-wk2/editing/spelling/markers-expected.txt: * platform/mac-wk2/plugins/npruntime/object-from-destroyed-plugin-expected.txt: Added. * platform/mac-wk2/plugins/npruntime/object-from-destroyed-plugin-in-subframe-expected.txt: Added. * platform/mac/css3/selectors3/xhtml/css3-modsel-15c-expected.txt: * platform/mac/css3/selectors3/xml/css3-modsel-15c-expected.txt: * platform/mac/fast/events/updateLayoutForHitTest-expected.txt: * platform/mac/tables/mozilla_expected_failures/bugs/bug92868_1-expected.txt: * platform/qt/css3/selectors3/xhtml/css3-modsel-15c-expected.txt: * platform/qt/css3/selectors3/xml/css3-modsel-15c-expected.txt: * platform/qt/svg/custom/createelement-expected.txt: * platform/qt/tables/mozilla_expected_failures/bugs/bug92868_1-expected.txt: * platform/win/fast/dom/call-a-constructor-as-a-function-expected.txt: * plugins/npruntime/object-from-destroyed-plugin-expected.txt: * plugins/npruntime/object-from-destroyed-plugin-in-subframe-expected.txt: * plugins/npruntime/plugin-scriptable-object-invoke-default-expected.txt: * sputnik/Conformance/08_Types/8.6_The_Object_Type/8.6.2_Internal_Properties_and_Methods/S8.6.2_A7-expected.txt: * sputnik/Conformance/13_Function_Definition/S13_A17_T2-expected.txt: * sputnik/Conformance/15_Native_Objects/15.1_The_Global_Object/S15.1_A1_T1-expected.txt: * sputnik/Conformance/15_Native_Objects/15.1_The_Global_Object/S15.1_A1_T2-expected.txt: * sputnik/Conformance/15_Native_Objects/15.1_The_Global_Object/S15.1_A2_T1-expected.txt: * sputnik/Conformance/15_Native_Objects/15.2_Object/15.2.4/15.2.4.2_Object.prototype.toString/S15.2.4.2_A7-expected.txt: * sputnik/Conformance/15_Native_Objects/15.2_Object/15.2.4/15.2.4.3_Object.prototype.toLocaleString/S15.2.4.3_A7-expected.txt: * sputnik/Conformance/15_Native_Objects/15.2_Object/15.2.4/15.2.4.4_Object.prototype.valueOf/S15.2.4.4_A7-expected.txt: * sputnik/Conformance/15_Native_Objects/15.2_Object/15.2.4/15.2.4.5_Object.prototype.hasOwnProperty/S15.2.4.5_A7-expected.txt: * sputnik/Conformance/15_Native_Objects/15.2_Object/15.2.4/15.2.4.6_Object.prototype.isPrototypeOf/S15.2.4.6_A7-expected.txt: * sputnik/Conformance/15_Native_Objects/15.2_Object/15.2.4/15.2.4.7_Object.prototype.propertyIsEnumerable/S15.2.4.7_A7-expected.txt: * sputnik/Conformance/15_Native_Objects/15.2_Object/15.2.4/S15.2.4_A3-expected.txt: * sputnik/Conformance/15_Native_Objects/15.2_Object/15.2.4/S15.2.4_A4-expected.txt: * sputnik/Conformance/15_Native_Objects/15.3_Function/15.3.4/15.3.4.2_Function.prototype.toString/S15.3.4.2_A7-expected.txt: * sputnik/Conformance/15_Native_Objects/15.3_Function/15.3.4/S15.3.4_A5-expected.txt: * sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.12_String.prototype.search/S15.5.4.12_A7-expected.txt: * sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.13_String.prototype.slice/S15.5.4.13_A7-expected.txt: * sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.15_String.prototype.substring/S15.5.4.15_A7-expected.txt: * sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.17_String.prototype.toLocaleLowerCase/S15.5.4.17_A7-expected.txt: * sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.7_String.prototype.indexOf/S15.5.4.7_A7-expected.txt: * sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.8_String.prototype.lastIndexOf/S15.5.4.8_A7-expected.txt: * svg/custom/createelement-expected.txt: * svg/custom/use-nested-missing-target-removed-expected.txt: * svg/dom/svgpath-out-of-bounds-getPathSeg-expected.txt: git-svn-id: http://svn.webkit.org/repository/webkit/trunk@152871 268f45cc-cd09-0410-ab3c-d52691b4dbfc
e0c69d5e