Closed
Bug 539454
Opened 16 years ago
Closed 15 years ago
In methods with try/catch state->insideTryBlock is never set back to false
Categories
(Tamarin Graveyard :: Baseline JIT (CodegenLIR), defect, P2)
Tamarin Graveyard
Baseline JIT (CodegenLIR)
Tracking
(Not tracked)
VERIFIED
FIXED
flash10.1
People
(Reporter: edwsmith, Assigned: edwsmith)
References
Details
(Whiteboard: verifier-cleanup)
Attachments
(1 file)
|
39.69 KB,
patch
|
rreitmai
:
review+
|
Details | Diff | Splinter Review |
Which causes excessive JIT code to be generated which tracks the current PC in case of exceptions.
|
Assignee | |
Comment 1•16 years ago
|
||
It's a bug to set the current pc too often, but it also a bug to *only* set it when we are in a try block. if that happens then the rethrow in a finally block will reinvoke the catch block, since the last update to _save_eip was still inside the try block.
the test as3/Statements/Exceptions/NestedTryWithMultipleCatchInsideFinallyExceptionBubbling.as
will demonstrate this by looping forever.
|
|
Assignee | |
Updated•16 years ago
|
Target Milestone: --- → Future
Flags: flashplayer-qrb+
Priority: -- → P2
Whiteboard: verifier-cleanup
Target Milestone: Future → flash10.1
|
|
Assignee | |
Comment 2•15 years ago
|
||
The proper fix here is to always set PC in methods with try blocks, whether or not we're inside the try block. This patch does so by:
1. moving all "CodegenLIR::state = state" assignments to the CodeWriter entry points, and removing all other assignments.
2. renaming emitPrep() to emitSetPc() since that's really what it does.
3. calling emitSetPc() at each CodeWriter entry point, and remove all other emitPrep calls. Some were redundant, and it was not easy to tell if one was missing.
Assignee: nobody → edwsmith
Attachment #428265 -
Flags: review?(rreitmai)
|
||
Comment 3•15 years ago
|
||
I'd really like to see this patch split into 2 pieces, with (1) and (2) together, followed by a 2nd patch with only (3).
That aside, I'll have to revisit it tomorrow since I've effectively +'d 1 and 2, but need to squint a little harder to validate (3).
|
|
||
Comment 4•15 years ago
|
||
Comment on attachment 428265 [details] [diff] [review]
Fixed by removing insideTryBlock entirely and setting pc cleanly at each CodeWriter entry point
Could we end up in a situation where 'writeOpcodeVerified' is called, clearing the state, then in the info->exceptions section of the Verifier we call emitCoerce() i.e. see the comment 'FIXME: bug 538639' ?
There doesn't seem to be any intervening coder-> calls, except the writeBlockStart() which does not set state.
Also not in this patch but 'fixExceptionsAndLabels' probably should be 'writeFixExceptionsAndLabels'
+'d otherwise.
Attachment #428265 -
Flags: review?(rreitmai) → review+
|
|
Assignee | |
Comment 5•15 years ago
|
||
All of the other CodeWriter entry points re-set this->state to a valid pointer. Calling writeOpcodeVerified() at the top of the catch block is safe; each instruction in the catch block will call write() or writeOp1() (etc).
setting this->state to NULL is intended to cause a NPE crash if we accidentally refactor away the assignment in any of the other entry points.
The fixExceptionAndLabels rename already was pushed in one of the patches on bug 546408.
The other way to go about dealing with stale FrameState* in CodegenLIR is to get rid of the field entirely and pass it around as a paramter. Its a much bigger patch but might be preferred in the long run.
opinions?
|
|
Assignee | |
Comment 6•15 years ago
|
||
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
|
||
Comment 7•15 years ago
|
||
Verified that the as3/Statements/Exceptions/NestedTryWithMultipleCatchInsideFinallyExceptionBubbling.as executes properly. This was also covered in bug 521879, removing skip from testconfig
Status: RESOLVED → VERIFIED
Flags: in-testsuite+
Flags: flashplayer-triage+
You need to log in
before you can comment on or make changes to this bug.
Description
•