[Webkit-unassigned] [Bug 145870] New: Introducing ExceptionResult.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jun 10 20:55:01 PDT 2015 

https://bugs.webkit.org/show_bug.cgi?id=145870

            Bug ID: 145870
           Summary: Introducing ExceptionResult.
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mark.lam at apple.com

Before r185259, calls into the VM takes a JSValue* exceptionResult argument for returning any uncaught exception that may have been thrown while executing JS code.  As a result, clients of the VM APIs will declare a local JSValue exceptionResult which is automatically initialized to a null value (i.e. the empty value, not the JS null value).  With r185259, the call APIs were changes to take an Exception*& exceptionResult instead, and the VM functions are responsible for initializing the exceptionResult to null if no exception is thrown.  This introduces 2 issues:

1. the VM code is vulnerable to modifications that may add early returns before the exceptionResult is nullified.  This can result in the exceptionResult being used without initialization.

2. Previously, a client could technically use the same exceptionResult for more than one calls into the VM.  If an earlier call sets it to a thrown value, the thrown value will stick unless a subsequent call throws a different exception.  With the new Exception*& exceptionResult, the VM calls will always clear the exceptionResult before proceeding.  As a result, the client's exceptionResult will be null after the second call even though the first call saw an exception thrown.  This is a change in expected behavior.

To fix these issues, we'll introduce an ExceptionResult class which embeds and auto-initializes an Exception*.  The VM calls will be reverted to only set the exceptionResult if a new exception is thrown.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150611/c866d537/attachment.html>

More information about the webkit-unassigned mailing list