<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[206643] trunk/Source/JavaScriptCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/206643">206643</a></dd>
<dt>Author</dt> <dd>mark.lam@apple.com</dd>
<dt>Date</dt> <dd>2016-09-30 11:15:38 -0700 (Fri, 30 Sep 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>Use topVMEntryFrame to determine whether to skip the re-throw of a simulated throw.
https://bugs.webkit.org/show_bug.cgi?id=162793
Reviewed by Saam Barati.
Change the ThrowScope destructor to use topVMEntryFrame (instead of topCallFrame)
in the determination of whether to skip the re-throw of a simulated throw. This
is needed because the topCallFrame is not updated in operationConstructArityCheck()
(and does not need to be), whereas topVMEntryFrame is always updated properly.
Hence, we should just switch to using the more reliable topVMEntryFrame instead.
This issue was discovered by existing JSC tests when exception check validation
is enabled.
* runtime/ThrowScope.cpp:
(JSC::ThrowScope::~ThrowScope):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeThrowScopecpp">trunk/Source/JavaScriptCore/runtime/ThrowScope.cpp</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (206642 => 206643)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2016-09-30 17:02:46 UTC (rev 206642)
+++ trunk/Source/JavaScriptCore/ChangeLog 2016-09-30 18:15:38 UTC (rev 206643)
</span><span class="lines">@@ -1,3 +1,22 @@
</span><ins>+2016-09-30 Mark Lam <mark.lam@apple.com>
+
+ Use topVMEntryFrame to determine whether to skip the re-throw of a simulated throw.
+ https://bugs.webkit.org/show_bug.cgi?id=162793
+
+ Reviewed by Saam Barati.
+
+ Change the ThrowScope destructor to use topVMEntryFrame (instead of topCallFrame)
+ in the determination of whether to skip the re-throw of a simulated throw. This
+ is needed because the topCallFrame is not updated in operationConstructArityCheck()
+ (and does not need to be), whereas topVMEntryFrame is always updated properly.
+ Hence, we should just switch to using the more reliable topVMEntryFrame instead.
+
+ This issue was discovered by existing JSC tests when exception check validation
+ is enabled.
+
+ * runtime/ThrowScope.cpp:
+ (JSC::ThrowScope::~ThrowScope):
+
</ins><span class="cx"> 2016-09-30 Filip Pizlo <fpizlo@apple.com>
</span><span class="cx">
</span><span class="cx"> 64-bit LLInt needs to have a concurrency-aware barrier
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeThrowScopecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/ThrowScope.cpp (206642 => 206643)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ThrowScope.cpp 2016-09-30 17:02:46 UTC (rev 206642)
+++ trunk/Source/JavaScriptCore/runtime/ThrowScope.cpp 2016-09-30 18:15:38 UTC (rev 206643)
</span><span class="lines">@@ -57,13 +57,13 @@
</span><span class="cx">
</span><span class="cx"> bool willBeHandleByLLIntOrJIT = false;
</span><span class="cx"> void* previousScope = m_previousScope;
</span><del>- void* topCallFrame = m_vm.topCallFrame;
-
- // If the topCallFrame was pushed on the stack after the previousScope was instantiated,
</del><ins>+ void* topVMEntryFrame = m_vm.topVMEntryFrame;
+
+ // If the topVMEntryFrame was pushed on the stack after the previousScope was instantiated,
</ins><span class="cx"> // then this throwScope will be returning to LLINT or JIT code that always do an exception
</span><span class="cx"> // check. In that case, skip the simulated throw because the LLInt and JIT will be
</span><span class="cx"> // checking for the exception their own way instead of calling ThrowScope::exception().
</span><del>- if (topCallFrame && previousScope > topCallFrame)
</del><ins>+ if (topVMEntryFrame && previousScope > topVMEntryFrame)
</ins><span class="cx"> willBeHandleByLLIntOrJIT = true;
</span><span class="cx">
</span><span class="cx"> if (!willBeHandleByLLIntOrJIT)
</span></span></pre>
</div>
</div>
</body>
</html>