[MERGE #5278 @meg-gupta] Don't reset hasBailedOutBitPtr, instead use ctor/dtor

Meghana Gupta · Meghana Gupta · commit e2ae16a8cad4 · 2018-06-08T16:08:35.000-07:00
Merge pull request #5278 from meg-gupta:hasbailoutbit We can loose hasBailedOut information due to the reset in nested try catches and this can result in incorrectly executing catch blocks that happen to be on the callstack try { // Set hasbailoutptr try {} catch{} // reset hasbailoutbitptr // inlinee code // bailout // exception } catch(){ // hasbailedout info lost} Fixes OS#17791189
diff --git a/lib/Backend/BailOut.cpp b/lib/Backend/BailOut.cpp
@@ -1044,10 +1044,12 @@ BailOutRecord::BailOutInlinedCommon(Js::JavascriptCallStackLayout * layout, Bail
     Js::ScriptFunction * innerMostInlinee = nullptr;
     BailOutInlinedHelper(layout, currentBailOutRecord, bailOutOffset, returnAddress, bailOutKind, registerSaves, &bailOutReturnValue, &innerMostInlinee, false, branchValue);
 
-    bool * hasBailOutBit = layout->functionObject->GetScriptContext()->GetThreadContext()->GetHasBailedOutBitPtr();
-    if (hasBailOutBit != nullptr && bailOutRecord->ehBailoutData)
+    bool * hasBailedOutBitPtr = layout->functionObject->GetScriptContext()->GetThreadContext()->GetHasBailedOutBitPtr();
+    Assert(!bailOutRecord->ehBailoutData || hasBailedOutBitPtr ||
+        bailOutRecord->ehBailoutData->ht == Js::HandlerType::HT_Finally /* When we bailout from inlinee in non exception finally, we maynot see hasBailedOutBitPtr*/);
+    if (hasBailedOutBitPtr && bailOutRecord->ehBailoutData)
     {
-        *hasBailOutBit = true;
+        *hasBailedOutBitPtr = true;
     }
     Js::Var result = BailOutCommonNoCodeGen(layout, currentBailOutRecord, currentBailOutRecord->bailOutOffset, returnAddress, bailOutKind, branchValue,
         registerSaves, &bailOutReturnValue);
@@ -1087,11 +1089,14 @@ BailOutRecord::BailOutFromLoopBodyInlinedCommon(Js::JavascriptCallStackLayout *
     BailOutReturnValue bailOutReturnValue;
     Js::ScriptFunction * innerMostInlinee = nullptr;
     BailOutInlinedHelper(layout, currentBailOutRecord, bailOutOffset, returnAddress, bailOutKind, registerSaves, &bailOutReturnValue, &innerMostInlinee, true, branchValue);
-    bool * hasBailOutBit = layout->functionObject->GetScriptContext()->GetThreadContext()->GetHasBailedOutBitPtr();
-    if (hasBailOutBit != nullptr && bailOutRecord->ehBailoutData)
+    bool * hasBailedOutBitPtr = layout->functionObject->GetScriptContext()->GetThreadContext()->GetHasBailedOutBitPtr();
+    Assert(!bailOutRecord->ehBailoutData || hasBailedOutBitPtr ||
+        bailOutRecord->ehBailoutData->ht == Js::HandlerType::HT_Finally /* When we bailout from inlinee in non exception finally, we maynot see hasBailedOutBitPtr*/);
+    if (hasBailedOutBitPtr && bailOutRecord->ehBailoutData)
     {
-        *hasBailOutBit = true;
+        *hasBailedOutBitPtr = true;
     }
+
     uint32 result = BailOutFromLoopBodyHelper(layout, currentBailOutRecord, currentBailOutRecord->bailOutOffset,
         bailOutKind, nullptr, registerSaves, &bailOutReturnValue);
     ScheduleLoopBodyCodeGen(Js::ScriptFunction::FromVar(layout->functionObject), innerMostInlinee, currentBailOutRecord, bailOutKind);
diff --git a/lib/Runtime/Language/JavascriptExceptionOperators.cpp b/lib/Runtime/Language/JavascriptExceptionOperators.cpp
@@ -72,6 +72,18 @@ namespace Js
         m_threadContext->SetTryCatchFrameAddr(m_prevTryCatchFrameAddr);
     }
 
+    JavascriptExceptionOperators::HasBailedOutPtrStack::HasBailedOutPtrStack(ScriptContext* scriptContext, bool *hasBailedOutPtr)
+    {
+        m_threadContext = scriptContext->GetThreadContext();
+        m_prevHasBailedOutPtr = m_threadContext->GetHasBailedOutBitPtr();
+        scriptContext->GetThreadContext()->SetHasBailedOutBitPtr(hasBailedOutPtr);
+    }
+
+    JavascriptExceptionOperators::HasBailedOutPtrStack::~HasBailedOutPtrStack()
+    {
+        m_threadContext->SetHasBailedOutBitPtr(m_prevHasBailedOutPtr);
+    }
+
     JavascriptExceptionOperators::PendingFinallyExceptionStack::PendingFinallyExceptionStack(ScriptContext* scriptContext, Js::JavascriptExceptionObject *exceptionObj)
     {
         m_threadContext = scriptContext->GetThreadContext();
@@ -105,7 +117,8 @@ namespace Js
         void *continuation = nullptr;
         JavascriptExceptionObject *exception = nullptr;
         void *tryCatchFrameAddr = nullptr;
-        scriptContext->GetThreadContext()->SetHasBailedOutBitPtr((bool*)((char*)frame + hasBailedOutOffset));
+
+        Js::JavascriptExceptionOperators::HasBailedOutPtrStack hasBailedOutPtrStack(scriptContext, (bool*)((char*)frame + hasBailedOutOffset));
 
         PROBE_STACK(scriptContext, Constants::MinStackJitEHBailout + spillSize + argsSize);
         {
@@ -148,15 +161,13 @@ namespace Js
                 // If we have bailed out, this exception is coming from the interpreter. It should not have been caught;
                 // it so happens that this catch was on the stack and caught the exception.
                 // Re-throw!
-                scriptContext->GetThreadContext()->SetHasBailedOutBitPtr(nullptr);
                 JavascriptExceptionOperators::DoThrow(exception, scriptContext);
             }  
 
             Var exceptionObject = exception->GetThrownObject(scriptContext);
             AssertMsg(exceptionObject, "Caught object is null.");
             continuation = amd64_CallWithFakeFrame(catchAddr, frame, spillSize, argsSize, exceptionObject);
         }
-        scriptContext->GetThreadContext()->SetHasBailedOutBitPtr(nullptr);
         return continuation;
     }
 
@@ -170,8 +181,8 @@ namespace Js
     {
         void                      *tryContinuation     = nullptr;
         JavascriptExceptionObject *exception           = nullptr;
-        scriptContext->GetThreadContext()->SetHasBailedOutBitPtr((bool*)((char*)frame + hasBailedOutOffset));
 
+        Js::JavascriptExceptionOperators::HasBailedOutPtrStack hasBailedOutPtrStack(scriptContext, (bool*)((char*)frame + hasBailedOutOffset));
         PROBE_STACK(scriptContext, Constants::MinStackJitEHBailout + spillSize + argsSize);
 
         try
@@ -213,7 +224,6 @@ namespace Js
                 // If we have bailed out, this exception is coming from the interpreter. It should not have been caught;
                 // it so happens that this catch was on the stack and caught the exception.
                 // Re-throw!
-                scriptContext->GetThreadContext()->SetHasBailedOutBitPtr(nullptr);
                 JavascriptExceptionOperators::DoThrow(exception, scriptContext);
             }
 
@@ -224,7 +234,6 @@ namespace Js
             }
         }
 
-        scriptContext->GetThreadContext()->SetHasBailedOutBitPtr(nullptr);
         return tryContinuation;
     }
 
@@ -278,7 +287,7 @@ namespace Js
         void *continuation = nullptr;
         JavascriptExceptionObject *exception = nullptr;
         void * tryCatchFrameAddr = nullptr;
-        scriptContext->GetThreadContext()->SetHasBailedOutBitPtr((bool*)((char*)localsPtr + hasBailedOutOffset));
+        Js::JavascriptExceptionOperators::HasBailedOutPtrStack hasBailedOutPtrStack(scriptContext, (bool*)((char*)framePtr + hasBailedOutOffset));
 
         PROBE_STACK(scriptContext, Constants::MinStackJitEHBailout + argsSize);
         {
@@ -324,7 +333,6 @@ namespace Js
                 // If we have bailed out, this exception is coming from the interpreter. It should not have been caught;
                 // it so happens that this catch was on the stack and caught the exception.
                 // Re-throw!
-                scriptContext->GetThreadContext()->SetHasBailedOutBitPtr(nullptr);
                 JavascriptExceptionOperators::DoThrow(exception, scriptContext);
             }
 
@@ -337,7 +345,6 @@ namespace Js
 #endif
         }
 
-        scriptContext->GetThreadContext()->SetHasBailedOutBitPtr(nullptr);
         return continuation;
     }
 
@@ -352,7 +359,7 @@ namespace Js
     {
         void                      *tryContinuation     = nullptr;
         JavascriptExceptionObject *exception           = nullptr;
-        scriptContext->GetThreadContext()->SetHasBailedOutBitPtr((bool*)((char*)localsPtr + hasBailedOutOffset));
+        Js::JavascriptExceptionOperators::HasBailedOutPtrStack hasBailedOutPtrStack(scriptContext, (bool*)((char*)framePtr + hasBailedOutOffset));
 
         PROBE_STACK(scriptContext, Constants::MinStackJitEHBailout + argsSize);
         try
@@ -394,7 +401,6 @@ namespace Js
                 // If we have bailed out, this exception is coming from the interpreter. It should not have been caught;
                 // it so happens that this catch was on the stack and caught the exception.
                 // Re-throw!
-                scriptContext->GetThreadContext()->SetHasBailedOutBitPtr(nullptr);
                 JavascriptExceptionOperators::DoThrow(exception, scriptContext);
             }
 
@@ -409,7 +415,6 @@ namespace Js
             }
         }
 
-        scriptContext->GetThreadContext()->SetHasBailedOutBitPtr(nullptr);
         return tryContinuation;
     }
 
@@ -473,7 +478,8 @@ namespace Js
         void* continuationAddr = NULL;
         Js::JavascriptExceptionObject* pExceptionObject = NULL;
         void *tryCatchFrameAddr = nullptr;
-        scriptContext->GetThreadContext()->SetHasBailedOutBitPtr((bool*)((char*)framePtr + hasBailedOutOffset));
+
+        Js::JavascriptExceptionOperators::HasBailedOutPtrStack hasBailedOutPtrStack(scriptContext, (bool*)((char*)framePtr + hasBailedOutOffset));
 
         PROBE_STACK(scriptContext, Constants::MinStackJitEHBailout);
         {
@@ -571,7 +577,6 @@ namespace Js
                 // If we have bailed out, this exception is coming from the interpreter. It should not have been caught;
                 // it so happens that this catch was on the stack and caught the exception.
                 // Re-throw!
-                scriptContext->GetThreadContext()->SetHasBailedOutBitPtr(nullptr);
                 JavascriptExceptionOperators::DoThrow(pExceptionObject, scriptContext);
             }
 
@@ -628,15 +633,15 @@ namespace Js
 #endif
         }
 
-        scriptContext->GetThreadContext()->SetHasBailedOutBitPtr(nullptr);
         return continuationAddr;
     }
 
     void* JavascriptExceptionOperators::OP_TryFinally(void* tryAddr, void* handlerAddr, void* framePtr, int hasBailedOutOffset, ScriptContext *scriptContext)
     {
         Js::JavascriptExceptionObject* pExceptionObject = NULL;
         void* continuationAddr = NULL;
-        scriptContext->GetThreadContext()->SetHasBailedOutBitPtr((bool*)((char*)framePtr + hasBailedOutOffset));
+
+        Js::JavascriptExceptionOperators::HasBailedOutPtrStack hasBailedOutPtrStack(scriptContext, (bool*)((char*)framePtr + hasBailedOutOffset));
         PROBE_STACK(scriptContext, Constants::MinStackJitEHBailout);
 
         try
@@ -731,7 +736,6 @@ namespace Js
                 // If we have bailed out, this exception is coming from the interpreter. It should not have been caught;
                 // it so happens that this catch was on the stack and caught the exception.
                 // Re-throw!
-                scriptContext->GetThreadContext()->SetHasBailedOutBitPtr(nullptr);
                 JavascriptExceptionOperators::DoThrow(pExceptionObject, scriptContext);
             }
 
@@ -799,7 +803,6 @@ namespace Js
             }
         }
 
-        scriptContext->GetThreadContext()->SetHasBailedOutBitPtr(nullptr);
         return continuationAddr;
     }
 
diff --git a/lib/Runtime/Language/JavascriptExceptionOperators.h b/lib/Runtime/Language/JavascriptExceptionOperators.h
@@ -54,6 +54,17 @@ namespace Js
             ~TryCatchFrameAddrStack();
         };
 
+        class HasBailedOutPtrStack
+        {
+        private:
+            bool * m_prevHasBailedOutPtr;
+            ThreadContext* m_threadContext;
+
+        public:
+            HasBailedOutPtrStack(ScriptContext* scriptContext, bool *hasBailedOutPtr);
+            ~HasBailedOutPtrStack();
+        };
+
         class PendingFinallyExceptionStack
         {
         private:
diff --git a/test/EH/hasBailedOutBug2.js b/test/EH/hasBailedOutBug2.js
@@ -0,0 +1,86 @@
+//-------------------------------------------------------------------------------------------------------
+// Copyright (C) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE.txt file in the project root for full license information.
+//-------------------------------------------------------------------------------------------------------
+
+function test0() {
+  function func80() {
+  }
+  var uniqobj22 = new func80();
+  try {
+    (function () {
+      try {
+        try {
+        } catch (ex) {
+        }
+        function func104() {
+          uniqobj22 >>>= 1;
+        }
+        func104();
+      } catch (ex) {
+        WScript.Echo("FAILED");
+      } finally {
+        protoObj0();
+      }
+    }());
+  } catch (ex) {
+  }
+}
+test0();
+test0();
+
+function test1() {
+  var obj1 = {};
+  var func2 = function () {
+    try {
+    } catch (ex) {
+    }
+  };
+  obj1.method1 = func2;
+  var IntArr0 = new Array();
+  function v0() {
+    function v2() {
+      try {
+        obj1.method1();
+        function func7() {
+          IntArr0[1];
+        }
+        func7();
+      } catch (ex) {
+        WScript.Echo("FAILED");
+      }
+      var v3 = runtime_error;
+    }
+    try {
+      v2();
+    } catch (ex) {
+    }
+  }
+  v0();
+}
+test1();
+test1();
+test1();
+
+function test2() {
+  function makeArrayLength(x) {
+    if (x < 1) {
+    }
+  }
+  var func2 = function () {
+    try {
+    } finally {
+      makeArrayLength(393266900 * 1957286472);
+    }
+  };
+  func2();
+  try {
+    func2();
+  } finally {
+  }
+}
+test2();
+test2();
+test2();
+
+WScript.Echo("Passed");
diff --git a/test/EH/rlexe.xml b/test/EH/rlexe.xml
@@ -183,6 +183,12 @@
        <baseline>hasBailedOutBug.baseline</baseline>
     </default>
   </test>
+  <test>
+    <default>
+       <files>hasBailedOutBug2.js</files>
+       <tags>exclude_dynapogo</tags>
+    </default>
+  </test>
   <test>
     <default>
        <files>StackOverflow.js</files>

Original file line number	Diff line number	Diff line change
`@@ -72,6 +72,18 @@ namespace Js`
`72`	`72`	`m_threadContext->SetTryCatchFrameAddr(m_prevTryCatchFrameAddr);`
`73`	`73`	`}`
`74`	`74`
	`75`	`+ JavascriptExceptionOperators::HasBailedOutPtrStack::HasBailedOutPtrStack(ScriptContext* scriptContext, bool *hasBailedOutPtr)`
	`76`	`+ {`
	`77`	`+ m_threadContext = scriptContext->GetThreadContext();`
	`78`	`+ m_prevHasBailedOutPtr = m_threadContext->GetHasBailedOutBitPtr();`
	`79`	`+ scriptContext->GetThreadContext()->SetHasBailedOutBitPtr(hasBailedOutPtr);`
	`80`	`+ }`
	`81`	`+`
	`82`	`+ JavascriptExceptionOperators::HasBailedOutPtrStack::~HasBailedOutPtrStack()`
	`83`	`+ {`
	`84`	`+ m_threadContext->SetHasBailedOutBitPtr(m_prevHasBailedOutPtr);`
	`85`	`+ }`
	`86`	`+`
`75`	`87`	`JavascriptExceptionOperators::PendingFinallyExceptionStack::PendingFinallyExceptionStack(ScriptContext* scriptContext, Js::JavascriptExceptionObject *exceptionObj)`
`76`	`88`	`{`
`77`	`89`	`m_threadContext = scriptContext->GetThreadContext();`
`@@ -105,7 +117,8 @@ namespace Js`
`105`	`117`	`void *continuation = nullptr;`
`106`	`118`	`JavascriptExceptionObject *exception = nullptr;`
`107`	`119`	`void *tryCatchFrameAddr = nullptr;`
`108`		`- scriptContext->GetThreadContext()->SetHasBailedOutBitPtr((bool)((char)frame + hasBailedOutOffset));`
	`120`	`+`
	`121`	`+ Js::JavascriptExceptionOperators::HasBailedOutPtrStack hasBailedOutPtrStack(scriptContext, (bool)((char)frame + hasBailedOutOffset));`
`109`	`122`
`110`	`123`	`PROBE_STACK(scriptContext, Constants::MinStackJitEHBailout + spillSize + argsSize);`
`111`	`124`	`{`
`@@ -148,15 +161,13 @@ namespace Js`
`148`	`161`	`// If we have bailed out, this exception is coming from the interpreter. It should not have been caught;`
`149`	`162`	`// it so happens that this catch was on the stack and caught the exception.`
`150`	`163`	`// Re-throw!`
`151`		`- scriptContext->GetThreadContext()->SetHasBailedOutBitPtr(nullptr);`
`152`	`164`	`JavascriptExceptionOperators::DoThrow(exception, scriptContext);`
`153`	`165`	`}`
`154`	`166`
`155`	`167`	`Var exceptionObject = exception->GetThrownObject(scriptContext);`
`156`	`168`	`AssertMsg(exceptionObject, "Caught object is null.");`
`157`	`169`	`continuation = amd64_CallWithFakeFrame(catchAddr, frame, spillSize, argsSize, exceptionObject);`
`158`	`170`	`}`
`159`		`- scriptContext->GetThreadContext()->SetHasBailedOutBitPtr(nullptr);`
`160`	`171`	`return continuation;`
`161`	`172`	`}`
`162`	`173`
`@@ -170,8 +181,8 @@ namespace Js`
`170`	`181`	`{`
`171`	`182`	`void *tryContinuation = nullptr;`
`172`	`183`	`JavascriptExceptionObject *exception = nullptr;`
`173`		`- scriptContext->GetThreadContext()->SetHasBailedOutBitPtr((bool)((char)frame + hasBailedOutOffset));`
`174`	`184`
	`185`	`+ Js::JavascriptExceptionOperators::HasBailedOutPtrStack hasBailedOutPtrStack(scriptContext, (bool)((char)frame + hasBailedOutOffset));`
`175`	`186`	`PROBE_STACK(scriptContext, Constants::MinStackJitEHBailout + spillSize + argsSize);`
`176`	`187`
`177`	`188`	`try`
`@@ -213,7 +224,6 @@ namespace Js`
`213`	`224`	`// If we have bailed out, this exception is coming from the interpreter. It should not have been caught;`
`214`	`225`	`// it so happens that this catch was on the stack and caught the exception.`
`215`	`226`	`// Re-throw!`
`216`		`- scriptContext->GetThreadContext()->SetHasBailedOutBitPtr(nullptr);`
`217`	`227`	`JavascriptExceptionOperators::DoThrow(exception, scriptContext);`
`218`	`228`	`}`
`219`	`229`
`@@ -224,7 +234,6 @@ namespace Js`
`224`	`234`	`}`
`225`	`235`	`}`
`226`	`236`
`227`		`- scriptContext->GetThreadContext()->SetHasBailedOutBitPtr(nullptr);`
`228`	`237`	`return tryContinuation;`
`229`	`238`	`}`
`230`	`239`
`@@ -278,7 +287,7 @@ namespace Js`
`278`	`287`	`void *continuation = nullptr;`
`279`	`288`	`JavascriptExceptionObject *exception = nullptr;`
`280`	`289`	`void * tryCatchFrameAddr = nullptr;`
`281`		`- scriptContext->GetThreadContext()->SetHasBailedOutBitPtr((bool)((char)localsPtr + hasBailedOutOffset));`
	`290`	`+ Js::JavascriptExceptionOperators::HasBailedOutPtrStack hasBailedOutPtrStack(scriptContext, (bool)((char)framePtr + hasBailedOutOffset));`
`282`	`291`
`283`	`292`	`PROBE_STACK(scriptContext, Constants::MinStackJitEHBailout + argsSize);`
`284`	`293`	`{`
`@@ -324,7 +333,6 @@ namespace Js`
`324`	`333`	`// If we have bailed out, this exception is coming from the interpreter. It should not have been caught;`
`325`	`334`	`// it so happens that this catch was on the stack and caught the exception.`
`326`	`335`	`// Re-throw!`
`327`		`- scriptContext->GetThreadContext()->SetHasBailedOutBitPtr(nullptr);`
`328`	`336`	`JavascriptExceptionOperators::DoThrow(exception, scriptContext);`
`329`	`337`	`}`
`330`	`338`
`@@ -337,7 +345,6 @@ namespace Js`
`337`	`345`	`#endif`
`338`	`346`	`}`
`339`	`347`
`340`		`- scriptContext->GetThreadContext()->SetHasBailedOutBitPtr(nullptr);`
`341`	`348`	`return continuation;`
`342`	`349`	`}`
`343`	`350`
`@@ -352,7 +359,7 @@ namespace Js`
`352`	`359`	`{`
`353`	`360`	`void *tryContinuation = nullptr;`
`354`	`361`	`JavascriptExceptionObject *exception = nullptr;`
`355`		`- scriptContext->GetThreadContext()->SetHasBailedOutBitPtr((bool)((char)localsPtr + hasBailedOutOffset));`
	`362`	`+ Js::JavascriptExceptionOperators::HasBailedOutPtrStack hasBailedOutPtrStack(scriptContext, (bool)((char)framePtr + hasBailedOutOffset));`
`356`	`363`
`357`	`364`	`PROBE_STACK(scriptContext, Constants::MinStackJitEHBailout + argsSize);`
`358`	`365`	`try`
`@@ -394,7 +401,6 @@ namespace Js`
`394`	`401`	`// If we have bailed out, this exception is coming from the interpreter. It should not have been caught;`
`395`	`402`	`// it so happens that this catch was on the stack and caught the exception.`
`396`	`403`	`// Re-throw!`
`397`		`- scriptContext->GetThreadContext()->SetHasBailedOutBitPtr(nullptr);`
`398`	`404`	`JavascriptExceptionOperators::DoThrow(exception, scriptContext);`
`399`	`405`	`}`
`400`	`406`
`@@ -409,7 +415,6 @@ namespace Js`
`409`	`415`	`}`
`410`	`416`	`}`
`411`	`417`
`412`		`- scriptContext->GetThreadContext()->SetHasBailedOutBitPtr(nullptr);`
`413`	`418`	`return tryContinuation;`
`414`	`419`	`}`
`415`	`420`
`@@ -473,7 +478,8 @@ namespace Js`
`473`	`478`	`void* continuationAddr = NULL;`
`474`	`479`	`Js::JavascriptExceptionObject* pExceptionObject = NULL;`
`475`	`480`	`void *tryCatchFrameAddr = nullptr;`
`476`		`- scriptContext->GetThreadContext()->SetHasBailedOutBitPtr((bool)((char)framePtr + hasBailedOutOffset));`
	`481`	`+`
	`482`	`+ Js::JavascriptExceptionOperators::HasBailedOutPtrStack hasBailedOutPtrStack(scriptContext, (bool)((char)framePtr + hasBailedOutOffset));`
`477`	`483`
`478`	`484`	`PROBE_STACK(scriptContext, Constants::MinStackJitEHBailout);`
`479`	`485`	`{`
`@@ -571,7 +577,6 @@ namespace Js`
`571`	`577`	`// If we have bailed out, this exception is coming from the interpreter. It should not have been caught;`
`572`	`578`	`// it so happens that this catch was on the stack and caught the exception.`
`573`	`579`	`// Re-throw!`
`574`		`- scriptContext->GetThreadContext()->SetHasBailedOutBitPtr(nullptr);`
`575`	`580`	`JavascriptExceptionOperators::DoThrow(pExceptionObject, scriptContext);`
`576`	`581`	`}`
`577`	`582`
`@@ -628,15 +633,15 @@ namespace Js`
`628`	`633`	`#endif`
`629`	`634`	`}`
`630`	`635`
`631`		`- scriptContext->GetThreadContext()->SetHasBailedOutBitPtr(nullptr);`
`632`	`636`	`return continuationAddr;`
`633`	`637`	`}`
`634`	`638`
`635`	`639`	`void* JavascriptExceptionOperators::OP_TryFinally(void* tryAddr, void* handlerAddr, void* framePtr, int hasBailedOutOffset, ScriptContext *scriptContext)`
`636`	`640`	`{`
`637`	`641`	`Js::JavascriptExceptionObject* pExceptionObject = NULL;`
`638`	`642`	`void* continuationAddr = NULL;`
`639`		`- scriptContext->GetThreadContext()->SetHasBailedOutBitPtr((bool)((char)framePtr + hasBailedOutOffset));`
	`643`	`+`
	`644`	`+ Js::JavascriptExceptionOperators::HasBailedOutPtrStack hasBailedOutPtrStack(scriptContext, (bool)((char)framePtr + hasBailedOutOffset));`
`640`	`645`	`PROBE_STACK(scriptContext, Constants::MinStackJitEHBailout);`
`641`	`646`
`642`	`647`	`try`
`@@ -731,7 +736,6 @@ namespace Js`
`731`	`736`	`// If we have bailed out, this exception is coming from the interpreter. It should not have been caught;`
`732`	`737`	`// it so happens that this catch was on the stack and caught the exception.`
`733`	`738`	`// Re-throw!`
`734`		`- scriptContext->GetThreadContext()->SetHasBailedOutBitPtr(nullptr);`
`735`	`739`	`JavascriptExceptionOperators::DoThrow(pExceptionObject, scriptContext);`
`736`	`740`	`}`
`737`	`741`
`@@ -799,7 +803,6 @@ namespace Js`
`799`	`803`	`}`
`800`	`804`	`}`
`801`	`805`
`802`		`- scriptContext->GetThreadContext()->SetHasBailedOutBitPtr(nullptr);`
`803`	`806`	`return continuationAddr;`
`804`	`807`	`}`
`805`	`808`