Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (164068 => 164069)
--- trunk/Source/_javascript_Core/ChangeLog 2014-02-13 23:34:35 UTC (rev 164068)
+++ trunk/Source/_javascript_Core/ChangeLog 2014-02-13 23:35:08 UTC (rev 164069)
@@ -1,3 +1,25 @@
+2014-02-13 Michael Saboff <[email protected]>
+
+ Change FTL stack check to use VM's stackLimit
+ https://bugs.webkit.org/show_bug.cgi?id=128561
+
+ Reviewed by Filip Pizlo.
+
+ Changes FTL function entry to check the call frame register against the FTL
+ specific stack limit (VM::m_ftlStackLimit) and throw an exception if the
+ stack limit has been exceeded. Updated the exception handling code to have
+ a second entry that will unroll the current frame to the caller, since that
+ is where the exception should be processed.
+
+ * ftl/FTLCompile.cpp:
+ (JSC::FTL::fixFunctionBasedOnStackMaps):
+ * ftl/FTLIntrinsicRepository.h:
+ * ftl/FTLLowerDFGToLLVM.cpp:
+ (JSC::FTL::LowerDFGToLLVM::lower):
+ * ftl/FTLState.h:
+ * runtime/VM.h:
+ (JSC::VM::addressOfFTLStackLimit):
+
2014-02-13 Filip Pizlo <[email protected]>
GetByIdStatus shouldn't call takesSlowPathInDFGForImpureProperty() for self accesses, and calling that method should never assert about anything
Modified: trunk/Source/_javascript_Core/ftl/FTLCompile.cpp (164068 => 164069)
--- trunk/Source/_javascript_Core/ftl/FTLCompile.cpp 2014-02-13 23:34:35 UTC (rev 164068)
+++ trunk/Source/_javascript_Core/ftl/FTLCompile.cpp 2014-02-13 23:35:08 UTC (rev 164069)
@@ -207,19 +207,27 @@
VirtualRegister(codeBlock->argumentsRegister().offset() + localsOffset));
}
+ MacroAssembler::Label stackOverflowException;
+
{
CCallHelpers checkJIT(&vm, codeBlock);
// At this point it's perfectly fair to just blow away all state and restore the
// JS JIT view of the universe.
+ checkJIT.move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR1);
+
+ MacroAssembler::Label exceptionContinueArg1Set = checkJIT.label();
checkJIT.move(MacroAssembler::TrustedImm64(TagTypeNumber), GPRInfo::tagTypeNumberRegister);
checkJIT.move(MacroAssembler::TrustedImm64(TagMask), GPRInfo::tagMaskRegister);
-
+
checkJIT.move(MacroAssembler::TrustedImmPtr(&vm), GPRInfo::argumentGPR0);
- checkJIT.move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR1);
MacroAssembler::Call call = checkJIT.call();
checkJIT.jumpToExceptionHandler();
-
+
+ stackOverflowException = checkJIT.label();
+ checkJIT.emitGetCallerFrameFromCallFrameHeaderPtr(GPRInfo::argumentGPR1);
+ checkJIT.jump(exceptionContinueArg1Set);
+
OwnPtr<LinkBuffer> linkBuffer = adoptPtr(new LinkBuffer(
vm, &checkJIT, codeBlock, JITCompilationMustSucceed));
linkBuffer->link(call, FunctionPtr(lookupExceptionHandler));
@@ -412,6 +420,22 @@
}
RepatchBuffer repatchBuffer(codeBlock);
+
+ iter = recordMap.find(state.handleStackOverflowExceptionStackmapID);
+ // It's sort of remotely possible that we won't have an in-band exception handling
+ // path, for some kinds of functions.
+ if (iter != recordMap.end()) {
+ for (unsigned i = iter->value.size(); i--;) {
+ StackMaps::Record& record = iter->value[i];
+
+ CodeLocationLabel source = CodeLocationLabel(
+ bitwise_cast<char*>(generatedFunction) + record.instructionOffset);
+
+ RELEASE_ASSERT(stackOverflowException.isSet());
+
+ repatchBuffer.replaceWithJump(source, state.finalizer->handleExceptionsLinkBuffer->locationOf(stackOverflowException));
+ }
+ }
iter = recordMap.find(state.handleExceptionStackmapID);
// It's sort of remotely possible that we won't have an in-band exception handling
Modified: trunk/Source/_javascript_Core/ftl/FTLIntrinsicRepository.h (164068 => 164069)
--- trunk/Source/_javascript_Core/ftl/FTLIntrinsicRepository.h 2014-02-13 23:34:35 UTC (rev 164068)
+++ trunk/Source/_javascript_Core/ftl/FTLIntrinsicRepository.h 2014-02-13 23:35:08 UTC (rev 164069)
@@ -86,6 +86,7 @@
macro(V_JITOperation_EOZD, functionType(voidType, intPtr, intPtr, int32, doubleType)) \
macro(V_JITOperation_EOZJ, functionType(voidType, intPtr, intPtr, int32, int64)) \
macro(V_JITOperation_EC, functionType(voidType, intPtr, intPtr)) \
+ macro(V_JITOperation_ECb, functionType(voidType, intPtr, intPtr)) \
macro(V_JITOperation_EVws, functionType(voidType, intPtr, intPtr)) \
macro(Z_JITOperation_D, functionType(int32, doubleType))
Modified: trunk/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp (164068 => 164069)
--- trunk/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp 2014-02-13 23:34:35 UTC (rev 164068)
+++ trunk/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp 2014-02-13 23:35:08 UTC (rev 164069)
@@ -52,10 +52,6 @@
static std::atomic<int> compileCounter;
-// FIXME: Get rid of this and introduce a real stack check.
-// https://bugs.webkit.org/show_bug.cgi?id=125650
-static uintptr_t stackLimit;
-
// Using this instead of typeCheck() helps to reduce the load on LLVM, by creating
// significantly less dead code.
#define FTL_TYPE_CHECK(lowValue, highValue, typesPassedThrough, failCondition) do { \
@@ -140,13 +136,16 @@
m_out.storePtr(m_out.constIntPtr(codeBlock()), addressFor(JSStack::CodeBlock));
m_out.branch(
- m_out.below(m_callFrame, m_out.loadPtr(m_out.absolute(&stackLimit))),
+ m_out.below(m_callFrame, m_out.loadPtr(m_out.absolute(vm().addressOfFTLStackLimit()))),
stackOverflow, lowBlock(m_graph.block(0)));
m_out.appendTo(stackOverflow, m_handleExceptions);
- // FIXME: Do a real stack check and throw the exception appropriately.
- // https://bugs.webkit.org/show_bug.cgi?id=125650
- m_out.crash();
+ vmCall(m_out.operation(operationThrowStackOverflowError), m_callFrame, m_out.constIntPtr(codeBlock()), NoExceptions);
+ m_ftlState.handleStackOverflowExceptionStackmapID = m_stackmapIDs++;
+ m_out.call(
+ m_out.stackmapIntrinsic(), m_out.constInt64(m_ftlState.handleStackOverflowExceptionStackmapID),
+ m_out.constInt32(MacroAssembler::maxJumpReplacementSize()));
+ m_out.unreachable();
m_out.appendTo(m_handleExceptions, lowBlock(m_graph.block(0)));
m_ftlState.handleExceptionStackmapID = m_stackmapIDs++;
Modified: trunk/Source/_javascript_Core/ftl/FTLState.h (164068 => 164069)
--- trunk/Source/_javascript_Core/ftl/FTLState.h 2014-02-13 23:34:35 UTC (rev 164068)
+++ trunk/Source/_javascript_Core/ftl/FTLState.h 2014-02-13 23:35:08 UTC (rev 164069)
@@ -58,6 +58,7 @@
RefPtr<JITCode> jitCode;
GeneratedFunction generatedFunction;
JITFinalizer* finalizer;
+ unsigned handleStackOverflowExceptionStackmapID;
unsigned handleExceptionStackmapID;
unsigned capturedStackmapID;
SegmentedVector<GetByIdDescriptor> getByIds;
Modified: trunk/Source/_javascript_Core/runtime/VM.h (164068 => 164069)
--- trunk/Source/_javascript_Core/runtime/VM.h 2014-02-13 23:34:35 UTC (rev 164068)
+++ trunk/Source/_javascript_Core/runtime/VM.h 2014-02-13 23:35:08 UTC (rev 164069)
@@ -383,6 +383,7 @@
#if ENABLE(FTL_JIT)
void updateFTLLargestStackSize(size_t);
+ void** addressOfFTLStackLimit() { return &m_ftlStackLimit; }
#endif
void** addressOfJSStackLimit() { return &m_jsStackLimit; }
