Title: [207456] trunk/Source
Revision
207456
Author
utatane....@gmail.com
Date
2016-10-18 01:13:26 -0700 (Tue, 18 Oct 2016)

Log Message

[DOMJIT] Use NativeCallFrameTracer for operations used for DOMJIT slow calls
https://bugs.webkit.org/show_bug.cgi?id=163586

Reviewed by Saam Barati.

Source/_javascript_Core:

C functions called from the DOMJIT slow path calls should use NativeCallFrameTracer.
This fixes the debug assertion caused in r207427.

* bytecode/DOMJITAccessCasePatchpointParams.cpp:
(JSC::SlowPathCallGeneratorWithArguments::generateImpl):
(JSC::DOMJITAccessCasePatchpointParams::emitSlowPathCalls):
* bytecode/DOMJITAccessCasePatchpointParams.h:
* bytecode/PolymorphicAccess.cpp:
(JSC::AccessCase::emitDOMJITGetter):
* jsc.cpp:
(WTF::DOMJITGetter::DOMJITNodeDOMJIT::slowCall):
(WTF::DOMJITGetterComplex::DOMJITNodeDOMJIT::slowCall):

Source/WebCore:

* domjit/JSNodeDOMJIT.cpp:
(WebCore::toWrapperSlow):

Modified Paths

Added Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (207455 => 207456)


--- trunk/Source/_javascript_Core/ChangeLog	2016-10-18 07:11:18 UTC (rev 207455)
+++ trunk/Source/_javascript_Core/ChangeLog	2016-10-18 08:13:26 UTC (rev 207456)
@@ -1,3 +1,23 @@
+2016-10-17  Yusuke Suzuki  <utatane....@gmail.com>
+
+        [DOMJIT] Use NativeCallFrameTracer for operations used for DOMJIT slow calls
+        https://bugs.webkit.org/show_bug.cgi?id=163586
+
+        Reviewed by Saam Barati.
+
+        C functions called from the DOMJIT slow path calls should use NativeCallFrameTracer.
+        This fixes the debug assertion caused in r207427.
+
+        * bytecode/DOMJITAccessCasePatchpointParams.cpp:
+        (JSC::SlowPathCallGeneratorWithArguments::generateImpl):
+        (JSC::DOMJITAccessCasePatchpointParams::emitSlowPathCalls):
+        * bytecode/DOMJITAccessCasePatchpointParams.h:
+        * bytecode/PolymorphicAccess.cpp:
+        (JSC::AccessCase::emitDOMJITGetter):
+        * jsc.cpp:
+        (WTF::DOMJITGetter::DOMJITNodeDOMJIT::slowCall):
+        (WTF::DOMJITGetterComplex::DOMJITNodeDOMJIT::slowCall):
+
 2016-10-17  Keith Miller  <keith_mil...@apple.com>
 
         Add support for WASM Memory.

Modified: trunk/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj (207455 => 207456)


--- trunk/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj	2016-10-18 07:11:18 UTC (rev 207455)
+++ trunk/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj	2016-10-18 08:13:26 UTC (rev 207456)
@@ -2105,6 +2105,7 @@
 		E33F50841B8437A000413856 /* JSInternalPromiseDeferred.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E33F50821B8437A000413856 /* JSInternalPromiseDeferred.cpp */; };
 		E33F50851B8437A000413856 /* JSInternalPromiseDeferred.h in Headers */ = {isa = PBXBuildFile; fileRef = E33F50831B8437A000413856 /* JSInternalPromiseDeferred.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		E33F50871B8449EF00413856 /* JSInternalPromiseConstructor.lut.h in Headers */ = {isa = PBXBuildFile; fileRef = E33F50861B8449EF00413856 /* JSInternalPromiseConstructor.lut.h */; };
+		E34EDBF71DB5FFC900DC87A5 /* FrameTracers.h in Headers */ = {isa = PBXBuildFile; fileRef = E34EDBF61DB5FFC100DC87A5 /* FrameTracers.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		E354622B1B6065D100545386 /* ConstructAbility.h in Headers */ = {isa = PBXBuildFile; fileRef = E354622A1B6065D100545386 /* ConstructAbility.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		E3555B8A1DAE03A500F36921 /* DOMJITCallDOMPatchpoint.h in Headers */ = {isa = PBXBuildFile; fileRef = E3555B891DAE03A200F36921 /* DOMJITCallDOMPatchpoint.h */; settings = {ATTRIBUTES = (Private, ); }; };
 		E355F3521B7DC85300C50DC5 /* ModuleLoaderPrototype.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E355F3501B7DC85300C50DC5 /* ModuleLoaderPrototype.cpp */; };
@@ -4421,6 +4422,7 @@
 		E33F50831B8437A000413856 /* JSInternalPromiseDeferred.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSInternalPromiseDeferred.h; sourceTree = "<group>"; };
 		E33F50861B8449EF00413856 /* JSInternalPromiseConstructor.lut.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSInternalPromiseConstructor.lut.h; sourceTree = "<group>"; };
 		E33F50881B844A1A00413856 /* InternalPromiseConstructor.js */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode._javascript_; path = InternalPromiseConstructor.js; sourceTree = "<group>"; };
+		E34EDBF61DB5FFC100DC87A5 /* FrameTracers.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = FrameTracers.h; sourceTree = "<group>"; };
 		E354622A1B6065D100545386 /* ConstructAbility.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ConstructAbility.h; sourceTree = "<group>"; };
 		E3555B891DAE03A200F36921 /* DOMJITCallDOMPatchpoint.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DOMJITCallDOMPatchpoint.h; sourceTree = "<group>"; };
 		E355F3501B7DC85300C50DC5 /* ModuleLoaderPrototype.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ModuleLoaderPrototype.cpp; sourceTree = "<group>"; };
@@ -5207,6 +5209,7 @@
 				1429D8DB0ED2205B00B89619 /* CallFrame.cpp */,
 				1429D8DC0ED2205B00B89619 /* CallFrame.h */,
 				A7F869EC0F95C2EC00558697 /* CallFrameClosure.h */,
+				E34EDBF61DB5FFC100DC87A5 /* FrameTracers.h */,
 				1429D7D30ED2128200B89619 /* Interpreter.cpp */,
 				1429D77B0ED20D7300B89619 /* Interpreter.h */,
 				65FB5116184EE9BC00C12B70 /* ProtoCallFrame.cpp */,
@@ -8037,6 +8040,7 @@
 				BC18C41F0E16F5CD00B34460 /* JSFunction.h in Headers */,
 				A72028BA1797603D0098028C /* JSFunctionInlines.h in Headers */,
 				0F2B66F117B6B5AB00A7AE3F /* JSGenericTypedArrayView.h in Headers */,
+				E34EDBF71DB5FFC900DC87A5 /* FrameTracers.h in Headers */,
 				0F2B66F217B6B5AB00A7AE3F /* JSGenericTypedArrayViewConstructor.h in Headers */,
 				0F2B66F317B6B5AB00A7AE3F /* JSGenericTypedArrayViewConstructorInlines.h in Headers */,
 				0F2B66F417B6B5AB00A7AE3F /* JSGenericTypedArrayViewInlines.h in Headers */,

Modified: trunk/Source/_javascript_Core/bytecode/DOMJITAccessCasePatchpointParams.cpp (207455 => 207456)


--- trunk/Source/_javascript_Core/bytecode/DOMJITAccessCasePatchpointParams.cpp	2016-10-18 07:11:18 UTC (rev 207455)
+++ trunk/Source/_javascript_Core/bytecode/DOMJITAccessCasePatchpointParams.cpp	2016-10-18 08:13:26 UTC (rev 207456)
@@ -47,7 +47,7 @@
     }
 
     template<size_t... ArgumentsIndex>
-    CCallHelpers::JumpList generateImpl(VM& vm, AccessGenerationState& state, const RegisterSet& usedRegistersByPatchpoint, CCallHelpers& jit, std::index_sequence<ArgumentsIndex...>)
+    CCallHelpers::JumpList generateImpl(AccessGenerationState& state, const RegisterSet& usedRegistersByPatchpoint, CCallHelpers& jit, std::index_sequence<ArgumentsIndex...>)
     {
         CCallHelpers::JumpList exceptions;
         // We spill (1) the used registers by IC and (2) the used registers by DOMJIT::Patchpoint.
@@ -59,8 +59,6 @@
 
         jit.makeSpaceOnStackForCCall();
 
-        jit.storePtr(GPRInfo::callFrameRegister, &vm.topCallFrame);
-
         // FIXME: Currently, we do not check any ARM EABI / SH4 things here.
         // But it is OK because a compile error happens when you pass JSValueRegs as an argument.
         // https://bugs.webkit.org/show_bug.cgi?id=163099
@@ -88,10 +86,10 @@
         return exceptions;
     }
 
-    CCallHelpers::JumpList generate(VM& vm, AccessGenerationState& state, const RegisterSet& usedRegistersByPatchpoint, CCallHelpers& jit) override
+    CCallHelpers::JumpList generate(AccessGenerationState& state, const RegisterSet& usedRegistersByPatchpoint, CCallHelpers& jit) override
     {
         m_from.link(&jit);
-        CCallHelpers::JumpList exceptions = generateImpl(vm, state, usedRegistersByPatchpoint, jit, std::make_index_sequence<std::tuple_size<std::tuple<Arguments...>>::value>());
+        CCallHelpers::JumpList exceptions = generateImpl(state, usedRegistersByPatchpoint, jit, std::make_index_sequence<std::tuple_size<std::tuple<Arguments...>>::value>());
         jit.jump().linkTo(m_to, &jit);
         return exceptions;
     }
@@ -114,11 +112,11 @@
 DOMJIT_SLOW_PATH_CALLS(JSC_DEFINE_CALL_OPERATIONS)
 #undef JSC_DEFINE_CALL_OPERATIONS
 
-CCallHelpers::JumpList DOMJITAccessCasePatchpointParams::emitSlowPathCalls(VM& vm, AccessGenerationState& state, const RegisterSet& usedRegistersByPatchpoint, CCallHelpers& jit)
+CCallHelpers::JumpList DOMJITAccessCasePatchpointParams::emitSlowPathCalls(AccessGenerationState& state, const RegisterSet& usedRegistersByPatchpoint, CCallHelpers& jit)
 {
     CCallHelpers::JumpList exceptions;
     for (auto& generator : m_generators)
-        exceptions.append(generator->generate(vm, state, usedRegistersByPatchpoint, jit));
+        exceptions.append(generator->generate(state, usedRegistersByPatchpoint, jit));
     return exceptions;
 }
 

Modified: trunk/Source/_javascript_Core/bytecode/DOMJITAccessCasePatchpointParams.h (207455 => 207456)


--- trunk/Source/_javascript_Core/bytecode/DOMJITAccessCasePatchpointParams.h	2016-10-18 07:11:18 UTC (rev 207455)
+++ trunk/Source/_javascript_Core/bytecode/DOMJITAccessCasePatchpointParams.h	2016-10-18 08:13:26 UTC (rev 207456)
@@ -43,10 +43,10 @@
     class SlowPathCallGenerator {
     public:
         virtual ~SlowPathCallGenerator() { }
-        virtual CCallHelpers::JumpList generate(VM&, AccessGenerationState&, const RegisterSet& usedRegistersByPatchpoint, CCallHelpers&) = 0;
+        virtual CCallHelpers::JumpList generate(AccessGenerationState&, const RegisterSet& usedRegistersByPatchpoint, CCallHelpers&) = 0;
     };
 
-    CCallHelpers::JumpList emitSlowPathCalls(VM&, AccessGenerationState&, const RegisterSet& usedRegistersByPatchpoint, CCallHelpers&);
+    CCallHelpers::JumpList emitSlowPathCalls(AccessGenerationState&, const RegisterSet& usedRegistersByPatchpoint, CCallHelpers&);
 
 private:
 #define JSC_DEFINE_CALL_OPERATIONS(OperationType, ResultType, ...) void addSlowPathCallImpl(CCallHelpers::JumpList, CCallHelpers&, OperationType, ResultType, std::tuple<__VA_ARGS__> args) override;

Modified: trunk/Source/_javascript_Core/bytecode/PolymorphicAccess.cpp (207455 => 207456)


--- trunk/Source/_javascript_Core/bytecode/PolymorphicAccess.cpp	2016-10-18 07:11:18 UTC (rev 207455)
+++ trunk/Source/_javascript_Core/bytecode/PolymorphicAccess.cpp	2016-10-18 08:13:26 UTC (rev 207456)
@@ -1426,7 +1426,6 @@
 void AccessCase::emitDOMJITGetter(AccessGenerationState& state, GPRReg baseForGetGPR)
 {
     CCallHelpers& jit = *state.jit;
-    VM& vm = *jit.vm();
     StructureStubInfo& stubInfo = *state.stubInfo;
     JSValueRegs valueRegs = state.valueRegs;
     GPRReg baseGPR = state.baseGPR;
@@ -1535,7 +1534,7 @@
     allocator.restoreReusedRegistersByPopping(jit, preservedState);
     state.succeed();
 
-    CCallHelpers::JumpList exceptions = params.emitSlowPathCalls(vm, state, registersToSpillForCCall, jit);
+    CCallHelpers::JumpList exceptions = params.emitSlowPathCalls(state, registersToSpillForCCall, jit);
     exceptions.link(&jit);
     allocator.restoreReusedRegistersByPopping(jit, preservedState);
     state.emitExplicitExceptionHandler();

Added: trunk/Source/_javascript_Core/interpreter/FrameTracers.h (0 => 207456)


--- trunk/Source/_javascript_Core/interpreter/FrameTracers.h	                        (rev 0)
+++ trunk/Source/_javascript_Core/interpreter/FrameTracers.h	2016-10-18 08:13:26 UTC (rev 207456)
@@ -0,0 +1,107 @@
+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include "CatchScope.h"
+#include "VM.h"
+
+namespace JSC {
+
+struct VMEntryFrame;
+
+class SuspendExceptionScope {
+public:
+    SuspendExceptionScope(VM* vm)
+        : m_vm(vm)
+    {
+        auto scope = DECLARE_CATCH_SCOPE(*vm);
+        oldException = scope.exception();
+        scope.clearException();
+    }
+    ~SuspendExceptionScope()
+    {
+        m_vm->restorePreviousException(oldException);
+    }
+private:
+    Exception* oldException;
+    VM* m_vm;
+};
+
+class TopCallFrameSetter {
+public:
+    TopCallFrameSetter(VM& currentVM, CallFrame* callFrame)
+        : vm(currentVM)
+        , oldCallFrame(currentVM.topCallFrame)
+    {
+        currentVM.topCallFrame = callFrame;
+    }
+
+    ~TopCallFrameSetter()
+    {
+        vm.topCallFrame = oldCallFrame;
+    }
+private:
+    VM& vm;
+    CallFrame* oldCallFrame;
+};
+
+class NativeCallFrameTracer {
+public:
+    ALWAYS_INLINE NativeCallFrameTracer(VM* vm, CallFrame* callFrame)
+    {
+        ASSERT(vm);
+        ASSERT(callFrame);
+        ASSERT(reinterpret_cast<void*>(callFrame) < reinterpret_cast<void*>(vm->topVMEntryFrame));
+        vm->topCallFrame = callFrame;
+    }
+};
+
+class NativeCallFrameTracerWithRestore {
+public:
+    ALWAYS_INLINE NativeCallFrameTracerWithRestore(VM* vm, VMEntryFrame* vmEntryFrame, CallFrame* callFrame)
+        : m_vm(vm)
+    {
+        ASSERT(vm);
+        ASSERT(callFrame);
+        m_savedTopVMEntryFrame = vm->topVMEntryFrame;
+        m_savedTopCallFrame = vm->topCallFrame;
+        vm->topVMEntryFrame = vmEntryFrame;
+        vm->topCallFrame = callFrame;
+    }
+
+    ALWAYS_INLINE ~NativeCallFrameTracerWithRestore()
+    {
+        m_vm->topVMEntryFrame = m_savedTopVMEntryFrame;
+        m_vm->topCallFrame = m_savedTopCallFrame;
+    }
+
+private:
+    VM* m_vm;
+    VMEntryFrame* m_savedTopVMEntryFrame;
+    CallFrame* m_savedTopCallFrame;
+};
+
+}

Modified: trunk/Source/_javascript_Core/interpreter/Interpreter.h (207455 => 207456)


--- trunk/Source/_javascript_Core/interpreter/Interpreter.h	2016-10-18 07:11:18 UTC (rev 207455)
+++ trunk/Source/_javascript_Core/interpreter/Interpreter.h	2016-10-18 08:13:26 UTC (rev 207456)
@@ -31,6 +31,7 @@
 
 #include "ArgList.h"
 #include "CatchScope.h"
+#include "FrameTracers.h"
 #include "JSCJSValue.h"
 #include "JSCell.h"
 #include "JSObject.h"
@@ -85,78 +86,6 @@
         StackFrameNativeCode
     };
 
-    class SuspendExceptionScope {
-    public:
-        SuspendExceptionScope(VM* vm)
-            : m_vm(vm)
-        {
-            auto scope = DECLARE_CATCH_SCOPE(*vm);
-            oldException = scope.exception();
-            scope.clearException();
-        }
-        ~SuspendExceptionScope()
-        {
-            m_vm->restorePreviousException(oldException);
-        }
-    private:
-        Exception* oldException;
-        VM* m_vm;
-    };
-    
-    class TopCallFrameSetter {
-    public:
-        TopCallFrameSetter(VM& currentVM, CallFrame* callFrame)
-            : vm(currentVM)
-            , oldCallFrame(currentVM.topCallFrame) 
-        {
-            currentVM.topCallFrame = callFrame;
-        }
-        
-        ~TopCallFrameSetter() 
-        {
-            vm.topCallFrame = oldCallFrame;
-        }
-    private:
-        VM& vm;
-        CallFrame* oldCallFrame;
-    };
-    
-    class NativeCallFrameTracer {
-    public:
-        ALWAYS_INLINE NativeCallFrameTracer(VM* vm, CallFrame* callFrame)
-        {
-            ASSERT(vm);
-            ASSERT(callFrame);
-            ASSERT(reinterpret_cast<void*>(callFrame) < reinterpret_cast<void*>(vm->topVMEntryFrame));
-            vm->topCallFrame = callFrame;
-        }
-    };
-
-    class NativeCallFrameTracerWithRestore {
-    public:
-        ALWAYS_INLINE NativeCallFrameTracerWithRestore(VM* vm, VMEntryFrame* vmEntryFrame, CallFrame* callFrame)
-            : m_vm(vm)
-        {
-            ASSERT(vm);
-            ASSERT(callFrame);
-            m_savedTopVMEntryFrame = vm->topVMEntryFrame;
-            m_savedTopCallFrame = vm->topCallFrame;
-            vm->topVMEntryFrame = vmEntryFrame;
-            vm->topCallFrame = callFrame;
-        }
-
-        ALWAYS_INLINE ~NativeCallFrameTracerWithRestore()
-        {
-            m_vm->topVMEntryFrame = m_savedTopVMEntryFrame;
-            m_vm->topCallFrame = m_savedTopCallFrame;
-        }
-
-    private:
-        VM* m_vm;
-        VMEntryFrame* m_savedTopVMEntryFrame;
-        CallFrame* m_savedTopCallFrame;
-    };
-
     class Interpreter {
         WTF_MAKE_FAST_ALLOCATED;
         friend class CachedCall;

Modified: trunk/Source/_javascript_Core/jsc.cpp (207455 => 207456)


--- trunk/Source/_javascript_Core/jsc.cpp	2016-10-18 07:11:18 UTC (rev 207455)
+++ trunk/Source/_javascript_Core/jsc.cpp	2016-10-18 08:13:26 UTC (rev 207456)
@@ -626,6 +626,12 @@
             return DOMJITNode::checkDOMJITNode();
         }
 
+        static EncodedJSValue JIT_OPERATION slowCall(ExecState* exec, void* pointer)
+        {
+            NativeCallFrameTracer tracer(&exec->vm(), exec);
+            return JSValue::encode(jsNumber(static_cast<DOMJITGetter*>(pointer)->value()));
+        }
+
         Ref<DOMJIT::CallDOMPatchpoint> callDOM() override
         {
             Ref<DOMJIT::CallDOMPatchpoint> patchpoint = DOMJIT::CallDOMPatchpoint::create();
@@ -633,10 +639,7 @@
             patchpoint->setGenerator([=](CCallHelpers& jit, DOMJIT::PatchpointParams& params) {
                 JSValueRegs results = params[0].jsValueRegs();
                 GPRReg dom = params[1].gpr();
-
-                params.addSlowPathCall(jit.jump(), jit, static_cast<EncodedJSValue(*)(ExecState*, void*)>([](ExecState*, void* pointer) {
-                    return JSValue::encode(jsNumber(static_cast<DOMJITGetter*>(pointer)->value()));
-                }), results, dom);
+                params.addSlowPathCall(jit.jump(), jit, slowCall, results, dom);
                 return CCallHelpers::JumpList();
 
             });
@@ -708,6 +711,20 @@
             return DOMJITNode::checkDOMJITNode();
         }
 
+        static EncodedJSValue JIT_OPERATION slowCall(ExecState* exec, void* pointer)
+        {
+            VM& vm = exec->vm();
+            NativeCallFrameTracer tracer(&vm, exec);
+            auto scope = DECLARE_THROW_SCOPE(vm);
+            auto* object = static_cast<DOMJITNode*>(pointer);
+            auto* domjitGetterComplex = jsDynamicCast<DOMJITGetterComplex*>(object);
+            if (domjitGetterComplex) {
+                if (domjitGetterComplex->m_enableException)
+                    return JSValue::encode(throwException(exec, scope, createError(exec, ASCIILiteral("DOMJITGetterComplex slow call exception"))));
+            }
+            return JSValue::encode(jsNumber(object->value()));
+        }
+
         Ref<DOMJIT::CallDOMPatchpoint> callDOM() override
         {
             RefPtr<DOMJIT::CallDOMPatchpoint> patchpoint = DOMJIT::CallDOMPatchpoint::create();
@@ -720,17 +737,7 @@
                 for (unsigned i = 0; i < patchpoint->numGPScratchRegisters; ++i)
                     jit.move(CCallHelpers::TrustedImm32(42), params.gpScratch(i));
 
-                params.addSlowPathCall(jit.jump(), jit, static_cast<EncodedJSValue(*)(ExecState*, void*)>([](ExecState* exec, void* pointer) {
-                    VM& vm = exec->vm();
-                    auto scope = DECLARE_THROW_SCOPE(vm);
-                    auto* object = static_cast<DOMJITNode*>(pointer);
-                    auto* domjitGetterComplex = jsDynamicCast<DOMJITGetterComplex*>(object);
-                    if (domjitGetterComplex) {
-                        if (domjitGetterComplex->m_enableException)
-                            return JSValue::encode(throwException(exec, scope, createError(exec, ASCIILiteral("DOMJITGetterComplex slow call exception"))));
-                    }
-                    return JSValue::encode(jsNumber(object->value()));
-                }), results, domGPR);
+                params.addSlowPathCall(jit.jump(), jit, slowCall, results, domGPR);
                 return CCallHelpers::JumpList();
 
             });

Modified: trunk/Source/WebCore/ChangeLog (207455 => 207456)


--- trunk/Source/WebCore/ChangeLog	2016-10-18 07:11:18 UTC (rev 207455)
+++ trunk/Source/WebCore/ChangeLog	2016-10-18 08:13:26 UTC (rev 207456)
@@ -1,3 +1,13 @@
+2016-10-17  Yusuke Suzuki  <utatane....@gmail.com>
+
+        [DOMJIT] Use NativeCallFrameTracer for operations used for DOMJIT slow calls
+        https://bugs.webkit.org/show_bug.cgi?id=163586
+
+        Reviewed by Saam Barati.
+
+        * domjit/JSNodeDOMJIT.cpp:
+        (WebCore::toWrapperSlow):
+
 2016-10-18  Ryuan Choi  <ryuan.c...@navercorp.com>
 
         [EFL] Build break since r207442

Copied: trunk/Source/WebCore/ForwardingHeaders/interpreter/FrameTracers.h (from rev 207455, trunk/Source/_javascript_Core/bytecode/DOMJITAccessCasePatchpointParams.h) (0 => 207456)


--- trunk/Source/WebCore/ForwardingHeaders/interpreter/FrameTracers.h	                        (rev 0)
+++ trunk/Source/WebCore/ForwardingHeaders/interpreter/FrameTracers.h	2016-10-18 08:13:26 UTC (rev 207456)
@@ -0,0 +1,29 @@
+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef WebCore_FWD_FrameTracers_h
+#define WebCore_FWD_FrameTracers_h
+#include <_javascript_Core/FrameTracers.h>
+#endif

Modified: trunk/Source/WebCore/domjit/JSNodeDOMJIT.cpp (207455 => 207456)


--- trunk/Source/WebCore/domjit/JSNodeDOMJIT.cpp	2016-10-18 07:11:18 UTC (rev 207455)
+++ trunk/Source/WebCore/domjit/JSNodeDOMJIT.cpp	2016-10-18 08:13:26 UTC (rev 207456)
@@ -33,6 +33,7 @@
 #include "Node.h"
 #include <domjit/DOMJITPatchpoint.h>
 #include <domjit/DOMJITPatchpointParams.h>
+#include <interpreter/FrameTracers.h>
 
 using namespace JSC;
 
@@ -41,11 +42,12 @@
 enum class IsContainerGuardRequirement { Required, NotRequired };
 
 template<typename WrappedNode>
-EncodedJSValue toWrapperSlow(JSC::ExecState* exec, JSC::JSGlobalObject* globalObject, void* result)
+EncodedJSValue JIT_OPERATION toWrapperSlow(JSC::ExecState* exec, JSC::JSGlobalObject* globalObject, void* result)
 {
     ASSERT(exec);
     ASSERT(result);
     ASSERT(globalObject);
+    JSC::NativeCallFrameTracer tracer(&exec->vm(), exec);
     return JSValue::encode(toJS(exec, static_cast<JSDOMGlobalObject*>(globalObject), *static_cast<WrappedNode*>(result)));
 }
 
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to