[webkit-changes] [WebKit/WebKit] 102aa1: Add an OOME check in ClonedArguments::createEmpty.
Commit Queue
noreply at github.com
Tue May 21 08:19:09 PDT 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 102aa1b4c5015681b4339643f483a047cd7453c3
https://github.com/WebKit/WebKit/commit/102aa1b4c5015681b4339643f483a047cd7453c3
Author: Mark Lam <mark.lam at apple.com>
Date: 2024-05-21 (Tue, 21 May 2024)
Changed paths:
M Source/JavaScriptCore/dfg/DFGOperations.cpp
M Source/JavaScriptCore/ftl/FTLOperations.cpp
M Source/JavaScriptCore/runtime/ClonedArguments.cpp
M Source/JavaScriptCore/runtime/ClonedArguments.h
M Source/JavaScriptCore/runtime/JSObject.cpp
M Source/JavaScriptCore/runtime/JSObject.h
Log Message:
-----------
Add an OOME check in ClonedArguments::createEmpty.
https://bugs.webkit.org/show_bug.cgi?id=274451
rdar://121951051
Reviewed by Yusuke Suzuki.
Also added a RELEASE_ASSERT in operationCreateClonedArgumentsDuringExit() to make it explicit
that we're not allowed to have OOMEs (from ClonedArguments::createEmpty() or othewise) during
an OSR exit. Encountering an OOME then is considered a non-recoverable event.
* Source/JavaScriptCore/dfg/DFGOperations.cpp:
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):
* Source/JavaScriptCore/ftl/FTLOperations.cpp:
(JSC::FTL::JSC_DEFINE_NOEXCEPT_JIT_OPERATION):
* Source/JavaScriptCore/runtime/ClonedArguments.cpp:
(JSC::ClonedArguments::createEmpty):
(JSC::ClonedArguments::createWithInlineFrame):
(JSC::ClonedArguments::createByCopyingFrom):
* Source/JavaScriptCore/runtime/ClonedArguments.h:
* Source/JavaScriptCore/runtime/JSObject.cpp:
(JSC::createArrayStorageButterflyImpl):
(JSC::JSObject::createArrayStorageButterfly):
(JSC::JSObject::tryCreateArrayStorageButterfly):
* Source/JavaScriptCore/runtime/JSObject.h:
Canonical link: https://commits.webkit.org/279057@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list