[Webkit-unassigned] [Bug 208766] New: REGRESSION (r258049): Unchecked JS exception in jsc::Stringifier::toJSON

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Mar 7 10:16:46 PST 2020 

https://bugs.webkit.org/show_bug.cgi?id=208766

            Bug ID: 208766
           Summary: REGRESSION (r258049): Unchecked JS exception in
                    jsc::Stringifier::toJSON
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ryanhaddad at apple.com

After https://trac.webkit.org/changeset/258049/webkit, the debug JSC bit has 44 test failures due to an unchecked JS exception:

microbenchmarks/json-stringify-many-objects-to-json.js.default: ERROR: Unchecked JS exception:
microbenchmarks/json-stringify-many-objects-to-json.js.default:     This scope can throw a JS exception: executeCall @ ./interpreter/Interpreter.cpp:858
microbenchmarks/json-stringify-many-objects-to-json.js.default:         (ExceptionScope::m_recursionDepth was 10)
microbenchmarks/json-stringify-many-objects-to-json.js.default:     But the exception was unchecked as of this scope: toJSON @ ./runtime/JSONObject.cpp:301
microbenchmarks/json-stringify-many-objects-to-json.js.default:         (ExceptionScope::m_recursionDepth was 9)
microbenchmarks/json-stringify-many-objects-to-json.js.default: 
microbenchmarks/json-stringify-many-objects-to-json.js.default: Unchecked exception detected at:
microbenchmarks/json-stringify-many-objects-to-json.js.default:     1   0x10b9c30ae JSC::VM::verifyExceptionCheckNeedIsSatisfied(unsigned int, JSC::ExceptionEventLocation&)
microbenchmarks/json-stringify-many-objects-to-json.js.default:     2   0x10b99beed JSC::ThrowScope::~ThrowScope()
microbenchmarks/json-stringify-many-objects-to-json.js.default:     3   0x10b99c0f5 JSC::ThrowScope::~ThrowScope()
microbenchmarks/json-stringify-many-objects-to-json.js.default:     4   0x10b80713c JSC::Stringifier::toJSON(JSC::JSValue, JSC::PropertyNameForFunctionCall const&)
microbenchmarks/json-stringify-many-objects-to-json.js.default:     5   0x10b8063b9 JSC::Stringifier::appendStringifiedValue(WTF::StringBuilder&, JSC::JSValue, JSC::Stringifier::Holder const&, JSC::PropertyNameForFunctionCall const&)
microbenchmarks/json-stringify-many-objects-to-json.js.default:     6   0x10b807efa JSC::Stringifier::Holder::appendNextProperty(JSC::Stringifier&, WTF::StringBuilder&)
microbenchmarks/json-stringify-many-objects-to-json.js.default:     7   0x10b806cd5 JSC::Stringifier::appendStringifiedValue(WTF::StringBuilder&, JSC::JSValue, JSC::Stringifier::Holder const&, JSC::PropertyNameForFunctionCall const&)
microbenchmarks/json-stringify-many-objects-to-json.js.default:     8   0x10b80608c JSC::Stringifier::stringify(JSC::JSValue)
microbenchmarks/json-stringify-many-objects-to-json.js.default:     9   0x10b80b568 JSC::JSONProtoFuncStringify(JSC::JSGlobalObject*, JSC::CallFrame*)
microbenchmarks/json-stringify-many-objects-to-json.js.default:     10  0x547503e01178
microbenchmarks/json-stringify-many-objects-to-json.js.default:     11  0x10a4faeb3 llint_entry
microbenchmarks/json-stringify-many-objects-to-json.js.default:     12  0x10a4dda93 vmEntryToJavaScript
microbenchmarks/json-stringify-many-objects-to-json.js.default:     13  0x10b2ecf57 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
microbenchmarks/json-stringify-many-objects-to-json.js.default:     14  0x10b2ec5ac JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::JSGlobalObject*, JSC::JSObject*)
microbenchmarks/json-stringify-many-objects-to-json.js.default:     15  0x10b671edc JSC::evaluate(JSC::JSGlobalObject*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
microbenchmarks/json-stringify-many-objects-to-json.js.default:     16  0x109eade4f runWithOptions(GlobalObject*, CommandLine&, bool&)
microbenchmarks/json-stringify-many-objects-to-json.js.default:     17  0x109e7f19a jscmain(int, char**)::$_6::operator()(JSC::VM&, GlobalObject*, bool&) const
microbenchmarks/json-stringify-many-objects-to-json.js.default:     18  0x109e5997b int runJSC<jscmain(int, char**)::$_6>(CommandLine const&, bool, jscmain(int, char**)::$_6 const&)
microbenchmarks/json-stringify-many-objects-to-json.js.default:     19  0x109e58408 jscmain(int, char**)
microbenchmarks/json-stringify-many-objects-to-json.js.default:     20  0x109e581de main
microbenchmarks/json-stringify-many-objects-to-json.js.default:     21  0x7fff719c87fd start

https://build.webkit.org/builders/Apple-Catalina-Debug-JSC-Tests/builds/453

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200307/6d91b1d8/attachment-0001.htm>

More information about the webkit-unassigned mailing list