From 9307ce2fcf845312a68e61959ad5a132775cdfd3 Mon Sep 17 00:00:00 2001 From: "lrn@chromium.org" Date: Wed, 18 May 2011 12:22:19 +0000 Subject: [PATCH] Fix incorrect coercion of other failures to Failure::Exception in ReThrow. TEST=cctest/test-api/OutOfMemoryNested Review URL: http://codereview.chromium.org/7029028 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7930 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- src/isolate.cc | 6 ++++-- src/objects.h | 5 +++++ src/runtime.cc | 1 + 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/isolate.cc b/src/isolate.cc index 9fac06a..22a659a 100644 --- a/src/isolate.cc +++ b/src/isolate.cc @@ -896,13 +896,15 @@ Failure* Isolate::Throw(Object* exception, MessageLocation* location) { Failure* Isolate::ReThrow(MaybeObject* exception, MessageLocation* location) { bool can_be_caught_externally = false; - ShouldReportException(&can_be_caught_externally, - is_catchable_by_javascript(exception)); + bool catchable_by_javascript = is_catchable_by_javascript(exception); + ShouldReportException(&can_be_caught_externally, catchable_by_javascript); + thread_local_top()->catcher_ = can_be_caught_externally ? try_catch_handler() : NULL; // Set the exception being re-thrown. set_pending_exception(exception); + if (exception->IsFailure()) return exception->ToFailureUnchecked(); return Failure::Exception(); } diff --git a/src/objects.h b/src/objects.h index e68ac53..b922c08 100644 --- a/src/objects.h +++ b/src/objects.h @@ -628,6 +628,7 @@ struct ValueInfo : public Malloced { // A template-ized version of the IsXXX functions. template static inline bool Is(Object* obj); +class Failure; class MaybeObject BASE_EMBEDDED { public: @@ -641,6 +642,10 @@ class MaybeObject BASE_EMBEDDED { *obj = reinterpret_cast(this); return true; } + inline Failure* ToFailureUnchecked() { + ASSERT(IsFailure()); + return reinterpret_cast(this); + } inline Object* ToObjectUnchecked() { ASSERT(!IsFailure()); return reinterpret_cast(this); diff --git a/src/runtime.cc b/src/runtime.cc index 7b90469..365aa9b 100644 --- a/src/runtime.cc +++ b/src/runtime.cc @@ -603,6 +603,7 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_CreateCatchExtensionObject) { ASSERT(args.length() == 2); CONVERT_CHECKED(String, key, args[0]); Object* value = args[1]; + ASSERT(!value->IsFailure()); // Create a catch context extension object. JSFunction* constructor = isolate->context()->global_context()-> -- 2.7.4