From ae328e61b08ffc2f7d8d28d2459e3b0928a38124 Mon Sep 17 00:00:00 2001 From: "ager@chromium.org" Date: Wed, 23 Feb 2011 06:55:47 +0000 Subject: [PATCH] Properly reset external catcher if exception couldn't be externally caught. We can wrongly assume that exception which is not intended to be caught by external try/catch should be caught if this exception inherits external catcher from some previous exception. To prevent that, clear external catcher when processing exceptions which cannot be externally caught. BUG=v8:1184 TEST=test/mjsunit/regress/regress-1184.js Review URL: http://codereview.chromium.org/6538081 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6905 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- src/top.cc | 12 ++++----- test/mjsunit/regress/regress-1184.js | 47 ++++++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+), 6 deletions(-) create mode 100644 test/mjsunit/regress/regress-1184.js diff --git a/src/top.cc b/src/top.cc index 83d7de3..78db26a 100644 --- a/src/top.cc +++ b/src/top.cc @@ -735,9 +735,8 @@ Failure* Top::ReThrow(MaybeObject* exception, MessageLocation* location) { bool can_be_caught_externally = false; ShouldReportException(&can_be_caught_externally, is_catchable_by_javascript(exception)); - if (can_be_caught_externally) { - thread_local_.catcher_ = try_catch_handler(); - } + thread_local_.catcher_ = can_be_caught_externally ? + try_catch_handler() : NULL; // Set the exception being re-thrown. set_pending_exception(exception); @@ -913,9 +912,10 @@ void Top::DoThrow(MaybeObject* exception, } } - if (can_be_caught_externally) { - thread_local_.catcher_ = try_catch_handler(); - } + // Do not forget to clean catcher_ if currently thrown exception cannot + // be caught. If necessary, ReThrow will update the catcher. + thread_local_.catcher_ = can_be_caught_externally ? + try_catch_handler() : NULL; // NOTE: Notifying the debugger or generating the message // may have caused new exceptions. For now, we just ignore diff --git a/test/mjsunit/regress/regress-1184.js b/test/mjsunit/regress/regress-1184.js new file mode 100644 index 0000000..0bb1b3c --- /dev/null +++ b/test/mjsunit/regress/regress-1184.js @@ -0,0 +1,47 @@ +// Copyright 2011 the V8 project authors. All rights reserved. +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following +// disclaimer in the documentation and/or other materials provided +// with the distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived +// from this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +// Test the case when finally clause throws another exception (stack overflow) +// which goes through some try/catch block---we need to clear v8::TryCatch +// catcher as it doesn't catch original exception any more. + +o = {}; +o.__defineGetter__('foo', function() { throw 42; }); +function f() { + try { + // throw below sets up Top::thread_local_.catcher_... + throw 42; + } finally { + // ...JS accessor traverses v8 runtime/JS boundary and + // when coming back from JS to v8 runtime, retraverses + // stack with catcher set while processing exception + // which is not caught by external try catch. + try { o.foo; } catch(e) { }; + return; + } +}; +f(); -- 2.7.4