Skip to content

[JSC] Fix return in operationCopyOnWriteArrayIndexOfString #47142

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 26, 2025
Merged

[JSC] Fix return in operationCopyOnWriteArrayIndexOfString #47142

merged 1 commit into from
Jun 26, 2025

Conversation

syg
Copy link
Contributor

@syg syg commented Jun 24, 2025
edited by webkit-early-warning-system
Loading

773e875

[JSC] Fix return in operationCopyOnWriteArrayIndexOfString
https://bugs.webkit.org/show_bug.cgi?id=294935
rdar://153522603

Reviewed by Yusuke Suzuki, Keith Miller, and Ross Kirsling.

operationCopyOnWriteArrayIndexOfString was using RETURN_IF_EXCEPTION instead of
OPERATION_RETURN_IF_EXCEPTION, causing exceptions not propagate correctly since
they weren't being wrapped in ExceptionOperationResult. This meant code would
keep executing after an exception was thrown, triggering asserts downstream.

* JSTests/stress/regress-153522603.js: Added.
* Source/JavaScriptCore/dfg/DFGOperations.cpp:
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):

Canonical link: https://commits.webkit.org/296649@main

335caba

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows
✅ 🧪 style ✅ 🛠 ios ✅ 🛠 mac ✅ 🛠 wpe ✅ 🛠 win
✅ 🛠 ios-sim ✅ 🛠 mac-AS-debug ✅ 🧪 wpe-wk2 ⏳ 🧪 win-tests
✅ 🧪 webkitperl ✅ 🧪 ios-wk2 ✅ 🧪 api-mac ✅ 🧪 api-wpe
✅ 🧪 ios-wk2-wpt ✅ 🧪 mac-wk1 🛠 wpe-cairo
✅ 🛠 🧪 jsc ✅ 🧪 api-ios ✅ 🧪 mac-wk2 ✅ 🛠 gtk
✅ 🛠 🧪 jsc-arm64 ✅ 🛠 vision ✅ 🧪 mac-AS-debug-wk2 ✅ 🧪 gtk-wk2
✅ 🛠 vision-sim ✅ 🧪 mac-wk2-stress ✅ 🧪 api-gtk
✅ 🛠 🧪 merge ✅ 🧪 vision-wk2 ✅ 🧪 mac-intel-wk2 🛠 playstation
✅ 🛠 tv ✅ 🛠 mac-safer-cpp ✅ 🛠 jsc-armv7
✅ 🛠 tv-sim ✅ 🧪 jsc-armv7-tests
✅ 🛠 watch
✅ 🛠 watch-sim

@syg syg requested a review from a team as a code owner June 24, 2025 22:46
@webkit-early-warning-system
Copy link
Collaborator

webkit-early-warning-system commented Jun 24, 2025
edited
Loading

EWS run on previous version of this PR (hash dc347d9)

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows
✅ 🧪 style ✅ 🛠 ios ✅ 🛠 mac ✅ 🛠 wpe ✅ 🛠 win
✅ 🛠 ios-sim ✅ 🛠 mac-AS-debug ✅ 🧪 wpe-wk2 ⏳ 🧪 win-tests
✅ 🧪 webkitperl ✅ 🧪 ios-wk2 ✅ 🧪 api-mac ✅ 🧪 api-wpe
✅ 🧪 ios-wk2-wpt ✅ 🧪 mac-wk1 ✅ 🛠 wpe-cairo
✅ 🛠 🧪 jsc ✅ 🧪 api-ios ✅ 🧪 mac-wk2 ✅ 🛠 gtk
✅ 🛠 🧪 jsc-arm64 ✅ 🛠 vision ✅ 🧪 mac-AS-debug-wk2 ✅ 🧪 gtk-wk2
✅ 🛠 vision-sim ✅ 🧪 mac-wk2-stress ✅ 🧪 api-gtk
✅ 🧪 vision-wk2 ✅ 🧪 mac-intel-wk2 🛠 playstation
✅ 🛠 tv ✅ 🛠 mac-safer-cpp ✅ 🛠 jsc-armv7
✅ 🛠 tv-sim ✅ 🧪 jsc-armv7-tests
✅ 🛠 watch
✅ 🛠 watch-sim

rkirsling
rkirsling approved these changes Jun 24, 2025
View reviewed changes
Copy link
Member

@rkirsling rkirsling left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oho, a Shu patch at last!

Fix makes sense to me; just one comment.

kmiller68
kmiller68 reviewed Jun 25, 2025
View reviewed changes
@Ahmad-S792 Ahmad-S792 added the JavaScriptCore For bugs in JavaScriptCore, the JS engine used by WebKit, other than kxmlcore issues. label Jun 25, 2025
@syg syg force-pushed the dev/arrayindexof-termination-exception branch from dc347d9 to 0d12777 Compare June 25, 2025 04:57
@syg syg added New Bugs Unclassified bugs are placed in this component until the correct component can be determined. and removed JavaScriptCore For bugs in JavaScriptCore, the JS engine used by WebKit, other than kxmlcore issues. labels Jun 25, 2025
@webkit-early-warning-system
Copy link
Collaborator

webkit-early-warning-system commented Jun 25, 2025
edited
Loading

EWS run on previous version of this PR (hash 0d12777)

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows
✅ 🧪 style ✅ 🛠 ios ✅ 🛠 mac ✅ 🛠 wpe ✅ 🛠 win
✅ 🛠 ios-sim ✅ 🛠 mac-AS-debug ✅ 🧪 wpe-wk2 ⏳ 🧪 win-tests
✅ 🧪 webkitperl ✅ 🧪 ios-wk2 ✅ 🧪 api-mac ✅ 🧪 api-wpe
✅ 🧪 ios-wk2-wpt ✅ 🧪 mac-wk1 ✅ 🛠 wpe-cairo
✅ 🛠 🧪 jsc ✅ 🧪 api-ios ✅ 🧪 mac-wk2 ✅ 🛠 gtk
✅ 🛠 🧪 jsc-arm64 ✅ 🛠 vision ✅ 🧪 mac-AS-debug-wk2 ✅ 🧪 gtk-wk2
✅ 🛠 vision-sim ✅ 🧪 mac-wk2-stress ✅ 🧪 api-gtk
✅ 🧪 vision-wk2 ✅ 🧪 mac-intel-wk2 🛠 playstation
✅ 🛠 tv ✅ 🛠 mac-safer-cpp ✅ 🛠 jsc-armv7
✅ 🛠 tv-sim ❌ 🧪 jsc-armv7-tests
✅ 🛠 watch
✅ 🛠 watch-sim

kmiller68
kmiller68 requested changes Jun 25, 2025
View reviewed changes
@syg syg force-pushed the dev/arrayindexof-termination-exception branch from 0d12777 to 335caba Compare June 25, 2025 19:13
kmiller68
kmiller68 approved these changes Jun 25, 2025
View reviewed changes
Copy link
Contributor

@kmiller68 kmiller68 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

r=me too.

@syg syg added the safe-merge-queue Applied to automatically send a pull-request to merge-queue after passing EWS checks label Jun 25, 2025
@webkit-early-warning-system
Copy link
Collaborator

webkit-early-warning-system commented Jun 25, 2025
edited
Loading

EWS run on current version of this PR (hash 335caba)

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows
✅ 🧪 style ✅ 🛠 ios ✅ 🛠 mac ✅ 🛠 wpe ✅ 🛠 win
✅ 🛠 ios-sim ✅ 🛠 mac-AS-debug ✅ 🧪 wpe-wk2 ⏳ 🧪 win-tests
✅ 🧪 webkitperl ✅ 🧪 ios-wk2 ✅ 🧪 api-mac ✅ 🧪 api-wpe
✅ 🧪 ios-wk2-wpt ✅ 🧪 mac-wk1 🛠 wpe-cairo
✅ 🛠 🧪 jsc ✅ 🧪 api-ios ✅ 🧪 mac-wk2 ✅ 🛠 gtk
✅ 🛠 🧪 jsc-arm64 ✅ 🛠 vision ✅ 🧪 mac-AS-debug-wk2 ✅ 🧪 gtk-wk2
✅ 🛠 vision-sim ✅ 🧪 mac-wk2-stress ✅ 🧪 api-gtk
✅ 🛠 🧪 merge ✅ 🧪 vision-wk2 ✅ 🧪 mac-intel-wk2 🛠 playstation
✅ 🛠 tv ✅ 🛠 mac-safer-cpp ✅ 🛠 jsc-armv7
✅ 🛠 tv-sim ✅ 🧪 jsc-armv7-tests
✅ 🛠 watch
✅ 🛠 watch-sim

@webkit-ews-buildbot
Copy link
Collaborator

@syg does not have committer permissions according to https://raw.githubusercontent.com/WebKit/WebKit/main/metadata/contributors.json.

If you do have committer permissions, please ensure that your GitHub username is added to contributors.json.

Rejecting 335caba from merge queue.

Safe-Merge-Queue: Build #61398.

@webkit-ews-buildbot webkit-ews-buildbot removed the safe-merge-queue Applied to automatically send a pull-request to merge-queue after passing EWS checks label Jun 25, 2025
@webkit-ews-buildbot
Copy link
Collaborator

Safe-Merge-Queue: Build #61398.

@webkit-ews-buildbot webkit-ews-buildbot added the merging-blocked Applied to prevent a change from being merged label Jun 25, 2025
@kmiller68 kmiller68 added safe-merge-queue Applied to automatically send a pull-request to merge-queue after passing EWS checks and removed merging-blocked Applied to prevent a change from being merged labels Jun 25, 2025
@rkirsling rkirsling added merge-queue Applied to send a pull request to merge-queue and removed safe-merge-queue Applied to automatically send a pull-request to merge-queue after passing EWS checks labels Jun 26, 2025
@syg @rkirsling
[JSC] Fix return in operationCopyOnWriteArrayIndexOfString
773e875 
https://bugs.webkit.org/show_bug.cgi?id=294935
rdar://153522603

Reviewed by Yusuke Suzuki, Keith Miller, and Ross Kirsling.

operationCopyOnWriteArrayIndexOfString was using RETURN_IF_EXCEPTION instead of
OPERATION_RETURN_IF_EXCEPTION, causing exceptions not propagate correctly since
they weren't being wrapped in ExceptionOperationResult. This meant code would
keep executing after an exception was thrown, triggering asserts downstream.

* JSTests/stress/regress-153522603.js: Added.
* Source/JavaScriptCore/dfg/DFGOperations.cpp:
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):

Canonical link: https://commits.webkit.org/296649@main
@webkit-commit-queue webkit-commit-queue force-pushed the dev/arrayindexof-termination-exception branch from 335caba to 773e875 Compare June 26, 2025 03:37
@webkit-commit-queue
Copy link
Collaborator

Committed 296649@main (773e875): https://commits.webkit.org/296649@main

Reviewed commits have been landed. Closing PR #47142 and removing active labels.

@webkit-commit-queue webkit-commit-queue merged commit 773e875 into WebKit:main Jun 26, 2025
@webkit-commit-queue webkit-commit-queue removed the merge-queue Applied to send a pull request to merge-queue label Jun 26, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rkirsling rkirsling rkirsling approved these changes

@Constellation Constellation Constellation approved these changes

@kmiller68 kmiller68 kmiller68 approved these changes

Assignees

@syg syg

Labels
New Bugs Unclassified bugs are placed in this component until the correct component can be determined.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@syg @webkit-early-warning-system @webkit-ews-buildbot @webkit-commit-queue @Constellation @rkirsling @kmiller68 @Ahmad-S792