mozilla
/
pjs
зеркало из https://github.com/mozilla/pjs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Compartment mismatch with pending exception (bug 621845, r=lw,jorendorff).

This commit is contained in:
Andreas Gal 2011-01-07 02:03:14 -08:00
Родитель 143559536b
Коммит b63f5c092d
17 изменённых файлов: 171 добавлений и 157 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
dom/base/nsJSEnvironment.cpp
Просмотреть файл

@ -1130,7 +1130,7 @@ nsJSContext::DOMOperationCallback(JSContext *cx)
JS_SetFrameReturnValue(cx, fp, rval);
return JS_TRUE;
case JSTRAP_ERROR:
cx->throwing = JS_FALSE;
JS_ClearPendingException(cx);
return JS_FALSE;
case JSTRAP_THROW:
JS_SetPendingException(cx, rval);

15
js/src/jsapi.cpp
Просмотреть файл

@ -5173,7 +5173,8 @@ JS_IsRunning(JSContext *cx)
VOUCH_DOES_NOT_REQUIRE_STACK();
#ifdef JS_TRACER
JS_ASSERT_IF(JS_TRACE_MONITOR(cx).tracecx == cx, cx->hasfp());
JS_ASSERT_IF(cx->compartment &&
JS_TRACE_MONITOR(cx).tracecx == cx, cx->hasfp());
#endif
JSStackFrame *fp = cx->maybefp();
while (fp && fp->isDummyFrame())
@ -5868,16 +5869,17 @@ JS_GetLocaleCallbacks(JSContext *cx)
JS_PUBLIC_API(JSBool)
JS_IsExceptionPending(JSContext *cx)
{
return (JSBool) cx->throwing;
return (JSBool) cx->isExceptionPending();
}
JS_PUBLIC_API(JSBool)
JS_GetPendingException(JSContext *cx, jsval *vp)
{
CHECK_REQUEST(cx);
if (!cx->throwing)
if (!cx->isExceptionPending())
return JS_FALSE;
Valueify(*vp) = cx->exception;
Valueify(*vp) = cx->getPendingException();
assertSameCompartment(cx, *vp);
return JS_TRUE;
}
@ -5886,14 +5888,13 @@ JS_SetPendingException(JSContext *cx, jsval v)
{
CHECK_REQUEST(cx);
assertSameCompartment(cx, v);
SetPendingException(cx, Valueify(v));
cx->setPendingException(Valueify(v));
}
JS_PUBLIC_API(void)
JS_ClearPendingException(JSContext *cx)
{
cx->throwing = JS_FALSE;
cx->exception.setUndefined();
cx->clearPendingException();
}
JS_PUBLIC_API(JSBool)

47
js/src/jscntxt.cpp
Просмотреть файл

@ -1357,7 +1357,7 @@ js_ReportOutOfMemory(JSContext *cx)
* exception if any now so the hooks can replace the out-of-memory error
* by a script-catchable exception.
*/
cx->throwing = JS_FALSE;
cx->clearPendingException();
if (onError) {
JSDebugErrorHook hook = cx->debugHooks->debugErrorHook;
if (hook &&
@ -2005,27 +2005,37 @@ JSContext::resetCompartment()
scopeobj = &fp()->scopeChain();
} else {
scopeobj = globalObject;
if (!scopeobj) {
compartment = runtime->defaultCompartment;
return;
}
if (!scopeobj)
goto error;
/*
* Innerize. Assert, but check anyway, that this succeeds. (It
* can only fail due to bugs in the engine or embedding.)
*/
OBJ_TO_INNER_OBJECT(this, scopeobj);
if (!scopeobj) {
/*
* Bug. Return NULL, not defaultCompartment, to crash rather
* than open a security hole.
*/
JS_ASSERT(0);
compartment = NULL;
return;
}
if (!scopeobj)
goto error;
}
compartment = scopeobj->getCompartment();
compartment = scopeobj->compartment();
/*
* If wrapException fails, it overrides this->exception and
* reports OOM. The upshot is that we silently turn the exception
* into an uncatchable OOM error. A bit surprising, but the
* caller is just going to return false either way.
*/
if (isExceptionPending())
(void) compartment->wrapException(this);
return;
error:
/*
* If we try to use the context without a selected compartment,
* we will crash.
*/
compartment = NULL;
}
void
@ -2289,11 +2299,4 @@ LeaveTrace(JSContext *cx)
#endif
}
void
SetPendingException(JSContext *cx, const Value &v)
{
cx->throwing = JS_TRUE;
cx->exception = v;
}
} /* namespace js */

29
js/src/jscntxt.h
Просмотреть файл

@ -888,7 +888,7 @@ private:
* executing. cx must be a context on the current thread.
*/
#ifdef JS_TRACER
# define JS_ON_TRACE(cx) (JS_TRACE_MONITOR(cx).ontrace())
# define JS_ON_TRACE(cx) (cx->compartment && JS_TRACE_MONITOR(cx).ontrace())
#else
# define JS_ON_TRACE(cx) false
#endif
@ -1704,6 +1704,10 @@ struct JSContext
JSVersion versionOverride; /* supercedes defaultVersion when valid */
bool hasVersionOverride;
/* Exception state -- the exception member is a GC root by definition. */
JSBool throwing; /* is there a pending exception? */
js::Value exception; /* most-recently-thrown exception */
public:
/* Per-context options. */
uint32 options; /* see jsapi.h for JSOPTION_* */
@ -1725,10 +1729,6 @@ struct JSContext
*/
JSPackedBool generatingError;
/* Exception state -- the exception member is a GC root by definition. */
JSBool throwing; /* is there a pending exception? */
js::Value exception; /* most-recently-thrown exception */
/* Limit pointer for checking native stack consumption during recursion. */
jsuword stackLimit;
@ -2172,6 +2172,22 @@ struct JSContext
void assertValidStackDepth(uintN /*depth*/) {}
#endif
bool isExceptionPending() {
return throwing;
}
js::Value getPendingException() {
JS_ASSERT(throwing);
return exception;
}
void setPendingException(js::Value v);
void clearPendingException() {
this->throwing = false;
this->exception.setUndefined();
}
private:
/*
* The allocation code calls the function to indicate either OOM failure
@ -3072,9 +3088,6 @@ js_CurrentPCIsInImacro(JSContext *cx);
namespace js {
extern void
SetPendingException(JSContext *cx, const Value &v);
class RegExpStatics;
extern JS_FORCES_STACK JS_FRIEND_API(void)

11
js/src/jscntxtinlines.h
Просмотреть файл

@ -686,13 +686,13 @@ JS_ALWAYS_INLINE bool
CallJSNative(JSContext *cx, js::Native native, uintN argc, js::Value *vp)
{
#ifdef DEBUG
JSBool alreadyThrowing = cx->throwing;
JSBool alreadyThrowing = cx->isExceptionPending();
#endif
assertSameCompartment(cx, ValueArray(vp, argc + 2));
JSBool ok = native(cx, argc, vp);
if (ok) {
assertSameCompartment(cx, vp[0]);
JS_ASSERT_IF(!alreadyThrowing, !cx->throwing);
JS_ASSERT_IF(!alreadyThrowing, !cx->isExceptionPending());
}
return ok;
}
@ -800,4 +800,11 @@ CanLeaveTrace(JSContext *cx)
} /* namespace js */
inline void
JSContext::setPendingException(js::Value v) {
this->throwing = true;
this->exception = v;
assertSameCompartment(this, v);
}
#endif /* jscntxtinlines_h___ */

13
js/src/jscompartment.cpp
Просмотреть файл

@ -358,14 +358,11 @@ JSCompartment::wrapException(JSContext *cx)
{
JS_ASSERT(cx->compartment == this);
if (cx->throwing) {
AutoValueRooter tvr(cx, cx->exception);
cx->throwing = false;
cx->exception.setNull();
if (wrap(cx, tvr.addr())) {
cx->throwing = true;
cx->exception = tvr.value();
}
if (cx->isExceptionPending()) {
Value v = cx->getPendingException();
cx->clearPendingException();
if (wrap(cx, &v))
cx->setPendingException(v);
return false;
}
return true;

15
js/src/jsdbgapi.cpp
Просмотреть файл

@ -1545,25 +1545,26 @@ JS_GetPropertyDesc(JSContext *cx, JSObject *obj, JSScopeProperty *sprop,
Shape *shape = (Shape *) sprop;
pd->id = IdToJsval(shape->id);
JSBool wasThrowing = cx->throwing;
AutoValueRooter lastException(cx, cx->exception);
cx->throwing = JS_FALSE;
JSBool wasThrowing = cx->isExceptionPending();
Value lastException = UndefinedValue();
if (wasThrowing)
lastException = cx->getPendingException();
cx->clearPendingException();
if (!js_GetProperty(cx, obj, shape->id, Valueify(&pd->value))) {
if (!cx->throwing) {
if (!cx->isExceptionPending()) {
pd->flags = JSPD_ERROR;
pd->value = JSVAL_VOID;
} else {
pd->flags = JSPD_EXCEPTION;
pd->value = Jsvalify(cx->exception);
pd->value = Jsvalify(cx->getPendingException());
}
} else {
pd->flags = 0;
}
cx->throwing = wasThrowing;
if (wasThrowing)
cx->exception = lastException.value();
cx->setPendingException(lastException);
pd->flags |= (shape->enumerable() ? JSPD_ENUMERATE : 0)
| (!shape->writable() ? JSPD_READONLY : 0)

11
js/src/jsgc.cpp
Просмотреть файл

@ -1577,12 +1577,8 @@ MarkContext(JSTracer *trc, JSContext *acx)
/* Mark other roots-by-definition in acx. */
if (acx->globalObject && !JS_HAS_OPTION(acx, JSOPTION_UNROOTED_GLOBAL))
MarkObject(trc, *acx->globalObject, "global object");
if (acx->throwing) {
MarkValue(trc, acx->exception, "exception");
} else {
/* Avoid keeping GC-ed junk stored in JSContext.exception. */
acx->exception.setNull();
}
if (acx->isExceptionPending())
MarkValue(trc, acx->getPendingException(), "exception");
for (js::AutoGCRooter *gcr = acx->autoGCRooters; gcr; gcr = gcr->down)
gcr->trace(trc);
@ -1592,7 +1588,8 @@ MarkContext(JSTracer *trc, JSContext *acx)
MarkValue(trc, acx->iterValue, "iterValue");
acx->compartment->marked = true;
if (acx->compartment)
acx->compartment->marked = true;
#ifdef JS_TRACER
TracerState* state = acx->tracerState;

83
js/src/jsinterp.cpp
Просмотреть файл

@ -2430,7 +2430,7 @@ Interpret(JSContext *cx, JSStackFrame *entryFrame, uintN inlineCallCount, JSInte
argv = regs.fp->maybeFormalArgs(); \
atoms = FrameAtomBase(cx, regs.fp); \
JS_ASSERT(cx->regs == &regs); \
if (cx->throwing) \
if (cx->isExceptionPending()) \
goto error; \
JS_END_MACRO
@ -2446,7 +2446,7 @@ Interpret(JSContext *cx, JSStackFrame *entryFrame, uintN inlineCallCount, JSInte
CLEAR_LEAVE_ON_TRACE_POINT(); \
} \
RESTORE_INTERP_VARS(); \
JS_ASSERT_IF(cx->throwing, r == MONITOR_ERROR); \
JS_ASSERT_IF(cx->isExceptionPending(), r == MONITOR_ERROR); \
if (r == MONITOR_ERROR) \
goto error; \
} \
@ -2572,9 +2572,9 @@ Interpret(JSContext *cx, JSStackFrame *entryFrame, uintN inlineCallCount, JSInte
/*
* To support generator_throw and to catch ignored exceptions,
* fail if cx->throwing is set.
* fail if cx->isExceptionPending() is true.
*/
if (cx->throwing)
if (cx->isExceptionPending())
goto error;
}
#endif
@ -2688,8 +2688,7 @@ Interpret(JSContext *cx, JSStackFrame *entryFrame, uintN inlineCallCount, JSInte
interpReturnOK = JS_TRUE;
goto forced_return;
case JSTRAP_THROW:
cx->throwing = JS_TRUE;
cx->exception = rval;
cx->setPendingException(rval);
goto error;
default:;
}
@ -2717,7 +2716,7 @@ Interpret(JSContext *cx, JSStackFrame *entryFrame, uintN inlineCallCount, JSInte
if (TraceRecorder* tr = TRACE_RECORDER(cx)) {
JS_ASSERT(!TRACE_PROFILER(cx));
AbortableRecordingStatus status = tr->monitorRecording(op);
JS_ASSERT_IF(cx->throwing, status == ARECORD_ERROR);
JS_ASSERT_IF(cx->isExceptionPending(), status == ARECORD_ERROR);
if (interpMode != JSINTERP_NORMAL) {
JS_ASSERT(interpMode == JSINTERP_RECORD || JSINTERP_SAFEPOINT);
@ -5205,8 +5204,7 @@ BEGIN_CASE(JSOP_TRAP)
interpReturnOK = JS_TRUE;
goto forced_return;
case JSTRAP_THROW:
cx->throwing = JS_TRUE;
cx->exception = rval;
cx->setPendingException(rval);
goto error;
default:
break;
@ -6232,8 +6230,7 @@ BEGIN_CASE(JSOP_RETSUB)
* be necessary, but it seems clearer. And it points out a FIXME:
* 350509, due to Igor Bukanov.
*/
cx->throwing = JS_TRUE;
cx->exception = rval;
cx->setPendingException(rval);
goto error;
}
JS_ASSERT(rval.isInt32());
@ -6243,9 +6240,8 @@ END_VARLEN_CASE
}
BEGIN_CASE(JSOP_EXCEPTION)
JS_ASSERT(cx->throwing);
PUSH_COPY(cx->exception);
cx->throwing = JS_FALSE;
PUSH_COPY(cx->getPendingException());
cx->clearPendingException();
#if defined(JS_TRACER) && defined(JS_METHODJIT)
if (interpMode == JSINTERP_PROFILE) {
leaveOnSafePoint = true;
@ -6260,19 +6256,24 @@ BEGIN_CASE(JSOP_FINALLY)
END_CASE(JSOP_FINALLY)
BEGIN_CASE(JSOP_THROWING)
JS_ASSERT(!cx->throwing);
cx->throwing = JS_TRUE;
POP_COPY_TO(cx->exception);
{
JS_ASSERT(!cx->isExceptionPending());
Value v;
POP_COPY_TO(v);
cx->setPendingException(v);
}
END_CASE(JSOP_THROWING)
BEGIN_CASE(JSOP_THROW)
JS_ASSERT(!cx->throwing);
{
JS_ASSERT(!cx->isExceptionPending());
CHECK_BRANCH();
cx->throwing = JS_TRUE;
POP_COPY_TO(cx->exception);
Value v;
POP_COPY_TO(v);
cx->setPendingException(v);
/* let the code at error try to catch the exception. */
goto error;
}
BEGIN_CASE(JSOP_SETLOCALPOP)
{
/*
@ -6348,8 +6349,7 @@ BEGIN_CASE(JSOP_DEBUGGER)
interpReturnOK = JS_TRUE;
goto forced_return;
case JSTRAP_THROW:
cx->throwing = JS_TRUE;
cx->exception = rval;
cx->setPendingException(rval);
goto error;
default:;
}
@ -6721,7 +6721,7 @@ END_CASE(JSOP_LEAVEBLOCK)
#if JS_HAS_GENERATORS
BEGIN_CASE(JSOP_GENERATOR)
{
JS_ASSERT(!cx->throwing);
JS_ASSERT(!cx->isExceptionPending());
regs.pc += JSOP_GENERATOR_LENGTH;
JSObject *obj = js_NewGenerator(cx);
if (!obj)
@ -6735,7 +6735,7 @@ BEGIN_CASE(JSOP_GENERATOR)
}
BEGIN_CASE(JSOP_YIELD)
JS_ASSERT(!cx->throwing);
JS_ASSERT(!cx->isExceptionPending());
JS_ASSERT(regs.fp->isFunctionFrame() && !regs.fp->isEvalFrame());
if (cx->generatorFor(regs.fp)->state == JSGEN_CLOSING) {
js_ReportValueError(cx, JSMSG_BAD_GENERATOR_YIELD,
@ -6831,7 +6831,7 @@ END_CASE(JSOP_ARRAYPUSH)
error:
JS_ASSERT(cx->regs == &regs);
#ifdef JS_TRACER
if (regs.fp->hasImacropc() && cx->throwing) {
if (regs.fp->hasImacropc() && cx->isExceptionPending()) {
// Handle exceptions as if they came from the imacro-calling pc.
regs.pc = regs.fp->imacropc();
regs.fp->clearImacropc();
@ -6855,7 +6855,7 @@ END_CASE(JSOP_ARRAYPUSH)
# endif
#endif
if (!cx->throwing) {
if (!cx->isExceptionPending()) {
/* This is an error, not a catchable exception, quit the frame ASAP. */
interpReturnOK = JS_FALSE;
} else {
@ -6873,15 +6873,15 @@ END_CASE(JSOP_ARRAYPUSH)
switch (handler(cx, script, regs.pc, Jsvalify(&rval),
cx->debugHooks->throwHookData)) {
case JSTRAP_ERROR:
cx->throwing = JS_FALSE;
cx->clearPendingException();
goto error;
case JSTRAP_RETURN:
cx->throwing = JS_FALSE;
cx->clearPendingException();
regs.fp->setReturnValue(rval);
interpReturnOK = JS_TRUE;
goto forced_return;
case JSTRAP_THROW:
cx->exception = rval;
cx->setPendingException(rval);
case JSTRAP_CONTINUE:
default:;
}
@ -6944,12 +6944,12 @@ END_CASE(JSOP_ARRAYPUSH)
case JSTRY_CATCH:
#if JS_HAS_GENERATORS
/* Catch cannot intercept the closing of a generator. */
if (JS_UNLIKELY(cx->exception.isMagic(JS_GENERATOR_CLOSING)))
if (JS_UNLIKELY(cx->getPendingException().isMagic(JS_GENERATOR_CLOSING)))
break;
#endif
/*
* Don't clear cx->throwing to save cx->exception from GC
* Don't clear exceptions to save cx->exception from GC
* until it is pushed to the stack via [exception] in the
* catch block.
*/
@ -6962,22 +6962,21 @@ END_CASE(JSOP_ARRAYPUSH)
* [retsub] should rethrow the exception.
*/
PUSH_BOOLEAN(true);
PUSH_COPY(cx->exception);
cx->throwing = JS_FALSE;
PUSH_COPY(cx->getPendingException());
cx->clearPendingException();
len = 0;
DO_NEXT_OP(len);
case JSTRY_ITER: {
/* This is similar to JSOP_ENDITER in the interpreter loop. */
JS_ASSERT(js_GetOpcode(cx, regs.fp->script(), regs.pc) == JSOP_ENDITER);
AutoValueRooter tvr(cx, cx->exception);
cx->throwing = false;
Value v = cx->getPendingException();
cx->clearPendingException();
ok = js_CloseIterator(cx, &regs.sp[-1].toObject());
regs.sp -= 1;
if (!ok)
goto error;
cx->throwing = true;
cx->exception = tvr.value();
cx->setPendingException(v);
}
}
} while (++tn != tnlimit);
@ -6989,9 +6988,9 @@ END_CASE(JSOP_ARRAYPUSH)
*/
interpReturnOK = JS_FALSE;
#if JS_HAS_GENERATORS
if (JS_UNLIKELY(cx->throwing &&
cx->exception.isMagic(JS_GENERATOR_CLOSING))) {
cx->throwing = JS_FALSE;
if (JS_UNLIKELY(cx->isExceptionPending() &&
cx->getPendingException().isMagic(JS_GENERATOR_CLOSING))) {
cx->clearPendingException();
interpReturnOK = JS_TRUE;
regs.fp->clearReturnValue();
}
@ -7006,7 +7005,7 @@ END_CASE(JSOP_ARRAYPUSH)
* When a trap handler returns JSTRAP_RETURN, we jump here with
* interpReturnOK set to true bypassing any finally blocks.
*/
interpReturnOK &= js_UnwindScope(cx, 0, interpReturnOK || cx->throwing);
interpReturnOK &= js_UnwindScope(cx, 0, interpReturnOK || cx->isExceptionPending());
JS_ASSERT(regs.sp == regs.fp->base());
#ifdef DEBUG

16
js/src/jsiter.cpp
Просмотреть файл

@ -767,7 +767,7 @@ js_ThrowStopIteration(JSContext *cx)
JS_ASSERT(!JS_IsExceptionPending(cx));
if (js_FindClassObject(cx, NULL, JSProto_StopIteration, &v))
SetPendingException(cx, v);
cx->setPendingException(v);
return JS_FALSE;
}
@ -1017,12 +1017,10 @@ js_IteratorMore(JSContext *cx, JSObject *iterobj, Value *rval)
return false;
if (!ExternalInvoke(cx, iterobj, *rval, 0, NULL, rval)) {
/* Check for StopIteration. */
if (!cx->throwing || !js_ValueIsStopIteration(cx->exception))
if (!cx->isExceptionPending() || !js_ValueIsStopIteration(cx->getPendingException()))
return false;
/* Inline JS_ClearPendingException(cx). */
cx->throwing = JS_FALSE;
cx->exception.setUndefined();
cx->clearPendingException();
cx->iterValue.setMagic(JS_NO_ITER_VALUE);
rval->setBoolean(false);
return true;
@ -1286,13 +1284,13 @@ SendToGenerator(JSContext *cx, JSGeneratorOp op, JSObject *obj,
break;
case JSGENOP_THROW:
SetPendingException(cx, arg);
cx->setPendingException(arg);
gen->state = JSGEN_RUNNING;
break;
default:
JS_ASSERT(op == JSGENOP_CLOSE);
SetPendingException(cx, MagicValue(JS_GENERATOR_CLOSING));
cx->setPendingException(MagicValue(JS_GENERATOR_CLOSING));
gen->state = JSGEN_CLOSING;
break;
}
@ -1350,7 +1348,7 @@ SendToGenerator(JSContext *cx, JSGeneratorOp op, JSObject *obj,
if (gen->floatingFrame()->isYielding()) {
/* Yield cannot fail, throw or be called on closing. */
JS_ASSERT(ok);
JS_ASSERT(!cx->throwing);
JS_ASSERT(!cx->isExceptionPending());
JS_ASSERT(gen->state == JSGEN_RUNNING);
JS_ASSERT(op != JSGENOP_CLOSE);
genfp->clearYielding();
@ -1436,7 +1434,7 @@ generator_op(JSContext *cx, JSGeneratorOp op, Value *vp, uintN argc)
case JSGENOP_SEND:
return js_ThrowStopIteration(cx);
case JSGENOP_THROW:
SetPendingException(cx, argc >= 1 ? vp[2] : UndefinedValue());
cx->setPendingException(argc >= 1 ? vp[2] : UndefinedValue());
return JS_FALSE;
default:
JS_ASSERT(op == JSGENOP_CLOSE);

8
js/src/jsstr.cpp
Просмотреть файл

@ -1667,7 +1667,7 @@ class RegExpGuard
* @param checkMetaChars Look for regexp metachars in the pattern string.
* @return Whether flat matching could be used.
*
* N.B. tryFlatMatch returns NULL on OOM, so the caller must check cx->throwing.
* N.B. tryFlatMatch returns NULL on OOM, so the caller must check cx->isExceptionPending().
*/
const FlatMatch *
tryFlatMatch(JSContext *cx, JSString *textstr, uintN optarg, uintN argc,
@ -1856,7 +1856,7 @@ str_match(JSContext *cx, uintN argc, Value *vp)
return false;
if (const FlatMatch *fm = g.tryFlatMatch(cx, str, 1, argc))
return BuildFlatMatchArray(cx, str, *fm, vp);
if (cx->throwing) /* from tryFlatMatch */
if (cx->isExceptionPending()) /* from tryFlatMatch */
return false;
const RegExpPair *rep = g.normalizeRegExp(false, 1, argc, vp);
@ -1888,7 +1888,7 @@ str_search(JSContext *cx, uintN argc, Value *vp)
vp->setInt32(fm->match());
return true;
}
if (cx->throwing) /* from tryFlatMatch */
if (cx->isExceptionPending()) /* from tryFlatMatch */
return false;
const RegExpPair *rep = g.normalizeRegExp(false, 1, argc, vp);
if (!rep)
@ -2501,7 +2501,7 @@ js::str_replace(JSContext *cx, uintN argc, Value *vp)
const FlatMatch *fm = rdata.g.tryFlatMatch(cx, rdata.str, optarg, argc, false);
if (!fm) {
if (cx->throwing) /* oom in RopeMatch in tryFlatMatch */
if (cx->isExceptionPending()) /* oom in RopeMatch in tryFlatMatch */
return false;
JS_ASSERT_IF(!rdata.g.hasRegExpPair(), argc > optarg);
return str_replace_regexp(cx, argc, vp, rdata);

6
js/src/jstracer.cpp
Просмотреть файл

@ -6568,7 +6568,7 @@ ExecuteTree(JSContext* cx, TreeFragment* f, uintN& inlineCallCount,
*lrp = state.innermost;
bool ok = !(state.builtinStatus & BUILTIN_ERROR);
JS_ASSERT_IF(cx->throwing, !ok);
JS_ASSERT_IF(cx->isExceptionPending(), !ok);
size_t iters = tm->iterationCounter;
@ -16592,7 +16592,7 @@ RecordTracePoint(JSContext* cx, uintN& inlineCallCount, bool* blacklist, bool ex
if (!Interpret(cx, fp, inlineCallCount, JSINTERP_RECORD))
return TPA_Error;
JS_ASSERT(!cx->throwing);
JS_ASSERT(!cx->isExceptionPending());
return TPA_RanStuff;
}
@ -16759,7 +16759,7 @@ MonitorTracePoint(JSContext *cx, uintN& inlineCallCount, bool* blacklist,
if (!Interpret(cx, cx->fp(), inlineCallCount, JSINTERP_PROFILE))
return TPA_Error;
JS_ASSERT(!cx->throwing);
JS_ASSERT(!cx->isExceptionPending());
return TPA_RanStuff;
}

3
js/src/jswrapper.cpp
Просмотреть файл

@ -358,7 +358,8 @@ AutoCompartment::enter()
JSObject *scopeChain = target->getGlobal();
JS_ASSERT(scopeChain->isNative());
frame.construct();
if (!context->stack().pushDummyFrame(context, *scopeChain, &frame.ref())) {
if (!context->stack().pushDummyFrame(context, *scopeChain, &frame.ref()) ||
!destination->wrapException(context)) {
frame.destroy();
context->compartment = origin;
return false;

13
js/src/methodjit/Compiler.cpp
Просмотреть файл

@ -1724,16 +1724,9 @@ mjit::Compiler::generateMethod()
END_CASE(JSOP_INSTANCEOF)
BEGIN_CASE(JSOP_EXCEPTION)
{
JS_STATIC_ASSERT(sizeof(cx->throwing) == 4);
RegisterID reg = frame.allocReg();
masm.loadPtr(FrameAddress(offsetof(VMFrame, cx)), reg);
masm.store32(Imm32(JS_FALSE), Address(reg, offsetof(JSContext, throwing)));
Address excn(reg, offsetof(JSContext, exception));
frame.freeReg(reg);
frame.push(excn);
}
prepareStubCall(Uses(0));
INLINE_STUBCALL(stubs::Exception);
frame.pushSynced();
END_CASE(JSOP_EXCEPTION)
BEGIN_CASE(JSOP_LINENO)

29
js/src/methodjit/InvokeHelpers.cpp
Просмотреть файл

@ -81,7 +81,7 @@ FindExceptionHandler(JSContext *cx)
JSScript *script = fp->script();
top:
if (cx->throwing && JSScript::isValidOffset(script->trynotesOffset)) {
if (cx->isExceptionPending() && JSScript::isValidOffset(script->trynotesOffset)) {
// The PC is updated before every stub call, so we can use it here.
unsigned offset = cx->regs->pc - script->main;
@ -119,7 +119,7 @@ top:
#if JS_HAS_GENERATORS
/* Catch cannot intercept the closing of a generator. */
if (JS_UNLIKELY(cx->exception.isMagic(JS_GENERATOR_CLOSING)))
if (JS_UNLIKELY(cx->getPendingException().isMagic(JS_GENERATOR_CLOSING)))
break;
#endif
@ -136,9 +136,9 @@ top:
* [retsub] should rethrow the exception.
*/
cx->regs->sp[0].setBoolean(true);
cx->regs->sp[1] = cx->exception;
cx->regs->sp[1] = cx->getPendingException();
cx->regs->sp += 2;
cx->throwing = JS_FALSE;
cx->clearPendingException();
return pc;
case JSTRY_ITER:
@ -150,15 +150,14 @@ top:
* adjustment and regs.sp[1] after, to save and restore the
* pending exception.
*/
AutoValueRooter tvr(cx, cx->exception);
Value v = cx->getPendingException();
JS_ASSERT(js_GetOpcode(cx, fp->script(), pc) == JSOP_ENDITER);
cx->throwing = JS_FALSE;
cx->clearPendingException();
ok = !!js_CloseIterator(cx, &cx->regs->sp[-1].toObject());
cx->regs->sp -= 1;
if (!ok)
goto top;
cx->throwing = JS_TRUE;
cx->exception = tvr.value();
cx->setPendingException(v);
}
}
}
@ -509,17 +508,17 @@ js_InternalThrow(VMFrame &f)
switch (handler(cx, cx->fp()->script(), cx->regs->pc, Jsvalify(&rval),
cx->debugHooks->throwHookData)) {
case JSTRAP_ERROR:
cx->throwing = JS_FALSE;
cx->clearPendingException();
return NULL;
case JSTRAP_RETURN:
cx->throwing = JS_FALSE;
cx->clearPendingException();
cx->fp()->setReturnValue(rval);
return JS_FUNC_TO_DATA_PTR(void *,
cx->jaegerCompartment()->forceReturnTrampoline());
case JSTRAP_THROW:
cx->exception = rval;
cx->setPendingException(rval);
break;
default:
@ -538,7 +537,7 @@ js_InternalThrow(VMFrame &f)
// but we shouldn't return from a JS function, because we're not in a
// JS function.
bool lastFrame = (f.entryfp == f.fp());
js_UnwindScope(cx, 0, cx->throwing);
js_UnwindScope(cx, 0, cx->isExceptionPending());
// For consistency with Interpret(), always run the script epilogue.
// This simplifies interactions with RunTracer(), since it can assume
@ -665,7 +664,7 @@ HandleErrorInExcessFrame(VMFrame &f, JSStackFrame *stopFp, bool searchedTopmostF
JS_ASSERT(!fp->hasImacropc());
/* If there's an exception and a handler, set the pc and leave. */
if (cx->throwing) {
if (cx->isExceptionPending()) {
jsbytecode *pc = FindExceptionHandler(cx);
if (pc) {
cx->regs->pc = pc;
@ -679,7 +678,7 @@ HandleErrorInExcessFrame(VMFrame &f, JSStackFrame *stopFp, bool searchedTopmostF
break;
/* Unwind and return. */
returnOK &= bool(js_UnwindScope(cx, 0, returnOK || cx->throwing));
returnOK &= bool(js_UnwindScope(cx, 0, returnOK || cx->isExceptionPending()));
returnOK = ScriptEpilogue(cx, fp, returnOK);
InlineReturn(f);
}
@ -980,7 +979,7 @@ RunTracer(VMFrame &f)
// Even though ExecuteTree() bypasses the interpreter, it should propagate
// error failures correctly.
JS_ASSERT_IF(cx->throwing, tpa == TPA_Error);
JS_ASSERT_IF(cx->isExceptionPending(), tpa == TPA_Error);
f.fp() = cx->fp();
JS_ASSERT(f.fp() == cx->fp());

25
js/src/methodjit/StubCalls.cpp
Просмотреть файл

@ -1291,12 +1291,11 @@ stubs::Debugger(VMFrame &f, jsbytecode *pc)
switch (handler(f.cx, f.cx->fp()->script(), pc, Jsvalify(&rval),
f.cx->debugHooks->debuggerHandlerData)) {
case JSTRAP_THROW:
f.cx->throwing = JS_TRUE;
f.cx->exception = rval;
f.cx->setPendingException(rval);
THROW();
case JSTRAP_RETURN:
f.cx->throwing = JS_FALSE;
f.cx->clearPendingException();
f.cx->fp()->setReturnValue(rval);
#if (defined(JS_NO_FASTCALL) && defined(JS_CPU_X86)) || defined(_WIN64)
*f.returnAddressLocation() = JS_FUNC_TO_DATA_PTR(void *,
@ -1308,7 +1307,7 @@ stubs::Debugger(VMFrame &f, jsbytecode *pc)
break;
case JSTRAP_ERROR:
f.cx->throwing = JS_FALSE;
f.cx->clearPendingException();
THROW();
default:
@ -1352,12 +1351,11 @@ stubs::Trap(VMFrame &f, uint32 trapTypes)
switch (result) {
case JSTRAP_THROW:
f.cx->throwing = JS_TRUE;
f.cx->exception = rval;
f.cx->setPendingException(rval);
THROW();
case JSTRAP_RETURN:
f.cx->throwing = JS_FALSE;
f.cx->clearPendingException();
f.cx->fp()->setReturnValue(rval);
#if (defined(JS_NO_FASTCALL) && defined(JS_CPU_X86)) || defined(_WIN64)
*f.returnAddressLocation() = JS_FUNC_TO_DATA_PTR(void *,
@ -1369,7 +1367,7 @@ stubs::Trap(VMFrame &f, uint32 trapTypes)
break;
case JSTRAP_ERROR:
f.cx->throwing = JS_FALSE;
f.cx->clearPendingException();
THROW();
default:
@ -2335,9 +2333,8 @@ stubs::Throw(VMFrame &f)
{
JSContext *cx = f.cx;
JS_ASSERT(!cx->throwing);
cx->throwing = JS_TRUE;
cx->exception = f.regs.sp[-1];
JS_ASSERT(!cx->isExceptionPending());
cx->setPendingException(f.regs.sp[-1]);
THROW();
}
@ -2770,6 +2767,12 @@ stubs::In(VMFrame &f)
template void JS_FASTCALL stubs::DelElem<true>(VMFrame &f);
template void JS_FASTCALL stubs::DelElem<false>(VMFrame &f);
void JS_FASTCALL
stubs::Exception(VMFrame &f)
{
f.regs.sp[0] = f.cx->getPendingException();
f.cx->clearPendingException();
}
template <bool Clamped>
int32 JS_FASTCALL
stubs::ConvertToTypedInt(JSContext *cx, Value *vp)

2
js/src/methodjit/StubCalls.h
Просмотреть файл

@ -225,6 +225,8 @@ void JS_FASTCALL Unbrand(VMFrame &f);
template <bool strict> int32 JS_FASTCALL ConvertToTypedInt(JSContext *cx, Value *vp);
void JS_FASTCALL ConvertToTypedFloat(JSContext *cx, Value *vp);
void JS_FASTCALL Exception(VMFrame &f);
} /* namespace stubs */
/*