Changeset 160967 in webkit

Timestamp:

Dec 21, 2013 11:25:09 AM (10 years ago)

Author:

mark.lam@apple.com

Message:

CStack: Update the VMEntryScope's stack limit when the VM enters/exits ErrorMode.
​https://bugs.webkit.org/show_bug.cgi?id=126009.

Not yet reviewed.

1. Renamed JSStack::updateStackLimit() to setStackLimit() because that is what it actually does. We're going to repurpose the updateStackLimit name for another function.

2. Fixed a bug in setStackLimit() where setJSStackLimit() was called with the value of newEnd which points past the end of the stack. The fix is to add 1 to point at the last slot at top of the stack. This is what is the users of the jsStackLimit value expects.

3. Introduce the new JSStack::updateStackLimit() which is responsible for re-setting the current stack limit. updateStackLimit() will handle both cases of the JS stack being on the C stack or a separate stack.

For the C stack case, JStack::updateStackLimit() will check if a
VMEntryScope has been installed in the VM. If so, it will tell the
VMEntryScope to do the real work of updating the stack limit. The
VMEntryScope will take into account whether the VM's Interpreter is
in an error handling mode or not when determining the amount of host
zone space to reserve on the stack for computing the stack limit value.

4. Interpreter::ErrorHandlingMode now calls JSStack::updateStackLimit whenever it enters / exit error handling mode. This allows the stack limit to change with the error mode change.

5. A lot of places in the code were throwing StackOverflowErrors by creating and throwing the error themselves instead of using the throwStackOverflowError() helper function. As a result, the VM never got the chance to enter error mode. This is a bug and is now fixed by making all these sites use throwStackOverflowError() instead.

For sites that can't use throwStackOverflowError(), I updated them to
instantiate Interpreter::ErrorHandlingMode to set the error mode
appropriately.

6. Made JSStack::enableErrorStackReserve() and disableErrorStackReserve() private. They are no longer called from outside of JSStack.

• interpreter/Interpreter.cpp:

(JSC::Interpreter::ErrorHandlingMode::ErrorHandlingMode):
(JSC::Interpreter::ErrorHandlingMode::~ErrorHandlingMode):
(JSC::sizeFrameForVarargs):

• interpreter/JSStack.cpp:

(JSC::JSStack::JSStack):
(JSC::JSStack::growSlowCase):
(JSC::JSStack::updateStackLimit):

• interpreter/JSStack.h:
• interpreter/JSStackInlines.h:

(JSC::JSStack::shrink):
(JSC::JSStack::setStackLimit):

• jit/JITOperations.cpp:
• llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

• parser/ParserError.h:

(JSC::ParserError::toErrorObject):

• runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

• runtime/JSONObject.cpp:

(JSC::Walker::walk):

• runtime/StringRecursionChecker.cpp:

(JSC::StringRecursionChecker::throwStackOverflowError):

• runtime/VMEntryScope.cpp:

(JSC::VMEntryScope::VMEntryScope):
(JSC::VMEntryScope::updateStackLimit):

• runtime/VMEntryScope.h:

Location:

branches/jsCStack/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• interpreter/Interpreter.cpp (modified) (7 diffs)
• interpreter/JSStack.cpp (modified) (5 diffs)
• interpreter/JSStack.h (modified) (3 diffs)
• interpreter/JSStackInlines.h (modified) (2 diffs)
• jit/JITOperations.cpp (modified) (4 diffs)
• llint/LLIntSlowPaths.cpp (modified) (1 diff)
• parser/ParserError.h (modified) (1 diff)
• runtime/CommonSlowPaths.cpp (modified) (2 diffs)
• runtime/JSONObject.cpp (modified) (2 diffs)
• runtime/StringRecursionChecker.cpp (modified) (1 diff)
• runtime/VMEntryScope.cpp (modified) (2 diffs)
• runtime/VMEntryScope.h (modified) (1 diff)

branches/jsCStack/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2013-12-21  Mark Lam  <mark.lam@apple.com>
+
+        CStack: Update the VMEntryScope's stack limit when the VM enters/exits ErrorMode.
+        https://bugs.webkit.org/show_bug.cgi?id=126009.
+
+        Not yet reviewed.
+
+        1. Renamed JSStack::updateStackLimit() to setStackLimit() because that
+           is what it actually does. We're going to repurpose the updateStackLimit
+           name for another function.
+
+        2. Fixed a bug in setStackLimit() where setJSStackLimit() was called with
+           the value of newEnd which points past the end of the stack. The fix is
+           to add 1 to point at the last slot at top of the stack. This is what is
+           the users of the jsStackLimit value expects.
+
+        3. Introduce the new JSStack::updateStackLimit() which is responsible for
+           re-setting the current stack limit. updateStackLimit() will handle both
+           cases of the JS stack being on the C stack or a separate stack.
+
+           For the C stack case, JStack::updateStackLimit() will check if a
+           VMEntryScope has been installed in the VM. If so, it will tell the
+           VMEntryScope to do the real work of updating the stack limit. The
+           VMEntryScope will take into account whether the VM's Interpreter is
+           in an error handling mode or not when determining the amount of host
+           zone space to reserve on the stack for computing the stack limit value.
+
+        4. Interpreter::ErrorHandlingMode now calls JSStack::updateStackLimit
+           whenever it enters / exit error handling mode. This allows the stack
+           limit to change with the error mode change.
+
+        5. A lot of places in the code were throwing StackOverflowErrors by
+           creating and throwing the error themselves instead of using the
+           throwStackOverflowError() helper function. As a result, the VM never
+           got the chance to enter error mode. This is a bug and is now fixed by
+           making all these sites use throwStackOverflowError() instead.
+
+           For sites that can't use throwStackOverflowError(), I updated them to
+           instantiate Interpreter::ErrorHandlingMode to set the error mode
+           appropriately.
+
+        6. Made JSStack::enableErrorStackReserve() and disableErrorStackReserve()
+           private. They are no longer called from outside of JSStack.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::ErrorHandlingMode::ErrorHandlingMode):
+        (JSC::Interpreter::ErrorHandlingMode::~ErrorHandlingMode):
+        (JSC::sizeFrameForVarargs):
+        * interpreter/JSStack.cpp:
+        (JSC::JSStack::JSStack):
+        (JSC::JSStack::growSlowCase):
+        (JSC::JSStack::updateStackLimit):
+        * interpreter/JSStack.h:
+        * interpreter/JSStackInlines.h:
+        (JSC::JSStack::shrink):
+        (JSC::JSStack::setStackLimit):
+        * jit/JITOperations.cpp:
+        * llint/LLIntSlowPaths.cpp:
+        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+        * parser/ParserError.h:
+        (JSC::ParserError::toErrorObject):
+        * runtime/CommonSlowPaths.cpp:
+        (JSC::SLOW_PATH_DECL):
+        * runtime/JSONObject.cpp:
+        (JSC::Walker::walk):
+        * runtime/StringRecursionChecker.cpp:
+        (JSC::StringRecursionChecker::throwStackOverflowError):
+        * runtime/VMEntryScope.cpp:
+        (JSC::VMEntryScope::VMEntryScope):
+        (JSC::VMEntryScope::updateStackLimit):
+        * runtime/VMEntryScope.h:
+
 2013-12-21  Filip Pizlo  <fpizlo@apple.com>
 

branches/jsCStack/Source/JavaScriptCore/interpreter/Interpreter.cpp

@@ -95 +95 @@
     : m_interpreter(*exec->interpreter())
 {
-    if (!m_interpreter.m_errorHandlingModeReentry)
-        m_interpreter.stack().enableErrorStackReserve();
     m_interpreter.m_errorHandlingModeReentry++;
+    m_interpreter.stack().updateStackLimit();
 }
 
@@ -105 +104 @@
     ASSERT(m_interpreter.m_errorHandlingModeReentry >= 0);
     if (!m_interpreter.m_errorHandlingModeReentry)
-        m_interpreter.stack().disableErrorStackReserve();
+        m_interpreter.stack().updateStackLimit();
 }
 
@@ -162 +161 @@
         CallFrame* newCallFrame = CallFrame::create(callFrame->registers() - paddedCalleeFrameOffset);
         if (argumentCountIncludingThis > Arguments::MaxArguments + 1 || !stack->ensureCapacityFor(newCallFrame->registers())) {
-            callFrame->vm().throwException(callFrame, createStackOverflowError(callFrame));
+            throwStackOverflowError(callFrame);
             return 0;
         }
@@ -173 +172 @@
         CallFrame* newCallFrame = CallFrame::create(callFrame->registers() - paddedCalleeFrameOffset);
         if (!stack->ensureCapacityFor(newCallFrame->registers())) {
-            callFrame->vm().throwException(callFrame, createStackOverflowError(callFrame));
+            throwStackOverflowError(callFrame);
             return 0;
         }
@@ -190 +189 @@
         CallFrame* newCallFrame = CallFrame::create(callFrame->registers() - paddedCalleeFrameOffset);
         if (argCount > Arguments::MaxArguments || !stack->ensureCapacityFor(newCallFrame->registers())) {
-            callFrame->vm().throwException(callFrame, createStackOverflowError(callFrame));
+            throwStackOverflowError(callFrame);
             return 0;
         }
@@ -202 +201 @@
         CallFrame* newCallFrame = CallFrame::create(callFrame->registers() - paddedCalleeFrameOffset);
         if (argCount > Arguments::MaxArguments || !stack->ensureCapacityFor(newCallFrame->registers())) {
-            callFrame->vm().throwException(callFrame, createStackOverflowError(callFrame));
+            throwStackOverflowError(callFrame);
             return 0;
         }
@@ -213 +212 @@
     CallFrame* newCallFrame = CallFrame::create(callFrame->registers() - paddedCalleeFrameOffset);
     if (argCount > Arguments::MaxArguments || !stack->ensureCapacityFor(newCallFrame->registers())) {
-        callFrame->vm().throwException(callFrame,  createStackOverflowError(callFrame));
+        throwStackOverflowError(callFrame);
         return 0;
     }

branches/jsCStack/Source/JavaScriptCore/interpreter/JSStack.cpp

@@ -32 +32 @@
 #include "ConservativeRoots.h"
 #include "Interpreter.h"
+#include "VMEntryScope.h"
 
 namespace JSC {
@@ -51 +52 @@
 
     m_reservation = PageReservation::reserve(roundUpAllocationSize(capacity * sizeof(Register), commitSize), OSAllocator::JSVMStackPages);
-    updateStackLimit(highAddress());
+    setStackLimit(highAddress());
     m_commitEnd = highAddress();
     
@@ -74 +75 @@
     // just update the end pointer and return.
     if (newEnd >= m_commitEnd) {
-        updateStackLimit(newEnd);
+        setStackLimit(newEnd);
         return true;
     }
@@ -90 +91 @@
     addToCommittedByteCount(delta);
     m_commitEnd = reinterpret_cast_ptr<Register*>(reinterpret_cast<char*>(m_commitEnd) - delta);
-    updateStackLimit(newEnd);
+    setStackLimit(newEnd);
     return true;
 }
@@ -176 +177 @@
 }
 
+void JSStack::updateStackLimit()
+{
+#if ENABLE(LLINT_C_LOOP)
+    if (m_vm.interpreter->isInErrorHandlingMode())
+        enableErrorStackReserve();
+    else
+        disableErrorStackReserve();
+#endif
+    if (m_vm.entryScope)
+        m_vm.entryScope->updateStackLimit();
+}
+
 } // namespace JSC

branches/jsCStack/Source/JavaScriptCore/interpreter/JSStack.h

@@ -84 +84 @@
         bool ensureCapacityFor(Register* newTopOfStack);
 
+        void updateStackLimit();
+
         void gatherConservativeRoots(ConservativeRoots&);
         void gatherConservativeRoots(ConservativeRoots&, JITStubRoutineSet&, CodeBlockSet&);
@@ -105 +107 @@
 
         bool containsAddress(Register* address) { return (lowAddress() <= address && address <= highAddress()); }
-
-        void enableErrorStackReserve();
-        void disableErrorStackReserve();
 
 #if ENABLE(DEBUG_JSSTACK)
@@ -153 +152 @@
         void addToCommittedByteCount(long);
 
-        void updateStackLimit(Register* newEnd);
+        void setStackLimit(Register* newEnd);
+
+        void enableErrorStackReserve();
+        void disableErrorStackReserve();
 
         VM& m_vm;

branches/jsCStack/Source/JavaScriptCore/interpreter/JSStackInlines.h

@@ -170 +170 @@
     if (newEnd >= m_end)
         return;
-    updateStackLimit(newEnd);
+    setStackLimit(newEnd);
     if (m_end == baseOfStack() && (m_commitEnd - baseOfStack()) >= maxExcessCapacity)
         releaseExcessCapacity();
@@ -183 +183 @@
 }
 
-inline void JSStack::updateStackLimit(Register* newEnd)
+inline void JSStack::setStackLimit(Register* newEnd)
 {
     m_end = newEnd;
 #if ENABLE(LLINT_C_LOOP)
-    m_vm.setJSStackLimit(newEnd);
+    m_vm.setJSStackLimit(newEnd + 1);
 #endif
 }

branches/jsCStack/Source/JavaScriptCore/jit/JITOperations.cpp

@@ -80 +80 @@
 
     NativeCallFrameTracer tracer(vm, callerFrame);
+    Interpreter::ErrorHandlingMode mode(callerFrame);
     vm->throwException(callerFrame, createStackOverflowError(callerFrame));
 }
@@ -93 +94 @@
     int32_t missingArgCount = CommonSlowPaths::arityCheckFor(exec, &stack, CodeForCall);
     if (missingArgCount < 0)
-        vm->throwException(callerFrame, createStackOverflowError(callerFrame));
+        throwStackOverflowError(callerFrame);
 
     return missingArgCount;
@@ -108 +109 @@
     int32_t missingArgCount = CommonSlowPaths::arityCheckFor(exec, &stack, CodeForConstruct);
     if (missingArgCount < 0)
-        vm->throwException(callerFrame, createStackOverflowError(callerFrame));
+        throwStackOverflowError(callerFrame);
 
     return missingArgCount;
@@ -704 +705 @@
         JSObject* error = functionExecutable->prepareForExecution(execCallee, callee->scope(), kind);
         if (error) {
-            vm->throwException(exec, createStackOverflowError(exec));
+            throwStackOverflowError(exec);
             return reinterpret_cast<char*>(vm->getCTIStub(throwExceptionFromCallSlowPathGenerator).code().executableAddress());
         }

branches/jsCStack/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp

@@ -452 +452 @@
     {
         exec = exec->callerFrame();
+        Interpreter::ErrorHandlingMode mode(exec);
         CommonSlowPaths::interpreterThrowInCaller(exec, createStackOverflowError(exec));
         pc = returnToThrowForThrownException(exec);

branches/jsCStack/Source/JavaScriptCore/parser/ParserError.h

@@ -95 +95 @@
         case EvalError:
             return createSyntaxError(globalObject, m_message);
-        case StackOverflow:
+        case StackOverflow: {
+            Interpreter::ErrorHandlingMode mode(globalObject->globalExec());
             return createStackOverflowError(globalObject);
+        }
         case OutOfMemory:
             return createOutOfMemoryError(globalObject);

branches/jsCStack/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp

@@ -191 +191 @@
     if (slotsToAdd < 0) {
         exec = exec->callerFrame();
+        Interpreter::ErrorHandlingMode mode(exec);
         CommonSlowPaths::interpreterThrowInCaller(exec, createStackOverflowError(exec));
         RETURN_TWO(bitwise_cast<void*>(static_cast<uintptr_t>(1)), exec);
@@ -203 +204 @@
     if (slotsToAdd < 0) {
         exec = exec->callerFrame();
+        Interpreter::ErrorHandlingMode mode(exec);
         CommonSlowPaths::interpreterThrowInCaller(exec, createStackOverflowError(exec));
         RETURN_TWO(bitwise_cast<void*>(static_cast<uintptr_t>(1)), exec);

branches/jsCStack/Source/JavaScriptCore/runtime/JSONObject.cpp

@@ -655 +655 @@
                 ASSERT(isJSArray(asObject(inValue)) || asObject(inValue)->inherits(JSArray::info()));
                 if (objectStack.size() + arrayStack.size() > maximumFilterRecursion)
-                    return m_exec->vm().throwException(m_exec, createStackOverflowError(m_exec));
+                    return throwStackOverflowError(m_exec);
 
                 JSArray* array = asArray(inValue);
@@ -706 +706 @@
                 ASSERT(!isJSArray(asObject(inValue)) && !asObject(inValue)->inherits(JSArray::info()));
                 if (objectStack.size() + arrayStack.size() > maximumFilterRecursion)
-                    return m_exec->vm().throwException(m_exec, createStackOverflowError(m_exec));
+                    return throwStackOverflowError(m_exec);
 
                 JSObject* object = asObject(inValue);

branches/jsCStack/Source/JavaScriptCore/runtime/StringRecursionChecker.cpp

@@ -29 +29 @@
 JSValue StringRecursionChecker::throwStackOverflowError()
 {
-    return m_exec->vm().throwException(m_exec, createStackOverflowError(m_exec));
+    return JSC::throwStackOverflowError(m_exec);
 }
 

branches/jsCStack/Source/JavaScriptCore/runtime/VMEntryScope.cpp

@@ -54 +54 @@
     vm.clearExceptionStack();
 
-    void* limit = m_stack.recursionLimit(requiredCapacity());
-    vm.setStackLimit(limit);
+    updateStackLimit();
     vm.setLastStackTop(m_stack.origin());
 }
@@ -64 +63 @@
     m_vm.setStackLimit(m_prevStackLimit);
     m_vm.setLastStackTop(m_prevLastStackTop);
+}
+
+void VMEntryScope::updateStackLimit()
+{
+    void* limit = m_stack.recursionLimit(requiredCapacity());
+    m_vm.setStackLimit(limit);
 }
 

branches/jsCStack/Source/JavaScriptCore/runtime/VMEntryScope.h

@@ -41 +41 @@
     JS_EXPORT_PRIVATE ~VMEntryScope();
 
+    void updateStackLimit();
     JSGlobalObject* globalObject() const { return m_globalObject; }