From 18f2898f528ef9523c813370014ff82fbc1a217d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Sun, 24 Mar 2024 22:06:57 +0100 Subject: [PATCH] Fix fully initializing JSStackFrame (#328) Fixes: https://github.com/quickjs-ng/quickjs/issues/323 --- quickjs.c | 17 +++++++++++++++++ v8.txt | 6 ------ 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/quickjs.c b/quickjs.c index a8a8251..30e14b6 100644 --- a/quickjs.c +++ b/quickjs.c @@ -6517,6 +6517,10 @@ static void build_backtrace(JSContext *ctx, JSValue error_obj, const char *atom_str; int line_num1, col_num1; + /* Bytecode functions must have cur_pc set in the stack frame. */ + if (sf->cur_pc == NULL) + abort(); + line_num1 = find_line_num(ctx, b, sf->cur_pc - b->byte_code_buf - 1, &col_num1); @@ -14611,6 +14615,7 @@ static JSValue JS_CallInternal(JSContext *caller_ctx, JSValue func_obj, stack_buf = var_buf + b->var_count; sp = stack_buf; pc = b->byte_code_buf; + sf->cur_pc = NULL; /* It's != NULL for bytecode functions. */ sf->prev_frame = rt->current_stack_frame; rt->current_stack_frame = sf; ctx = b->realm; /* set the current realm */ @@ -14666,6 +14671,7 @@ static JSValue JS_CallInternal(JSContext *caller_ctx, JSValue func_obj, BREAK; CASE(OP_get_length): { + sf->cur_pc = pc; JSValue val; val = JS_GetProperty(ctx, sp[-1], JS_ATOM_length); @@ -15017,6 +15023,7 @@ static JSValue JS_CallInternal(JSContext *caller_ctx, JSValue func_obj, int magic; magic = get_u16(pc); pc += 2; + sf->cur_pc = pc; ret_val = js_function_apply(ctx, sp[-3], 2, &sp[-2], magic); if (unlikely(JS_IsException(ret_val))) @@ -15837,6 +15844,7 @@ static JSValue JS_CallInternal(JSContext *caller_ctx, JSValue func_obj, JSAtom atom; atom = get_u32(pc); pc += 4; + sf->cur_pc = pc; val = JS_GetPropertyInternal2(ctx, sp[-1], atom, sp[-1], ic, FALSE); if (unlikely(JS_IsException(val))) goto exception; @@ -15859,6 +15867,7 @@ static JSValue JS_CallInternal(JSContext *caller_ctx, JSValue func_obj, ic_offset = get_u32(pc); atom = get_ic_atom(ic, ic_offset); pc += 4; + sf->cur_pc = pc; val = JS_GetPropertyInternalWithIC(ctx, sp[-1], atom, sp[-1], ic, ic_offset, FALSE); ic->updated = FALSE; if (unlikely(JS_IsException(val))) @@ -15873,6 +15882,7 @@ static JSValue JS_CallInternal(JSContext *caller_ctx, JSValue func_obj, JSAtom atom; atom = get_u32(pc); pc += 4; + sf->cur_pc = pc; val = JS_GetPropertyInternal2(ctx, sp[-1], atom, sp[-1], NULL, FALSE); if (unlikely(JS_IsException(val))) goto exception; @@ -15894,6 +15904,7 @@ static JSValue JS_CallInternal(JSContext *caller_ctx, JSValue func_obj, ic_offset = get_u32(pc); atom = get_ic_atom(ic, ic_offset); pc += 4; + sf->cur_pc = pc; val = JS_GetPropertyInternalWithIC(ctx, sp[-1], atom, sp[-1], ic, ic_offset, FALSE); ic->updated = FALSE; if (unlikely(JS_IsException(val))) @@ -15908,6 +15919,7 @@ static JSValue JS_CallInternal(JSContext *caller_ctx, JSValue func_obj, JSAtom atom; atom = get_u32(pc); pc += 4; + sf->cur_pc = pc; ret = JS_SetPropertyInternal2(ctx, sp[-2], atom, sp[-1], sp[-2], @@ -15933,6 +15945,7 @@ static JSValue JS_CallInternal(JSContext *caller_ctx, JSValue func_obj, ic_offset = get_u32(pc); atom = get_ic_atom(ic, ic_offset); pc += 4; + sf->cur_pc = pc; ret = JS_SetPropertyInternalWithIC(ctx, sp[-2], atom, sp[-1], JS_PROP_THROW_STRICT, ic, ic_offset); ic->updated = FALSE; JS_FreeValue(ctx, sp[-2]); @@ -16286,6 +16299,7 @@ static JSValue JS_CallInternal(JSContext *caller_ctx, JSValue func_obj, JSValue op1, op2; op1 = sp[-2]; op2 = sp[-1]; + sf->cur_pc = pc; if (likely(JS_VALUE_IS_BOTH_INT(op1, op2))) { int64_t r; r = (int64_t)JS_VALUE_GET_INT(op1) + JS_VALUE_GET_INT(op2); @@ -16311,6 +16325,7 @@ static JSValue JS_CallInternal(JSContext *caller_ctx, JSValue func_obj, int idx; idx = *pc; pc += 1; + sf->cur_pc = pc; pv = &var_buf[idx]; if (likely(JS_VALUE_IS_BOTH_INT(*pv, sp[-1]))) { @@ -16720,11 +16735,13 @@ static JSValue JS_CallInternal(JSContext *caller_ctx, JSValue func_obj, OP_CMP(OP_strict_neq, !=, js_strict_eq_slow(ctx, sp, 1)); CASE(OP_in): + sf->cur_pc = pc; if (js_operator_in(ctx, sp)) goto exception; sp--; BREAK; CASE(OP_instanceof): + sf->cur_pc = pc; if (js_operator_instanceof(ctx, sp)) goto exception; sp--; diff --git a/v8.txt b/v8.txt index 6da607e..5c0d8bc 100644 --- a/v8.txt +++ b/v8.txt @@ -762,12 +762,6 @@ Failure (testClassNames doesn't contain expected[1] stack = at MyObj (stack- at (stack-traces.js:291:49) ): expected found Failure (UnintendedCallerCensorship didn't contain new ReferenceError): expected found -Failure: expected <"abc"> found -Failure: expected <"abc"> found <" at (stack-traces.js:371:13)\n"> -Failure: expected found <" at (stack-traces.js:375:13)\n"> -TypeError: not a function - at (stack-traces.js:381:1) - === str-to-num.js Failure: expected <7.922816251426436e+28> found <7.922816251426434e+28> === stress-array-push.js