<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[209080] trunk/Source/JavaScriptCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/209080">209080</a></dd>
<dt>Author</dt> <dd>mark.lam@apple.com</dd>
<dt>Date</dt> <dd>2016-11-29 11:08:59 -0800 (Tue, 29 Nov 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>Fix exception scope verification failures in ProxyConstructor.cpp and ProxyObject.cpp.
https://bugs.webkit.org/show_bug.cgi?id=165053
Reviewed by Saam Barati.
Also replaced returning JSValue() with returning { }.
* runtime/ProxyConstructor.cpp:
(JSC::constructProxyObject):
* runtime/ProxyObject.cpp:
(JSC::ProxyObject::structureForTarget):
(JSC::performProxyGet):
(JSC::ProxyObject::performInternalMethodGetOwnProperty):
(JSC::ProxyObject::performHasProperty):
(JSC::ProxyObject::getOwnPropertySlotCommon):
(JSC::ProxyObject::performPut):
(JSC::ProxyObject::putByIndexCommon):
(JSC::performProxyCall):
(JSC::performProxyConstruct):
(JSC::ProxyObject::performDelete):
(JSC::ProxyObject::performPreventExtensions):
(JSC::ProxyObject::performIsExtensible):
(JSC::ProxyObject::performDefineOwnProperty):
(JSC::ProxyObject::performGetOwnPropertyNames):
(JSC::ProxyObject::performSetPrototype):
(JSC::ProxyObject::performGetPrototype):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeProxyConstructorcpp">trunk/Source/JavaScriptCore/runtime/ProxyConstructor.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeProxyObjectcpp">trunk/Source/JavaScriptCore/runtime/ProxyObject.cpp</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (209079 => 209080)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2016-11-29 19:02:54 UTC (rev 209079)
+++ trunk/Source/JavaScriptCore/ChangeLog 2016-11-29 19:08:59 UTC (rev 209080)
</span><span class="lines">@@ -1,3 +1,32 @@
</span><ins>+2016-11-29 Mark Lam <mark.lam@apple.com>
+
+ Fix exception scope verification failures in ProxyConstructor.cpp and ProxyObject.cpp.
+ https://bugs.webkit.org/show_bug.cgi?id=165053
+
+ Reviewed by Saam Barati.
+
+ Also replaced returning JSValue() with returning { }.
+
+ * runtime/ProxyConstructor.cpp:
+ (JSC::constructProxyObject):
+ * runtime/ProxyObject.cpp:
+ (JSC::ProxyObject::structureForTarget):
+ (JSC::performProxyGet):
+ (JSC::ProxyObject::performInternalMethodGetOwnProperty):
+ (JSC::ProxyObject::performHasProperty):
+ (JSC::ProxyObject::getOwnPropertySlotCommon):
+ (JSC::ProxyObject::performPut):
+ (JSC::ProxyObject::putByIndexCommon):
+ (JSC::performProxyCall):
+ (JSC::performProxyConstruct):
+ (JSC::ProxyObject::performDelete):
+ (JSC::ProxyObject::performPreventExtensions):
+ (JSC::ProxyObject::performIsExtensible):
+ (JSC::ProxyObject::performDefineOwnProperty):
+ (JSC::ProxyObject::performGetOwnPropertyNames):
+ (JSC::ProxyObject::performSetPrototype):
+ (JSC::ProxyObject::performGetPrototype):
+
</ins><span class="cx"> 2016-11-28 Matt Baker <mattbaker@apple.com>
</span><span class="cx">
</span><span class="cx"> Web Inspector: Debugger should have an option for showing asynchronous call stacks
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeProxyConstructorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/ProxyConstructor.cpp (209079 => 209080)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ProxyConstructor.cpp 2016-11-29 19:02:54 UTC (rev 209079)
+++ trunk/Source/JavaScriptCore/runtime/ProxyConstructor.cpp 2016-11-29 19:08:59 UTC (rev 209080)
</span><span class="lines">@@ -99,6 +99,7 @@
</span><span class="cx"> ArgList args(exec);
</span><span class="cx"> JSValue target = args.at(0);
</span><span class="cx"> JSValue handler = args.at(1);
</span><ins>+ scope.release();
</ins><span class="cx"> return JSValue::encode(ProxyObject::create(exec, exec->lexicalGlobalObject(), target, handler));
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeProxyObjectcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/ProxyObject.cpp (209079 => 209080)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ProxyObject.cpp 2016-11-29 19:02:54 UTC (rev 209079)
+++ trunk/Source/JavaScriptCore/runtime/ProxyObject.cpp 2016-11-29 19:08:59 UTC (rev 209080)
</span><span class="lines">@@ -74,7 +74,8 @@
</span><span class="cx">
</span><span class="cx"> JSObject* targetAsObject = jsCast<JSObject*>(target);
</span><span class="cx"> CallData ignoredCallData;
</span><del>- bool isCallable = targetAsObject->methodTable()->getCallData(targetAsObject, ignoredCallData) != CallType::None;
</del><ins>+ VM& vm = globalObject->vm();
+ bool isCallable = targetAsObject->methodTable(vm)->getCallData(targetAsObject, ignoredCallData) != CallType::None;
</ins><span class="cx"> return isCallable ? globalObject->callableProxyObjectStructure() : globalObject->proxyObjectStructure();
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -121,7 +122,7 @@
</span><span class="cx"> auto scope = DECLARE_THROW_SCOPE(vm);
</span><span class="cx"> if (UNLIKELY(!vm.isSafeToRecurseSoft())) {
</span><span class="cx"> throwStackOverflowError(exec, scope);
</span><del>- return JSValue();
</del><ins>+ return { };
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> JSObject* target = proxyObject->target();
</span><span class="lines">@@ -130,8 +131,10 @@
</span><span class="cx"> return target->get(exec, propertyName);
</span><span class="cx"> };
</span><span class="cx">
</span><del>- if (vm.propertyNames->isPrivateName(Identifier::fromUid(&vm, propertyName.uid())))
</del><ins>+ if (vm.propertyNames->isPrivateName(Identifier::fromUid(&vm, propertyName.uid()))) {
+ scope.release();
</ins><span class="cx"> return performDefaultGet();
</span><ins>+ }
</ins><span class="cx">
</span><span class="cx"> JSValue handlerValue = proxyObject->handler();
</span><span class="cx"> if (handlerValue.isNull())
</span><span class="lines">@@ -141,10 +144,12 @@
</span><span class="cx"> CallData callData;
</span><span class="cx"> CallType callType;
</span><span class="cx"> JSValue getHandler = handler->getMethod(exec, callData, callType, vm.propertyNames->get, ASCIILiteral("'get' property of a Proxy's handler object should be callable"));
</span><del>- RETURN_IF_EXCEPTION(scope, JSValue());
</del><ins>+ RETURN_IF_EXCEPTION(scope, { });
</ins><span class="cx">
</span><del>- if (getHandler.isUndefined())
</del><ins>+ if (getHandler.isUndefined()) {
+ scope.release();
</ins><span class="cx"> return performDefaultGet();
</span><ins>+ }
</ins><span class="cx">
</span><span class="cx"> MarkedArgumentBuffer arguments;
</span><span class="cx"> arguments.append(target);
</span><span class="lines">@@ -151,7 +156,7 @@
</span><span class="cx"> arguments.append(identifierToSafePublicJSValue(vm, Identifier::fromUid(&vm, propertyName.uid())));
</span><span class="cx"> arguments.append(receiver);
</span><span class="cx"> JSValue trapResult = call(exec, getHandler, callType, callData, handler, arguments);
</span><del>- RETURN_IF_EXCEPTION(scope, JSValue());
</del><ins>+ RETURN_IF_EXCEPTION(scope, { });
</ins><span class="cx">
</span><span class="cx"> PropertyDescriptor descriptor;
</span><span class="cx"> if (target->getOwnPropertyDescriptor(exec, propertyName, descriptor)) {
</span><span class="lines">@@ -164,7 +169,7 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><del>- RETURN_IF_EXCEPTION(scope, JSValue());
</del><ins>+ RETURN_IF_EXCEPTION(scope, { });
</ins><span class="cx">
</span><span class="cx"> return trapResult;
</span><span class="cx"> }
</span><span class="lines">@@ -194,8 +199,10 @@
</span><span class="cx"> return target->methodTable(vm)->getOwnPropertySlot(target, exec, propertyName, slot);
</span><span class="cx"> };
</span><span class="cx">
</span><del>- if (vm.propertyNames->isPrivateName(Identifier::fromUid(&vm, propertyName.uid())))
</del><ins>+ if (vm.propertyNames->isPrivateName(Identifier::fromUid(&vm, propertyName.uid()))) {
+ scope.release();
</ins><span class="cx"> return performDefaultGetOwnProperty();
</span><ins>+ }
</ins><span class="cx">
</span><span class="cx"> JSValue handlerValue = this->handler();
</span><span class="cx"> if (handlerValue.isNull()) {
</span><span class="lines">@@ -208,8 +215,10 @@
</span><span class="cx"> CallType callType;
</span><span class="cx"> JSValue getOwnPropertyDescriptorMethod = handler->getMethod(exec, callData, callType, makeIdentifier(vm, "getOwnPropertyDescriptor"), ASCIILiteral("'getOwnPropertyDescriptor' property of a Proxy's handler should be callable"));
</span><span class="cx"> RETURN_IF_EXCEPTION(scope, false);
</span><del>- if (getOwnPropertyDescriptorMethod.isUndefined())
</del><ins>+ if (getOwnPropertyDescriptorMethod.isUndefined()) {
+ scope.release();
</ins><span class="cx"> return performDefaultGetOwnProperty();
</span><ins>+ }
</ins><span class="cx">
</span><span class="cx"> MarkedArgumentBuffer arguments;
</span><span class="cx"> arguments.append(target);
</span><span class="lines">@@ -256,6 +265,7 @@
</span><span class="cx"> bool throwException = false;
</span><span class="cx"> bool valid = validateAndApplyPropertyDescriptor(exec, nullptr, propertyName, isExtensible,
</span><span class="cx"> trapResultAsDescriptor, isTargetPropertyDescriptorDefined, targetPropertyDescriptor, throwException);
</span><ins>+ RETURN_IF_EXCEPTION(scope, false);
</ins><span class="cx"> if (!valid) {
</span><span class="cx"> throwVMTypeError(exec, scope, ASCIILiteral("Result from 'getOwnPropertyDescriptor' fails the IsCompatiblePropertyDescriptor test"));
</span><span class="cx"> return false;
</span><span class="lines">@@ -295,8 +305,10 @@
</span><span class="cx"> return target->methodTable(vm)->getOwnPropertySlot(target, exec, propertyName, slot);
</span><span class="cx"> };
</span><span class="cx">
</span><del>- if (vm.propertyNames->isPrivateName(Identifier::fromUid(&vm, propertyName.uid())))
</del><ins>+ if (vm.propertyNames->isPrivateName(Identifier::fromUid(&vm, propertyName.uid()))) {
+ scope.release();
</ins><span class="cx"> return performDefaultHasProperty();
</span><ins>+ }
</ins><span class="cx">
</span><span class="cx"> JSValue handlerValue = this->handler();
</span><span class="cx"> if (handlerValue.isNull()) {
</span><span class="lines">@@ -309,8 +321,10 @@
</span><span class="cx"> CallType callType;
</span><span class="cx"> JSValue hasMethod = handler->getMethod(exec, callData, callType, vm.propertyNames->has, ASCIILiteral("'has' property of a Proxy's handler should be callable"));
</span><span class="cx"> RETURN_IF_EXCEPTION(scope, false);
</span><del>- if (hasMethod.isUndefined())
</del><ins>+ if (hasMethod.isUndefined()) {
+ scope.release();
</ins><span class="cx"> return performDefaultHasProperty();
</span><ins>+ }
</ins><span class="cx">
</span><span class="cx"> MarkedArgumentBuffer arguments;
</span><span class="cx"> arguments.append(target);
</span><span class="lines">@@ -354,10 +368,13 @@
</span><span class="cx"> slot.setIsTaintedByOpaqueObject();
</span><span class="cx"> switch (slot.internalMethodType()) {
</span><span class="cx"> case PropertySlot::InternalMethodType::Get:
</span><ins>+ scope.release();
</ins><span class="cx"> return performGet(exec, propertyName, slot);
</span><span class="cx"> case PropertySlot::InternalMethodType::GetOwnProperty:
</span><ins>+ scope.release();
</ins><span class="cx"> return performInternalMethodGetOwnProperty(exec, propertyName, slot);
</span><span class="cx"> case PropertySlot::InternalMethodType::HasProperty:
</span><ins>+ scope.release();
</ins><span class="cx"> return performHasProperty(exec, propertyName, slot);
</span><span class="cx"> default:
</span><span class="cx"> return false;
</span><span class="lines">@@ -390,8 +407,10 @@
</span><span class="cx"> return false;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (vm.propertyNames->isPrivateName(Identifier::fromUid(&vm, propertyName.uid())))
</del><ins>+ if (vm.propertyNames->isPrivateName(Identifier::fromUid(&vm, propertyName.uid()))) {
+ scope.release();
</ins><span class="cx"> return performDefaultPut();
</span><ins>+ }
</ins><span class="cx">
</span><span class="cx"> JSValue handlerValue = this->handler();
</span><span class="cx"> if (handlerValue.isNull()) {
</span><span class="lines">@@ -405,8 +424,10 @@
</span><span class="cx"> JSValue setMethod = handler->getMethod(exec, callData, callType, vm.propertyNames->set, ASCIILiteral("'set' property of a Proxy's handler should be callable"));
</span><span class="cx"> RETURN_IF_EXCEPTION(scope, false);
</span><span class="cx"> JSObject* target = this->target();
</span><del>- if (setMethod.isUndefined())
</del><ins>+ if (setMethod.isUndefined()) {
+ scope.release();
</ins><span class="cx"> return performDefaultPut();
</span><ins>+ }
</ins><span class="cx">
</span><span class="cx"> MarkedArgumentBuffer arguments;
</span><span class="cx"> arguments.append(target);
</span><span class="lines">@@ -460,6 +481,7 @@
</span><span class="cx"> PutPropertySlot slot(thisValue, isStrictMode); // We must preserve the "this" target of the putByIndex.
</span><span class="cx"> return target->methodTable(vm)->put(target, exec, ident.impl(), putValue, slot);
</span><span class="cx"> };
</span><ins>+ scope.release();
</ins><span class="cx"> return performPut(exec, putValue, thisValue, ident.impl(), performDefaultPut);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -475,7 +497,7 @@
</span><span class="cx"> auto scope = DECLARE_THROW_SCOPE(vm);
</span><span class="cx"> if (UNLIKELY(!vm.isSafeToRecurseSoft())) {
</span><span class="cx"> throwStackOverflowError(exec, scope);
</span><del>- return JSValue::encode(JSValue());
</del><ins>+ return encodedJSValue();
</ins><span class="cx"> }
</span><span class="cx"> ProxyObject* proxy = jsCast<ProxyObject*>(exec->callee());
</span><span class="cx"> JSValue handlerValue = proxy->handler();
</span><span class="lines">@@ -492,6 +514,7 @@
</span><span class="cx"> CallData callData;
</span><span class="cx"> CallType callType = target->methodTable(vm)->getCallData(target, callData);
</span><span class="cx"> RELEASE_ASSERT(callType != CallType::None);
</span><ins>+ scope.release();
</ins><span class="cx"> return JSValue::encode(call(exec, target, callType, callData, exec->thisValue(), ArgList(exec)));
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -501,6 +524,7 @@
</span><span class="cx"> arguments.append(target);
</span><span class="cx"> arguments.append(exec->thisValue());
</span><span class="cx"> arguments.append(argArray);
</span><ins>+ scope.release();
</ins><span class="cx"> return JSValue::encode(call(exec, applyMethod, callType, callData, handler, arguments));
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -523,7 +547,7 @@
</span><span class="cx"> auto scope = DECLARE_THROW_SCOPE(vm);
</span><span class="cx"> if (UNLIKELY(!vm.isSafeToRecurseSoft())) {
</span><span class="cx"> throwStackOverflowError(exec, scope);
</span><del>- return JSValue::encode(JSValue());
</del><ins>+ return encodedJSValue();
</ins><span class="cx"> }
</span><span class="cx"> ProxyObject* proxy = jsCast<ProxyObject*>(exec->callee());
</span><span class="cx"> JSValue handlerValue = proxy->handler();
</span><span class="lines">@@ -540,6 +564,7 @@
</span><span class="cx"> ConstructData constructData;
</span><span class="cx"> ConstructType constructType = target->methodTable(vm)->getConstructData(target, constructData);
</span><span class="cx"> RELEASE_ASSERT(constructType != ConstructType::None);
</span><ins>+ scope.release();
</ins><span class="cx"> return JSValue::encode(construct(exec, target, constructType, constructData, ArgList(exec), exec->newTarget()));
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -579,8 +604,10 @@
</span><span class="cx"> return false;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (vm.propertyNames->isPrivateName(Identifier::fromUid(&vm, propertyName.uid())))
</del><ins>+ if (vm.propertyNames->isPrivateName(Identifier::fromUid(&vm, propertyName.uid()))) {
+ scope.release();
</ins><span class="cx"> return performDefaultDelete();
</span><ins>+ }
</ins><span class="cx">
</span><span class="cx"> JSValue handlerValue = this->handler();
</span><span class="cx"> if (handlerValue.isNull()) {
</span><span class="lines">@@ -594,8 +621,10 @@
</span><span class="cx"> JSValue deletePropertyMethod = handler->getMethod(exec, callData, callType, makeIdentifier(vm, "deleteProperty"), ASCIILiteral("'deleteProperty' property of a Proxy's handler should be callable"));
</span><span class="cx"> RETURN_IF_EXCEPTION(scope, false);
</span><span class="cx"> JSObject* target = this->target();
</span><del>- if (deletePropertyMethod.isUndefined())
</del><ins>+ if (deletePropertyMethod.isUndefined()) {
+ scope.release();
</ins><span class="cx"> return performDefaultDelete();
</span><ins>+ }
</ins><span class="cx">
</span><span class="cx"> MarkedArgumentBuffer arguments;
</span><span class="cx"> arguments.append(target);
</span><span class="lines">@@ -664,8 +693,10 @@
</span><span class="cx"> JSValue preventExtensionsMethod = handler->getMethod(exec, callData, callType, makeIdentifier(vm, "preventExtensions"), ASCIILiteral("'preventExtensions' property of a Proxy's handler should be callable"));
</span><span class="cx"> RETURN_IF_EXCEPTION(scope, false);
</span><span class="cx"> JSObject* target = this->target();
</span><del>- if (preventExtensionsMethod.isUndefined())
</del><ins>+ if (preventExtensionsMethod.isUndefined()) {
+ scope.release();
</ins><span class="cx"> return target->methodTable(vm)->preventExtensions(target, exec);
</span><ins>+ }
</ins><span class="cx">
</span><span class="cx"> MarkedArgumentBuffer arguments;
</span><span class="cx"> arguments.append(target);
</span><span class="lines">@@ -714,8 +745,10 @@
</span><span class="cx"> RETURN_IF_EXCEPTION(scope, false);
</span><span class="cx">
</span><span class="cx"> JSObject* target = this->target();
</span><del>- if (isExtensibleMethod.isUndefined())
</del><ins>+ if (isExtensibleMethod.isUndefined()) {
+ scope.release();
</ins><span class="cx"> return target->isExtensible(exec);
</span><ins>+ }
</ins><span class="cx">
</span><span class="cx"> MarkedArgumentBuffer arguments;
</span><span class="cx"> arguments.append(target);
</span><span class="lines">@@ -758,6 +791,7 @@
</span><span class="cx">
</span><span class="cx"> JSObject* target = this->target();
</span><span class="cx"> auto performDefaultDefineOwnProperty = [&] {
</span><ins>+ scope.release();
</ins><span class="cx"> return target->methodTable(vm)->defineOwnProperty(target, exec, propertyName, descriptor, shouldThrow);
</span><span class="cx"> };
</span><span class="cx">
</span><span class="lines">@@ -821,6 +855,7 @@
</span><span class="cx"> const PropertyDescriptor& current = targetDescriptor;
</span><span class="cx"> bool throwException = false;
</span><span class="cx"> bool isCompatibleDescriptor = validateAndApplyPropertyDescriptor(exec, nullptr, propertyName, targetIsExtensible, descriptor, isCurrentDefined, current, throwException);
</span><ins>+ RETURN_IF_EXCEPTION(scope, false);
</ins><span class="cx"> if (!isCompatibleDescriptor) {
</span><span class="cx"> throwVMTypeError(exec, scope, ASCIILiteral("Proxy's 'defineProperty' trap did not define a property on its target that is compatible with the trap's input descriptor"));
</span><span class="cx"> return false;
</span><span class="lines">@@ -860,7 +895,8 @@
</span><span class="cx"> RETURN_IF_EXCEPTION(scope, void());
</span><span class="cx"> JSObject* target = this->target();
</span><span class="cx"> if (ownKeysMethod.isUndefined()) {
</span><del>- target->methodTable(exec->vm())->getOwnPropertyNames(target, exec, trapResult, enumerationMode);
</del><ins>+ scope.release();
+ target->methodTable(vm)->getOwnPropertyNames(target, exec, trapResult, enumerationMode);
</ins><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -905,6 +941,7 @@
</span><span class="cx"> RETURN_IF_EXCEPTION(scope, void());
</span><span class="cx">
</span><span class="cx"> bool targetIsExensible = target->isExtensible(exec);
</span><ins>+ RETURN_IF_EXCEPTION(scope, void());
</ins><span class="cx">
</span><span class="cx"> PropertyNameArray targetKeys(&vm, propertyNameMode);
</span><span class="cx"> target->methodTable(vm)->getOwnPropertyNames(target, exec, targetKeys, enumerationMode);
</span><span class="lines">@@ -1005,8 +1042,10 @@
</span><span class="cx"> RETURN_IF_EXCEPTION(scope, false);
</span><span class="cx">
</span><span class="cx"> JSObject* target = this->target();
</span><del>- if (setPrototypeOfMethod.isUndefined())
</del><ins>+ if (setPrototypeOfMethod.isUndefined()) {
+ scope.release();
</ins><span class="cx"> return target->setPrototype(vm, exec, prototype, shouldThrowIfCantSet);
</span><ins>+ }
</ins><span class="cx">
</span><span class="cx"> MarkedArgumentBuffer arguments;
</span><span class="cx"> arguments.append(target);
</span><span class="lines">@@ -1049,13 +1088,13 @@
</span><span class="cx"> auto scope = DECLARE_THROW_SCOPE(vm);
</span><span class="cx"> if (UNLIKELY(!vm.isSafeToRecurseSoft())) {
</span><span class="cx"> throwStackOverflowError(exec, scope);
</span><del>- return JSValue();
</del><ins>+ return { };
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> JSValue handlerValue = this->handler();
</span><span class="cx"> if (handlerValue.isNull()) {
</span><span class="cx"> throwVMTypeError(exec, scope, ASCIILiteral(s_proxyAlreadyRevokedErrorMessage));
</span><del>- return JSValue();
</del><ins>+ return { };
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> JSObject* handler = jsCast<JSObject*>(handlerValue);
</span><span class="lines">@@ -1062,32 +1101,34 @@
</span><span class="cx"> CallData callData;
</span><span class="cx"> CallType callType;
</span><span class="cx"> JSValue getPrototypeOfMethod = handler->getMethod(exec, callData, callType, makeIdentifier(vm, "getPrototypeOf"), ASCIILiteral("'getPrototypeOf' property of a Proxy's handler should be callable"));
</span><del>- RETURN_IF_EXCEPTION(scope, JSValue());
</del><ins>+ RETURN_IF_EXCEPTION(scope, { });
</ins><span class="cx">
</span><span class="cx"> JSObject* target = this->target();
</span><del>- if (getPrototypeOfMethod.isUndefined())
</del><ins>+ if (getPrototypeOfMethod.isUndefined()) {
+ scope.release();
</ins><span class="cx"> return target->getPrototype(vm, exec);
</span><ins>+ }
</ins><span class="cx">
</span><span class="cx"> MarkedArgumentBuffer arguments;
</span><span class="cx"> arguments.append(target);
</span><span class="cx"> JSValue trapResult = call(exec, getPrototypeOfMethod, callType, callData, handler, arguments);
</span><del>- RETURN_IF_EXCEPTION(scope, JSValue());
</del><ins>+ RETURN_IF_EXCEPTION(scope, { });
</ins><span class="cx">
</span><span class="cx"> if (!trapResult.isObject() && !trapResult.isNull()) {
</span><span class="cx"> throwVMTypeError(exec, scope, ASCIILiteral("Proxy handler's 'getPrototypeOf' trap should either return an object or null"));
</span><del>- return JSValue();
</del><ins>+ return { };
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> bool targetIsExtensible = target->isExtensible(exec);
</span><del>- RETURN_IF_EXCEPTION(scope, JSValue());
</del><ins>+ RETURN_IF_EXCEPTION(scope, { });
</ins><span class="cx"> if (targetIsExtensible)
</span><span class="cx"> return trapResult;
</span><span class="cx">
</span><span class="cx"> JSValue targetPrototype = target->getPrototype(vm, exec);
</span><del>- RETURN_IF_EXCEPTION(scope, JSValue());
</del><ins>+ RETURN_IF_EXCEPTION(scope, { });
</ins><span class="cx"> if (!sameValue(exec, targetPrototype, trapResult)) {
</span><span class="cx"> throwVMTypeError(exec, scope, ASCIILiteral("Proxy's 'getPrototypeOf' trap for a non-extensible target should return the same value as the target's prototype"));
</span><del>- return JSValue();
</del><ins>+ return { };
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> return trapResult;
</span></span></pre>
</div>
</div>
</body>
</html>