Changeset 160573 in webkit

Timestamp:

Dec 13, 2013, 4:39:45 PM (11 years ago)

Author:

mark.lam@apple.com

Message:

Fix exception handling for the LLINT.
​https://bugs.webkit.org/show_bug.cgi?id=125672.

Reviewed by Geoffrey Garen.

The baseline JIT exception handling is still broken.

• JavaScriptCore.order:
• llint/LLIntSlowPaths.cpp:
• llint/LLIntSlowPaths.h:
• llint/LowLevelInterpreter.asm:
• llint/LowLevelInterpreter32_64.asm:
• updated the 32bit file with some of the changes to keep track with the 64bit one though it doesn't build yet. The build failure will clearly tell us some of the things that need to be fixed later.
• llint/LowLevelInterpreter64.asm:
• Called restoreStackPointerAfterCall() in op_catch and nativeCallTrampoline to restore the appropriate stack pointer.
• Renamed the restoreStackPointerAfterJSCall() macro to restoreStackPointerAfterCall because we also need to call it after a call to a native / host function.
• Removed llint_throw_from_native_call because it no longer does anything useful.
• Moved call to functionEpilogue() in nativeCallTrampoline before the exception check because we should have returned from the native / host function already.

The Interpreter::unwind() code also relies on this. The VM will unwind and "pop"
JS frames, but will stop at host frames. The host frame should pop itself. Then,
we call Interpreter::unwind() again to continue for caller frames further up
the stack.

• Removed the check for the sentinel frame in handleUncaughtException because we're guaranteed to be at the frame above the sentinel frame.

Location:

branches/jsCStack/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• JavaScriptCore.order (modified) (1 diff)
• llint/LLIntSlowPaths.cpp (modified) (1 diff)
• llint/LLIntSlowPaths.h (modified) (1 diff)
• llint/LowLevelInterpreter.asm (modified) (2 diffs)
• llint/LowLevelInterpreter32_64.asm (modified) (2 diffs)
• llint/LowLevelInterpreter64.asm (modified) (4 diffs)

branches/jsCStack/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2013-12-13  Mark Lam  <mark.lam@apple.com>
+
+        Fix exception handling for the LLINT.
+        https://bugs.webkit.org/show_bug.cgi?id=125672.
+
+        Reviewed by Geoffrey Garen.
+
+        The baseline JIT exception handling is still broken.
+
+        * JavaScriptCore.order:
+        * llint/LLIntSlowPaths.cpp:
+        * llint/LLIntSlowPaths.h:
+        * llint/LowLevelInterpreter.asm:
+        * llint/LowLevelInterpreter32_64.asm:
+        - updated the 32bit file with some of the changes to keep track with the 64bit
+          one though it doesn't build yet. The build failure will clearly tell us some of
+          the things that need to be fixed later.
+        * llint/LowLevelInterpreter64.asm:
+        - Called restoreStackPointerAfterCall() in op_catch and nativeCallTrampoline to
+          restore the appropriate stack pointer.
+        - Renamed the restoreStackPointerAfterJSCall() macro to restoreStackPointerAfterCall
+          because we also need to call it after a call to a native / host function.
+        - Removed llint_throw_from_native_call because it no longer does anything useful.
+        - Moved call to functionEpilogue() in nativeCallTrampoline before the exception
+          check because we should have returned from the native / host function already.
+
+          The Interpreter::unwind() code also relies on this. The VM will unwind and "pop"
+          JS frames, but will stop at host frames. The host frame should pop itself. Then,
+          we call Interpreter::unwind() again to continue for caller frames further up
+          the stack.
+
+        - Removed the check for the sentinel frame in handleUncaughtException because
+          we're guaranteed to be at the frame above the sentinel frame.
+
 2013-12-13  Michael Saboff  <msaboff@apple.com>
 

branches/jsCStack/Source/JavaScriptCore/JavaScriptCore.order

@@ -4982 +4982 @@
 _llint_slow_path_profile_will_call
 _llint_slow_path_profile_did_call
-_llint_throw_from_native_call
 _llint_begin
 _llint_program_prologue

branches/jsCStack/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp

@@ -1308 +1308 @@
 }
 
-LLINT_SLOW_PATH_DECL(throw_from_native_call)
-{
-    LLINT_BEGIN();
-    ASSERT(vm.exception());
-    LLINT_END();
-}
-
 LLINT_SLOW_PATH_DECL(slow_path_handle_exception)
 {

branches/jsCStack/Source/JavaScriptCore/llint/LLIntSlowPaths.h

@@ -119 +119 @@
 LLINT_SLOW_PATH_HIDDEN_DECL(slow_path_profile_will_call);
 LLINT_SLOW_PATH_HIDDEN_DECL(slow_path_profile_did_call);
-LLINT_SLOW_PATH_HIDDEN_DECL(throw_from_native_call);
 LLINT_SLOW_PATH_HIDDEN_DECL(slow_path_handle_exception);
 LLINT_SLOW_PATH_HIDDEN_DECL(slow_path_resolve_scope);

branches/jsCStack/Source/JavaScriptCore/llint/LowLevelInterpreter.asm

@@ -277 +277 @@
         move calleeFramePtr, sp
         call LLIntCallLinkInfo::machineCodeTarget[callLinkInfo]
-        restoreStackPointerAfterJSCall()
+        restoreStackPointerAfterCall()
         dispatchAfterCall()
     end
@@ -291 +291 @@
                 addp CallerFrameAndPCSize, t1, sp
                 call callee
-                restoreStackPointerAfterJSCall()
+                restoreStackPointerAfterCall()
                 dispatchAfterCall()
             end

branches/jsCStack/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm

@@ -344 +344 @@
 end
 
-macro doHandleUncaughtException(extraStackSpace)
 _handleUncaughtException:
-    functionEpilogue(extraStackSpace)
+    loadp ScopeChain[cfr], t3
+    andp MarkedBlockMask, t3
+    loadp MarkedBlock::m_weakSet + WeakSet::m_vm[t3], t3
+    loadp VM::callFrameForThrow[t3], cfr
+
+    # So far, we've unwound the stack to the frame just below the sentinel frame.
+    # We need to pop to the sentinel frame and do the necessary clean up for
+    # returning to the caller C frame.
+    loadp CallerFrame[cfr], cfr
+
+    loadp Callee[cfr], t3 # VM.topCallFrame
+    loadp ScopeChain[cfr], t6
+    storep t6, [t3]
+
+    callToJavaScriptEpilogue()
     ret
-end
 
 macro doReturnFromHostFunction(extraStackSpace)
@@ -2130 +2142 @@
         error
     end
-    bineq VM::m_exception + TagOffset[t3], EmptyValueTag, .exception
+    bineq VM::m_exception + TagOffset[t3], EmptyValueTag, .handleException
     ret
-.exception:
+
+.handleException:
     preserveReturnAddressAfterCall(t1) # This is really only needed on X86
-    loadi ArgumentCount + TagOffset[cfr], PC
-    callSlowPath(_llint_throw_from_native_call)
+    storep cfr, VM::topCallFrame[t3]
+    restoreStackPointerAfterCall()
     jmp _llint_throw_from_slow_path_trampoline
 end

branches/jsCStack/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm

@@ -142 +142 @@
 end
 
-macro restoreStackPointerAfterJSCall()
+macro restoreStackPointerAfterCall()
     loadp CodeBlock[cfr], t1
     loadi CodeBlock::m_numCalleeRegisters[t1], t1
@@ -281 +281 @@
     loadp VM::callFrameForThrow[t3], cfr
 
-    bpeq CodeBlock[cfr], 1, .calleeFramePopped
+    # So far, we've unwound the stack to the frame just below the sentinel frame.
+    # We need to pop to the sentinel frame and do the necessary clean up for
+    # returning to the caller C frame.
     loadp CallerFrame[cfr], cfr
 
-.calleeFramePopped:
     loadp Callee[cfr], t3 # VM.topCallFrame
     loadp ScopeChain[cfr], t6
@@ -1853 +1854 @@
     loadp MarkedBlock::m_weakSet + WeakSet::m_vm[t3], t3
     loadp VM::callFrameForThrow[t3], cfr
+    restoreStackPointerAfterCall()
+
     loadp CodeBlock[cfr], PB
     loadp CodeBlock::m_instructions[PB], PB
@@ -1957 +1960 @@
     end
 
-    btqnz VM::m_exception[t3], .exception
     functionEpilogue()
+
+    btqnz VM::m_exception[t3], .handleException
     ret
-.exception:
-    if X86_64
-        pop t1
-    end
-    loadi ArgumentCount + TagOffset[cfr], PC
-    loadp CodeBlock[cfr], PB
-    loadp CodeBlock::m_vm[PB], t0
-    loadp CodeBlock::m_instructions[PB], PB
-    storep cfr, VM::topCallFrame[t0]
-    callSlowPath(_llint_throw_from_native_call)
+
+.handleException:
+    storep cfr, VM::topCallFrame[t3]
+    restoreStackPointerAfterCall()
     jmp _llint_throw_from_slow_path_trampoline
 end