Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 17a89d1

Browse filesBrowse files
targosdanielleadams
targos
authored and
danielleadams
committed
deps: V8: cherry-pick 031b98b25cba
Original commit message: [runtime] Clear array join stack when throwing uncatchable ... exception. Array#join depends array_join_stack to avoid infinite loop and ensures symmetric pushes/pops through catch blocks to correctly maintain the elements in the join stack. However, the stack does not pop the elements and leaves in an invalid state when throwing the uncatchable termination exception. And the invalid join stack state will affect subsequent Array#join calls. Because all the terminate exception will be handled by Isolate::UnwindAndFindHandler, we could clear the array join stack when unwinding the terminate exception. Bug: v8:13259 Change-Id: I23823e823c5fe0b089528c5cf654864cea78ebeb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3878451 Reviewed-by: Jakob Linke <jgruber@chromium.org> Commit-Queue: 王澳 <wangao.james@bytedance.com> Cr-Commit-Position: refs/heads/main@{#83465} Refs: v8/v8@031b98b Closes: #44417 PR-URL: #45375 Fixes: #44417 Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Kohei Ueno <kohei.ueno119@gmail.com>
1 parent cd740d0 commit 17a89d1
Copy full SHA for 17a89d1

File tree

Expand file treeCollapse file tree

4 files changed

+1158
-0
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

4 files changed

+1158
-0
lines changed
Open diff view settings
Collapse file

‎deps/v8/src/execution/isolate.cc‎

Copy file name to clipboardExpand all lines: deps/v8/src/execution/isolate.cc
+9Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1909,6 +1909,15 @@ Object Isolate::UnwindAndFindHandler() {
19091909
// Special handling of termination exceptions, uncatchable by JavaScript and
19101910
// Wasm code, we unwind the handlers until the top ENTRY handler is found.
19111911
bool catchable_by_js = is_catchable_by_javascript(exception);
1912+
if (!catchable_by_js && !context().is_null()) {
1913+
// Because the array join stack will not pop the elements when throwing the
1914+
// uncatchable terminate exception, we need to clear the array join stack to
1915+
// avoid leaving the stack in an invalid state.
1916+
// See also CycleProtectedArrayJoin.
1917+
raw_native_context().set_array_join_stack(
1918+
ReadOnlyRoots(this).undefined_value());
1919+
}
1920+
19121921
int visited_frames = 0;
19131922

19141923
// Compute handler and stack unwinding information by performing a full walk
Collapse file

‎deps/v8/test/inspector/runtime/evaluate-repl-mode-side-effecting-array-join-expected.txt‎

Copy file name to clipboard
+48Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
Tests that Runtime.evaluate with REPL mode correctly handles Array.prototype.join.
2+
{
3+
id : <messageId>
4+
result : {
5+
result : {
6+
className : Array
7+
description : Array(1)
8+
objectId : <objectId>
9+
subtype : array
10+
type : object
11+
}
12+
}
13+
}
14+
{
15+
id : <messageId>
16+
result : {
17+
exceptionDetails : {
18+
columnNumber : -1
19+
exception : {
20+
className : EvalError
21+
description : EvalError: Possible side-effect in debug-evaluate
22+
objectId : <objectId>
23+
subtype : error
24+
type : object
25+
}
26+
exceptionId : <exceptionId>
27+
lineNumber : -1
28+
scriptId : <scriptId>
29+
text : Uncaught
30+
}
31+
result : {
32+
className : EvalError
33+
description : EvalError: Possible side-effect in debug-evaluate
34+
objectId : <objectId>
35+
subtype : error
36+
type : object
37+
}
38+
}
39+
}
40+
{
41+
id : <messageId>
42+
result : {
43+
result : {
44+
type : string
45+
value : /a/
46+
}
47+
}
48+
}
Collapse file

‎deps/v8/test/inspector/runtime/evaluate-repl-mode-side-effecting-array-join.js‎

Copy file name to clipboard
+32Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
// Copyright 2022 the V8 project authors. All rights reserved.
2+
// Use of this source code is governed by a BSD-style license that can be
3+
// found in the LICENSE file.
4+
5+
let {Protocol} = InspectorTest.start(
6+
'Tests that Runtime.evaluate with REPL mode correctly handles \
7+
Array.prototype.join.');
8+
9+
Protocol.Runtime.enable();
10+
(async function () {
11+
await evaluateReplWithSideEffects('a=[/a/]')
12+
await evaluateRepl('a.toString()');
13+
await evaluateReplWithSideEffects('a.toString()');
14+
15+
InspectorTest.completeTest();
16+
})();
17+
18+
async function evaluateRepl(expression) {
19+
InspectorTest.logMessage(await Protocol.Runtime.evaluate({
20+
expression: expression,
21+
replMode: true,
22+
throwOnSideEffect: true
23+
}));
24+
}
25+
26+
async function evaluateReplWithSideEffects(expression) {
27+
InspectorTest.logMessage(await Protocol.Runtime.evaluate({
28+
expression: expression,
29+
replMode: true,
30+
throwOnSideEffect: false
31+
}));
32+
}

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.