extern "C" void * js_InternalThrow(VMFrame &f) { JSContext *cx = f.cx; ExpandInlineFrames(cx->compartment); // The current frame may have an associated orphaned native, if the native // or SplatApplyArgs threw an exception. RemoveOrphanedNative(cx, f.fp()); JS_ASSERT(!f.fp()->finishedInInterpreter()); // Make sure sp is up to date. JS_ASSERT(&cx->regs() == &f.regs); jsbytecode *pc = NULL; for (;;) { if (cx->isExceptionPending()) { // Call the throw hook if necessary JSThrowHook handler = cx->runtime->debugHooks.throwHook; if (handler || !cx->compartment->getDebuggees().empty()) { Value rval; JSTrapStatus st = Debugger::onExceptionUnwind(cx, &rval); if (st == JSTRAP_CONTINUE && handler) { st = handler(cx, cx->fp()->script(), cx->regs().pc, &rval, cx->runtime->debugHooks.throwHookData); } switch (st) { case JSTRAP_ERROR: cx->clearPendingException(); break; case JSTRAP_CONTINUE: break; case JSTRAP_RETURN: cx->clearPendingException(); cx->fp()->setReturnValue(rval); return cx->jaegerRuntime().forceReturnFromExternC(); case JSTRAP_THROW: cx->setPendingException(rval); break; default: JS_NOT_REACHED("bad onExceptionUnwind status"); } } } pc = FindExceptionHandler(cx); if (pc) break; // The JIT guarantees that ScriptDebugEpilogue() and ScriptEpilogue() // have always been run upon exiting to its caller. This is important // for consistency, where execution modes make similar guarantees about // prologues and epilogues. Interpret(), and Invoke() all rely on this // property. JS_ASSERT(!f.fp()->finishedInInterpreter()); UnwindScope(cx, 0); f.regs.sp = f.fp()->base(); if (cx->compartment->debugMode()) { // This can turn a throw or error into a healthy return. Note that // we will run ScriptDebugEpilogue again (from AnyFrameEpilogue); // ScriptDebugEpilogue is prepared for this eventuality. if (js::ScriptDebugEpilogue(cx, f.fp(), false)) return cx->jaegerRuntime().forceReturnFromExternC(); } ScriptEpilogue(f.cx, f.fp(), false); // Don't remove the last frame, this is the responsibility of // JaegerShot()'s caller. We only guarantee that ScriptEpilogue() // has been run. if (f.entryfp == f.fp()) break; JS_ASSERT(&cx->regs() == &f.regs); InlineReturn(f); } JS_ASSERT(&cx->regs() == &f.regs); if (!pc) return NULL; StackFrame *fp = cx->fp(); JSScript *script = fp->script(); /* * Fall back to EnterMethodJIT and finish the frame in the interpreter. * With type inference enabled, we may wipe out all JIT code on the * stack without patching ncode values to jump to the interpreter, and * thus can only enter JIT code via EnterMethodJIT (which overwrites * its entry frame's ncode). See ClearAllFrames. */ cx->jaegerRuntime().setLastUnfinished(Jaeger_Unfinished); if (!script->ensureRanAnalysis(cx, NULL)) { js_ReportOutOfMemory(cx); return NULL; } analyze::AutoEnterAnalysis enter(cx); /* * Interpret the ENTERBLOCK and EXCEPTION opcodes, so that we don't go * back into the interpreter with a pending exception. This will cause * it to immediately rethrow. */ if (cx->isExceptionPending()) { JS_ASSERT(JSOp(*pc) == JSOP_ENTERBLOCK); StaticBlockObject &blockObj = script->getObject(GET_UINT32_INDEX(pc))->asStaticBlock(); Value *vp = cx->regs().sp + blockObj.slotCount(); SetValueRangeToUndefined(cx->regs().sp, vp); cx->regs().sp = vp; JS_ASSERT(JSOp(pc[JSOP_ENTERBLOCK_LENGTH]) == JSOP_EXCEPTION); cx->regs().sp[0] = cx->getPendingException(); cx->clearPendingException(); cx->regs().sp++; cx->regs().pc = pc + JSOP_ENTERBLOCK_LENGTH + JSOP_EXCEPTION_LENGTH; cx->regs().fp()->setBlockChain(&blockObj); } *f.oldregs = f.regs; return NULL; }
/* * Since memory has been exhausted, avoid the normal error-handling path which * allocates an error object, report and callstack. If code is running, simply * throw the static atom "out of memory". If code is not running, call the * error reporter directly. * * Furthermore, callers of js_ReportOutOfMemory (viz., malloc) assume a GC does * not occur, so GC must be avoided or suppressed. */ void js_ReportOutOfMemory(ThreadSafeContext *cxArg) { #ifdef JS_MORE_DETERMINISTIC /* * OOMs are non-deterministic, especially across different execution modes * (e.g. interpreter vs JIT). In more-deterministic builds, print to stderr * so that the fuzzers can detect this. */ fprintf(stderr, "js_ReportOutOfMemory called\n"); #endif if (cxArg->isForkJoinContext()) { cxArg->asForkJoinContext()->setPendingAbortFatal(ParallelBailoutOutOfMemory); return; } if (!cxArg->isJSContext()) return; JSContext *cx = cxArg->asJSContext(); cx->runtime()->hadOutOfMemory = true; /* Report the oom. */ if (JS::OutOfMemoryCallback oomCallback = cx->runtime()->oomCallback) { AutoSuppressGC suppressGC(cx); oomCallback(cx, cx->runtime()->oomCallbackData); } if (JS_IsRunning(cx)) { cx->setPendingException(StringValue(cx->names().outOfMemory)); return; } /* Get the message for this error, but we don't expand any arguments. */ const JSErrorFormatString *efs = js_GetLocalizedErrorMessage(cx, nullptr, nullptr, JSMSG_OUT_OF_MEMORY); const char *msg = efs ? efs->format : "Out of memory"; /* Fill out the report, but don't do anything that requires allocation. */ JSErrorReport report; PodZero(&report); report.flags = JSREPORT_ERROR; report.errorNumber = JSMSG_OUT_OF_MEMORY; PopulateReportBlame(cx, &report); /* Report the error. */ if (JSErrorReporter onError = cx->errorReporter) { AutoSuppressGC suppressGC(cx); onError(cx, msg, &report); } /* * We would like to enforce the invariant that any exception reported * during an OOM situation does not require wrapping. Besides avoiding * allocation when memory is low, this reduces the number of places where * we might need to GC. * * When JS code is running, we set the pending exception to an atom, which * does not need wrapping. If no JS code is running, no exception should be * set at all. */ JS_ASSERT(!cx->isExceptionPending()); }
JSScript* GlobalHelperThreadState::finishParseTask(JSContext* maybecx, JSRuntime* rt, void* token) { ScopedJSDeletePtr<ParseTask> parseTask; // The token is a ParseTask* which should be in the finished list. // Find and remove its entry. { AutoLockHelperThreadState lock; ParseTaskVector& finished = parseFinishedList(); for (size_t i = 0; i < finished.length(); i++) { if (finished[i] == token) { parseTask = finished[i]; remove(finished, &i); break; } } } MOZ_ASSERT(parseTask); if (!maybecx) { LeaveParseTaskZone(rt, parseTask); return nullptr; } JSContext* cx = maybecx; MOZ_ASSERT(cx->compartment()); // Make sure we have all the constructors we need for the prototype // remapping below, since we can't GC while that's happening. Rooted<GlobalObject*> global(cx, &cx->global()->as<GlobalObject>()); if (!EnsureConstructor(cx, global, JSProto_Object) || !EnsureConstructor(cx, global, JSProto_Array) || !EnsureConstructor(cx, global, JSProto_Function) || !EnsureConstructor(cx, global, JSProto_RegExp) || !EnsureConstructor(cx, global, JSProto_Iterator)) { LeaveParseTaskZone(rt, parseTask); return nullptr; } mergeParseTaskCompartment(rt, parseTask, global, cx->compartment()); if (!parseTask->finish(cx)) return nullptr; RootedScript script(rt, parseTask->script); assertSameCompartment(cx, script); // Report any error or warnings generated during the parse, and inform the // debugger about the compiled scripts. for (size_t i = 0; i < parseTask->errors.length(); i++) parseTask->errors[i]->throwError(cx); if (parseTask->overRecursed) ReportOverRecursed(cx); if (cx->isExceptionPending()) return nullptr; if (script) { // The Debugger only needs to be told about the topmost script that was compiled. Debugger::onNewScript(cx, script); // Update the compressed source table with the result. This is normally // called by setCompressedSource when compilation occurs on the main thread. if (script->scriptSource()->hasCompressedSource()) script->scriptSource()->updateCompressedSourceSet(rt); } return script; }
JSScript * GlobalHelperThreadState::finishParseTask(JSContext *maybecx, JSRuntime *rt, void *token) { ScopedJSDeletePtr<ParseTask> parseTask; // The token is a ParseTask* which should be in the finished list. // Find and remove its entry. { AutoLockHelperThreadState lock; ParseTaskVector &finished = parseFinishedList(); for (size_t i = 0; i < finished.length(); i++) { if (finished[i] == token) { parseTask = finished[i]; remove(finished, &i); break; } } } MOZ_ASSERT(parseTask); if (!maybecx) { LeaveParseTaskZone(rt, parseTask); return nullptr; } JSContext *cx = maybecx; MOZ_ASSERT(cx->compartment()); // Make sure we have all the constructors we need for the prototype // remapping below, since we can't GC while that's happening. Rooted<GlobalObject*> global(cx, &cx->global()->as<GlobalObject>()); if (!EnsureConstructor(cx, global, JSProto_Object) || !EnsureConstructor(cx, global, JSProto_Array) || !EnsureConstructor(cx, global, JSProto_Function) || !EnsureConstructor(cx, global, JSProto_RegExp) || !EnsureConstructor(cx, global, JSProto_Iterator)) { LeaveParseTaskZone(rt, parseTask); return nullptr; } LeaveParseTaskZone(rt, parseTask); // Point the prototypes of any objects in the script's compartment to refer // to the corresponding prototype in the new compartment. This will briefly // create cross compartment pointers, which will be fixed by the // MergeCompartments call below. for (gc::ZoneCellIter iter(parseTask->cx->zone(), gc::FINALIZE_OBJECT_GROUP); !iter.done(); iter.next()) { ObjectGroup *group = iter.get<ObjectGroup>(); TaggedProto proto(group->proto()); if (!proto.isObject()) continue; JSProtoKey key = JS::IdentifyStandardPrototype(proto.toObject()); if (key == JSProto_Null) continue; MOZ_ASSERT(key == JSProto_Object || key == JSProto_Array || key == JSProto_Function || key == JSProto_RegExp || key == JSProto_Iterator); JSObject *newProto = GetBuiltinPrototypePure(global, key); MOZ_ASSERT(newProto); group->setProtoUnchecked(TaggedProto(newProto)); } // Move the parsed script and all its contents into the desired compartment. gc::MergeCompartments(parseTask->cx->compartment(), cx->compartment()); if (!parseTask->finish(cx)) return nullptr; RootedScript script(rt, parseTask->script); assertSameCompartment(cx, script); // Report any error or warnings generated during the parse, and inform the // debugger about the compiled scripts. for (size_t i = 0; i < parseTask->errors.length(); i++) parseTask->errors[i]->throwError(cx); if (parseTask->overRecursed) js_ReportOverRecursed(cx); if (cx->isExceptionPending()) return nullptr; if (script) { // The Debugger only needs to be told about the topmost script that was compiled. Debugger::onNewScript(cx, script); // Update the compressed source table with the result. This is normally // called by setCompressedSource when compilation occurs on the main thread. if (script->scriptSource()->hasCompressedSource()) script->scriptSource()->updateCompressedSourceSet(rt); } return script; }