Google Git
Sign in
webkit / WebKit / 9f1dad41bdc149b2b0b5709c0b31c55b50c653a5
commit9f1dad41bdc149b2b0b5709c0b31c55b50c653a5[log] [tgz]
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Fri Jul 18 04:34:16 2014 +0000
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Fri Jul 18 04:34:16 2014 +0000
tree46b200361e76f154babaa235e3cfa44b3d85f00d
parent9192f3c8da41a85f6b5acf764db24ccf1f52dbc3 [diff]
Need ability to fuzz exception throwing
https://bugs.webkit.org/show_bug.cgi?id=134945
<rdar://problem/17722027>

Reviewed by Sam Weinig.
        

Source/JavaScriptCore: 
Adds the ability to instrument exception checks, and to force some random
exception check to artificially throw an exception. Also adds new tests that
are suitable for testing this. Note that this is closely tied to the Tools
directory changes that are also part of this changeset.
        
This also fixes an activation tear-off bug that arises if we ever throw an
exception from operationOptimize, or if due to some other bug it's only due
to the operationOptimize exception check that we realize that there is an
exception to be thrown.

* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::fastExceptionCheck):
* ftl/FTLIntrinsicRepository.h:
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::callCheck):
* interpreter/Interpreter.cpp:
(JSC::unwindCallFrame):
* jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::callExceptionFuzz):
(JSC::AssemblyHelpers::emitExceptionCheck):
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::emitExceptionCheck): Deleted.
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_enter):
* jit/JITOperations.cpp:
(JSC::numberOfExceptionFuzzChecks):
* jit/JITOperations.h:
* jsc.cpp:
(jscmain):
* runtime/Options.h:
* runtime/TestRunnerUtils.h:
* tests/exceptionFuzz.yaml: Added.
* tests/exceptionFuzz: Added.
* tests/exceptionFuzz/3d-cube.js: Added.
* tests/exceptionFuzz/date-format-xparb.js: Added.
* tests/exceptionFuzz/earley-boyer.js: Added.

Tools: 
Adds a new script, js-exception-fuzz, which will run some jsc command-line using
exception fuzzing. This means that we will force exceptions to be thrown in random
places to see how the engine reacts. This is now integrated with the various test
drivers, so run-javascriptcore-tests will run some exception fuzzing tests by
default.

* Scripts/jsc-stress-test-helpers/js-exception-fuzz: Added.
(fail):
* Scripts/run-javascriptcore-tests:
* Scripts/run-jsc-stress-tests:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@171213 268f45cc-cd09-0410-ab3c-d52691b4dbfc
23 files changed
tree: 46b200361e76f154babaa235e3cfa44b3d85f00d
  1. Examples/
  2. LayoutTests/
  3. ManualTests/
  4. PerformanceTests/
  5. Source/
  6. Tools/
  7. WebKit.xcworkspace/
  8. WebKitLibraries/
  9. Websites/
  10. .dir-locals.el
  11. .gitattributes
  12. .gitignore
  13. ChangeLog
  14. ChangeLog-2012-05-22
  15. CMakeLists.txt
  16. Makefile
  17. Makefile.shared