[webkit-changes] [161084] branches/jsCStack/Source/JavaScriptCore

Wed, 25 Dec 2013 23:13:52 -0800

Title: [161084] branches/jsCStack/Source/_javascript_Core
Revision
161084
Author
[email protected]
Date
2013-12-25 23:17:13 -0800 (Wed, 25 Dec 2013)

Log Message

jsc-layout-tests.yaml/js/script-tests/function-apply-aliased.js.layout-no-cjit is failing.
https://bugs.webkit.org/show_bug.cgi?id=126174.

Not yet reviewed.

When we do a stack check in a function prologue, the activation object
in the frame hasn't been set yet. The test failures came from the stack
unwinding code trying to tear off the frame to a non-existant activation
object. Since we haven't entered the function yet and the frame is
technically not fully "pushed" yet, we can throw i.e. start the unwinding
from the caller frame instead. This fixes the issue.

* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
- When we have a StackOverflowError, return the caller's CallFrame in
  the second value in the SlowPathReturnType.
* llint/LowLevelInterpreter.asm:
- Check if the second value of the SlowPathReturnType from the stack
  check is 0. If not 0, set the cfr to the returned CallFrame* before
  we start handling the StackOverflowError and unwinding the stack.

Modified Paths

Diff

Modified: branches/jsCStack/Source/_javascript_Core/ChangeLog (161083 => 161084)


--- branches/jsCStack/Source/_javascript_Core/ChangeLog	2013-12-26 05:12:00 UTC (rev 161083)
+++ branches/jsCStack/Source/_javascript_Core/ChangeLog	2013-12-26 07:17:13 UTC (rev 161084)
@@ -1,3 +1,26 @@
+2013-12-25  Mark Lam  <[email protected]>
+
+        jsc-layout-tests.yaml/js/script-tests/function-apply-aliased.js.layout-no-cjit is failing.
+        https://bugs.webkit.org/show_bug.cgi?id=126174.
+
+        Not yet reviewed.
+
+        When we do a stack check in a function prologue, the activation object
+        in the frame hasn't been set yet. The test failures came from the stack
+        unwinding code trying to tear off the frame to a non-existant activation
+        object. Since we haven't entered the function yet and the frame is
+        technically not fully "pushed" yet, we can throw i.e. start the unwinding
+        from the caller frame instead. This fixes the issue.
+
+        * llint/LLIntSlowPaths.cpp:
+        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+        - When we have a StackOverflowError, return the caller's CallFrame in
+          the second value in the SlowPathReturnType.
+        * llint/LowLevelInterpreter.asm:
+        - Check if the second value of the SlowPathReturnType from the stack
+          check is 0. If not 0, set the cfr to the returned CallFrame* before
+          we start handling the StackOverflowError and unwinding the stack.
+
 2013-12-24  Michael Saboff  <[email protected]>
 
         CStack Branch: ecma/ExecutionContexts/10.1.4-2.js test fails

Modified: branches/jsCStack/Source/_javascript_Core/llint/LLIntSlowPaths.cpp (161083 => 161084)


--- branches/jsCStack/Source/_javascript_Core/llint/LLIntSlowPaths.cpp	2013-12-26 05:12:00 UTC (rev 161083)
+++ branches/jsCStack/Source/_javascript_Core/llint/LLIntSlowPaths.cpp	2013-12-26 07:17:13 UTC (rev 161084)
@@ -442,20 +442,32 @@
     dataLogF("Current end is at %p.\n", exec->vm().interpreter->stack().end());
 #endif
 
+    // This stack check is done in the prologue for a function call, and the
+    // CallFrame is not completely set up yet. For example, if the frame needs
+    // an activation object, the activation object will only be set up after
+    // we start executing the function. If we need to throw a StackOverflowError
+    // here, then we need to tell the prologue to start the stack unwinding from
+    // the caller frame (which is fully set up) instead. To do that, we return
+    // the caller's CallFrame in the second return value.
+    //
+    // If the stack check succeeds and we don't need to throw the error, then
+    // we'll return 0 instead. The prologue will check for a non-zero value
+    // when determining whether to set the callFrame or not.
+
     // For JIT enabled builds which uses the C stack, the stack is not growable.
     // Hence, if we get here, then we know a stack overflow is imminent. So, just
     // throw the StackOverflowError unconditionally.
 #if ENABLE(LLINT_C_LOOP)
     ASSERT(!exec->vm().interpreter->stack().containsAddress(exec->topOfFrame()));
-    if (UNLIKELY(!vm.interpreter->stack().ensureCapacityFor(exec->topOfFrame())))
+    if (LIKELY(vm.interpreter->stack().ensureCapacityFor(exec->topOfFrame())))
+        LLINT_RETURN_TWO(pc, 0);
 #endif
-    {
-        exec = exec->callerFrame();
-        Interpreter::ErrorHandlingMode mode(exec);
-        CommonSlowPaths::interpreterThrowInCaller(exec, createStackOverflowError(exec));
-        pc = returnToThrowForThrownException(exec);
-    }
-    LLINT_END_IMPL();
+
+    exec = exec->callerFrame();
+    Interpreter::ErrorHandlingMode mode(exec);
+    CommonSlowPaths::interpreterThrowInCaller(exec, createStackOverflowError(exec));
+    pc = returnToThrowForThrownException(exec);
+    LLINT_RETURN_TWO(pc, exec);
 }
 
 LLINT_SLOW_PATH_DECL(slow_path_create_activation)

Modified: branches/jsCStack/Source/_javascript_Core/llint/LowLevelInterpreter.asm (161083 => 161084)


--- branches/jsCStack/Source/_javascript_Core/llint/LowLevelInterpreter.asm	2013-12-26 05:12:00 UTC (rev 161083)
+++ branches/jsCStack/Source/_javascript_Core/llint/LowLevelInterpreter.asm	2013-12-26 07:17:13 UTC (rev 161084)
@@ -433,6 +433,8 @@
 
     # Stack height check failed - need to call a slow_path.
     callSlowPath(_llint_stack_check)
+    bpeq t1, 0, .stackHeightOK
+    move t1, cfr
 .stackHeightOK:
 end
 

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to