<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[171411] branches/safari-600.1-branch</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/171411">171411</a></dd>
<dt>Author</dt> <dd>dburkart@apple.com</dd>
<dt>Date</dt> <dd>2014-07-22 22:44:59 -0700 (Tue, 22 Jul 2014)</dd>
</dl>
<h3>Log Message</h3>
<pre>Merge <a href="http://trac.webkit.org/projects/webkit/changeset/171213">r171213</a></pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#branchessafari6001branchSourceJavaScriptCoreChangeLog">branches/safari-600.1-branch/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#branchessafari6001branchSourceJavaScriptCoredfgDFGJITCompilerh">branches/safari-600.1-branch/Source/JavaScriptCore/dfg/DFGJITCompiler.h</a></li>
<li><a href="#branchessafari6001branchSourceJavaScriptCoreftlFTLIntrinsicRepositoryh">branches/safari-600.1-branch/Source/JavaScriptCore/ftl/FTLIntrinsicRepository.h</a></li>
<li><a href="#branchessafari6001branchSourceJavaScriptCoreftlFTLLowerDFGToLLVMcpp">branches/safari-600.1-branch/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp</a></li>
<li><a href="#branchessafari6001branchSourceJavaScriptCoreinterpreterInterpretercpp">branches/safari-600.1-branch/Source/JavaScriptCore/interpreter/Interpreter.cpp</a></li>
<li><a href="#branchessafari6001branchSourceJavaScriptCoreinterpreterStackVisitorcpp">branches/safari-600.1-branch/Source/JavaScriptCore/interpreter/StackVisitor.cpp</a></li>
<li><a href="#branchessafari6001branchSourceJavaScriptCorejitAssemblyHelperscpp">branches/safari-600.1-branch/Source/JavaScriptCore/jit/AssemblyHelpers.cpp</a></li>
<li><a href="#branchessafari6001branchSourceJavaScriptCorejitAssemblyHelpersh">branches/safari-600.1-branch/Source/JavaScriptCore/jit/AssemblyHelpers.h</a></li>
<li><a href="#branchessafari6001branchSourceJavaScriptCorejitJITcpp">branches/safari-600.1-branch/Source/JavaScriptCore/jit/JIT.cpp</a></li>
<li><a href="#branchessafari6001branchSourceJavaScriptCorejitJITOpcodescpp">branches/safari-600.1-branch/Source/JavaScriptCore/jit/JITOpcodes.cpp</a></li>
<li><a href="#branchessafari6001branchSourceJavaScriptCorejitJITOperationscpp">branches/safari-600.1-branch/Source/JavaScriptCore/jit/JITOperations.cpp</a></li>
<li><a href="#branchessafari6001branchSourceJavaScriptCorejitJITOperationsh">branches/safari-600.1-branch/Source/JavaScriptCore/jit/JITOperations.h</a></li>
<li><a href="#branchessafari6001branchSourceJavaScriptCorejsccpp">branches/safari-600.1-branch/Source/JavaScriptCore/jsc.cpp</a></li>
<li><a href="#branchessafari6001branchSourceJavaScriptCoreruntimeOptionsh">branches/safari-600.1-branch/Source/JavaScriptCore/runtime/Options.h</a></li>
<li><a href="#branchessafari6001branchSourceJavaScriptCoreruntimeTestRunnerUtilsh">branches/safari-600.1-branch/Source/JavaScriptCore/runtime/TestRunnerUtils.h</a></li>
<li><a href="#branchessafari6001branchToolsChangeLog">branches/safari-600.1-branch/Tools/ChangeLog</a></li>
<li><a href="#branchessafari6001branchToolsScriptsrunjavascriptcoretests">branches/safari-600.1-branch/Tools/Scripts/run-javascriptcore-tests</a></li>
<li><a href="#branchessafari6001branchToolsScriptsrunjscstresstests">branches/safari-600.1-branch/Tools/Scripts/run-jsc-stress-tests</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li>branches/safari-600.1-branch/Source/JavaScriptCore/tests/exceptionFuzz/</li>
<li><a href="#branchessafari6001branchSourceJavaScriptCoretestsexceptionFuzzyaml">branches/safari-600.1-branch/Source/JavaScriptCore/tests/exceptionFuzz.yaml</a></li>
<li><a href="#branchessafari6001branchToolsScriptsjscstresstesthelpersjsexceptionfuzz">branches/safari-600.1-branch/Tools/Scripts/jsc-stress-test-helpers/js-exception-fuzz</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="branchessafari6001branchSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: branches/safari-600.1-branch/Source/JavaScriptCore/ChangeLog (171410 => 171411)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.1-branch/Source/JavaScriptCore/ChangeLog        2014-07-23 05:41:28 UTC (rev 171410)
+++ branches/safari-600.1-branch/Source/JavaScriptCore/ChangeLog        2014-07-23 05:44:59 UTC (rev 171411)
</span><span class="lines">@@ -1,5 +1,56 @@
</span><span class="cx"> 2014-07-22 Dana Burkart <dburkart@apple.com>
</span><span class="cx">
</span><ins>+ Merge r171213.
+
+ 2014-07-15 Filip Pizlo <fpizlo@apple.com>
+
+ Need ability to fuzz exception throwing
+ https://bugs.webkit.org/show_bug.cgi?id=134945
+ <rdar://problem/17722027>
+
+ Reviewed by Sam Weinig.
+
+ Adds the ability to instrument exception checks, and to force some random
+ exception check to artificially throw an exception. Also adds new tests that
+ are suitable for testing this. Note that this is closely tied to the Tools
+ directory changes that are also part of this changeset.
+
+ This also fixes an activation tear-off bug that arises if we ever throw an
+ exception from operationOptimize, or if due to some other bug it's only due
+ to the operationOptimize exception check that we realize that there is an
+ exception to be thrown.
+
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::fastExceptionCheck):
+ * ftl/FTLIntrinsicRepository.h:
+ * ftl/FTLLowerDFGToLLVM.cpp:
+ (JSC::FTL::LowerDFGToLLVM::callCheck):
+ * interpreter/Interpreter.cpp:
+ (JSC::unwindCallFrame):
+ * jit/AssemblyHelpers.cpp:
+ (JSC::AssemblyHelpers::callExceptionFuzz):
+ (JSC::AssemblyHelpers::emitExceptionCheck):
+ * jit/AssemblyHelpers.h:
+ (JSC::AssemblyHelpers::emitExceptionCheck): Deleted.
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_enter):
+ * jit/JITOperations.cpp:
+ (JSC::numberOfExceptionFuzzChecks):
+ * jit/JITOperations.h:
+ * jsc.cpp:
+ (jscmain):
+ * runtime/Options.h:
+ * runtime/TestRunnerUtils.h:
+ * tests/exceptionFuzz.yaml: Added.
+ * tests/exceptionFuzz: Added.
+ * tests/exceptionFuzz/3d-cube.js: Added.
+ * tests/exceptionFuzz/date-format-xparb.js: Added.
+ * tests/exceptionFuzz/earley-boyer.js: Added.
+
+2014-07-22 Dana Burkart <dburkart@apple.com>
+
</ins><span class="cx"> Merge r171204.
</span><span class="cx">
</span><span class="cx"> 2014-07-17 Joseph Pecoraro <pecoraro@apple.com>
</span></span></pre></div>
<a id="branchessafari6001branchSourceJavaScriptCoredfgDFGJITCompilerh"></a>
<div class="modfile"><h4>Modified: branches/safari-600.1-branch/Source/JavaScriptCore/dfg/DFGJITCompiler.h (171410 => 171411)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.1-branch/Source/JavaScriptCore/dfg/DFGJITCompiler.h        2014-07-23 05:41:28 UTC (rev 171410)
+++ branches/safari-600.1-branch/Source/JavaScriptCore/dfg/DFGJITCompiler.h        2014-07-23 05:44:59 UTC (rev 171411)
</span><span class="lines">@@ -186,6 +186,7 @@
</span><span class="cx"> // Add a call out from JIT code, with a fast exception check that tests if the return value is zero.
</span><span class="cx"> void fastExceptionCheck()
</span><span class="cx"> {
</span><ins>+ callExceptionFuzz();
</ins><span class="cx"> m_exceptionChecks.append(branchTestPtr(Zero, GPRInfo::returnValueGPR));
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari6001branchSourceJavaScriptCoreftlFTLIntrinsicRepositoryh"></a>
<div class="modfile"><h4>Modified: branches/safari-600.1-branch/Source/JavaScriptCore/ftl/FTLIntrinsicRepository.h (171410 => 171411)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.1-branch/Source/JavaScriptCore/ftl/FTLIntrinsicRepository.h        2014-07-23 05:41:28 UTC (rev 171410)
+++ branches/safari-600.1-branch/Source/JavaScriptCore/ftl/FTLIntrinsicRepository.h        2014-07-23 05:44:59 UTC (rev 171411)
</span><span class="lines">@@ -84,6 +84,7 @@
</span><span class="cx"> macro(S_JITOperation_EJ, functionType(intPtr, intPtr, int64)) \
</span><span class="cx"> macro(S_JITOperation_EJJ, functionType(intPtr, intPtr, int64, int64)) \
</span><span class="cx"> macro(S_JITOperation_J, functionType(intPtr, int64)) \
</span><ins>+ macro(V_JITOperation, functionType(voidType)) \
</ins><span class="cx"> macro(V_JITOperation_EJJJ, functionType(voidType, intPtr, int64, int64, int64)) \
</span><span class="cx"> macro(V_JITOperation_EOZD, functionType(voidType, intPtr, intPtr, int32, doubleType)) \
</span><span class="cx"> macro(V_JITOperation_EOZJ, functionType(voidType, intPtr, intPtr, int32, int64)) \
</span></span></pre></div>
<a id="branchessafari6001branchSourceJavaScriptCoreftlFTLLowerDFGToLLVMcpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.1-branch/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp (171410 => 171411)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.1-branch/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp        2014-07-23 05:41:28 UTC (rev 171410)
+++ branches/safari-600.1-branch/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp        2014-07-23 05:44:59 UTC (rev 171411)
</span><span class="lines">@@ -5760,6 +5760,9 @@
</span><span class="cx"> if (mode == NoExceptions)
</span><span class="cx"> return;
</span><span class="cx">
</span><ins>+ if (Options::enableExceptionFuzz())
+ m_out.call(m_out.operation(operationExceptionFuzz));
+
</ins><span class="cx"> LBasicBlock continuation = FTL_NEW_BLOCK(m_out, ("Exception check continuation"));
</span><span class="cx">
</span><span class="cx"> m_out.branch(
</span></span></pre></div>
<a id="branchessafari6001branchSourceJavaScriptCoreinterpreterInterpretercpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.1-branch/Source/JavaScriptCore/interpreter/Interpreter.cpp (171410 => 171411)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.1-branch/Source/JavaScriptCore/interpreter/Interpreter.cpp        2014-07-23 05:41:28 UTC (rev 171410)
+++ branches/safari-600.1-branch/Source/JavaScriptCore/interpreter/Interpreter.cpp        2014-07-23 05:44:59 UTC (rev 171411)
</span><span class="lines">@@ -457,13 +457,19 @@
</span><span class="cx"> RELEASE_ASSERT(!visitor->isInlinedFrame());
</span><span class="cx"> #endif
</span><span class="cx"> activation = callFrame->uncheckedActivation();
</span><del>- if (activation)
- jsCast<JSActivation*>(activation)->tearOff(*scope->vm());
</del><ins>+ // Protect against the activation not being created, or the variable still being
+ // initialized to Undefined inside op_enter.
+ if (activation && activation.isCell()) {
+ JSActivation* activationObject = jsCast<JSActivation*>(activation);
+ // Protect against throwing exceptions after tear-off.
+ if (!activationObject->isTornOff())
+ activationObject->tearOff(*scope->vm());
+ }
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if (codeBlock->codeType() == FunctionCode && codeBlock->usesArguments()) {
</span><span class="cx"> if (Arguments* arguments = visitor->existingArguments()) {
</span><del>- if (activation)
</del><ins>+ if (activation && activation.isCell())
</ins><span class="cx"> arguments->didTearOffActivation(callFrame, jsCast<JSActivation*>(activation));
</span><span class="cx"> #if ENABLE(DFG_JIT)
</span><span class="cx"> else if (visitor->isInlinedFrame())
</span></span></pre></div>
<a id="branchessafari6001branchSourceJavaScriptCoreinterpreterStackVisitorcpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.1-branch/Source/JavaScriptCore/interpreter/StackVisitor.cpp (171410 => 171411)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.1-branch/Source/JavaScriptCore/interpreter/StackVisitor.cpp        2014-07-23 05:41:28 UTC (rev 171410)
+++ branches/safari-600.1-branch/Source/JavaScriptCore/interpreter/StackVisitor.cpp        2014-07-23 05:44:59 UTC (rev 171411)
</span><span class="lines">@@ -278,7 +278,7 @@
</span><span class="cx"> reg = codeBlock()->argumentsRegister();
</span><span class="cx">
</span><span class="cx"> JSValue result = callFrame()->r(unmodifiedArgumentsRegister(reg).offset()).jsValue();
</span><del>- if (!result)
</del><ins>+ if (!result || !result.isCell()) // Protect against Undefined in case we throw in op_enter.
</ins><span class="cx"> return 0;
</span><span class="cx"> return jsCast<Arguments*>(result);
</span><span class="cx"> }
</span></span></pre></div>
<a id="branchessafari6001branchSourceJavaScriptCorejitAssemblyHelperscpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.1-branch/Source/JavaScriptCore/jit/AssemblyHelpers.cpp (171410 => 171411)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.1-branch/Source/JavaScriptCore/jit/AssemblyHelpers.cpp        2014-07-23 05:41:28 UTC (rev 171410)
+++ branches/safari-600.1-branch/Source/JavaScriptCore/jit/AssemblyHelpers.cpp        2014-07-23 05:44:59 UTC (rev 171411)
</span><span class="lines">@@ -28,6 +28,7 @@
</span><span class="cx">
</span><span class="cx"> #if ENABLE(JIT)
</span><span class="cx">
</span><ins>+#include "JITOperations.h"
</ins><span class="cx"> #include "JSCInlines.h"
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="lines">@@ -195,6 +196,33 @@
</span><span class="cx"> }
</span><span class="cx"> #endif // !ASSERT_DISABLED
</span><span class="cx">
</span><ins>+void AssemblyHelpers::callExceptionFuzz()
+{
+ if (!Options::enableExceptionFuzz())
+ return;
+
+ ASSERT(stackAlignmentBytes() >= sizeof(void*) * 2);
+ subPtr(TrustedImm32(stackAlignmentBytes()), stackPointerRegister);
+ poke(GPRInfo::returnValueGPR, 0);
+ poke(GPRInfo::returnValueGPR2, 1);
+ move(TrustedImmPtr(bitwise_cast<void*>(operationExceptionFuzz)), GPRInfo::nonPreservedNonReturnGPR);
+ call(GPRInfo::nonPreservedNonReturnGPR);
+ peek(GPRInfo::returnValueGPR, 0);
+ peek(GPRInfo::returnValueGPR2, 1);
+ addPtr(TrustedImm32(stackAlignmentBytes()), stackPointerRegister);
+}
+
+AssemblyHelpers::Jump AssemblyHelpers::emitExceptionCheck(ExceptionCheckKind kind)
+{
+ callExceptionFuzz();
+
+#if USE(JSVALUE64)
+ return branchTest64(kind == NormalExceptionCheck ? NonZero : Zero, AbsoluteAddress(vm()->addressOfException()));
+#elif USE(JSVALUE32_64)
+ return branch32(kind == NormalExceptionCheck ? NotEqual : Equal, AbsoluteAddress(reinterpret_cast<char*>(vm()->addressOfException()) + OBJECT_OFFSETOF(JSValue, u.asBits.tag)), TrustedImm32(JSValue::EmptyValueTag));
+#endif
+}
+
</ins><span class="cx"> void AssemblyHelpers::emitStoreStructureWithTypeInfo(AssemblyHelpers& jit, TrustedImmPtr structure, RegisterID dest)
</span><span class="cx"> {
</span><span class="cx"> const Structure* structurePtr = static_cast<const Structure*>(structure.m_value);
</span></span></pre></div>
<a id="branchessafari6001branchSourceJavaScriptCorejitAssemblyHelpersh"></a>
<div class="modfile"><h4>Modified: branches/safari-600.1-branch/Source/JavaScriptCore/jit/AssemblyHelpers.h (171410 => 171411)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.1-branch/Source/JavaScriptCore/jit/AssemblyHelpers.h        2014-07-23 05:41:28 UTC (rev 171410)
+++ branches/safari-600.1-branch/Source/JavaScriptCore/jit/AssemblyHelpers.h        2014-07-23 05:44:59 UTC (rev 171411)
</span><span class="lines">@@ -481,15 +481,10 @@
</span><span class="cx"> }
</span><span class="cx"> #endif
</span><span class="cx">
</span><ins>+ void callExceptionFuzz();
+
</ins><span class="cx"> enum ExceptionCheckKind { NormalExceptionCheck, InvertedExceptionCheck };
</span><del>- Jump emitExceptionCheck(ExceptionCheckKind kind = NormalExceptionCheck)
- {
-#if USE(JSVALUE64)
- return branchTest64(kind == NormalExceptionCheck ? NonZero : Zero, AbsoluteAddress(vm()->addressOfException()));
-#elif USE(JSVALUE32_64)
- return branch32(kind == NormalExceptionCheck ? NotEqual : Equal, AbsoluteAddress(reinterpret_cast<char*>(vm()->addressOfException()) + OBJECT_OFFSETOF(JSValue, u.asBits.tag)), TrustedImm32(JSValue::EmptyValueTag));
-#endif
- }
</del><ins>+ Jump emitExceptionCheck(ExceptionCheckKind kind = NormalExceptionCheck);
</ins><span class="cx">
</span><span class="cx"> #if ENABLE(SAMPLING_COUNTERS)
</span><span class="cx"> static void emitCount(MacroAssembler& jit, AbstractSamplingCounter& counter, int32_t increment = 1)
</span></span></pre></div>
<a id="branchessafari6001branchSourceJavaScriptCorejitJITcpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.1-branch/Source/JavaScriptCore/jit/JIT.cpp (171410 => 171411)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.1-branch/Source/JavaScriptCore/jit/JIT.cpp        2014-07-23 05:41:28 UTC (rev 171410)
+++ branches/safari-600.1-branch/Source/JavaScriptCore/jit/JIT.cpp        2014-07-23 05:44:59 UTC (rev 171411)
</span><span class="lines">@@ -167,7 +167,10 @@
</span><span class="cx"> AbsoluteAddress(m_compilation->executionCounterFor(Profiler::OriginStack(Profiler::Origin(
</span><span class="cx"> m_compilation->bytecodes(), m_bytecodeOffset)))->address()));
</span><span class="cx"> }
</span><del>-
</del><ins>+
+ if (Options::eagerlyUpdateTopCallFrame())
+ updateTopCallFrame();
+
</ins><span class="cx"> switch (opcodeID) {
</span><span class="cx"> DEFINE_SLOW_OP(del_by_val)
</span><span class="cx"> DEFINE_SLOW_OP(in)
</span></span></pre></div>
<a id="branchessafari6001branchSourceJavaScriptCorejitJITOpcodescpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.1-branch/Source/JavaScriptCore/jit/JITOpcodes.cpp (171410 => 171411)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.1-branch/Source/JavaScriptCore/jit/JITOpcodes.cpp        2014-07-23 05:41:28 UTC (rev 171410)
+++ branches/safari-600.1-branch/Source/JavaScriptCore/jit/JITOpcodes.cpp        2014-07-23 05:44:59 UTC (rev 171411)
</span><span class="lines">@@ -762,8 +762,6 @@
</span><span class="cx">
</span><span class="cx"> void JIT::emit_op_enter(Instruction*)
</span><span class="cx"> {
</span><del>- emitEnterOptimizationCheck();
-
</del><span class="cx"> // Even though CTI doesn't use them, we initialize our constant
</span><span class="cx"> // registers to zap stale pointers, to avoid unnecessarily prolonging
</span><span class="cx"> // object lifetime and increasing GC pressure.
</span><span class="lines">@@ -772,6 +770,8 @@
</span><span class="cx"> emitInitRegister(virtualRegisterForLocal(j).offset());
</span><span class="cx">
</span><span class="cx"> emitWriteBarrier(m_codeBlock->ownerExecutable());
</span><ins>+
+ emitEnterOptimizationCheck();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void JIT::emit_op_create_activation(Instruction* currentInstruction)
</span></span></pre></div>
<a id="branchessafari6001branchSourceJavaScriptCorejitJITOperationscpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.1-branch/Source/JavaScriptCore/jit/JITOperations.cpp (171410 => 171411)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.1-branch/Source/JavaScriptCore/jit/JITOperations.cpp        2014-07-23 05:41:28 UTC (rev 171410)
+++ branches/safari-600.1-branch/Source/JavaScriptCore/jit/JITOperations.cpp        2014-07-23 05:44:59 UTC (rev 171411)
</span><span class="lines">@@ -51,10 +51,14 @@
</span><span class="cx"> #include "JSCInlines.h"
</span><span class="cx"> #include "Repatch.h"
</span><span class="cx"> #include "RepatchBuffer.h"
</span><ins>+#include "TestRunnerUtils.h"
</ins><span class="cx"> #include <wtf/InlineASM.h>
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><ins>+static unsigned s_numberOfExceptionFuzzChecks;
+unsigned numberOfExceptionFuzzChecks() { return s_numberOfExceptionFuzzChecks; }
+
</ins><span class="cx"> extern "C" {
</span><span class="cx">
</span><span class="cx"> #if COMPILER(MSVC)
</span><span class="lines">@@ -1028,7 +1032,7 @@
</span><span class="cx"> DeferGCForAWhile deferGC(vm.heap);
</span><span class="cx">
</span><span class="cx"> CodeBlock* codeBlock = exec->codeBlock();
</span><del>-
</del><ins>+
</ins><span class="cx"> if (bytecodeIndex) {
</span><span class="cx"> // If we're attempting to OSR from a loop, assume that this should be
</span><span class="cx"> // separately optimized.
</span><span class="lines">@@ -1799,6 +1803,31 @@
</span><span class="cx"> genericUnwind(vm, exec, vm->exception());
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+// This function "should" just take the ExecState*, but doing so would make it more difficult
+// to call from exception check sites. So, unlike all of our other functions, we allow
+// ourselves to play some gnarly ABI tricks just to simplify the calling convention. This is
+// particularly safe here since this is never called on the critical path - it's only for
+// testing.
+void JIT_OPERATION operationExceptionFuzz()
+{
+ ASSERT(Options::enableExceptionFuzz());
+
+ // This probably "just works" for GCC also, but I haven't tried.
+#if COMPILER(CLANG)
+ ExecState* exec = static_cast<ExecState*>(__builtin_frame_address(1));
+ DeferGCForAWhile deferGC(exec->vm().heap);
+
+ s_numberOfExceptionFuzzChecks++;
+
+ unsigned fireTarget = Options::fireExceptionFuzzAt();
+ if (fireTarget == s_numberOfExceptionFuzzChecks) {
+ printf("JSC EXCEPTION FUZZ: Throwing fuzz exception with call frame %p and return address %p.\n", exec, __builtin_return_address(0));
+ exec->vm().throwException(
+ exec, createError(exec->lexicalGlobalObject(), ASCIILiteral("Exception Fuzz")));
+ }
+#endif // COMPILER(CLANG)
+}
+
</ins><span class="cx"> } // extern "C"
</span><span class="cx">
</span><span class="cx"> // Note: getHostCallReturnValueWithExecState() needs to be placed before the
</span></span></pre></div>
<a id="branchessafari6001branchSourceJavaScriptCorejitJITOperationsh"></a>
<div class="modfile"><h4>Modified: branches/safari-600.1-branch/Source/JavaScriptCore/jit/JITOperations.h (171410 => 171411)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.1-branch/Source/JavaScriptCore/jit/JITOperations.h        2014-07-23 05:41:28 UTC (rev 171410)
+++ branches/safari-600.1-branch/Source/JavaScriptCore/jit/JITOperations.h        2014-07-23 05:44:59 UTC (rev 171411)
</span><span class="lines">@@ -143,6 +143,7 @@
</span><span class="cx"> typedef size_t JIT_OPERATION (*S_JITOperation_EOJss)(ExecState*, JSObject*, JSString*);
</span><span class="cx"> typedef size_t JIT_OPERATION (*S_JITOperation_J)(EncodedJSValue);
</span><span class="cx"> typedef SlowPathReturnType JIT_OPERATION (*Sprt_JITOperation_EZ)(ExecState*, int32_t);
</span><ins>+typedef void JIT_OPERATION (*V_JITOperation)();
</ins><span class="cx"> typedef void JIT_OPERATION (*V_JITOperation_E)(ExecState*);
</span><span class="cx"> typedef void JIT_OPERATION (*V_JITOperation_EC)(ExecState*, JSCell*);
</span><span class="cx"> typedef void JIT_OPERATION (*V_JITOperation_ECb)(ExecState*, CodeBlock*);
</span><span class="lines">@@ -300,6 +301,8 @@
</span><span class="cx">
</span><span class="cx"> void JIT_OPERATION operationInitGlobalConst(ExecState*, Instruction*);
</span><span class="cx">
</span><ins>+void JIT_OPERATION operationExceptionFuzz();
+
</ins><span class="cx"> } // extern "C"
</span><span class="cx">
</span><span class="cx"> inline P_JITOperation_ECli operationLinkFor(
</span></span></pre></div>
<a id="branchessafari6001branchSourceJavaScriptCorejsccpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.1-branch/Source/JavaScriptCore/jsc.cpp (171410 => 171411)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.1-branch/Source/JavaScriptCore/jsc.cpp        2014-07-23 05:41:28 UTC (rev 171410)
+++ branches/safari-600.1-branch/Source/JavaScriptCore/jsc.cpp        2014-07-23 05:44:59 UTC (rev 171411)
</span><span class="lines">@@ -1273,6 +1273,9 @@
</span><span class="cx"> if (!vm->m_perBytecodeProfiler->save(options.m_profilerOutput.utf8().data()))
</span><span class="cx"> fprintf(stderr, "could not save profiler output.\n");
</span><span class="cx"> }
</span><ins>+
+ if (Options::enableExceptionFuzz())
+ printf("JSC EXCEPTION FUZZ: encountered %u checks.\n", numberOfExceptionFuzzChecks());
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> return result;
</span></span></pre></div>
<a id="branchessafari6001branchSourceJavaScriptCoreruntimeOptionsh"></a>
<div class="modfile"><h4>Modified: branches/safari-600.1-branch/Source/JavaScriptCore/runtime/Options.h (171410 => 171411)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.1-branch/Source/JavaScriptCore/runtime/Options.h        2014-07-23 05:41:28 UTC (rev 171410)
+++ branches/safari-600.1-branch/Source/JavaScriptCore/runtime/Options.h        2014-07-23 05:44:59 UTC (rev 171411)
</span><span class="lines">@@ -141,6 +141,7 @@
</span><span class="cx"> v(bool, testTheFTL, false) \
</span><span class="cx"> v(bool, verboseSanitizeStack, false) \
</span><span class="cx"> v(bool, alwaysDoFullCollection, false) \
</span><ins>+ v(bool, eagerlyUpdateTopCallFrame, false) \
</ins><span class="cx"> \
</span><span class="cx"> v(bool, enableOSREntryToDFG, true) \
</span><span class="cx"> v(bool, enableOSREntryToFTL, true) \
</span><span class="lines">@@ -269,7 +270,10 @@
</span><span class="cx"> v(bool, disableGC, false) \
</span><span class="cx"> v(unsigned, gcMaxHeapSize, 0) \
</span><span class="cx"> v(bool, recordGCPauseTimes, false) \
</span><del>- v(bool, logHeapStatisticsAtExit, false)
</del><ins>+ v(bool, logHeapStatisticsAtExit, false) \
+ \
+ v(bool, enableExceptionFuzz, false) \
+ v(unsigned, fireExceptionFuzzAt, 0)
</ins><span class="cx">
</span><span class="cx"> class Options {
</span><span class="cx"> public:
</span></span></pre></div>
<a id="branchessafari6001branchSourceJavaScriptCoreruntimeTestRunnerUtilsh"></a>
<div class="modfile"><h4>Modified: branches/safari-600.1-branch/Source/JavaScriptCore/runtime/TestRunnerUtils.h (171410 => 171411)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.1-branch/Source/JavaScriptCore/runtime/TestRunnerUtils.h        2014-07-23 05:41:28 UTC (rev 171410)
+++ branches/safari-600.1-branch/Source/JavaScriptCore/runtime/TestRunnerUtils.h        2014-07-23 05:44:59 UTC (rev 171411)
</span><span class="lines">@@ -44,6 +44,8 @@
</span><span class="cx"> JS_EXPORT_PRIVATE JSValue setNeverInline(ExecState*);
</span><span class="cx"> JS_EXPORT_PRIVATE JSValue optimizeNextInvocation(ExecState*);
</span><span class="cx">
</span><ins>+JS_EXPORT_PRIVATE unsigned numberOfExceptionFuzzChecks();
+
</ins><span class="cx"> } // namespace JSC
</span><span class="cx">
</span><span class="cx"> #endif // TestRunnerUtils_h
</span></span></pre></div>
<a id="branchessafari6001branchSourceJavaScriptCoretestsexceptionFuzzyamlfromrev171213trunkSourceJavaScriptCoretestsexceptionFuzzyaml"></a>
<div class="copfile"><h4>Copied: branches/safari-600.1-branch/Source/JavaScriptCore/tests/exceptionFuzz.yaml (from rev 171213, trunk/Source/JavaScriptCore/tests/exceptionFuzz.yaml) (0 => 171411)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.1-branch/Source/JavaScriptCore/tests/exceptionFuzz.yaml         (rev 0)
+++ branches/safari-600.1-branch/Source/JavaScriptCore/tests/exceptionFuzz.yaml        2014-07-23 05:44:59 UTC (rev 171411)
</span><span class="lines">@@ -0,0 +1,30 @@
</span><ins>+# Copyright (C) 2014 Apple Inc. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+- path: exceptionFuzz
+ cmd: |
+ if $architecture !~ /x86/i and $hostOS == "darwin"
+ skip
+ else
+ runExceptionFuzz
+ end
</ins></span></pre></div>
<a id="branchessafari6001branchToolsChangeLog"></a>
<div class="modfile"><h4>Modified: branches/safari-600.1-branch/Tools/ChangeLog (171410 => 171411)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.1-branch/Tools/ChangeLog        2014-07-23 05:41:28 UTC (rev 171410)
+++ branches/safari-600.1-branch/Tools/ChangeLog        2014-07-23 05:44:59 UTC (rev 171411)
</span><span class="lines">@@ -1,5 +1,28 @@
</span><span class="cx"> 2014-07-22 Dana Burkart <dburkart@apple.com>
</span><span class="cx">
</span><ins>+ Merge r171213.
+
+ 2014-07-15 Filip Pizlo <fpizlo@apple.com>
+
+ Need ability to fuzz exception throwing
+ https://bugs.webkit.org/show_bug.cgi?id=134945
+ <rdar://problem/17722027>
+
+ Reviewed by Sam Weinig.
+
+ Adds a new script, js-exception-fuzz, which will run some jsc command-line using
+ exception fuzzing. This means that we will force exceptions to be thrown in random
+ places to see how the engine reacts. This is now integrated with the various test
+ drivers, so run-javascriptcore-tests will run some exception fuzzing tests by
+ default.
+
+ * Scripts/jsc-stress-test-helpers/js-exception-fuzz: Added.
+ (fail):
+ * Scripts/run-javascriptcore-tests:
+ * Scripts/run-jsc-stress-tests:
+
+2014-07-22 Dana Burkart <dburkart@apple.com>
+
</ins><span class="cx"> Merge r171167.
</span><span class="cx">
</span><span class="cx"> 2014-07-16 Alexey Proskuryakov <ap@apple.com>
</span></span></pre></div>
<a id="branchessafari6001branchToolsScriptsjscstresstesthelpersjsexceptionfuzzfromrev171213trunkToolsScriptsjscstresstesthelpersjsexceptionfuzz"></a>
<div class="copfile"><h4>Copied: branches/safari-600.1-branch/Tools/Scripts/jsc-stress-test-helpers/js-exception-fuzz (from rev 171213, trunk/Tools/Scripts/jsc-stress-test-helpers/js-exception-fuzz) (0 => 171411)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.1-branch/Tools/Scripts/jsc-stress-test-helpers/js-exception-fuzz         (rev 0)
+++ branches/safari-600.1-branch/Tools/Scripts/jsc-stress-test-helpers/js-exception-fuzz        2014-07-23 05:44:59 UTC (rev 171411)
</span><span class="lines">@@ -0,0 +1,141 @@
</span><ins>+#!/usr/bin/perl
+
+# Copyright (C) 2014 Apple Inc. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+use strict;
+use FindBin;
+use Getopt::Long qw(:config pass_through);
+use POSIX;
+use String::ShellQuote;
+
+# We first want to run the test once to determine what the number of encountered
+# checks is. Then we want to run it again some number of times with random check
+# amounts. The test is successful if after printing a message that we're
+# intending to throw the fuzz exception, it prints another message saying that it
+# caught the exception.
+
+my $repeat = 100;
+my $seed = time();
+my $verbose = 0;
+
+# We allow flags to be passed via environment variables, which is rather useful for
+# running with the run-jsc-stress-tests harness.
+if (defined($ENV{JS_EFUZZ_REPEAT})) {
+ $repeat = $ENV{JS_EFUZZ_REPEAT};
+}
+if (defined($ENV{JS_EFUZZ_SEED})) {
+ $seed = $ENV{JS_EFUZZ_SEED};
+}
+if (defined($ENV{JS_EFUZZ_VERBOSE})) {
+ $verbose = $ENV{JS_EFUZZ_VERBOSE};
+}
+
+GetOptions(
+ 'repeat=s' => \$repeat,
+ 'seed=s' => \$seed,
+ 'verbose' => \$verbose
+);
+
+my $commandString = shell_quote @ARGV;
+
+my $checkCount;
+
+sub fail {
+ my $context = shift;
+ flush STDOUT;
+ flush STDERR;
+ die "Failure for command $commandString with seed $seed, repeat $repeat: $context";
+}
+
+open (my $testInput, "$commandString --enableExceptionFuzz=true |") or fail("Cannot execute initial command when getting check count");
+while (my $inputLine = <$testInput>) {
+ chomp($inputLine);
+ my $handled = 0;
+ if ($inputLine =~ /^JSC EXCEPTION FUZZ:/) {
+ if ($' =~ /encountered ([0-9]+) checks\./) {
+ $checkCount = $1;
+ }
+ $handled = 1;
+ }
+ if (!$handled || $verbose) {
+ print "checkCount: $inputLine\n";
+ }
+}
+close($testInput);
+
+if ($verbose) {
+ print "Check count: $checkCount\n";
+ print "Seed: $seed\n";
+}
+
+srand($seed);
+
+for (my $iteration = 0; $iteration < $repeat; ++$iteration) {
+ my $target = int(rand() * $checkCount);
+ if ($verbose) {
+ print "iteration($iteration) target($target): Running.\n";
+ }
+ open ($testInput, "$commandString --enableExceptionFuzz=true --fireExceptionFuzzAt=$target |") or fail("Cannot execute command on iteration $iteration");
+ my $state = "waiting";
+ while (my $inputLine = <$testInput>) {
+ chomp($inputLine);
+ my $handled = 0;
+ if ($inputLine =~ /^JSC EXCEPTION FUZZ:/) {
+ if ($' =~ /Throwing fuzz exception/) {
+ if ($verbose) {
+ print "iteration($iteration) target($target): Threw fuzz exception.\n";
+ }
+ if ($state eq "waiting") {
+ $state = "thrown";
+ } else {
+ fail("Unexpected $inputLine while in state $state for target $target");
+ }
+ } elsif ($' =~ /Caught exception/) {
+ if ($verbose) {
+ print "iteration($iteration) target($target): Caught fuzz exception.\n";
+ }
+ if ($state eq "thrown") {
+ $state = "waiting";
+ } else {
+ fail("Unexpected $inputLine while in state $state for target $target");
+ }
+ }
+ $handled = 1;
+ }
+ if (!$handled || $verbose) {
+ print "iteration($iteration) target($target): $inputLine\n";
+ }
+ }
+ if ($state ne "waiting") {
+ fail("Unexpected state $state at end for target $target");
+ }
+ close($testInput);
+ if ($? != 0) {
+ fail("Unexpected exit status $? for target $target");
+ }
+}
+
+if ($verbose) {
+ print "Success!\n";
+}
</ins></span></pre></div>
<a id="branchessafari6001branchToolsScriptsrunjavascriptcoretests"></a>
<div class="modfile"><h4>Modified: branches/safari-600.1-branch/Tools/Scripts/run-javascriptcore-tests (171410 => 171411)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.1-branch/Tools/Scripts/run-javascriptcore-tests        2014-07-23 05:41:28 UTC (rev 171410)
+++ branches/safari-600.1-branch/Tools/Scripts/run-javascriptcore-tests        2014-07-23 05:44:59 UTC (rev 171411)
</span><span class="lines">@@ -237,6 +237,7 @@
</span><span class="cx"> "/usr/bin/env", "ruby", "Tools/Scripts/run-jsc-stress-tests",
</span><span class="cx"> "-j", jscPath($productDir), "-o", $jscStressResultsDir,
</span><span class="cx"> "PerformanceTests/SunSpider/tests/sunspider-1.0",
</span><ins>+ "Source/JavaScriptCore/tests/exceptionFuzz.yaml",
</ins><span class="cx"> "PerformanceTests/SunSpider/no-architecture-specific-optimizations.yaml",
</span><span class="cx"> "PerformanceTests/SunSpider/tests/v8-v6",
</span><span class="cx"> "Source/JavaScriptCore/tests/mozilla/mozilla-tests.yaml",
</span></span></pre></div>
<a id="branchessafari6001branchToolsScriptsrunjscstresstests"></a>
<div class="modfile"><h4>Modified: branches/safari-600.1-branch/Tools/Scripts/run-jsc-stress-tests (171410 => 171411)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.1-branch/Tools/Scripts/run-jsc-stress-tests        2014-07-23 05:41:28 UTC (rev 171410)
+++ branches/safari-600.1-branch/Tools/Scripts/run-jsc-stress-tests        2014-07-23 05:44:59 UTC (rev 171411)
</span><span class="lines">@@ -733,6 +733,10 @@
</span><span class="cx"> end
</span><span class="cx"> end
</span><span class="cx">
</span><ins>+def runExceptionFuzz
+ addRunCommand("exception-fuzz", ["perl", (HELPERS_PATH + "js-exception-fuzz").to_s, pathToVM.to_s, $benchmark.to_s], silentOutputHandler, simpleErrorHandler)
+end
+
</ins><span class="cx"> def runLayoutTest(kind, *options)
</span><span class="cx"> raise unless $benchmark.to_s =~ /\.js$/
</span><span class="cx"> testName = $~.pre_match
</span></span></pre>
</div>
</div>
</body>
</html>