Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (107859 => 107860)
--- trunk/Source/_javascript_Core/ChangeLog 2012-02-16 01:19:28 UTC (rev 107859)
+++ trunk/Source/_javascript_Core/ChangeLog 2012-02-16 01:29:12 UTC (rev 107860)
@@ -1,3 +1,39 @@
+2012-02-15 Oliver Hunt <oli...@apple.com>
+
+ Ensure that the DFG JIT always plants a CodeOrigin when making calls
+ https://bugs.webkit.org/show_bug.cgi?id=78763
+
+ Reviewed by Gavin Barraclough.
+
+ Make all calls plant a CodeOrigin prior to the actual
+ call. Also clobbers the Interpreter with logic to ensure
+ that the interpreter always plants a bytecode offset.
+
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::link):
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGJITCompiler.h:
+ (CallBeginToken):
+ (JSC::DFG::JITCompiler::beginJSCall):
+ (JSC::DFG::JITCompiler::beginCall):
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::tryBuildGetByIDList):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ * interpreter/AbstractPC.cpp:
+ (JSC::AbstractPC::AbstractPC):
+ * interpreter/CallFrame.cpp:
+ (JSC::CallFrame::trueCallFrame):
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::bytecodeOffsetForNonDFGCode):
+ (ExecState):
+ (JSC::ExecState::setBytecodeOffsetForNonDFGCode):
+ (JSC::ExecState::codeOriginIndexForDFG):
+
2012-02-14 Oliver Hunt <oli...@apple.com>
Fix Interpreter.
Modified: trunk/Source/_javascript_Core/dfg/DFGJITCompiler.cpp (107859 => 107860)
--- trunk/Source/_javascript_Core/dfg/DFGJITCompiler.cpp 2012-02-16 01:19:28 UTC (rev 107859)
+++ trunk/Source/_javascript_Core/dfg/DFGJITCompiler.cpp 2012-02-16 01:29:12 UTC (rev 107860)
@@ -134,28 +134,17 @@
m_codeBlock->callReturnIndexVector().append(CallReturnOffsetToBytecodeOffset(returnAddressOffset, exceptionInfo));
}
}
+
+ Vector<CodeOriginAtCallReturnOffset>& codeOrigins = m_codeBlock->codeOrigins();
+ codeOrigins.resize(m_exceptionChecks.size());
- unsigned numCallsFromInlineCode = 0;
for (unsigned i = 0; i < m_exceptionChecks.size(); ++i) {
- if (m_exceptionChecks[i].m_codeOrigin.inlineCallFrame)
- numCallsFromInlineCode++;
+ CallExceptionRecord& record = m_exceptionChecks[i];
+ unsigned returnAddressOffset = linkBuffer.returnAddressOffset(m_exceptionChecks[i].m_call);
+ codeOrigins[i].codeOrigin = record.m_codeOrigin;
+ codeOrigins[i].callReturnOffset = returnAddressOffset;
+ record.m_token.assertCodeOriginIndex(i);
}
-
- if (numCallsFromInlineCode) {
- Vector<CodeOriginAtCallReturnOffset>& codeOrigins = m_codeBlock->codeOrigins();
- codeOrigins.resize(numCallsFromInlineCode);
-
- for (unsigned i = 0, j = 0; i < m_exceptionChecks.size(); ++i) {
- CallExceptionRecord& record = m_exceptionChecks[i];
- if (record.m_codeOrigin.inlineCallFrame) {
- unsigned returnAddressOffset = linkBuffer.returnAddressOffset(m_exceptionChecks[i].m_call);
- codeOrigins[j].codeOrigin = record.m_codeOrigin;
- codeOrigins[j].callReturnOffset = returnAddressOffset;
- record.m_token.assertCodeOriginIndex(j);
- j++;
- }
- }
- }
m_codeBlock->setNumberOfStructureStubInfos(m_propertyAccesses.size());
for (unsigned i = 0; i < m_propertyAccesses.size(); ++i) {
@@ -254,7 +243,10 @@
registerFileCheck.link(this);
move(stackPointerRegister, GPRInfo::argumentGPR0);
poke(GPRInfo::callFrameRegister, OBJECT_OFFSETOF(struct JITStackFrame, callFrame) / sizeof(void*));
+
+ CallBeginToken token = beginCall();
Call callRegisterFileCheck = call();
+ notifyCall(callRegisterFileCheck, CodeOrigin(0), token);
jump(fromRegisterFileCheck);
// The fast entry point into a function does not check the correct number of arguments
@@ -269,7 +261,9 @@
branch32(AboveOrEqual, GPRInfo::regT1, Imm32(m_codeBlock->numParameters())).linkTo(fromArityCheck, this);
move(stackPointerRegister, GPRInfo::argumentGPR0);
poke(GPRInfo::callFrameRegister, OBJECT_OFFSETOF(struct JITStackFrame, callFrame) / sizeof(void*));
+ token = beginCall();
Call callArityCheck = call();
+ notifyCall(callArityCheck, CodeOrigin(0), token);
move(GPRInfo::regT0, GPRInfo::callFrameRegister);
jump(fromArityCheck);
Modified: trunk/Source/_javascript_Core/dfg/DFGJITCompiler.h (107859 => 107860)
--- trunk/Source/_javascript_Core/dfg/DFGJITCompiler.h 2012-02-16 01:19:28 UTC (rev 107859)
+++ trunk/Source/_javascript_Core/dfg/DFGJITCompiler.h 2012-02-16 01:29:12 UTC (rev 107860)
@@ -92,11 +92,7 @@
ASSERT_UNUSED(codeOriginIndex, codeOriginIndex < UINT_MAX);
ASSERT_UNUSED(codeOriginIndex, codeOriginIndex == m_codeOriginIndex);
}
-
- void assertNoCodeOriginIndex() const
- {
- ASSERT(m_codeOriginIndex == UINT_MAX);
- }
+
private:
#if !ASSERT_DISABLED
unsigned m_codeOriginIndex;
@@ -205,22 +201,16 @@
Graph& graph() { return m_graph; }
// Just get a token for beginning a call.
- CallBeginToken nextCallBeginToken(CodeOrigin codeOrigin)
+ CallBeginToken beginJSCall()
{
- if (!codeOrigin.inlineCallFrame)
- return CallBeginToken();
return CallBeginToken(m_currentCodeOriginIndex++);
}
// Get a token for beginning a call, and set the current code origin index in
// the call frame.
- CallBeginToken beginCall(CodeOrigin codeOrigin)
+ CallBeginToken beginCall()
{
- unsigned codeOriginIndex;
- if (!codeOrigin.inlineCallFrame)
- codeOriginIndex = UINT_MAX;
- else
- codeOriginIndex = m_currentCodeOriginIndex++;
+ unsigned codeOriginIndex = m_currentCodeOriginIndex++;
store32(TrustedImm32(codeOriginIndex), tagFor(static_cast<VirtualRegister>(RegisterFile::ArgumentCount)));
return CallBeginToken(codeOriginIndex);
}
Modified: trunk/Source/_javascript_Core/dfg/DFGRepatch.cpp (107859 => 107860)
--- trunk/Source/_javascript_Core/dfg/DFGRepatch.cpp 2012-02-16 01:19:28 UTC (rev 107859)
+++ trunk/Source/_javascript_Core/dfg/DFGRepatch.cpp 2012-02-16 01:29:12 UTC (rev 107860)
@@ -362,7 +362,7 @@
// place that we made it from. It just so happens to be the place that we are at
// right now!
stubJit.store32(
- MacroAssembler::TrustedImm32(exec->codeOriginIndexForDFGWithInlining()),
+ MacroAssembler::TrustedImm32(exec->codeOriginIndexForDFG()),
CCallHelpers::tagFor(static_cast<VirtualRegister>(RegisterFile::ArgumentCount)));
operationCall = stubJit.call();
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h (107859 => 107860)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h 2012-02-16 01:19:28 UTC (rev 107859)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h 2012-02-16 01:29:12 UTC (rev 107860)
@@ -1408,7 +1408,7 @@
JITCompiler::Call appendCallWithExceptionCheck(const FunctionPtr& function)
{
CodeOrigin codeOrigin = at(m_compileIndex).codeOrigin;
- CallBeginToken token = m_jit.beginCall(codeOrigin);
+ CallBeginToken token = m_jit.beginCall();
JITCompiler::Call call = m_jit.appendCall(function);
m_jit.addExceptionCheck(call, codeOrigin, token);
return call;
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp (107859 => 107860)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2012-02-16 01:19:28 UTC (rev 107859)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2012-02-16 01:29:12 UTC (rev 107860)
@@ -950,7 +950,7 @@
m_jit.addPtr(Imm32(m_jit.codeBlock()->m_numCalleeRegisters * sizeof(Register)), GPRInfo::callFrameRegister);
CodeOrigin codeOrigin = at(m_compileIndex).codeOrigin;
- CallBeginToken token = m_jit.nextCallBeginToken(codeOrigin);
+ CallBeginToken token = m_jit.beginJSCall();
JITCompiler::Call fastCall = m_jit.nearCall();
m_jit.notifyCall(fastCall, codeOrigin, token);
@@ -960,11 +960,11 @@
m_jit.addPtr(Imm32(m_jit.codeBlock()->m_numCalleeRegisters * sizeof(Register)), GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
m_jit.poke(GPRInfo::argumentGPR0);
- token = m_jit.beginCall(codeOrigin);
+ token = m_jit.beginCall();
JITCompiler::Call slowCall = m_jit.appendCall(slowCallFunction);
m_jit.addFastExceptionCheck(slowCall, codeOrigin, token);
m_jit.addPtr(Imm32(m_jit.codeBlock()->m_numCalleeRegisters * sizeof(Register)), GPRInfo::callFrameRegister);
- token = m_jit.nextCallBeginToken(codeOrigin);
+ token = m_jit.beginJSCall();
JITCompiler::Call theCall = m_jit.call(GPRInfo::returnValueGPR);
m_jit.notifyCall(theCall, codeOrigin, token);
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp (107859 => 107860)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2012-02-16 01:19:28 UTC (rev 107859)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2012-02-16 01:29:12 UTC (rev 107860)
@@ -951,7 +951,7 @@
m_jit.addPtr(Imm32(m_jit.codeBlock()->m_numCalleeRegisters * sizeof(Register)), GPRInfo::callFrameRegister);
CodeOrigin codeOrigin = at(m_compileIndex).codeOrigin;
- CallBeginToken token = m_jit.nextCallBeginToken(codeOrigin);
+ CallBeginToken token = m_jit.beginJSCall();
JITCompiler::Call fastCall = m_jit.nearCall();
m_jit.notifyCall(fastCall, codeOrigin, token);
@@ -960,11 +960,11 @@
slowPath.link(&m_jit);
m_jit.addPtr(Imm32(m_jit.codeBlock()->m_numCalleeRegisters * sizeof(Register)), GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
- token = m_jit.beginCall(codeOrigin);
+ token = m_jit.beginCall();
JITCompiler::Call slowCall = m_jit.appendCall(slowCallFunction);
m_jit.addFastExceptionCheck(slowCall, codeOrigin, token);
m_jit.addPtr(Imm32(m_jit.codeBlock()->m_numCalleeRegisters * sizeof(Register)), GPRInfo::callFrameRegister);
- token = m_jit.nextCallBeginToken(codeOrigin);
+ token = m_jit.beginJSCall();
JITCompiler::Call theCall = m_jit.call(GPRInfo::returnValueGPR);
m_jit.notifyCall(theCall, codeOrigin, token);
Modified: trunk/Source/_javascript_Core/interpreter/AbstractPC.cpp (107859 => 107860)
--- trunk/Source/_javascript_Core/interpreter/AbstractPC.cpp 2012-02-16 01:19:28 UTC (rev 107859)
+++ trunk/Source/_javascript_Core/interpreter/AbstractPC.cpp 2012-02-16 01:29:12 UTC (rev 107860)
@@ -46,6 +46,7 @@
#endif
#if ENABLE(INTERPRETER)
+ UNUSED_PARAM(globalData);
m_pointer = exec->returnVPC();
m_mode = Interpreter;
#endif
Modified: trunk/Source/_javascript_Core/interpreter/CallFrame.cpp (107859 => 107860)
--- trunk/Source/_javascript_Core/interpreter/CallFrame.cpp 2012-02-16 01:19:28 UTC (rev 107859)
+++ trunk/Source/_javascript_Core/interpreter/CallFrame.cpp 2012-02-16 01:29:12 UTC (rev 107860)
@@ -96,15 +96,15 @@
if (pc.isSet()) {
ReturnAddressPtr currentReturnPC = pc.jitReturnAddress();
- if (!machineCodeBlock->codeOriginForReturn(currentReturnPC, codeOrigin))
- return this; // Not currently in inlined code.
+ bool hasCodeOrigin = machineCodeBlock->codeOriginForReturn(currentReturnPC, codeOrigin);
+ ASSERT_UNUSED(hasCodeOrigin, hasCodeOrigin);
} else {
- unsigned index = codeOriginIndexForDFGWithInlining();
- if (index == UINT_MAX)
- return this; // Not currently in inlined code.
-
+ unsigned index = codeOriginIndexForDFG();
codeOrigin = machineCodeBlock->codeOrigin(index);
}
+
+ if (!codeOrigin.inlineCallFrame)
+ return this; // Not currently in inlined code.
for (InlineCallFrame* inlineCallFrame = codeOrigin.inlineCallFrame; inlineCallFrame;) {
InlineCallFrame* nextInlineCallFrame = inlineCallFrame->caller.inlineCallFrame;
Modified: trunk/Source/_javascript_Core/interpreter/CallFrame.h (107859 => 107860)
--- trunk/Source/_javascript_Core/interpreter/CallFrame.h 2012-02-16 01:19:28 UTC (rev 107859)
+++ trunk/Source/_javascript_Core/interpreter/CallFrame.h 2012-02-16 01:29:12 UTC (rev 107860)
@@ -106,11 +106,21 @@
ReturnAddressPtr returnPC() const { return ReturnAddressPtr(this[RegisterFile::ReturnPC].vPC()); }
#endif
AbstractPC abstractReturnPC(JSGlobalData& globalData) { return AbstractPC(globalData, this); }
- unsigned bytecodeOffsetForBaselineJIT() { return this[RegisterFile::ArgumentCount].tag(); }
+ unsigned bytecodeOffsetForNonDFGCode()
+ {
+ ASSERT(codeBlock());
+ return this[RegisterFile::ArgumentCount].tag();
+ }
+
+ void setBytecodeOffsetForNonDFGCode(unsigned offset)
+ {
+ ASSERT(codeBlock());
+ this[RegisterFile::ArgumentCount].tag() = static_cast<int32_t>(offset);
+ }
#if ENABLE(DFG_JIT)
InlineCallFrame* inlineCallFrame() const { return this[RegisterFile::ReturnPC].asInlineCallFrame(); }
- unsigned codeOriginIndexForDFGWithInlining() const { return this[RegisterFile::ArgumentCount].tag(); }
+ unsigned codeOriginIndexForDFG() const { return this[RegisterFile::ArgumentCount].tag(); }
#else
// This will never be called if !ENABLE(DFG_JIT) since all calls should be guarded by
// isInlineCallFrame(). But to make it easier to write code without having a bunch of
