extern "C" void *
js_InternalThrow(VMFrame &f)
{
JSContext *cx = f.cx;
ExpandInlineFrames(cx->compartment);
// The current frame may have an associated orphaned native, if the native
// or SplatApplyArgs threw an exception.
RemoveOrphanedNative(cx, f.fp());
JS_ASSERT(!f.fp()->finishedInInterpreter());
// Make sure sp is up to date.
JS_ASSERT(&cx->regs() == &f.regs);
jsbytecode *pc = NULL;
for (;;) {
if (cx->isExceptionPending()) {
// Call the throw hook if necessary
JSThrowHook handler = cx->runtime->debugHooks.throwHook;
if (handler || !cx->compartment->getDebuggees().empty()) {
Value rval;
JSTrapStatus st = Debugger::onExceptionUnwind(cx, &rval);
if (st == JSTRAP_CONTINUE && handler) {
st = handler(cx, cx->fp()->script(), cx->regs().pc, &rval,
cx->runtime->debugHooks.throwHookData);
}
switch (st) {
case JSTRAP_ERROR:
cx->clearPendingException();
break;
case JSTRAP_CONTINUE:
break;
case JSTRAP_RETURN:
cx->clearPendingException();
cx->fp()->setReturnValue(rval);
return cx->jaegerRuntime().forceReturnFromExternC();
case JSTRAP_THROW:
cx->setPendingException(rval);
break;
default:
JS_NOT_REACHED("bad onExceptionUnwind status");
}
}
}
pc = FindExceptionHandler(cx);
if (pc)
break;
// The JIT guarantees that ScriptDebugEpilogue() and ScriptEpilogue()
// have always been run upon exiting to its caller. This is important
// for consistency, where execution modes make similar guarantees about
// prologues and epilogues. Interpret(), and Invoke() all rely on this
// property.
JS_ASSERT(!f.fp()->finishedInInterpreter());
UnwindScope(cx, 0);
f.regs.sp = f.fp()->base();
if (cx->compartment->debugMode()) {
// This can turn a throw or error into a healthy return. Note that
// we will run ScriptDebugEpilogue again (from AnyFrameEpilogue);
// ScriptDebugEpilogue is prepared for this eventuality.
if (js::ScriptDebugEpilogue(cx, f.fp(), false))
return cx->jaegerRuntime().forceReturnFromExternC();
}
ScriptEpilogue(f.cx, f.fp(), false);
// Don't remove the last frame, this is the responsibility of
// JaegerShot()'s caller. We only guarantee that ScriptEpilogue()
// has been run.
if (f.entryfp == f.fp())
break;
JS_ASSERT(&cx->regs() == &f.regs);
InlineReturn(f);
}
JS_ASSERT(&cx->regs() == &f.regs);
if (!pc)
return NULL;
StackFrame *fp = cx->fp();
JSScript *script = fp->script();
/*
* Fall back to EnterMethodJIT and finish the frame in the interpreter.
* With type inference enabled, we may wipe out all JIT code on the
* stack without patching ncode values to jump to the interpreter, and
* thus can only enter JIT code via EnterMethodJIT (which overwrites
* its entry frame's ncode). See ClearAllFrames.
*/
cx->jaegerRuntime().setLastUnfinished(Jaeger_Unfinished);
if (!script->ensureRanAnalysis(cx, NULL)) {
js_ReportOutOfMemory(cx);
return NULL;
}
analyze::AutoEnterAnalysis enter(cx);
/*
* Interpret the ENTERBLOCK and EXCEPTION opcodes, so that we don't go
* back into the interpreter with a pending exception. This will cause
* it to immediately rethrow.
*/
if (cx->isExceptionPending()) {
JS_ASSERT(JSOp(*pc) == JSOP_ENTERBLOCK);
StaticBlockObject &blockObj = script->getObject(GET_UINT32_INDEX(pc))->asStaticBlock();
Value *vp = cx->regs().sp + blockObj.slotCount();
SetValueRangeToUndefined(cx->regs().sp, vp);
cx->regs().sp = vp;
JS_ASSERT(JSOp(pc[JSOP_ENTERBLOCK_LENGTH]) == JSOP_EXCEPTION);
cx->regs().sp[0] = cx->getPendingException();
cx->clearPendingException();
cx->regs().sp++;
cx->regs().pc = pc + JSOP_ENTERBLOCK_LENGTH + JSOP_EXCEPTION_LENGTH;
cx->regs().fp()->setBlockChain(&blockObj);
}
*f.oldregs = f.regs;
return NULL;
}
/*
* Since memory has been exhausted, avoid the normal error-handling path which
* allocates an error object, report and callstack. If code is running, simply
* throw the static atom "out of memory". If code is not running, call the
* error reporter directly.
*
* Furthermore, callers of js_ReportOutOfMemory (viz., malloc) assume a GC does
* not occur, so GC must be avoided or suppressed.
*/
void
js_ReportOutOfMemory(ThreadSafeContext *cxArg)
{
#ifdef JS_MORE_DETERMINISTIC
/*
* OOMs are non-deterministic, especially across different execution modes
* (e.g. interpreter vs JIT). In more-deterministic builds, print to stderr
* so that the fuzzers can detect this.
*/
fprintf(stderr, "js_ReportOutOfMemory called\n");
#endif
if (cxArg->isForkJoinContext()) {
cxArg->asForkJoinContext()->setPendingAbortFatal(ParallelBailoutOutOfMemory);
return;
}
if (!cxArg->isJSContext())
return;
JSContext *cx = cxArg->asJSContext();
cx->runtime()->hadOutOfMemory = true;
/* Report the oom. */
if (JS::OutOfMemoryCallback oomCallback = cx->runtime()->oomCallback) {
AutoSuppressGC suppressGC(cx);
oomCallback(cx, cx->runtime()->oomCallbackData);
}
if (JS_IsRunning(cx)) {
cx->setPendingException(StringValue(cx->names().outOfMemory));
return;
}
/* Get the message for this error, but we don't expand any arguments. */
const JSErrorFormatString *efs =
js_GetLocalizedErrorMessage(cx, nullptr, nullptr, JSMSG_OUT_OF_MEMORY);
const char *msg = efs ? efs->format : "Out of memory";
/* Fill out the report, but don't do anything that requires allocation. */
JSErrorReport report;
PodZero(&report);
report.flags = JSREPORT_ERROR;
report.errorNumber = JSMSG_OUT_OF_MEMORY;
PopulateReportBlame(cx, &report);
/* Report the error. */
if (JSErrorReporter onError = cx->errorReporter) {
AutoSuppressGC suppressGC(cx);
onError(cx, msg, &report);
}
/*
* We would like to enforce the invariant that any exception reported
* during an OOM situation does not require wrapping. Besides avoiding
* allocation when memory is low, this reduces the number of places where
* we might need to GC.
*
* When JS code is running, we set the pending exception to an atom, which
* does not need wrapping. If no JS code is running, no exception should be
* set at all.
*/
JS_ASSERT(!cx->isExceptionPending());
}
JSScript*
GlobalHelperThreadState::finishParseTask(JSContext* maybecx, JSRuntime* rt, void* token)
{
ScopedJSDeletePtr<ParseTask> parseTask;
// The token is a ParseTask* which should be in the finished list.
// Find and remove its entry.
{
AutoLockHelperThreadState lock;
ParseTaskVector& finished = parseFinishedList();
for (size_t i = 0; i < finished.length(); i++) {
if (finished[i] == token) {
parseTask = finished[i];
remove(finished, &i);
break;
}
}
}
MOZ_ASSERT(parseTask);
if (!maybecx) {
LeaveParseTaskZone(rt, parseTask);
return nullptr;
}
JSContext* cx = maybecx;
MOZ_ASSERT(cx->compartment());
// Make sure we have all the constructors we need for the prototype
// remapping below, since we can't GC while that's happening.
Rooted<GlobalObject*> global(cx, &cx->global()->as<GlobalObject>());
if (!EnsureConstructor(cx, global, JSProto_Object) ||
!EnsureConstructor(cx, global, JSProto_Array) ||
!EnsureConstructor(cx, global, JSProto_Function) ||
!EnsureConstructor(cx, global, JSProto_RegExp) ||
!EnsureConstructor(cx, global, JSProto_Iterator))
{
LeaveParseTaskZone(rt, parseTask);
return nullptr;
}
mergeParseTaskCompartment(rt, parseTask, global, cx->compartment());
if (!parseTask->finish(cx))
return nullptr;
RootedScript script(rt, parseTask->script);
assertSameCompartment(cx, script);
// Report any error or warnings generated during the parse, and inform the
// debugger about the compiled scripts.
for (size_t i = 0; i < parseTask->errors.length(); i++)
parseTask->errors[i]->throwError(cx);
if (parseTask->overRecursed)
ReportOverRecursed(cx);
if (cx->isExceptionPending())
return nullptr;
if (script) {
// The Debugger only needs to be told about the topmost script that was compiled.
Debugger::onNewScript(cx, script);
// Update the compressed source table with the result. This is normally
// called by setCompressedSource when compilation occurs on the main thread.
if (script->scriptSource()->hasCompressedSource())
script->scriptSource()->updateCompressedSourceSet(rt);
}
return script;
}
JSScript *
GlobalHelperThreadState::finishParseTask(JSContext *maybecx, JSRuntime *rt, void *token)
{
ScopedJSDeletePtr<ParseTask> parseTask;
// The token is a ParseTask* which should be in the finished list.
// Find and remove its entry.
{
AutoLockHelperThreadState lock;
ParseTaskVector &finished = parseFinishedList();
for (size_t i = 0; i < finished.length(); i++) {
if (finished[i] == token) {
parseTask = finished[i];
remove(finished, &i);
break;
}
}
}
MOZ_ASSERT(parseTask);
if (!maybecx) {
LeaveParseTaskZone(rt, parseTask);
return nullptr;
}
JSContext *cx = maybecx;
MOZ_ASSERT(cx->compartment());
// Make sure we have all the constructors we need for the prototype
// remapping below, since we can't GC while that's happening.
Rooted<GlobalObject*> global(cx, &cx->global()->as<GlobalObject>());
if (!EnsureConstructor(cx, global, JSProto_Object) ||
!EnsureConstructor(cx, global, JSProto_Array) ||
!EnsureConstructor(cx, global, JSProto_Function) ||
!EnsureConstructor(cx, global, JSProto_RegExp) ||
!EnsureConstructor(cx, global, JSProto_Iterator))
{
LeaveParseTaskZone(rt, parseTask);
return nullptr;
}
LeaveParseTaskZone(rt, parseTask);
// Point the prototypes of any objects in the script's compartment to refer
// to the corresponding prototype in the new compartment. This will briefly
// create cross compartment pointers, which will be fixed by the
// MergeCompartments call below.
for (gc::ZoneCellIter iter(parseTask->cx->zone(), gc::FINALIZE_OBJECT_GROUP);
!iter.done();
iter.next())
{
ObjectGroup *group = iter.get<ObjectGroup>();
TaggedProto proto(group->proto());
if (!proto.isObject())
continue;
JSProtoKey key = JS::IdentifyStandardPrototype(proto.toObject());
if (key == JSProto_Null)
continue;
MOZ_ASSERT(key == JSProto_Object || key == JSProto_Array ||
key == JSProto_Function || key == JSProto_RegExp ||
key == JSProto_Iterator);
JSObject *newProto = GetBuiltinPrototypePure(global, key);
MOZ_ASSERT(newProto);
group->setProtoUnchecked(TaggedProto(newProto));
}
// Move the parsed script and all its contents into the desired compartment.
gc::MergeCompartments(parseTask->cx->compartment(), cx->compartment());
if (!parseTask->finish(cx))
return nullptr;
RootedScript script(rt, parseTask->script);
assertSameCompartment(cx, script);
// Report any error or warnings generated during the parse, and inform the
// debugger about the compiled scripts.
for (size_t i = 0; i < parseTask->errors.length(); i++)
parseTask->errors[i]->throwError(cx);
if (parseTask->overRecursed)
js_ReportOverRecursed(cx);
if (cx->isExceptionPending())
return nullptr;
if (script) {
// The Debugger only needs to be told about the topmost script that was compiled.
Debugger::onNewScript(cx, script);
// Update the compressed source table with the result. This is normally
// called by setCompressedSource when compilation occurs on the main thread.
if (script->scriptSource()->hasCompressedSource())
script->scriptSource()->updateCompressedSourceSet(rt);
}
return script;
}
