[webkit-reviews] review granted: [Bug 212561] AssemblyHelpers::callExceptionFuzz() is passing a wrong argument to operationExceptionFuzz(). : [Attachment 400659] proposed patch.

Sat May 30 01:06:32 PDT 2020

Yusuke Suzuki <ysuzuki at apple.com> has granted Mark Lam <mark.lam at apple.com>'s
request for review:
Bug 212561: AssemblyHelpers::callExceptionFuzz() is passing a wrong argument to
operationExceptionFuzz().
https://bugs.webkit.org/show_bug.cgi?id=212561

Attachment 400659: proposed patch.

https://bugs.webkit.org/attachment.cgi?id=400659&action=review

--- Comment #4 from Yusuke Suzuki <ysuzuki at apple.com> ---
Comment on attachment 400659
  --> https://bugs.webkit.org/attachment.cgi?id=400659
proposed patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=400659&action=review

r=me with comments.

> Source/JavaScriptCore/jit/AssemblyHelpers.cpp:255
> +    move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR1);

This is not necessary if prepareCallOperation is called. Let's just pass VM
pointer.

> Source/JavaScriptCore/jit/AssemblyHelpers.cpp:257
>      prepareCallOperation(vm);

Since we are using prepareCallOperation, you can get CallFrame* via `CallFrame*
callFrame = DECLARE_CALL_FRAME(vm);` as it is done in operationExceptionFuzz.
Let's define operationExceptionFuzzWithVM(VM* vmPointer), and implement it as,

operationExceptionFuzzWith(VM* vmPointer)
{
    VM& vm = *vmPointer;
    CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
    JITOperationPrologueCallFrameTracer tracer(vm, callFrame);	/* Note that
this frame tracer must be in the direct caller function from JIT code. */
    ...
}

> Source/JavaScriptCore/jit/JITOperations.cpp:2644
> +    operationExceptionFuzz(callFrame->lexicalGlobalObject(*vm));

Can you factor out the code of operationExceptionFuzz and share it with
operationExceptionFuzz and operationExceptionFuzzWithCallFrame? JIT_OPERATION
functions cannot be called from non JIT code (in particular if
JITOperationPrologueCallFrameTracer is used).