Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (270763 => 270764)
--- trunk/Source/_javascript_Core/ChangeLog 2020-12-14 10:17:00 UTC (rev 270763)
+++ trunk/Source/_javascript_Core/ChangeLog 2020-12-14 10:32:10 UTC (rev 270764)
@@ -1,3 +1,67 @@
+2020-12-13 Yusuke Suzuki <[email protected]>
+
+ [JSC] Introduce vmEntryCustomAccessor and vmEntryHostFunction for JITCage
+ https://bugs.webkit.org/show_bug.cgi?id=219847
+
+ Reviewed by Mark Lam.
+
+ Instead of registering all host-functions and custom accessors with OperationPtrTag or HostFunctionPtrTag,
+ this patch introduces a trampoline which invokes them with special ptr-tag to reduce memory usage of JITOperationList.
+
+ When invoking custom accessor, we pass that pointer as a forth argument, and call vmEntryCustomAccessor.
+ And vmEntryCustomAccessor jumps to the passed argument with special ptr tag. And we register vmEntryCustomAccessor as an operation.
+ For host-functions, we pass that pointer as a third argument.
+
+ * assembler/JITOperationList.cpp:
+ (JSC::addPointers):
+ (JSC::JITOperationList::populatePointersInJavaScriptCore):
+ (JSC::JITOperationList::populatePointersInJavaScriptCoreForLLInt):
+ (JSC::JITOperationList::populatePointersInEmbedder):
+ * assembler/JITOperationList.h:
+ (JSC::JITOperationList::assertIsHostFunction): Deleted.
+ * b3/testb3_1.cpp:
+ (main):
+ * bytecode/AccessCase.cpp:
+ (JSC::AccessCase::generateImpl):
+ * bytecode/GetByIdVariant.cpp:
+ (JSC::GetByIdVariant::GetByIdVariant):
+ * bytecode/GetByIdVariant.h:
+ (JSC::GetByIdVariant::customAccessorGetter const):
+ * bytecode/GetByStatus.cpp:
+ (JSC::GetByStatus::computeForStubInfoWithoutExitSiteFeedback):
+ * bytecode/GetterSetterAccessCase.cpp:
+ (JSC::GetterSetterAccessCase::create):
+ * bytecode/GetterSetterAccessCase.h:
+ * dfg/DFGNode.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileCallDOMGetter):
+ * ftl/FTLLowerDFGToB3.cpp:
+ (JSC::FTL::DFG::LowerDFGToB3::compileCallDOMGetter):
+ * jit/JITOperations.h:
+ * jit/Repatch.cpp:
+ (JSC::tryCacheGetBy):
+ (JSC::tryCachePutByID):
+ * jit/ThunkGenerators.cpp:
+ (JSC::nativeForGenerator):
+ * jsc.cpp:
+ (jscmain):
+ * llint/LLIntData.cpp:
+ (JSC::LLInt::initialize):
+ * llint/LLIntThunks.cpp:
+ * llint/LLIntThunks.h:
+ * llint/LowLevelInterpreter.asm:
+ * llint/LowLevelInterpreter64.asm:
+ * runtime/Gate.h:
+ * runtime/JSCPtrTag.h:
+ (JSC::tagJSCCodePtrImpl):
+ (JSC::untagJSCCodePtrImpl):
+ * runtime/NativeFunction.h:
+ * runtime/PropertySlot.h:
+ * runtime/PutPropertySlot.h:
+ (JSC::PutPropertySlot::customSetter const):
+ * runtime/VM.cpp:
+ (JSC::VM::getHostFunction):
+
2020-12-14 Youenn Fablet <[email protected]>
Pass an isolated copy of Settings to workers and worklets.
Modified: trunk/Source/_javascript_Core/assembler/JITOperationList.cpp (270763 => 270764)
--- trunk/Source/_javascript_Core/assembler/JITOperationList.cpp 2020-12-14 10:17:00 UTC (rev 270763)
+++ trunk/Source/_javascript_Core/assembler/JITOperationList.cpp 2020-12-14 10:32:10 UTC (rev 270764)
@@ -39,8 +39,6 @@
LazyNeverDestroyed<JITOperationList> jitOperationList;
#if ENABLE(JIT_OPERATION_VALIDATION)
-extern const uintptr_t startOfHostFunctionsInJSC __asm("section$start$__DATA_CONST$__jsc_host");
-extern const uintptr_t endOfHostFunctionsInJSC __asm("section$end$__DATA_CONST$__jsc_host");
extern const uintptr_t startOfJITOperationsInJSC __asm("section$start$__DATA_CONST$__jsc_ops");
extern const uintptr_t endOfJITOperationsInJSC __asm("section$end$__DATA_CONST$__jsc_ops");
#endif
@@ -51,7 +49,7 @@
}
#if ENABLE(JIT_OPERATION_VALIDATION)
-static SUPPRESS_ASAN ALWAYS_INLINE void addPointers(HashMap<void*, void*>& map, const uintptr_t* beginHost, const uintptr_t* endHost, const uintptr_t* beginOperations, const uintptr_t* endOperations)
+static SUPPRESS_ASAN ALWAYS_INLINE void addPointers(HashMap<void*, void*>& map, const uintptr_t* beginOperations, const uintptr_t* endOperations)
{
#if ENABLE(JIT_CAGE)
if (Options::useJITCage()) {
@@ -60,11 +58,6 @@
}
#endif
if constexpr (ASSERT_ENABLED) {
- for (const uintptr_t* current = beginHost; current != endHost; ++current) {
- void* codePtr = removeCodePtrTag(bitwise_cast<void*>(*current));
- if (codePtr)
- map.add(codePtr, WTF::tagNativeCodePtrImpl<HostFunctionPtrTag>(codePtr));
- }
for (const uintptr_t* current = beginOperations; current != endOperations; ++current) {
void* codePtr = removeCodePtrTag(bitwise_cast<void*>(*current));
if (codePtr)
@@ -80,7 +73,7 @@
static std::once_flag onceKey;
std::call_once(onceKey, [] {
if (Options::useJIT())
- addPointers(jitOperationList->m_validatedOperations, &startOfHostFunctionsInJSC, &endOfHostFunctionsInJSC, &startOfJITOperationsInJSC, &endOfJITOperationsInJSC);
+ addPointers(jitOperationList->m_validatedOperations, &startOfJITOperationsInJSC, &endOfJITOperationsInJSC);
});
#endif
}
@@ -128,7 +121,7 @@
JSC_WASM_GATE_OPCODES(LLINT_RETURN_LOCATION)
};
if (Options::useJIT())
- addPointers(jitOperationList->m_validatedOperations, nullptr, nullptr, operations, operations + WTF_ARRAY_LENGTH(operations));
+ addPointers(jitOperationList->m_validatedOperations, operations, operations + WTF_ARRAY_LENGTH(operations));
#undef LLINT_RETURN_LOCATION
});
#endif
@@ -135,15 +128,13 @@
}
-void JITOperationList::populatePointersInEmbedder(const uintptr_t* beginHost, const uintptr_t* endHost, const uintptr_t* beginOperations, const uintptr_t* endOperations)
+void JITOperationList::populatePointersInEmbedder(const uintptr_t* beginOperations, const uintptr_t* endOperations)
{
- UNUSED_PARAM(beginHost);
- UNUSED_PARAM(endHost);
UNUSED_PARAM(beginOperations);
UNUSED_PARAM(endOperations);
#if ENABLE(JIT_OPERATION_VALIDATION)
if (Options::useJIT())
- addPointers(jitOperationList->m_validatedOperations, beginHost, endHost, beginOperations, endOperations);
+ addPointers(jitOperationList->m_validatedOperations, beginOperations, endOperations);
#endif
}
Modified: trunk/Source/_javascript_Core/assembler/JITOperationList.h (270763 => 270764)
--- trunk/Source/_javascript_Core/assembler/JITOperationList.h 2020-12-14 10:17:00 UTC (rev 270763)
+++ trunk/Source/_javascript_Core/assembler/JITOperationList.h 2020-12-14 10:32:10 UTC (rev 270764)
@@ -49,18 +49,8 @@
static void populatePointersInJavaScriptCore();
static void populatePointersInJavaScriptCoreForLLInt();
- JS_EXPORT_PRIVATE static void populatePointersInEmbedder(const uintptr_t* beginHost, const uintptr_t* endHost, const uintptr_t* beginOperations, const uintptr_t* endOperations);
+ JS_EXPORT_PRIVATE static void populatePointersInEmbedder(const uintptr_t* beginOperations, const uintptr_t* endOperations);
- // FIXME: Currently, assertIsHostFunction and assertIsJITOperation are the same.
- // We will make them work in a subsequent patch.
- template<typename T> static void assertIsHostFunction(T function)
- {
- UNUSED_PARAM(function);
-#if ENABLE(JIT_OPERATION_VALIDATION)
- ASSERT(function, !Options::useJIT() || JITOperationList::instance().map(bitwise_cast<void*>(function)));
-#endif
- }
-
template<typename T> static void assertIsJITOperation(T function)
{
UNUSED_PARAM(function);
Modified: trunk/Source/_javascript_Core/b3/testb3_1.cpp (270763 => 270764)
--- trunk/Source/_javascript_Core/b3/testb3_1.cpp 2020-12-14 10:17:00 UTC (rev 270763)
+++ trunk/Source/_javascript_Core/b3/testb3_1.cpp 2020-12-14 10:32:10 UTC (rev 270764)
@@ -892,8 +892,6 @@
#endif // ENABLE(B3_JIT)
#if ENABLE(JIT_OPERATION_VALIDATION)
-extern const uintptr_t startOfHostFunctionsInTestB3 __asm("section$start$__DATA_CONST$__jsc_host");
-extern const uintptr_t endOfHostFunctionsInTestB3 __asm("section$end$__DATA_CONST$__jsc_host");
extern const uintptr_t startOfJITOperationsInTestB3 __asm("section$start$__DATA_CONST$__jsc_ops");
extern const uintptr_t endOfJITOperationsInTestB3 __asm("section$end$__DATA_CONST$__jsc_ops");
#endif
@@ -918,7 +916,7 @@
JSC::initialize();
#if ENABLE(JIT_OPERATION_VALIDATION)
- JSC::JITOperationList::populatePointersInEmbedder(&startOfHostFunctionsInTestB3, &endOfHostFunctionsInTestB3, &startOfJITOperationsInTestB3, &endOfJITOperationsInTestB3);
+ JSC::JITOperationList::populatePointersInEmbedder(&startOfJITOperationsInTestB3, &endOfJITOperationsInTestB3);
#endif
for (unsigned i = 0; i <= 2; ++i) {
Modified: trunk/Source/_javascript_Core/bytecode/AccessCase.cpp (270763 => 270764)
--- trunk/Source/_javascript_Core/bytecode/AccessCase.cpp 2020-12-14 10:17:00 UTC (rev 270763)
+++ trunk/Source/_javascript_Core/bytecode/AccessCase.cpp 2020-12-14 10:32:10 UTC (rev 270764)
@@ -39,6 +39,7 @@
#include "JSCInlines.h"
#include "JSModuleEnvironment.h"
#include "JSModuleNamespaceObject.h"
+#include "LLIntThunks.h"
#include "LinkBuffer.h"
#include "ModuleNamespaceAccessCase.h"
#include "PolymorphicAccess.h"
@@ -1722,21 +1723,43 @@
// must keep it alive.
if (m_type == CustomValueGetter || m_type == CustomAccessorGetter) {
RELEASE_ASSERT(m_identifier);
- jit.setupArguments<PropertySlot::GetValueFunc>(
- CCallHelpers::TrustedImmPtr(globalObject),
- CCallHelpers::CellValue(baseForCustom),
- CCallHelpers::TrustedImmPtr(uid()));
+ if (Options::useJITCage()) {
+ jit.setupArguments<PropertySlot::GetValueFuncWithPtr>(
+ CCallHelpers::TrustedImmPtr(globalObject),
+ CCallHelpers::CellValue(baseForCustom),
+ CCallHelpers::TrustedImmPtr(uid()),
+ CCallHelpers::TrustedImmPtr(this->as<GetterSetterAccessCase>().m_customAccessor.executableAddress()));
+ } else {
+ jit.setupArguments<PropertySlot::GetValueFunc>(
+ CCallHelpers::TrustedImmPtr(globalObject),
+ CCallHelpers::CellValue(baseForCustom),
+ CCallHelpers::TrustedImmPtr(uid()));
+ }
} else {
- jit.setupArguments<PutPropertySlot::PutValueFunc>(
- CCallHelpers::TrustedImmPtr(globalObject),
- CCallHelpers::CellValue(baseForCustom),
- valueRegs);
+ if (Options::useJITCage()) {
+ jit.setupArguments<PutPropertySlot::PutValueFuncWithPtr>(
+ CCallHelpers::TrustedImmPtr(globalObject),
+ CCallHelpers::CellValue(baseForCustom),
+ valueRegs,
+ CCallHelpers::TrustedImmPtr(this->as<GetterSetterAccessCase>().m_customAccessor.executableAddress()));
+ } else {
+ jit.setupArguments<PutPropertySlot::PutValueFunc>(
+ CCallHelpers::TrustedImmPtr(globalObject),
+ CCallHelpers::CellValue(baseForCustom),
+ valueRegs);
+ }
}
jit.storePtr(GPRInfo::callFrameRegister, &vm.topCallFrame);
- operationCall = jit.call(OperationPtrTag);
+ if (Options::useJITCage())
+ operationCall = jit.call(OperationPtrTag);
+ else
+ operationCall = jit.call(CustomAccessorPtrTag);
jit.addLinkTask([=] (LinkBuffer& linkBuffer) {
- linkBuffer.link(operationCall, this->as<GetterSetterAccessCase>().m_customAccessor);
+ if (Options::useJITCage())
+ linkBuffer.link(operationCall, FunctionPtr<OperationPtrTag>(vmEntryCustomAccessor));
+ else
+ linkBuffer.link(operationCall, this->as<GetterSetterAccessCase>().m_customAccessor);
});
if (m_type == CustomValueGetter || m_type == CustomAccessorGetter)
Modified: trunk/Source/_javascript_Core/bytecode/GetByIdVariant.cpp (270763 => 270764)
--- trunk/Source/_javascript_Core/bytecode/GetByIdVariant.cpp 2020-12-14 10:17:00 UTC (rev 270763)
+++ trunk/Source/_javascript_Core/bytecode/GetByIdVariant.cpp 2020-12-14 10:32:10 UTC (rev 270764)
@@ -38,7 +38,7 @@
const ObjectPropertyConditionSet& conditionSet,
std::unique_ptr<CallLinkStatus> callLinkStatus,
JSFunction* intrinsicFunction,
- FunctionPtr<OperationPtrTag> customAccessorGetter,
+ FunctionPtr<CustomAccessorPtrTag> customAccessorGetter,
std::unique_ptr<DOMAttributeAnnotation> domAttribute)
: m_structureSet(structureSet)
, m_conditionSet(conditionSet)
Modified: trunk/Source/_javascript_Core/bytecode/GetByIdVariant.h (270763 => 270764)
--- trunk/Source/_javascript_Core/bytecode/GetByIdVariant.h 2020-12-14 10:17:00 UTC (rev 270763)
+++ trunk/Source/_javascript_Core/bytecode/GetByIdVariant.h 2020-12-14 10:32:10 UTC (rev 270764)
@@ -50,7 +50,7 @@
const ObjectPropertyConditionSet& = ObjectPropertyConditionSet(),
std::unique_ptr<CallLinkStatus> = nullptr,
JSFunction* = nullptr,
- FunctionPtr<OperationPtrTag> customAccessorGetter = nullptr,
+ FunctionPtr<CustomAccessorPtrTag> customAccessorGetter = nullptr,
std::unique_ptr<DOMAttributeAnnotation> = nullptr);
~GetByIdVariant();
@@ -70,7 +70,7 @@
CallLinkStatus* callLinkStatus() const { return m_callLinkStatus.get(); }
JSFunction* intrinsicFunction() const { return m_intrinsicFunction; }
Intrinsic intrinsic() const { return m_intrinsicFunction ? m_intrinsicFunction->intrinsic() : NoIntrinsic; }
- FunctionPtr<OperationPtrTag> customAccessorGetter() const { return m_customAccessorGetter; }
+ FunctionPtr<CustomAccessorPtrTag> customAccessorGetter() const { return m_customAccessorGetter; }
DOMAttributeAnnotation* domAttribute() const { return m_domAttribute.get(); }
bool isPropertyUnset() const { return offset() == invalidOffset; }
@@ -107,7 +107,7 @@
PropertyOffset m_offset;
std::unique_ptr<CallLinkStatus> m_callLinkStatus;
JSFunction* m_intrinsicFunction;
- FunctionPtr<OperationPtrTag> m_customAccessorGetter;
+ FunctionPtr<CustomAccessorPtrTag> m_customAccessorGetter;
std::unique_ptr<DOMAttributeAnnotation> m_domAttribute;
CacheableIdentifier m_identifier;
};
Modified: trunk/Source/_javascript_Core/bytecode/GetByStatus.cpp (270763 => 270764)
--- trunk/Source/_javascript_Core/bytecode/GetByStatus.cpp 2020-12-14 10:17:00 UTC (rev 270763)
+++ trunk/Source/_javascript_Core/bytecode/GetByStatus.cpp 2020-12-14 10:32:10 UTC (rev 270764)
@@ -279,7 +279,7 @@
case ComplexGetStatus::Inlineable: {
std::unique_ptr<CallLinkStatus> callLinkStatus;
JSFunction* intrinsicFunction = nullptr;
- FunctionPtr<OperationPtrTag> customAccessorGetter;
+ FunctionPtr<CustomAccessorPtrTag> customAccessorGetter;
std::unique_ptr<DOMAttributeAnnotation> domAttribute;
bool haveDOMAttribute = false;
Modified: trunk/Source/_javascript_Core/bytecode/GetterSetterAccessCase.cpp (270763 => 270764)
--- trunk/Source/_javascript_Core/bytecode/GetterSetterAccessCase.cpp 2020-12-14 10:17:00 UTC (rev 270763)
+++ trunk/Source/_javascript_Core/bytecode/GetterSetterAccessCase.cpp 2020-12-14 10:32:10 UTC (rev 270764)
@@ -49,7 +49,7 @@
std::unique_ptr<AccessCase> GetterSetterAccessCase::create(
VM& vm, JSCell* owner, AccessType type, CacheableIdentifier identifier, PropertyOffset offset, Structure* structure, const ObjectPropertyConditionSet& conditionSet,
- bool viaProxy, WatchpointSet* additionalSet, FunctionPtr<OperationPtrTag> customGetter, JSObject* customSlotBase,
+ bool viaProxy, WatchpointSet* additionalSet, FunctionPtr<CustomAccessorPtrTag> customGetter, JSObject* customSlotBase,
Optional<DOMAttributeAnnotation> domAttribute, std::unique_ptr<PolyProtoAccessChain> prototypeAccessChain)
{
switch (type) {
@@ -63,17 +63,17 @@
std::unique_ptr<GetterSetterAccessCase> result(new GetterSetterAccessCase(vm, owner, type, identifier, offset, structure, conditionSet, viaProxy, additionalSet, customSlotBase, WTFMove(prototypeAccessChain)));
result->m_domAttribute = domAttribute;
- result->m_customAccessor = customGetter ? FunctionPtr<OperationPtrTag>(customGetter) : nullptr;
+ result->m_customAccessor = customGetter ? FunctionPtr<CustomAccessorPtrTag>(customGetter) : nullptr;
return result;
}
std::unique_ptr<AccessCase> GetterSetterAccessCase::create(VM& vm, JSCell* owner, AccessType type, Structure* structure, CacheableIdentifier identifier, PropertyOffset offset,
const ObjectPropertyConditionSet& conditionSet, std::unique_ptr<PolyProtoAccessChain> prototypeAccessChain, bool viaProxy,
- FunctionPtr<OperationPtrTag> customSetter, JSObject* customSlotBase)
+ FunctionPtr<CustomAccessorPtrTag> customSetter, JSObject* customSlotBase)
{
ASSERT(type == Setter || type == CustomValueSetter || type == CustomAccessorSetter);
std::unique_ptr<GetterSetterAccessCase> result(new GetterSetterAccessCase(vm, owner, type, identifier, offset, structure, conditionSet, viaProxy, nullptr, customSlotBase, WTFMove(prototypeAccessChain)));
- result->m_customAccessor = customSetter ? FunctionPtr<OperationPtrTag>(customSetter) : nullptr;
+ result->m_customAccessor = customSetter ? FunctionPtr<CustomAccessorPtrTag>(customSetter) : nullptr;
return result;
}
Modified: trunk/Source/_javascript_Core/bytecode/GetterSetterAccessCase.h (270763 => 270764)
--- trunk/Source/_javascript_Core/bytecode/GetterSetterAccessCase.h 2020-12-14 10:17:00 UTC (rev 270763)
+++ trunk/Source/_javascript_Core/bytecode/GetterSetterAccessCase.h 2020-12-14 10:32:10 UTC (rev 270764)
@@ -55,12 +55,12 @@
static std::unique_ptr<AccessCase> create(
VM&, JSCell* owner, AccessType, CacheableIdentifier, PropertyOffset, Structure*,
- const ObjectPropertyConditionSet&, bool viaProxy, WatchpointSet* additionalSet, FunctionPtr<OperationPtrTag> customGetter,
+ const ObjectPropertyConditionSet&, bool viaProxy, WatchpointSet* additionalSet, FunctionPtr<CustomAccessorPtrTag> customGetter,
JSObject* customSlotBase, Optional<DOMAttributeAnnotation>, std::unique_ptr<PolyProtoAccessChain>);
static std::unique_ptr<AccessCase> create(VM&, JSCell* owner, AccessType, Structure*, CacheableIdentifier, PropertyOffset,
const ObjectPropertyConditionSet&, std::unique_ptr<PolyProtoAccessChain>, bool viaProxy = false,
- FunctionPtr<OperationPtrTag> customSetter = nullptr, JSObject* customSlotBase = nullptr);
+ FunctionPtr<CustomAccessorPtrTag> customSetter = nullptr, JSObject* customSlotBase = nullptr);
void dumpImpl(PrintStream&, CommaPrinter&) const final;
std::unique_ptr<AccessCase> clone() const final;
@@ -67,7 +67,7 @@
~GetterSetterAccessCase() final;
- FunctionPtr<OperationPtrTag> customAccessor() const { return m_customAccessor; }
+ FunctionPtr<CustomAccessorPtrTag> customAccessor() const { return m_customAccessor; }
private:
GetterSetterAccessCase(VM&, JSCell*, AccessType, CacheableIdentifier, PropertyOffset, Structure*, const ObjectPropertyConditionSet&, bool viaProxy, WatchpointSet* additionalSet, JSObject* customSlotBase, std::unique_ptr<PolyProtoAccessChain>);
@@ -76,7 +76,7 @@
WriteBarrier<JSObject> m_customSlotBase;
CallLinkInfo* m_callLinkInfo { nullptr };
- FunctionPtr<OperationPtrTag> m_customAccessor;
+ FunctionPtr<CustomAccessorPtrTag> m_customAccessor;
Optional<DOMAttributeAnnotation> m_domAttribute;
};
Modified: trunk/Source/_javascript_Core/dfg/DFGNode.h (270763 => 270764)
--- trunk/Source/_javascript_Core/dfg/DFGNode.h 2020-12-14 10:17:00 UTC (rev 270763)
+++ trunk/Source/_javascript_Core/dfg/DFGNode.h 2020-12-14 10:32:10 UTC (rev 270764)
@@ -276,7 +276,7 @@
};
struct CallDOMGetterData {
- FunctionPtr<OperationPtrTag> customAccessorGetter;
+ FunctionPtr<CustomAccessorPtrTag> customAccessorGetter;
const DOMJIT::GetterSetter* domJIT { nullptr };
DOMJIT::CallDOMGetterSnippet* snippet { nullptr };
unsigned identifierNumber { 0 };
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (270763 => 270764)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2020-12-14 10:17:00 UTC (rev 270763)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2020-12-14 10:32:10 UTC (rev 270764)
@@ -58,6 +58,7 @@
#include "JSMapIterator.h"
#include "JSPropertyNameEnumerator.h"
#include "JSSetIterator.h"
+#include "LLIntThunks.h"
#include "RegExpObject.h"
#include "ScopedArguments.h"
#include "TypeProfilerLog.h"
@@ -10104,7 +10105,7 @@
{
DOMJIT::CallDOMGetterSnippet* snippet = node->callDOMGetterData()->snippet;
if (!snippet) {
- FunctionPtr<OperationPtrTag> getter = node->callDOMGetterData()->customAccessorGetter;
+ FunctionPtr<CustomAccessorPtrTag> getter = node->callDOMGetterData()->customAccessorGetter;
SpeculateCellOperand base(this, node->child1());
JSValueRegsTemporary result(this);
@@ -10112,10 +10113,17 @@
GPRReg baseGPR = base.gpr();
flushRegisters();
- m_jit.setupArguments<J_JITOperation_GJI>(TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), CCallHelpers::CellValue(baseGPR), identifierUID(node->callDOMGetterData()->identifierNumber));
+ if (Options::useJITCage())
+ m_jit.setupArguments<J_JITOperation_GJIP>(TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), CCallHelpers::CellValue(baseGPR), identifierUID(node->callDOMGetterData()->identifierNumber), getter.executableAddress());
+ else
+ m_jit.setupArguments<J_JITOperation_GJI>(TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), CCallHelpers::CellValue(baseGPR), identifierUID(node->callDOMGetterData()->identifierNumber));
+
m_jit.storePtr(GPRInfo::callFrameRegister, &vm().topCallFrame);
m_jit.emitStoreCodeOrigin(m_currentNode->origin.semantic);
- m_jit.appendCall(getter.retagged<CFunctionPtrTag>());
+ if (Options::useJITCage())
+ m_jit.appendCall(vmEntryCustomAccessor);
+ else
+ m_jit.appendCall(getter.retagged<CFunctionPtrTag>());
m_jit.setupResults(resultRegs);
m_jit.exceptionCheck();
Modified: trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp (270763 => 270764)
--- trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2020-12-14 10:17:00 UTC (rev 270763)
+++ trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2020-12-14 10:32:10 UTC (rev 270764)
@@ -85,6 +85,7 @@
#include "JSLexicalEnvironment.h"
#include "JSMapIterator.h"
#include "JSSetIterator.h"
+#include "LLIntThunks.h"
#include "OperandsInlines.h"
#include "ProbeContext.h"
#include "RegExpObject.h"
@@ -14502,9 +14503,14 @@
// https://bugs.webkit.org/show_bug.cgi?id=203204
JSGlobalObject* globalObject = m_graph.globalObjectFor(m_origin.semantic);
m_out.storePtr(m_callFrame, m_out.absolute(&vm().topCallFrame));
- setJSValue(
- vmCall(Int64, bitwise_cast<CustomGetterSetter::CustomGetter>(m_node->callDOMGetterData()->customAccessorGetter.retaggedExecutableAddress<CFunctionPtrTag>()),
- weakPointer(globalObject), lowCell(m_node->child1()), m_out.constIntPtr(m_graph.identifiers()[m_node->callDOMGetterData()->identifierNumber])));
+ if (Options::useJITCage()) {
+ setJSValue(
+ vmCall(Int64, vmEntryCustomAccessor, weakPointer(globalObject), lowCell(m_node->child1()), m_out.constIntPtr(m_graph.identifiers()[m_node->callDOMGetterData()->identifierNumber]), m_out.constIntPtr(m_node->callDOMGetterData()->customAccessorGetter.executableAddress())));
+ } else {
+ setJSValue(
+ vmCall(Int64, bitwise_cast<CustomGetterSetter::CustomGetter>(m_node->callDOMGetterData()->customAccessorGetter.retaggedExecutableAddress<CFunctionPtrTag>()),
+ weakPointer(globalObject), lowCell(m_node->child1()), m_out.constIntPtr(m_graph.identifiers()[m_node->callDOMGetterData()->identifierNumber])));
+ }
return;
}
Modified: trunk/Source/_javascript_Core/jit/JITOperations.h (270763 => 270764)
--- trunk/Source/_javascript_Core/jit/JITOperations.h 2020-12-14 10:17:00 UTC (rev 270763)
+++ trunk/Source/_javascript_Core/jit/JITOperations.h 2020-12-14 10:32:10 UTC (rev 270764)
@@ -133,6 +133,7 @@
using P_JITOperation_GStZB = char*(JIT_OPERATION_ATTRIBUTES *)(JSGlobalObject*, Structure*, int32_t, Butterfly*);
using J_JITOperation_GJ = EncodedJSValue(JIT_OPERATION_ATTRIBUTES *)(JSGlobalObject*, EncodedJSValue);
using J_JITOperation_GJI = EncodedJSValue(JIT_OPERATION_ATTRIBUTES *)(JSGlobalObject*, EncodedJSValue, UniquedStringImpl*);
+using J_JITOperation_GJIP = EncodedJSValue(JIT_OPERATION_ATTRIBUTES *)(JSGlobalObject*, EncodedJSValue, UniquedStringImpl*, void*);
using V_JITOperation_GSsiJJC = void(JIT_OPERATION_ATTRIBUTES *)(JSGlobalObject*, StructureStubInfo*, EncodedJSValue, EncodedJSValue, uintptr_t);
using C_JITOperation_TT = uintptr_t(JIT_OPERATION_ATTRIBUTES *)(StringImpl*, StringImpl*);
using C_JITOperation_B_GJssJss = uintptr_t(JIT_OPERATION_ATTRIBUTES *)(JSGlobalObject*, JSString*, JSString*);
Modified: trunk/Source/_javascript_Core/jit/Repatch.cpp (270763 => 270764)
--- trunk/Source/_javascript_Core/jit/Repatch.cpp 2020-12-14 10:17:00 UTC (rev 270763)
+++ trunk/Source/_javascript_Core/jit/Repatch.cpp 2020-12-14 10:32:10 UTC (rev 270764)
@@ -410,7 +410,7 @@
newCase = GetterSetterAccessCase::create(
vm, codeBlock, type, propertyName, offset, structure, conditionSet, loadTargetFromProxy,
- slot.watchpointSet(), slot.isCacheableCustom() ? FunctionPtr<OperationPtrTag>(slot.customGetter()) : nullptr,
+ slot.watchpointSet(), slot.isCacheableCustom() ? FunctionPtr<CustomAccessorPtrTag>(slot.customGetter()) : nullptr,
slot.isCacheableCustom() && slot.slotBase() != baseValue ? slot.slotBase() : nullptr,
domAttribute, WTFMove(prototypeAccessChain));
}
@@ -746,7 +746,7 @@
newCase = GetterSetterAccessCase::create(
vm, codeBlock, slot.isCustomAccessor() ? AccessCase::CustomAccessorSetter : AccessCase::CustomValueSetter, oldStructure, propertyName,
- invalidOffset, conditionSet, WTFMove(prototypeAccessChain), isProxy, slot.customSetter().retagged<OperationPtrTag>(), slot.base() != baseValue ? slot.base() : nullptr);
+ invalidOffset, conditionSet, WTFMove(prototypeAccessChain), isProxy, slot.customSetter().retagged<CustomAccessorPtrTag>(), slot.base() != baseValue ? slot.base() : nullptr);
} else {
ASSERT(slot.isCacheableSetter());
ObjectPropertyConditionSet conditionSet;
Modified: trunk/Source/_javascript_Core/jit/ThunkGenerators.cpp (270763 => 270764)
--- trunk/Source/_javascript_Core/jit/ThunkGenerators.cpp 2020-12-14 10:17:00 UTC (rev 270763)
+++ trunk/Source/_javascript_Core/jit/ThunkGenerators.cpp 2020-12-14 10:32:10 UTC (rev 270764)
@@ -29,6 +29,7 @@
#include "JITOperations.h"
#include "JITThunks.h"
#include "JSBoundFunction.h"
+#include "LLIntThunks.h"
#include "MaxFrameExtentForSlowPathCall.h"
#include "SpecializedThunkJIT.h"
#include <wtf/InlineASM.h>
@@ -291,11 +292,25 @@
auto hasExecutable = jit.branchTestPtr(CCallHelpers::Zero, GPRInfo::argumentGPR2, CCallHelpers::TrustedImm32(JSFunction::rareDataTag));
jit.loadPtr(CCallHelpers::Address(GPRInfo::argumentGPR2, FunctionRareData::offsetOfExecutable() - JSFunction::rareDataTag), GPRInfo::argumentGPR2);
hasExecutable.link(&jit);
- jit.call(CCallHelpers::Address(GPRInfo::argumentGPR2, executableOffsetToFunction), HostFunctionPtrTag);
+ if (Options::useJITCage()) {
+ jit.loadPtr(CCallHelpers::Address(GPRInfo::argumentGPR2, executableOffsetToFunction), GPRInfo::argumentGPR2);
+ auto operationCall = jit.call(OperationPtrTag);
+ jit.addLinkTask([=] (LinkBuffer& linkBuffer) {
+ linkBuffer.link(operationCall, FunctionPtr<OperationPtrTag>(vmEntryHostFunction));
+ });
+ } else
+ jit.call(CCallHelpers::Address(GPRInfo::argumentGPR2, executableOffsetToFunction), HostFunctionPtrTag);
} else {
ASSERT(thunkFunctionType == ThunkFunctionType::InternalFunction);
jit.loadPtr(CCallHelpers::Address(GPRInfo::argumentGPR2, InternalFunction::offsetOfGlobalObject()), GPRInfo::argumentGPR0);
- jit.call(CCallHelpers::Address(GPRInfo::argumentGPR2, InternalFunction::offsetOfNativeFunctionFor(kind)), HostFunctionPtrTag);
+ if (Options::useJITCage()) {
+ jit.loadPtr(CCallHelpers::Address(GPRInfo::argumentGPR2, InternalFunction::offsetOfNativeFunctionFor(kind)), GPRInfo::argumentGPR2);
+ auto operationCall = jit.call(OperationPtrTag);
+ jit.addLinkTask([=] (LinkBuffer& linkBuffer) {
+ linkBuffer.link(operationCall, FunctionPtr<OperationPtrTag>(vmEntryHostFunction));
+ });
+ } else
+ jit.call(CCallHelpers::Address(GPRInfo::argumentGPR2, InternalFunction::offsetOfNativeFunctionFor(kind)), HostFunctionPtrTag);
}
#if CPU(X86_64) && OS(WINDOWS)
Modified: trunk/Source/_javascript_Core/jsc.cpp (270763 => 270764)
--- trunk/Source/_javascript_Core/jsc.cpp 2020-12-14 10:17:00 UTC (rev 270763)
+++ trunk/Source/_javascript_Core/jsc.cpp 2020-12-14 10:32:10 UTC (rev 270764)
@@ -3481,8 +3481,6 @@
}
#if ENABLE(JIT_OPERATION_VALIDATION)
-extern const uintptr_t startOfHostFunctionsInShell __asm("section$start$__DATA_CONST$__jsc_host");
-extern const uintptr_t endOfHostFunctionsInShell __asm("section$end$__DATA_CONST$__jsc_host");
extern const uintptr_t startOfJITOperationsInShell __asm("section$start$__DATA_CONST$__jsc_ops");
extern const uintptr_t endOfJITOperationsInShell __asm("section$end$__DATA_CONST$__jsc_ops");
#endif
@@ -3507,7 +3505,7 @@
JSC::initialize();
#if ENABLE(JIT_OPERATION_VALIDATION)
- JSC::JITOperationList::populatePointersInEmbedder(&startOfHostFunctionsInShell, &endOfHostFunctionsInShell, &startOfJITOperationsInShell, &endOfJITOperationsInShell);
+ JSC::JITOperationList::populatePointersInEmbedder(&startOfJITOperationsInShell, &endOfJITOperationsInShell);
#endif
initializeTimeoutIfNeeded();
Modified: trunk/Source/_javascript_Core/llint/LLIntData.cpp (270763 => 270764)
--- trunk/Source/_javascript_Core/llint/LLIntData.cpp 2020-12-14 10:17:00 UTC (rev 270763)
+++ trunk/Source/_javascript_Core/llint/LLIntData.cpp 2020-12-14 10:32:10 UTC (rev 270764)
@@ -56,7 +56,6 @@
#if ENABLE(JIT_CAGE)
extern "C" void vmEntryToJavaScriptTrampoline(void);
-extern "C" void vmEntryToNativeTrampoline(void);
extern "C" void tailCallJSEntryTrampoline(void);
extern "C" void tailCallJSEntrySlowPathTrampoline(void);
extern "C" void exceptionHandlerTrampoline(void);
@@ -151,14 +150,6 @@
{
static LazyNeverDestroyed<MacroAssemblerCodeRef<NativeToJITGatePtrTag>> codeRef;
if (Options::useJIT())
- codeRef.construct(createJSGateThunk(retagCodePtr<void*, CFunctionPtrTag, OperationPtrTag>(vmEntryToNativeGateAfter), HostFunctionPtrTag, "vmEntryToNative"));
- else
- codeRef.construct(MacroAssemblerCodeRef<NativeToJITGatePtrTag>::createSelfManagedCodeRef(MacroAssemblerCodePtr<NativeToJITGatePtrTag>::createFromExecutableAddress(retagCodePtr<void*, CFunctionPtrTag, NativeToJITGatePtrTag>(&vmEntryToNativeTrampoline))));
- g_jscConfig.llint.gateMap[static_cast<unsigned>(Gate::vmEntryToNative)] = codeRef.get().code().executableAddress();
- }
- {
- static LazyNeverDestroyed<MacroAssemblerCodeRef<NativeToJITGatePtrTag>> codeRef;
- if (Options::useJIT())
codeRef.construct(createTailCallGate(JSEntryPtrTag));
else
codeRef.construct(MacroAssemblerCodeRef<NativeToJITGatePtrTag>::createSelfManagedCodeRef(MacroAssemblerCodePtr<NativeToJITGatePtrTag>::createFromExecutableAddress(retagCodePtr<void*, CFunctionPtrTag, NativeToJITGatePtrTag>(&tailCallJSEntryTrampoline))));
Modified: trunk/Source/_javascript_Core/llint/LLIntThunks.cpp (270763 => 270764)
--- trunk/Source/_javascript_Core/llint/LLIntThunks.cpp 2020-12-14 10:17:00 UTC (rev 270763)
+++ trunk/Source/_javascript_Core/llint/LLIntThunks.cpp 2020-12-14 10:32:10 UTC (rev 270764)
@@ -53,11 +53,12 @@
JSC_ANNOTATE_LLINT_JIT_OPERATION(vmEntryToJavaScript);
JSC_ANNOTATE_LLINT_JIT_OPERATION(vmEntryToNative);
JSC_ANNOTATE_LLINT_JIT_OPERATION(vmEntryToJavaScriptGateAfter);
-JSC_ANNOTATE_LLINT_JIT_OPERATION(vmEntryToNativeGateAfter);
JSC_ANNOTATE_LLINT_JIT_OPERATION(llint_function_for_call_arity_checkUntagGateAfter);
JSC_ANNOTATE_LLINT_JIT_OPERATION(llint_function_for_call_arity_checkTagGateAfter);
JSC_ANNOTATE_LLINT_JIT_OPERATION(llint_function_for_construct_arity_checkUntagGateAfter);
JSC_ANNOTATE_LLINT_JIT_OPERATION(llint_function_for_construct_arity_checkTagGateAfter);
+JSC_ANNOTATE_LLINT_JIT_OPERATION(vmEntryCustomAccessor);
+JSC_ANNOTATE_LLINT_JIT_OPERATION(vmEntryHostFunction);
#endif
Modified: trunk/Source/_javascript_Core/llint/LLIntThunks.h (270763 => 270764)
--- trunk/Source/_javascript_Core/llint/LLIntThunks.h 2020-12-14 10:17:00 UTC (rev 270763)
+++ trunk/Source/_javascript_Core/llint/LLIntThunks.h 2020-12-14 10:32:10 UTC (rev 270764)
@@ -38,6 +38,8 @@
extern "C" {
EncodedJSValue vmEntryToJavaScript(void*, VM*, ProtoCallFrame*);
EncodedJSValue vmEntryToNative(void*, VM*, ProtoCallFrame*);
+ EncodedJSValue vmEntryCustomAccessor(CPURegister, CPURegister, CPURegister, CPURegister);
+ EncodedJSValue vmEntryHostFunction(JSGlobalObject*, CallFrame*, void*);
}
#if ENABLE(JIT_CAGE)
@@ -44,7 +46,6 @@
extern "C" {
void jitCagePtrGateAfter(void);
void vmEntryToJavaScriptGateAfter(void);
- void vmEntryToNativeGateAfter(void);
void llint_function_for_call_arity_checkUntagGateAfter(void);
void llint_function_for_call_arity_checkTagGateAfter(void);
Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter.asm (270763 => 270764)
--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter.asm 2020-12-14 10:17:00 UTC (rev 270763)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter.asm 2020-12-14 10:32:10 UTC (rev 270764)
@@ -255,6 +255,7 @@
# Pointer Tags
const AddressDiversified = 1
const BytecodePtrTag = constexpr BytecodePtrTag
+const CustomAccessorPtrTag = constexpr CustomAccessorPtrTag
const JSEntryPtrTag = constexpr JSEntryPtrTag
const HostFunctionPtrTag = constexpr HostFunctionPtrTag
const JSEntrySlowPathPtrTag = constexpr JSEntrySlowPathPtrTag
@@ -1612,6 +1613,16 @@
functionEpilogue()
ret
+# a0, a1, a2 are used. a3 contains function address.
+global _vmEntryCustomAccessor
+_vmEntryCustomAccessor:
+ jmp a3, CustomAccessorPtrTag
+
+# a0 and a1 are used. a2 contains function address.
+global _vmEntryHostFunction
+_vmEntryHostFunction:
+ jmp a2, HostFunctionPtrTag
+
# unsigned vmEntryToCSSJIT(uintptr_t, uintptr_t, uintptr_t, const void* codePtr);
if ARM64 or ARM64E
emit ".globl _vmEntryToCSSJIT"
Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm (270763 => 270764)
--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm 2020-12-14 10:17:00 UTC (rev 270763)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm 2020-12-14 10:32:10 UTC (rev 270764)
@@ -336,20 +336,9 @@
subp 32, sp
call temp1, HostFunctionPtrTag
addp 32, sp
- elsif ARM64E
- move temp1, t3
- leap JSCConfig + constexpr JSC::offsetOfJSCConfigGateMap + (constexpr Gate::vmEntryToNative) * PtrSize, a2
- jmp [a2], NativeToJITGatePtrTag # HostFunctionPtrTag
- global _vmEntryToNativeTrampoline
- _vmEntryToNativeTrampoline:
- call t3, HostFunctionPtrTag
else
call temp1, HostFunctionPtrTag
end
- if ARM64E
- global _vmEntryToNativeGateAfter
- _vmEntryToNativeGateAfter:
- end
end
op(llint_handle_uncaught_exception, macro ()
Modified: trunk/Source/_javascript_Core/runtime/Gate.h (270763 => 270764)
--- trunk/Source/_javascript_Core/runtime/Gate.h 2020-12-14 10:17:00 UTC (rev 270763)
+++ trunk/Source/_javascript_Core/runtime/Gate.h 2020-12-14 10:32:10 UTC (rev 270764)
@@ -43,7 +43,6 @@
v(llint_function_for_construct_arity_checkUntag, NoPtrTag) \
v(llint_function_for_construct_arity_checkTag, NoPtrTag) \
v(vmEntryToJavaScript, JSEntryPtrTag) \
- v(vmEntryToNative, HostFunctionPtrTag) \
#define JSC_JS_GATE_OPCODES(v) \
v(op_call, JSEntryPtrTag) \
Modified: trunk/Source/_javascript_Core/runtime/JSCPtrTag.h (270763 => 270764)
--- trunk/Source/_javascript_Core/runtime/JSCPtrTag.h 2020-12-14 10:17:00 UTC (rev 270763)
+++ trunk/Source/_javascript_Core/runtime/JSCPtrTag.h 2020-12-14 10:32:10 UTC (rev 270764)
@@ -43,7 +43,6 @@
/* Callee:Native Caller:None */ \
v(DOMJITFunctionPtrTag, PtrTagCalleeType::Native, PtrTagCallerType::None) \
v(DisassemblyPtrTag, PtrTagCalleeType::Native, PtrTagCallerType::None) \
- v(PutValuePtrTag, PtrTagCalleeType::Native, PtrTagCallerType::None) \
/* Callee:JIT Caller:None */ \
v(B3CompilationPtrTag, PtrTagCalleeType::JIT, PtrTagCallerType::None) \
v(ExecutableMemoryPtrTag, PtrTagCalleeType::JIT, PtrTagCallerType::None) \
@@ -54,6 +53,8 @@
v(YarrMatchOnly16BitPtrTag, PtrTagCalleeType::JIT, PtrTagCallerType::None) \
/* Callee:Native Caller:Native */ \
v(BytecodePtrTag, PtrTagCalleeType::Native, PtrTagCallerType::Native) \
+ v(CustomAccessorPtrTag, PtrTagCalleeType::Native, PtrTagCallerType::Native) \
+ v(HostFunctionPtrTag, PtrTagCalleeType::Native, PtrTagCallerType::Native) \
v(JITProbePtrTag, PtrTagCalleeType::Native, PtrTagCallerType::Native) \
v(JITProbeExecutorPtrTag, PtrTagCalleeType::Native, PtrTagCallerType::Native) \
v(JITProbeStackInitializationFunctionPtrTag, PtrTagCalleeType::Native, PtrTagCallerType::Native) \
@@ -62,7 +63,6 @@
v(YarrEntryPtrTag, PtrTagCalleeType::JIT, PtrTagCallerType::Native) \
v(CSSSelectorPtrTag, PtrTagCalleeType::JIT, PtrTagCallerType::Native) \
/* Callee:Native Caller:JIT */ \
- v(HostFunctionPtrTag, PtrTagCalleeType::Native, PtrTagCallerType::JIT) \
v(OperationPtrTag, PtrTagCalleeType::Native, PtrTagCallerType::JIT) \
/* Callee:JIT Caller:JIT */ \
v(ExceptionHandlerPtrTag, PtrTagCalleeType::JIT, PtrTagCallerType::JIT) \
@@ -124,11 +124,8 @@
{
static_assert(callerType == PtrTagCallerType::JIT);
if constexpr (calleeType == PtrTagCalleeType::Native) {
- static_assert(tag == OperationPtrTag || tag == HostFunctionPtrTag);
- if constexpr (tag == OperationPtrTag)
- JITOperationList::instance().assertIsJITOperation(ptr);
- else if constexpr (tag == HostFunctionPtrTag)
- JITOperationList::instance().assertIsHostFunction(ptr);
+ static_assert(tag == OperationPtrTag);
+ JITOperationList::instance().assertIsJITOperation(ptr);
#if ENABLE(JIT_CAGE)
if (Options::useJITCage())
return bitwise_cast<PtrType>(JITOperationList::instance().map(bitwise_cast<void*>(ptr)));
@@ -145,11 +142,8 @@
{
static_assert(callerType == PtrTagCallerType::JIT);
if constexpr (calleeType == PtrTagCalleeType::Native) {
- static_assert(tag == OperationPtrTag || tag == HostFunctionPtrTag);
- if constexpr (tag == OperationPtrTag)
- JITOperationList::instance().assertIsJITOperation(ptr);
- else if constexpr (tag == HostFunctionPtrTag)
- JITOperationList::instance().assertIsHostFunction(ptr);
+ static_assert(tag == OperationPtrTag);
+ JITOperationList::instance().assertIsJITOperation(ptr);
#if ENABLE(JIT_CAGE)
if (Options::useJITCage()) {
RELEASE_ASSERT(bitwise_cast<PtrType>(JITOperationList::instance().map(bitwise_cast<void*>(ptr))) == ptr);
Modified: trunk/Source/_javascript_Core/runtime/PropertySlot.h (270763 => 270764)
--- trunk/Source/_javascript_Core/runtime/PropertySlot.h 2020-12-14 10:17:00 UTC (rev 270763)
+++ trunk/Source/_javascript_Core/runtime/PropertySlot.h 2020-12-14 10:32:10 UTC (rev 270764)
@@ -122,6 +122,7 @@
}
using GetValueFunc = EncodedJSValue(JIT_OPERATION_ATTRIBUTES*)(JSGlobalObject*, EncodedJSValue thisValue, PropertyName);
+ using GetValueFuncWithPtr = EncodedJSValue(JIT_OPERATION_ATTRIBUTES*)(JSGlobalObject*, EncodedJSValue thisValue, PropertyName, void*);
JSValue getValue(JSGlobalObject*, PropertyName) const;
JSValue getValue(JSGlobalObject*, uint64_t propertyName) const;
Modified: trunk/Source/_javascript_Core/runtime/PutPropertySlot.h (270763 => 270764)
--- trunk/Source/_javascript_Core/runtime/PutPropertySlot.h 2020-12-14 10:17:00 UTC (rev 270763)
+++ trunk/Source/_javascript_Core/runtime/PutPropertySlot.h 2020-12-14 10:32:10 UTC (rev 270764)
@@ -38,7 +38,8 @@
public:
enum Type : uint8_t { Uncachable, ExistingProperty, NewProperty, SetterProperty, CustomValue, CustomAccessor };
enum Context { UnknownContext, PutById, PutByIdEval };
- typedef bool (*PutValueFunc)(JSGlobalObject*, EncodedJSValue thisObject, EncodedJSValue value);
+ using PutValueFunc = bool (*)(JSGlobalObject*, EncodedJSValue thisObject, EncodedJSValue value);
+ using PutValueFuncWithPtr = bool (*)(JSGlobalObject*, EncodedJSValue thisObject, EncodedJSValue value, void*);
PutPropertySlot(JSValue thisValue, bool isStrictMode = false, Context context = UnknownContext, bool isInitialization = false)
: m_base(nullptr)
@@ -97,7 +98,7 @@
m_isStrictMode = value;
}
- FunctionPtr<PutValuePtrTag> customSetter() const
+ FunctionPtr<CustomAccessorPtrTag> customSetter() const
{
ASSERT(isCacheableCustom());
return m_putFunction;
@@ -137,7 +138,7 @@
Type m_type;
uint8_t m_context;
CacheabilityType m_cacheability;
- FunctionPtr<PutValuePtrTag> m_putFunction;
+ FunctionPtr<CustomAccessorPtrTag> m_putFunction;
};
} // namespace JSC
Modified: trunk/Source/_javascript_Core/runtime/VM.cpp (270763 => 270764)
--- trunk/Source/_javascript_Core/runtime/VM.cpp 2020-12-14 10:17:00 UTC (rev 270763)
+++ trunk/Source/_javascript_Core/runtime/VM.cpp 2020-12-14 10:32:10 UTC (rev 270764)
@@ -835,7 +835,6 @@
{
#if ENABLE(JIT)
if (Options::useJIT()) {
- JITOperationList::assertIsHostFunction(function);
return jitStubs->hostFunctionStub(
*this, function, constructor,
intrinsic != NoIntrinsic ? thunkGeneratorForIntrinsic(intrinsic) : nullptr,
Modified: trunk/Source/WTF/ChangeLog (270763 => 270764)
--- trunk/Source/WTF/ChangeLog 2020-12-14 10:17:00 UTC (rev 270763)
+++ trunk/Source/WTF/ChangeLog 2020-12-14 10:32:10 UTC (rev 270764)
@@ -1,3 +1,12 @@
+2020-12-13 Yusuke Suzuki <[email protected]>
+
+ [JSC] Introduce vmEntryCustomAccessor and vmEntryHostFunction for JITCage
+ https://bugs.webkit.org/show_bug.cgi?id=219847
+
+ Reviewed by Mark Lam.
+
+ * wtf/PlatformCallingConventions.h:
+
2020-12-14 Youenn Fablet <[email protected]>
Pass an isolated copy of Settings to workers and worklets.
Modified: trunk/Source/WTF/wtf/PlatformCallingConventions.h (270763 => 270764)
--- trunk/Source/WTF/wtf/PlatformCallingConventions.h 2020-12-14 10:17:00 UTC (rev 270763)
+++ trunk/Source/WTF/wtf/PlatformCallingConventions.h 2020-12-14 10:32:10 UTC (rev 270764)
@@ -42,12 +42,7 @@
#define JSC_HOST_CALL_ATTRIBUTES
#endif
-#if ENABLE(JIT_OPERATION_VALIDATION)
-#define JSC_ANNOTATE_HOST_FUNCTION(functionId, function) \
- constexpr auto functionId __attribute__((used, section("__DATA_CONST,__jsc_host"))) = function;
-#else
#define JSC_ANNOTATE_HOST_FUNCTION(functionId, function)
-#endif
#define JSC_DEFINE_HOST_FUNCTION_WITH_ATTRIBUTES(functionName, attributes, parameters) \
JSC_ANNOTATE_HOST_FUNCTION(_JITTarget_##functionName, static_cast<JSC::EncodedJSValue(*)parameters>(functionName)); \
@@ -96,6 +91,9 @@
#define JSC_ANNOTATE_JIT_OPERATION(functionId, function)
#endif
+
+#define JSC_DEFINE_JIT_OPERATION_WITHOUT_VARIABLE(functionName, returnType, parameters) \
+ returnType JIT_OPERATION_ATTRIBUTES functionName parameters
#define JSC_DEFINE_JIT_OPERATION_WITH_ATTRIBUTES(functionName, attributes, returnType, parameters) \
JSC_ANNOTATE_JIT_OPERATION(_JITTarget_##functionName, static_cast<returnType(*)parameters>(functionName)); \
attributes returnType JIT_OPERATION_ATTRIBUTES functionName parameters
@@ -108,5 +106,5 @@
#define JSC_DECLARE_CUSTOM_GETTER(functionName) JSC_DECLARE_JIT_OPERATION_WITHOUT_WTF_INTERNAL(functionName, JSC::EncodedJSValue, (JSC::JSGlobalObject*, JSC::EncodedJSValue, JSC::PropertyName))
#define JSC_DECLARE_CUSTOM_SETTER(functionName) JSC_DECLARE_JIT_OPERATION_WITHOUT_WTF_INTERNAL(functionName, bool, (JSC::JSGlobalObject*, JSC::EncodedJSValue, JSC::EncodedJSValue))
-#define JSC_DEFINE_CUSTOM_GETTER(functionName, parameters) JSC_DEFINE_JIT_OPERATION(functionName, JSC::EncodedJSValue, parameters)
-#define JSC_DEFINE_CUSTOM_SETTER(functionName, parameters) JSC_DEFINE_JIT_OPERATION(functionName, bool, parameters)
+#define JSC_DEFINE_CUSTOM_GETTER(functionName, parameters) JSC_DEFINE_JIT_OPERATION_WITHOUT_VARIABLE(functionName, JSC::EncodedJSValue, parameters)
+#define JSC_DEFINE_CUSTOM_SETTER(functionName, parameters) JSC_DEFINE_JIT_OPERATION_WITHOUT_VARIABLE(functionName, bool, parameters)
Modified: trunk/Source/WebCore/ChangeLog (270763 => 270764)
--- trunk/Source/WebCore/ChangeLog 2020-12-14 10:17:00 UTC (rev 270763)
+++ trunk/Source/WebCore/ChangeLog 2020-12-14 10:32:10 UTC (rev 270764)
@@ -1,3 +1,15 @@
+2020-12-13 Yusuke Suzuki <[email protected]>
+
+ [JSC] Introduce vmEntryCustomAccessor and vmEntryHostFunction for JITCage
+ https://bugs.webkit.org/show_bug.cgi?id=219847
+
+ Reviewed by Mark Lam.
+
+ * bindings/js/WebCoreJITOperations.cpp:
+ (WebCore::populateJITOperations):
+ * testing/js/WebCoreTestSupport.cpp:
+ (WebCoreTestSupport::populateJITOperations):
+
2020-12-14 Xabier Rodriguez Calvar <[email protected]>
[GStreamer][EME][Thunder] Opus should be supported by the decryptor
Modified: trunk/Source/WebCore/bindings/js/WebCoreJITOperations.cpp (270763 => 270764)
--- trunk/Source/WebCore/bindings/js/WebCoreJITOperations.cpp 2020-12-14 10:17:00 UTC (rev 270763)
+++ trunk/Source/WebCore/bindings/js/WebCoreJITOperations.cpp 2020-12-14 10:32:10 UTC (rev 270764)
@@ -31,8 +31,6 @@
namespace WebCore {
#if ENABLE(JIT_OPERATION_VALIDATION)
-extern const uintptr_t startOfHostFunctionsInWebCore __asm("section$start$__DATA_CONST$__jsc_host");
-extern const uintptr_t endOfHostFunctionsInWebCore __asm("section$end$__DATA_CONST$__jsc_host");
extern const uintptr_t startOfJITOperationsInWebCore __asm("section$start$__DATA_CONST$__jsc_ops");
extern const uintptr_t endOfJITOperationsInWebCore __asm("section$end$__DATA_CONST$__jsc_ops");
#endif
@@ -42,7 +40,7 @@
#if ENABLE(JIT_OPERATION_VALIDATION)
static std::once_flag onceKey;
std::call_once(onceKey, [] {
- JSC::JITOperationList::populatePointersInEmbedder(&startOfHostFunctionsInWebCore, &endOfHostFunctionsInWebCore, &startOfJITOperationsInWebCore, &endOfJITOperationsInWebCore);
+ JSC::JITOperationList::populatePointersInEmbedder(&startOfJITOperationsInWebCore, &endOfJITOperationsInWebCore);
});
#endif
}
Modified: trunk/Source/WebCore/testing/js/WebCoreTestSupport.cpp (270763 => 270764)
--- trunk/Source/WebCore/testing/js/WebCoreTestSupport.cpp 2020-12-14 10:17:00 UTC (rev 270763)
+++ trunk/Source/WebCore/testing/js/WebCoreTestSupport.cpp 2020-12-14 10:32:10 UTC (rev 270764)
@@ -242,8 +242,6 @@
#endif
#if ENABLE(JIT_OPERATION_VALIDATION)
-extern const uintptr_t startOfHostFunctionsInWebCoreTestSupport __asm("section$start$__DATA_CONST$__jsc_host");
-extern const uintptr_t endOfHostFunctionsInWebCoreTestSupport __asm("section$end$__DATA_CONST$__jsc_host");
extern const uintptr_t startOfJITOperationsInWebCoreTestSupport __asm("section$start$__DATA_CONST$__jsc_ops");
extern const uintptr_t endOfJITOperationsInWebCoreTestSupport __asm("section$end$__DATA_CONST$__jsc_ops");
#endif
@@ -253,7 +251,7 @@
#if ENABLE(JIT_OPERATION_VALIDATION)
static std::once_flag onceKey;
std::call_once(onceKey, [] {
- JSC::JITOperationList::populatePointersInEmbedder(&startOfHostFunctionsInWebCoreTestSupport, &endOfHostFunctionsInWebCoreTestSupport, &startOfJITOperationsInWebCoreTestSupport, &endOfJITOperationsInWebCoreTestSupport);
+ JSC::JITOperationList::populatePointersInEmbedder(&startOfJITOperationsInWebCoreTestSupport, &endOfJITOperationsInWebCoreTestSupport);
});
#endif
}
Modified: trunk/Source/WebKit/ChangeLog (270763 => 270764)
--- trunk/Source/WebKit/ChangeLog 2020-12-14 10:17:00 UTC (rev 270763)
+++ trunk/Source/WebKit/ChangeLog 2020-12-14 10:32:10 UTC (rev 270764)
@@ -1,3 +1,13 @@
+2020-12-13 Yusuke Suzuki <[email protected]>
+
+ [JSC] Introduce vmEntryCustomAccessor and vmEntryHostFunction for JITCage
+ https://bugs.webkit.org/show_bug.cgi?id=219847
+
+ Reviewed by Mark Lam.
+
+ * Shared/WebKitJITOperations.cpp:
+ (WebKit::populateJITOperations):
+
2020-12-13 Andy Estes <[email protected]>
[Mac] Create a MediaToolbox format reader plug-in for WebM
Modified: trunk/Source/WebKit/Shared/WebKitJITOperations.cpp (270763 => 270764)
--- trunk/Source/WebKit/Shared/WebKitJITOperations.cpp 2020-12-14 10:17:00 UTC (rev 270763)
+++ trunk/Source/WebKit/Shared/WebKitJITOperations.cpp 2020-12-14 10:32:10 UTC (rev 270764)
@@ -31,8 +31,6 @@
namespace WebKit {
#if ENABLE(JIT_OPERATION_VALIDATION)
-extern const uintptr_t startOfHostFunctionsInWebKit __asm("section$start$__DATA_CONST$__jsc_host");
-extern const uintptr_t endOfHostFunctionsInWebKit __asm("section$end$__DATA_CONST$__jsc_host");
extern const uintptr_t startOfJITOperationsInWebKit __asm("section$start$__DATA_CONST$__jsc_ops");
extern const uintptr_t endOfJITOperationsInWebKit __asm("section$end$__DATA_CONST$__jsc_ops");
#endif
@@ -42,7 +40,7 @@
#if ENABLE(JIT_OPERATION_VALIDATION)
static std::once_flag onceKey;
std::call_once(onceKey, [] {
- JSC::JITOperationList::populatePointersInEmbedder(&startOfHostFunctionsInWebKit, &endOfHostFunctionsInWebKit, &startOfJITOperationsInWebKit, &endOfJITOperationsInWebKit);
+ JSC::JITOperationList::populatePointersInEmbedder(&startOfJITOperationsInWebKit, &endOfJITOperationsInWebKit);
});
#endif
}
