Context Navigation

← Previous Changeset
Next Changeset →

Changeset 161575 in webkit

Timestamp:

Jan 9, 2014, 1:10:46 PM (11 years ago)

Author:

mark.lam@apple.com

Message:

CStack: Need a separate stack limit for the JS stack and the C stack.
https://bugs.webkit.org/show_bug.cgi?id=126320.

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

The purpose of this patch is mainly to change the way we compute the stack
limit for JS stack checks. Previously, we tally up the stack usage per
session of VM re-entry as tracked by the VMEntryScope, and we ensure that
the total usage does not exceed Options::maxStackSize(), and of course, is
also capped by the amount of native C stack available. The usage tracking
here does not count host / native function stack usage against the max
stack usage.

The new way is to compute a limit as an offset from the VMEntryScope of
the first entry into the VM. Options::maxPerThreadStackUsage()
will provide that offset. Any host / native function stack usage after
we've entered the VM will be counted against the max stack usage.

This patch supplants parts or all of the following previously committed
patches:

r161104: https://bugs.webkit.org/show_bug.cgi?id=126266

Rename VM::entryScope to firstEntryScope.

r161232: https://bugs.webkit.org/show_bug.cgi?id=126321

Introducing Options::maxStackSize().

r161172: https://bugs.webkit.org/show_bug.cgi?id=126331

Refactor to split the tracking of the jsStackLimit from the
native stackLimit.

r161174: https://bugs.webkit.org/show_bug.cgi?id=126334

Introduce tracking of the top VMEntryScope.

r161361: https://bugs.webkit.org/show_bug.cgi?id=126487

The fixed up jsStackLimit in doCallToJavaScript should not
exceed the native stack limit.

r161180: https://bugs.webkit.org/show_bug.cgi?id=126320

Need a separate stack limit for the JS stack and the C stack.
This was for the old way of tracking chunks of stack usage
per VMEntryScope.

Details of this patch:

Renamed VM::firstEntryScope back to VM::entryScope. Removed the tracking of topEntryScope and related code.

Renamed Options::maxStackSize() to maxPerThreadStackUsage(). Added Options::hostZoneSize() and Options::errorModeHostZoneSize().

The VM now tracks its current hostZoneSize and stack limits. VM::m_stackLimit is computed when the hostZoneSize is set via VM::updateStackLimitWithHostZoneSize().

In the C Loop LLINT case, the VM also provides a setJSStackLimit()
since VM::m_stackLimit and VM::m_jsStackLimit are 2 different values
in that case.

Replaced Interpreter::ErrorHandlingMode with ErrorHandlingScope. The ErrorHandlingScope constructor will set the VM host zone size to Options::errorModeHostZoneSize(), and restore the previous host zone size.

The destructor for ErrorHandlingScope will restore the previous stack
limit. We can enter multiple ErrorHandlingScopes. Only the destruction
of the very first one will restore the stack limit with the non-error
mode host zone.

LLINT C loop JSStack changes: 5.1 Replaced calls to roundUpToAllocationSize() with WTF::roundUpToMultipleOf().

roundUpToAllocationSize() is redundant and is now removed.

5.2 Removed enable/disableErrorStackReserve() and updateStackLimit().

Their function is now handled by JSStack::setHostZoneSize().

5.3 Added accounting for a host zone in the LLINT C loop JSStack.

This includes growing the JS stack to allow space for the host zone
whenever the host zone size is adjusted via JSStack::setHostZoneSize().

Note: though setHostZoneSize() is based on disableErrorStackReserve(),
we don't retain the logic to shrink the stack there. That logic was
always dead code: we only call shrink() if m_end + 1 < m_useableTop,
but shrink() will only shrink the stack if m_end is pointing to the
base of the stack i.e. the 2 conditions are mutually exclusive, and
no work to shrink the stack will ever be done here.

m_useableTop is no longer needed and is now removed.

5.4 Change all non C loop code to reference VM::stackLimit() instead of

VM::jsStackLimit(). Though the 2 are the same for non C loop builds,
this makes it more straightforward. We now only reference the
jsStackLimit in 2 cases:

LLINT and JIT code performing stack checks where they expect the jsStackLimit to be a pseudonym for the stackLimit in non C loop builds.

In the C loop build, the JSStack itself sets VM::m_jsStackLimit() when it adjusts its host zone size.

In all other cases, we work directly with VM::stackLimit().

Simplify the tracking of VM::stackPointerAtVMEntry. We now set VM::stackPointerAtVMEntry when we install a VMEntryScope if and only if it isn't already set.

When we drop the API locks, we'll save the current stackPointerAtVMEntry
and stack limit value, and clear stackPointerAtVMEntry to allow a new
thread acquiring the API locks to re-set it when it installs a VMEntryScope.
When we re-acquire the API locks again, we'll restore the previously saved
stackPointerAtVMEntry and stack limit.

With this change, we also no longer need the stackPointerAtVMEntry fix up
code in doCallToJavaScript(). That code is now removed.

CMakeLists.txt:
GNUmakefile.list.am:
JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
JavaScriptCore.xcodeproj/project.pbxproj:
debugger/Debugger.cpp:

(JSC::Debugger::recompileAllJSFunctions):

debugger/DebuggerCallFrame.cpp:
heap/Heap.cpp:

(JSC::Heap::lastChanceToFinalize):
(JSC::Heap::deleteAllCompiledCode):

interpreter/CallFrame.cpp:

(JSC::CallFrame::vmEntryGlobalObject):

interpreter/Interpreter.cpp:
interpreter/Interpreter.h:
interpreter/JSStack.cpp:

(JSC::JSStack::JSStack):
(JSC::JSStack::~JSStack):
(JSC::JSStack::growSlowCase):
(JSC::JSStack::releaseExcessCapacity):
(JSC::JSStack::setHostZoneSize):
(JSC::JSStack::lowAddress):

interpreter/JSStack.h:
interpreter/JSStackInlines.h:

(JSC::JSStack::ensureCapacityFor):
(JSC::JSStack::shrink):

jit/ExecutableAllocator.h:
jit/JITOperations.cpp:
llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

llint/LowLevelInterpreter64.asm:
parser/ParserError.h:

(JSC::ParserError::toErrorObject):

runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

runtime/ErrorHandlingScope.cpp: Added.

(JSC::ErrorHandlingScope::ErrorHandlingScope):
(JSC::ErrorHandlingScope::~ErrorHandlingScope):

runtime/ErrorHandlingScope.h: Added.
runtime/ExceptionHelpers.cpp:

(JSC::throwStackOverflowError):
(JSC::throwTerminatedExecutionException):

runtime/JSLock.cpp:

(JSC::JSLock::DropAllLocks::DropAllLocks):
(JSC::JSLock::DropAllLocks::~DropAllLocks):

runtime/JSLock.h:
runtime/Options.h:
runtime/VM.cpp:

(JSC::VM::VM):
(JSC::VM::releaseExecutableMemory):
(JSC::VM::updateStackLimitWithHostZoneSize):

runtime/VM.h:
runtime/VMEntryScope.cpp:

(JSC::VMEntryScope::VMEntryScope):
(JSC::VMEntryScope::~VMEntryScope):

runtime/VMEntryScope.h:

Source/WebCore:

No new tests.

ForwardingHeaders/runtime/ErrorHandlingScope.h: Added.
WebCore.vcxproj/WebCore.vcxproj:
WebCore.vcxproj/WebCore.vcxproj.filters:
bindings/js/JSDOMBinding.cpp:

(WebCore::reportException):

Updated to use ErrorHandlingScope instead of Interpreter::ErrorHandlingMode.

Source/WTF:

wtf/StackBounds.h:

(WTF::StackBounds::recursionLimit):

Previously, StackBounds::recursionLimit() only takes a host zone size which it uses to compute the client's desired stack limit. Now, there's an alternate version that also allows the client to explicitly specify its desired stack limit in addition to its hostZoneSize requirement. In both cases, StackBounds::recursionLimit() will cap the limit (with allowance for the hostZoneSize) to be within its bounds, and return the capped limit.

LayoutTests:

js/large-expressions-expected.txt:
js/script-tests/large-expressions.js:
Changed expected result to reflect the much more constrained stack size now that the JS stack limit also limits stack usage by host / native functions.

Location:

branches/jsCStack

Files:

: 3 added
: 38 edited

LayoutTests/ChangeLog (modified) (1 diff)
LayoutTests/js/large-expressions-expected.txt (modified) (1 diff)
LayoutTests/js/script-tests/large-expressions.js (modified) (1 diff)
Source/JavaScriptCore/CMakeLists.txt (modified) (1 diff)
Source/JavaScriptCore/ChangeLog (modified) (8 diffs)
Source/JavaScriptCore/GNUmakefile.list.am (modified) (1 diff)
Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj (modified) (2 diffs)
Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters (modified) (2 diffs)
Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj (modified) (5 diffs)
Source/JavaScriptCore/debugger/Debugger.cpp (modified) (2 diffs)
Source/JavaScriptCore/debugger/DebuggerCallFrame.cpp (modified) (1 diff)
Source/JavaScriptCore/heap/Heap.cpp (modified) (2 diffs)
Source/JavaScriptCore/interpreter/CallFrame.cpp (modified) (1 diff)
Source/JavaScriptCore/interpreter/Interpreter.cpp (modified) (1 diff)
Source/JavaScriptCore/interpreter/Interpreter.h (modified) (2 diffs)
Source/JavaScriptCore/interpreter/JSStack.cpp (modified) (10 diffs)
Source/JavaScriptCore/interpreter/JSStack.h (modified) (5 diffs)
Source/JavaScriptCore/interpreter/JSStackInlines.h (modified) (3 diffs)
Source/JavaScriptCore/jit/ExecutableAllocator.h (modified) (1 diff)
Source/JavaScriptCore/jit/JITOperations.cpp (modified) (2 diffs)
Source/JavaScriptCore/llint/LLIntSlowPaths.cpp (modified) (2 diffs)
Source/JavaScriptCore/llint/LowLevelInterpreter64.asm (modified) (2 diffs)
Source/JavaScriptCore/parser/ParserError.h (modified) (2 diffs)
Source/JavaScriptCore/runtime/CommonSlowPaths.cpp (modified) (3 diffs)
Source/JavaScriptCore/runtime/ErrorHandlingScope.cpp (added)
Source/JavaScriptCore/runtime/ErrorHandlingScope.h (added)
Source/JavaScriptCore/runtime/ExceptionHelpers.cpp (modified) (2 diffs)
Source/JavaScriptCore/runtime/JSLock.cpp (modified) (3 diffs)
Source/JavaScriptCore/runtime/JSLock.h (modified) (1 diff)
Source/JavaScriptCore/runtime/Options.h (modified) (1 diff)
Source/JavaScriptCore/runtime/VM.cpp (modified) (4 diffs)
Source/JavaScriptCore/runtime/VM.h (modified) (4 diffs)
Source/JavaScriptCore/runtime/VMEntryScope.cpp (modified) (3 diffs)
Source/JavaScriptCore/runtime/VMEntryScope.h (modified) (2 diffs)
Source/WTF/ChangeLog (modified) (1 diff)
Source/WTF/wtf/StackBounds.h (modified) (2 diffs)
Source/WebCore/ChangeLog (modified) (1 diff)
Source/WebCore/ForwardingHeaders/runtime/ErrorHandlingScope.h (added)
Source/WebCore/WebCore.vcxproj/WebCore.vcxproj (modified) (1 diff)
Source/WebCore/WebCore.vcxproj/WebCore.vcxproj.filters (modified) (1 diff)
Source/WebCore/bindings/js/JSDOMBinding.cpp (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

branches/jsCStack/LayoutTests/ChangeLog

-              r161409
+              r161575
+-01-08  Mark Lam  <mark.lam@apple.com>
+        CStack: Need a separate stack limit for the JS stack and the C stack.
+        https://bugs.webkit.org/show_bug.cgi?id=126320.
+        Reviewed by Geoffrey Garen.
+        * js/large-expressions-expected.txt:
+        * js/script-tests/large-expressions.js:
+        - Changed expected result to reflect the much more constrained stack size
+          now that the JS stack limit also limits stack usage by host / native
+          functions.
 -01-06  Filip Pizlo  <fpizlo@apple.com>

branches/jsCStack/LayoutTests/js/large-expressions-expected.txt

r75408	r161575
6	6	PASS eval(repeatedExpression("letterA", "+", 100)) is repeatedString("a", 100)
7	7	PASS eval(repeatedExpression("letterA", "+", 1000)) is repeatedString("a", 1000)
8		PASS eval(repeatedExpression("letterA", "+", 10000)) ~~is repeatedString("a", 10000)~~
	8	PASS eval(repeatedExpression("letterA", "+", 10000)) threw exception Error: Out of memory.
9	9	PASS eval(repeatedExpression("letterA", "+", 100000)) threw exception Error: Out of memory.
10	10	PASS successfullyParsed is true

branches/jsCStack/LayoutTests/js/script-tests/large-expressions.js

r156976	r161575
31	31	shouldBe('eval(repeatedExpression("letterA", "+", 100))', 'repeatedString("a", 100)');
32	32	shouldBe('eval(repeatedExpression("letterA", "+", 1000))', 'repeatedString("a", 1000)');
33		should~~Be('eval(repeatedExpression("letterA", "+", 10000))', 'repeatedString("a", 10000~~)');
	33	shouldThrow('eval(repeatedExpression("letterA", "+", 10000))');
34	34	shouldThrow('eval(repeatedExpression("letterA", "+", 100000))');

branches/jsCStack/Source/JavaScriptCore/CMakeLists.txt

r161409	r161575
312	312	runtime/Error.cpp
313	313	runtime/ErrorConstructor.cpp
	314	runtime/ErrorHandlingScope.cpp
314	315	runtime/ErrorInstance.cpp
315	316	runtime/ErrorPrototype.cpp

branches/jsCStack/Source/JavaScriptCore/ChangeLog

-              r161547
+              r161575
+-01-09  Mark Lam  <mark.lam@apple.com>
+        CStack: Need a separate stack limit for the JS stack and the C stack.
+        https://bugs.webkit.org/show_bug.cgi?id=126320.
+        Reviewed by Geoffrey Garen.
+        The purpose of this patch is mainly to change the way we compute the stack
+        limit for JS stack checks. Previously, we tally up the stack usage per
+        session of VM re-entry as tracked by the VMEntryScope, and we ensure that
+        the total usage does not exceed Options::maxStackSize(), and of course, is
+        also capped by the amount of native C stack available. The usage tracking
+        here does not count host / native function stack usage against the max
+        stack usage.
+        The new way is to compute a limit as an offset from the VMEntryScope of
+        the first entry into the VM. Options::maxPerThreadStackUsage()
+        will provide that offset. Any host / native function stack usage after
+        we've entered the VM will be counted against the max stack usage.
+        This patch supplants parts or all of the following previously committed
+        patches:
+            r161104: https://bugs.webkit.org/show_bug.cgi?id=126266
+                     Rename VM::entryScope to firstEntryScope.
+            r161232: https://bugs.webkit.org/show_bug.cgi?id=126321
+                     Introducing Options::maxStackSize().
+            r161172: https://bugs.webkit.org/show_bug.cgi?id=126331
+                     Refactor to split the tracking of the jsStackLimit from the
+                     native stackLimit.
+            r161174: https://bugs.webkit.org/show_bug.cgi?id=126334
+                     Introduce tracking of the top VMEntryScope.
+            r161361: https://bugs.webkit.org/show_bug.cgi?id=126487
+                     The fixed up jsStackLimit in doCallToJavaScript should not
+                     exceed the native stack limit.
+            r161180: https://bugs.webkit.org/show_bug.cgi?id=126320
+                     Need a separate stack limit for the JS stack and the C stack.
+                     This was for the old way of tracking chunks of stack usage
+                     per VMEntryScope.
+        Details of this patch:
+. Renamed VM::firstEntryScope back to VM::entryScope.
+           Removed the tracking of topEntryScope and related code.
+. Renamed Options::maxStackSize() to maxPerThreadStackUsage().
+           Added Options::hostZoneSize() and Options::errorModeHostZoneSize().
+. The VM now tracks its current hostZoneSize and stack limits.
+           VM::m_stackLimit is computed when the hostZoneSize is set via
+           VM::updateStackLimitWithHostZoneSize().
+           In the C Loop LLINT case, the VM also provides a setJSStackLimit()
+           since VM::m_stackLimit and VM::m_jsStackLimit are 2 different values
+           in that case.
+. Replaced Interpreter::ErrorHandlingMode with ErrorHandlingScope.
+           The ErrorHandlingScope constructor will set the VM host zone size to
+           Options::errorModeHostZoneSize(), and restore the previous host zone
+           size.
+           The destructor for ErrorHandlingScope will restore the previous stack
+           limit. We can enter multiple ErrorHandlingScopes. Only the destruction
+           of the very first one will restore the stack limit with the non-error
+           mode host zone.
+. LLINT C loop JSStack changes:
+.1 Replaced calls to roundUpToAllocationSize() with WTF::roundUpToMultipleOf().
+               roundUpToAllocationSize() is redundant and is now removed.
+.2 Removed enable/disableErrorStackReserve() and updateStackLimit().
+               Their function is now handled by JSStack::setHostZoneSize().
+.3 Added accounting for a host zone in the LLINT C loop JSStack.
+               This includes growing the JS stack to allow space for the host zone
+               whenever the host zone size is adjusted via JSStack::setHostZoneSize().
+               Note: though setHostZoneSize() is based on disableErrorStackReserve(),
+               we don't retain the logic to shrink the stack there. That logic was
+               always dead code: we only call shrink() if m_end + 1 < m_useableTop,
+               but shrink() will only shrink the stack if m_end is pointing to the
+               base of the stack i.e. the 2 conditions are mutually exclusive, and
+               no work to shrink the stack will ever be done here.
+               m_useableTop is no longer needed and is now removed.
+.4 Change all non C loop code to reference VM::stackLimit() instead of
+               VM::jsStackLimit(). Though the 2 are the same for non C loop builds,
+               this makes it more straightforward. We now only reference the
+               jsStackLimit in 2 cases:
+               a. LLINT and JIT code performing stack checks where they expect the
+                  jsStackLimit to be a pseudonym for the stackLimit in non C loop
+                  builds.
+               b. In the C loop build, the JSStack itself sets VM::m_jsStackLimit()
+                  when it adjusts its host zone size.
+               In all other cases, we work directly with VM::stackLimit().
+. Simplify the tracking of VM::stackPointerAtVMEntry. We now set
+           VM::stackPointerAtVMEntry when we install a VMEntryScope if and only if
+           it isn't already set.
+           When we drop the API locks, we'll save the current stackPointerAtVMEntry
+           and stack limit value, and clear stackPointerAtVMEntry to allow a new
+           thread acquiring the API locks to re-set it when it installs a VMEntryScope.
+           When we re-acquire the API locks again, we'll restore the previously saved
+           stackPointerAtVMEntry and stack limit.
+           With this change, we also no longer need the stackPointerAtVMEntry fix up
+           code in doCallToJavaScript(). That code is now removed.
+        * CMakeLists.txt:
+        * GNUmakefile.list.am:
+        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
+        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * debugger/Debugger.cpp:
+        (JSC::Debugger::recompileAllJSFunctions):
+        * debugger/DebuggerCallFrame.cpp:
+        * heap/Heap.cpp:
+        (JSC::Heap::lastChanceToFinalize):
+        (JSC::Heap::deleteAllCompiledCode):
+        * interpreter/CallFrame.cpp:
+        (JSC::CallFrame::vmEntryGlobalObject):
+        * interpreter/Interpreter.cpp:
+        * interpreter/Interpreter.h:
+        * interpreter/JSStack.cpp:
+        (JSC::JSStack::JSStack):
+        (JSC::JSStack::~JSStack):
+        (JSC::JSStack::growSlowCase):
+        (JSC::JSStack::releaseExcessCapacity):
+        (JSC::JSStack::setHostZoneSize):
+        (JSC::JSStack::lowAddress):
+        * interpreter/JSStack.h:
+        * interpreter/JSStackInlines.h:
+        (JSC::JSStack::ensureCapacityFor):
+        (JSC::JSStack::shrink):
+        * jit/ExecutableAllocator.h:
+        * jit/JITOperations.cpp:
+        * llint/LLIntSlowPaths.cpp:
+        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+        * llint/LowLevelInterpreter64.asm:
+        * parser/ParserError.h:
+        (JSC::ParserError::toErrorObject):
+        * runtime/CommonSlowPaths.cpp:
+        (JSC::SLOW_PATH_DECL):
+        * runtime/ErrorHandlingScope.cpp: Added.
+        (JSC::ErrorHandlingScope::ErrorHandlingScope):
+        (JSC::ErrorHandlingScope::~ErrorHandlingScope):
+        * runtime/ErrorHandlingScope.h: Added.
+        * runtime/ExceptionHelpers.cpp:
+        (JSC::throwStackOverflowError):
+        (JSC::throwTerminatedExecutionException):
+        * runtime/JSLock.cpp:
+        (JSC::JSLock::DropAllLocks::DropAllLocks):
+        (JSC::JSLock::DropAllLocks::~DropAllLocks):
+        * runtime/JSLock.h:
+        * runtime/Options.h:
+        * runtime/VM.cpp:
+        (JSC::VM::VM):
+        (JSC::VM::releaseExecutableMemory):
+        (JSC::VM::updateStackLimitWithHostZoneSize):
+        * runtime/VM.h:
+        * runtime/VMEntryScope.cpp:
+        (JSC::VMEntryScope::VMEntryScope):
+        (JSC::VMEntryScope::~VMEntryScope):
+        * runtime/VMEntryScope.h:
 -01-08  Filip Pizlo  <fpizlo@apple.com>
 …
         Reviewed by Michael Saboff.
+        Update: this is supplanted by the 2014-01-08 patch for https://bugs.webkit.org/show_bug.cgi?id=126320.
         In doCallToJavaScript, we fixup VM::m_jsStackLimit once we know what the
 …
         https://bugs.webkit.org/show_bug.cgi?id=126320.
+        Not yet reviewed.
+        Rejected by Geoffrey Garen.
+        Update: this is supplanted by the 2014-01-08 patch for https://bugs.webkit.org/show_bug.cgi?id=126320.
         With this patch, we now accurately track how much JS stack space the
 …
         Not yet reviewed.
+        We cannot do a meaningful assertion here on the size of the stack span
+        because we don't know the stack bounds that the span came from. Hence,
+        the assertion is now removed.
         * heap/ConservativeRoots.cpp:
         (JSC::ConservativeRoots::genericAddSpan):
 …
         Reviewed by Geoffrey Garen.
+        Update: this is supplanted by the 2014-01-08 patch for https://bugs.webkit.org/show_bug.cgi?id=126320.
         When we start measuring the stack usage of each VMEntryScope, we'll need
 …
         https://bugs.webkit.org/show_bug.cgi?id=126331.
+        Not yet reviewed.
+        Rejected by Geoffrey Garen.
+        Update: this is supplanted by the 2014-01-08 patch for https://bugs.webkit.org/show_bug.cgi?id=126320.
         Previously, when using the C stack for the JS stack, VM::m_jsStackLimit is a union
 …
         Reviewed by Geoffrey Garen.
+        Update: this is supplanted by the 2014-01-08 patch for https://bugs.webkit.org/show_bug.cgi?id=126320.
         We need an option to limit the JS stack size. Currently, we just change
 …
         https://bugs.webkit.org/show_bug.cgi?id=126266.
+        Not yet reviewed.
+        Rejected by Geoffrey Garen.
+        Update: this is supplanted by the 2014-01-08 patch for https://bugs.webkit.org/show_bug.cgi?id=126320.
         This patch is so that we can distinguish firstEntryScope from topEntryScope

branches/jsCStack/Source/JavaScriptCore/GNUmakefile.list.am

r161409	r161575
852	852	Source/JavaScriptCore/runtime/Error.cpp \
853	853	Source/JavaScriptCore/runtime/Error.h \
	854	Source/JavaScriptCore/runtime/ErrorHandlingScope.cpp \
	855	Source/JavaScriptCore/runtime/ErrorHandlingScope.h \
854	856	Source/JavaScriptCore/runtime/ErrorInstance.cpp \
855	857	Source/JavaScriptCore/runtime/ErrorInstance.h \

branches/jsCStack/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj

-              r161409
+              r161575
     <ClCompile Include="..\runtime\Error.cpp" />
     <ClCompile Include="..\runtime\ErrorConstructor.cpp" />
+    <ClCompile Include="..\runtime\ErrorHandlingScope.cpp" />
     <ClCompile Include="..\runtime\ErrorInstance.cpp" />
     <ClCompile Include="..\runtime\ErrorPrototype.cpp" />
 …
     <ClInclude Include="..\runtime\Error.h" />
     <ClInclude Include="..\runtime\ErrorConstructor.h" />
+    <ClInclude Include="..\runtime\ErrorHandlingScope.h" />
     <ClInclude Include="..\runtime\ErrorInstance.h" />
     <ClInclude Include="..\runtime\ErrorPrototype.h" />

branches/jsCStack/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters

-              r160519
+              r161575
       <Filter>runtime</Filter>
     </ClCompile>
+    <ClCompile Include="..\runtime\ErrorHandlingScope.cpp">
+      <Filter>runtime</Filter>
+    </ClCompile>
     <ClCompile Include="..\runtime\ErrorInstance.cpp">
       <Filter>runtime</Filter>
 …
     </ClInclude>
     <ClInclude Include="..\runtime\ErrorConstructor.h">
+      <Filter>runtime</Filter>
+    </ClInclude>
+    <ClInclude Include="..\runtime\ErrorHandlingScope.h">
       <Filter>runtime</Filter>
     </ClInclude>

branches/jsCStack/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj

-              r161543
+              r161575
                 FEA08620182B7A0400F6D851 /* Breakpoint.h in Headers */ = {isa = PBXBuildFile; fileRef = FEA0861E182B7A0400F6D851 /* Breakpoint.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 FEA08621182B7A0400F6D851 /* DebuggerPrimitives.h in Headers */ = {isa = PBXBuildFile; fileRef = FEA0861F182B7A0400F6D851 /* DebuggerPrimitives.h */; settings = {ATTRIBUTES = (Private, ); }; };
+                FEB58C14187B8B160098EF0B /* ErrorHandlingScope.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FEB58C12187B8B160098EF0B /* ErrorHandlingScope.cpp */; };
+                FEB58C15187B8B160098EF0B /* ErrorHandlingScope.h in Headers */ = {isa = PBXBuildFile; fileRef = FEB58C13187B8B160098EF0B /* ErrorHandlingScope.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 FED287B215EC9A5700DA8161 /* LLIntOpcode.h in Headers */ = {isa = PBXBuildFile; fileRef = FED287B115EC9A5700DA8161 /* LLIntOpcode.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 FED94F2E171E3E2300BE77A4 /* Watchdog.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FED94F2B171E3E2300BE77A4 /* Watchdog.cpp */; };
 …
                 FEA0861E182B7A0400F6D851 /* Breakpoint.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Breakpoint.h; sourceTree = "<group>"; };
                 FEA0861F182B7A0400F6D851 /* DebuggerPrimitives.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DebuggerPrimitives.h; sourceTree = "<group>"; };
+                FEB58C12187B8B160098EF0B /* ErrorHandlingScope.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ErrorHandlingScope.cpp; sourceTree = "<group>"; };
+                FEB58C13187B8B160098EF0B /* ErrorHandlingScope.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ErrorHandlingScope.h; sourceTree = "<group>"; };
                 FED287B115EC9A5700DA8161 /* LLIntOpcode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = LLIntOpcode.h; path = llint/LLIntOpcode.h; sourceTree = "<group>"; };
                 FED94F2B171E3E2300BE77A4 /* Watchdog.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Watchdog.cpp; sourceTree = "<group>"; };
 …
                                 BC02E9040E1839DB000F9297 /* ErrorConstructor.cpp */,
                                 BC02E9050E1839DB000F9297 /* ErrorConstructor.h */,
+                                FEB58C12187B8B160098EF0B /* ErrorHandlingScope.cpp */,
+                                FEB58C13187B8B160098EF0B /* ErrorHandlingScope.h */,
                                 BC02E98A0E183E38000F9297 /* ErrorInstance.cpp */,
                                 BC02E98B0E183E38000F9297 /* ErrorInstance.h */,
 …
                                 FE5932A8183C5A2600A1ECCC /* VMEntryScope.h in Headers */,
 F24E54F17EE274900ABB217 /* TempRegisterSet.h in Headers */,
+                                FEB58C15187B8B160098EF0B /* ErrorHandlingScope.h in Headers */,
                                 A7BFF3C0179868940002F462 /* DFGFiltrationResult.h in Headers */,
                                 C2FCAE1117A9C24E0034C735 /* BytecodeBasicBlock.h in Headers */,
 …
                                 A7D9A29417A0BC7400EE2618 /* DFGAtTailAbstractState.cpp in Sources */,
 F714CA416EA92F000F3EBEB /* DFGBackwardsPropagationPhase.cpp in Sources */,
+                                FEB58C14187B8B160098EF0B /* ErrorHandlingScope.cpp in Sources */,
                                 A7D89CF217A0B8CC00773AD8 /* DFGBasicBlock.cpp in Sources */,
                                 A70B083217A0B79B00DAF14B /* DFGBinarySwitch.cpp in Sources */,

branches/jsCStack/Source/JavaScriptCore/debugger/Debugger.cpp

-              r161104
+              r161575
 #include "Parser.h"
 #include "Protect.h"
-#include "VMEntryScope.h"
 namespace {
 …
     // If JavaScript is running, it's not safe to recompile, since we'll end
     // up throwing away code that is live on the stack.
     ASSERT(!vm->firstEntryScope);
     if (vm->firstEntryScope)
+    ASSERT(!vm->entryScope);
+    if (vm->entryScope)
         return;

branches/jsCStack/Source/JavaScriptCore/debugger/DebuggerCallFrame.cpp

r159605	r161575
36	36	#include "Parser.h"
37	37	#include "StackVisitor.h"
38		~~#include "VMEntryScope.h"~~
39	38
40	39	namespace JSC {

branches/jsCStack/Source/JavaScriptCore/heap/Heap.cpp

-              r161104
+              r161575
 void Heap::lastChanceToFinalize()
+{
     RELEASE_ASSERT(!m_vm->firstEntryScope);
+    RELEASE_ASSERT(!m_vm->entryScope);
     RELEASE_ASSERT(m_operationInProgress == NoOperation);
 …
     // If JavaScript is running, it's not safe to delete code, since we'll end
     // up deleting code that is live on the stack.
     if (m_vm->firstEntryScope)
+    if (m_vm->entryScope)
         return;

branches/jsCStack/Source/JavaScriptCore/interpreter/CallFrame.cpp

-              r161104
+              r161575
     // For any ExecState that's not a globalExec, the
     // dynamic global object must be set since code is running
     ASSERT(vm().firstEntryScope);
     return vm().firstEntryScope->globalObject();
+    ASSERT(vm().entryScope);
+    return vm().entryScope->globalObject();
+}

branches/jsCStack/Source/JavaScriptCore/interpreter/Interpreter.cpp

-              r161229
+              r161575
 namespace JSC {
-Interpreter::ErrorHandlingMode::ErrorHandlingMode(ExecState *exec)
-    : m_interpreter(*exec->interpreter())
+{
-    m_interpreter.m_errorHandlingModeReentry++;
-    m_interpreter.stack().updateStackLimit();
+}
-Interpreter::ErrorHandlingMode::~ErrorHandlingMode()
+{
-    m_interpreter.m_errorHandlingModeReentry--;
-    ASSERT(m_interpreter.m_errorHandlingModeReentry >= 0);
-    if (!m_interpreter.m_errorHandlingModeReentry)
-        m_interpreter.stack().updateStackLimit();
+}
 JSValue eval(CallFrame* callFrame)

branches/jsCStack/Source/JavaScriptCore/interpreter/Interpreter.h

-              r160831
+              r161575
     public:
-        class ErrorHandlingMode {
-        public:
-            JS_EXPORT_PRIVATE ErrorHandlingMode(ExecState*);
-            JS_EXPORT_PRIVATE ~ErrorHandlingMode();
-        private:
-            Interpreter& m_interpreter;
-        };
         Interpreter(VM &);
         ~Interpreter();
 …
         SamplingTool* sampler() { return m_sampler.get(); }
-        bool isInErrorHandlingMode() { return m_errorHandlingModeReentry; }
         NEVER_INLINE HandlerInfo* unwind(CallFrame*&, JSValue&);
         NEVER_INLINE void debug(CallFrame*, DebugHookID);

branches/jsCStack/Source/JavaScriptCore/interpreter/JSStack.cpp

-              r161174
+              r161575
 /*
  * Copyright (C) 2008, 2013 Apple Inc. All rights reserved.
+ * Copyright (C) 2008, 2013, 2014 Apple Inc. All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
 …
 #include "ConservativeRoots.h"
 #include "Interpreter.h"
 #include "VMEntryScope.h"
+#include "Options.h"
 namespace JSC {
 …
 #if ENABLE(LLINT_C_LOOP)
     , m_end(0)
+    , m_hostZoneSizeInRegisters(0)
 #endif
+{
 #if ENABLE(LLINT_C_LOOP)
     size_t capacity = Options::maxStackSize();
+    size_t capacity = Options::maxPerThreadStackUsage();
     ASSERT(capacity && isPageAligned(capacity));
     m_reservation = PageReservation::reserve(roundUpAllocationSize(capacity, commitSize), OSAllocator::JSVMStackPages);
+    m_reservation = PageReservation::reserve(WTF::roundUpToMultipleOf(commitSize, capacity), OSAllocator::JSVMStackPages);
     setStackLimit(highAddress());
     m_commitTop = highAddress();
     m_lastStackTop = baseOfStack();
-    disableErrorStackReserve();
 #endif // ENABLE(LLINT_C_LOOP)
 …
 JSStack::~JSStack()
+{
     void* highAddress = reinterpret_cast<void*>(static_cast<char*>(m_reservation.base()) + m_reservation.size());
     m_reservation.decommit(reinterpret_cast<void*>(m_commitTop), reinterpret_cast<intptr_t>(highAddress) - reinterpret_cast<intptr_t>(m_commitTop));
     addToCommittedByteCount(-(reinterpret_cast<intptr_t>(highAddress) - reinterpret_cast<intptr_t>(m_commitTop)));
+    ptrdiff_t sizeToDecommit = reinterpret_cast<char*>(highAddress()) - reinterpret_cast<char*>(m_commitTop);
+    m_reservation.decommit(reinterpret_cast<void*>(m_commitTop), sizeToDecommit);
+    addToCommittedByteCount(-sizeToDecommit);
     m_reservation.deallocate();
+}
 …
 bool JSStack::growSlowCase(Register* newTopOfStack)
+{
+    Register* newTopOfStackWithHostZone = newTopOfStack - m_hostZoneSizeInRegisters;
     // If we have already committed enough memory to satisfy this request,
     // just update the end pointer and return.
     if (newTopOfStack >= m_commitTop) {
+    if (newTopOfStackWithHostZone >= m_commitTop) {
         setStackLimit(newTopOfStack);
         return true;
 …
     // have it is still within our budget. If not, we'll fail to grow and
     // return false.
+    long delta = roundUpAllocationSize(reinterpret_cast<char*>(m_commitTop) - reinterpret_cast<char*>(newTopOfStack), commitSize);
+    if (reinterpret_cast<char*>(m_commitTop) - delta <= reinterpret_cast<char*>(m_useableTop))
+    ptrdiff_t delta = reinterpret_cast<char*>(m_commitTop) - reinterpret_cast<char*>(newTopOfStackWithHostZone);
+    delta = WTF::roundUpToMultipleOf(commitSize, delta);
+    Register* newCommitTop = m_commitTop - (delta / sizeof(Register));
+    if (newCommitTop < reservationTop())
         return false;
     // Otherwise, the growth is still within our budget. Go ahead and commit
     // it and return true.
     m_reservation.commit(reinterpret_cast<char*>(m_commitTop) - delta, delta);
+    m_reservation.commit(newCommitTop, delta);
     addToCommittedByteCount(delta);
     m_commitTop = reinterpret_cast_ptr<Register*>(reinterpret_cast<char*>(m_commitTop) - delta);
+    m_commitTop = newCommitTop;
     setStackLimit(newTopOfStack);
     return true;
 …
 void JSStack::releaseExcessCapacity()
+{
+    ptrdiff_t delta = reinterpret_cast<uintptr_t>(highAddress()) - reinterpret_cast<uintptr_t>(m_commitTop);
+    Register* highAddressWithHostZone = highAddress() - m_hostZoneSizeInRegisters;
+    ptrdiff_t delta = reinterpret_cast<char*>(highAddressWithHostZone) - reinterpret_cast<char*>(m_commitTop);
     m_reservation.decommit(m_commitTop, delta);
     addToCommittedByteCount(-delta);
     m_commitTop = highAddress();
+    m_commitTop = highAddressWithHostZone;
+}
 …
+}
 void JSStack::enableErrorStackReserve()
+void JSStack::setHostZoneSize(size_t hostZoneSize)
+{
+    m_useableTop = reservationTop();
+}
+void JSStack::disableErrorStackReserve()
+{
+    char* useableTop = reinterpret_cast<char*>(reservationTop()) + commitSize;
+    m_useableTop = reinterpret_cast_ptr<Register*>(useableTop);
+    // By the time we get here, we are guaranteed to be destructing the last
+    // Interpreter::ErrorHandlingMode that enabled this reserve in the first
+    // place. That means the stack space beyond m_useableTop before we
+    // enabled the reserve was not previously in use. Hence, it is safe to
+    // shrink back to that m_useableTop.
+    if (m_end + 1 < m_useableTop) {
+        ASSERT(m_topCallFrame->topOfFrame() > m_useableTop);
+        shrink(m_useableTop);
+    }
+    m_hostZoneSizeInRegisters = hostZoneSize / sizeof(Register);
+    if (m_commitTop >= (m_end + 1) - m_hostZoneSizeInRegisters)
+        growSlowCase(m_end + 1);
+}
 #endif // ENABLE(LLINT_C_LOOP)
 …
+{
     ASSERT(wtfThreadData().stack().isGrowingDownward());
     return reinterpret_cast<Register*>(m_vm.jsStackLimit());
+    return reinterpret_cast<Register*>(m_vm.stackLimit());
+}
 …
+}
-void JSStack::updateStackLimit()
+{
-#if ENABLE(LLINT_C_LOOP)
-    if (m_vm.interpreter->isInErrorHandlingMode())
-        enableErrorStackReserve();
-    else
-        disableErrorStackReserve();
-#endif
-    if (m_vm.topEntryScope)
-        m_vm.topEntryScope->updateStackLimits();
+}
 } // namespace JSC

branches/jsCStack/Source/JavaScriptCore/interpreter/JSStack.h

-              r161170
+              r161575
 /*
  * Copyright (C) 2008, 2009, 2013 Apple Inc. All rights reserved.
+ * Copyright (C) 2008, 2009, 2013, 2014 Apple Inc. All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
 …
         bool ensureCapacityFor(Register* newTopOfStack);
-        void updateStackLimit();
         bool containsAddress(Register* address) { return (lowAddress() <= address && address < highAddress()); }
         static size_t committedByteCount();
 …
         static void initializeThreading();
+        void setHostZoneSize(size_t);
         CallFrame* pushFrame(class CodeBlock*, JSScope*, int argsCount, JSObject* callee);
 …
 #endif // ENABLE(LLINT_C_LOOP)
-        void enableErrorStackReserve();
-        void disableErrorStackReserve();
         VM& m_vm;
         CallFrame*& m_topCallFrame;
 …
         Register* m_end;
         Register* m_commitTop;
-        Register* m_useableTop;
         PageReservation m_reservation;
         Register* m_lastStackTop;
+        ptrdiff_t m_hostZoneSizeInRegisters;
 #endif // ENABLE(LLINT_C_LOOP)

branches/jsCStack/Source/JavaScriptCore/interpreter/JSStackInlines.h

-              r161170
+              r161575
 /*
  * Copyright (C) 2012, 2013 Apple Inc. All rights reserved.
+ * Copyright (C) 2012, 2013, 2014 Apple Inc. All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
 …
 #else
     ASSERT(wtfThreadData().stack().isGrowingDownward());
     return newTopOfStack >= m_vm.jsStackLimit();
+    return newTopOfStack >= m_vm.stackLimit();
 #endif
+}
 …
         return;
     setStackLimit(newTopOfStack);
+    if (m_end == baseOfStack() && (highAddress() - m_commitTop) >= maxExcessCapacity)
+    // Note: Clang complains of an unresolved linkage to maxExcessCapacity if
+    // invoke std::max() with it as an argument. To work around this, we first
+    // assign the constant to a local variable, and use the local instead.
+    ptrdiff_t maxExcessCapacity = JSStack::maxExcessCapacity;
+    ptrdiff_t maxExcessInRegisters = std::max(maxExcessCapacity, m_hostZoneSizeInRegisters);
+    if (m_end == baseOfStack() && (highAddress() - m_commitTop) >= maxExcessInRegisters)
         releaseExcessCapacity();
+}

branches/jsCStack/Source/JavaScriptCore/jit/ExecutableAllocator.h

-              r157474
+              r161575
 static const unsigned jitAllocationGranule = 32;
-inline size_t roundUpAllocationSize(size_t request, size_t granularity)
+{
-    RELEASE_ASSERT((std::numeric_limits<size_t>::max() - granularity) > request);
-    // Round up to next page boundary
-    size_t size = request + (granularity - 1);
-    size = size & ~(granularity - 1);
-    ASSERT(size >= request);
-    return size;
+}
+}
-namespace JSC {
 typedef WTF::MetaAllocatorHandle ExecutableMemoryHandle;

branches/jsCStack/Source/JavaScriptCore/jit/JITOperations.cpp

-              r160967
+              r161575
 #include "DFGWorklist.h"
 #include "Error.h"
+#include "ErrorHandlingScope.h"
 #include "GetterSetter.h"
 #include "HostCallReturnValue.h"
 …
     NativeCallFrameTracer tracer(vm, callerFrame);
     Interpreter::ErrorHandlingMode mode(callerFrame);
+    ErrorHandlingScope errorScope(*vm);
     vm->throwException(callerFrame, createStackOverflowError(callerFrame));
+}

branches/jsCStack/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp

-              r161409
+              r161575
 #include "CommonSlowPaths.h"
 #include "CommonSlowPathsExceptions.h"
+#include "ErrorHandlingScope.h"
 #include "GetterSetter.h"
 #include "HostCallReturnValue.h"
 …
     exec = exec->callerFrame();
     vm.topCallFrame = exec;
     Interpreter::ErrorHandlingMode mode(exec);
+    ErrorHandlingScope errorScope(vm);
     CommonSlowPaths::interpreterThrowInCaller(exec, createStackOverflowError(exec));
     pc = returnToThrowForThrownException(exec);

branches/jsCStack/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm

-              r161409
+              r161575
     checkStackPointerAlignment(temp2, 0xbad0dc01)
-    # The jsStackLimit was previously computed in VMEntryScope using an
-    # estimated stackPointerAtVMEntry value. Adjust the jsStackLimit by
-    # the delta between the actual stackPointerAtVMEntry and the estimate
-    # that we used previously.
-    move sp, temp2
-    subp VM::stackPointerAtVMEntry[vm], temp2, temp2
-    subp VM::m_jsStackLimit[vm], temp2, temp2
-if C_LOOP
-else
-    bpaeq temp2, VM::m_stackLimit[vm], .noNeedToCapJSStackToNativeStackLimit
-    loadp VM::m_stackLimit[vm], temp2
-.noNeedToCapJSStackToNativeStackLimit:
-end
-    storep temp2, VM::m_jsStackLimit[vm]
-    move sp, temp2
-    storep temp2, VM::stackPointerAtVMEntry[vm]
     # The stack host zone ensures that we have adequate space for the
     # VMEntrySentinelFrame. Proceed with allocating and initializing the
 …
     end
-    storep 0, VM::stackPointerAtVMEntry[vm]
     cCall2(_llint_throw_stack_overflow_error, vm, protoCallFrame)
     callToJavaScriptEpilogue()

branches/jsCStack/Source/JavaScriptCore/parser/ParserError.h

-              r160967
+              r161575
 #include "Error.h"
+#include "ErrorHandlingScope.h"
 #include "ExceptionHelpers.h"
 #include "ParserTokens.h"
 …
             return createSyntaxError(globalObject, m_message);
         case StackOverflow: {
             Interpreter::ErrorHandlingMode mode(globalObject->globalExec());
+            ErrorHandlingScope errorScope(globalObject->vm());
             return createStackOverflowError(globalObject);
+        }

branches/jsCStack/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp

-              r161445
+              r161575
 #include "CodeProfiling.h"
 #include "CommonSlowPathsExceptions.h"
+#include "ErrorHandlingScope.h"
 #include "GetterSetter.h"
 #include "HostCallReturnValue.h"
 …
     if (slotsToAdd < 0) {
         exec = exec->callerFrame();
         Interpreter::ErrorHandlingMode mode(exec);
+        ErrorHandlingScope errorScope(exec->vm());
         CommonSlowPaths::interpreterThrowInCaller(exec, createStackOverflowError(exec));
         RETURN_TWO(bitwise_cast<void*>(static_cast<uintptr_t>(1)), exec);
 …
     if (slotsToAdd < 0) {
         exec = exec->callerFrame();
         Interpreter::ErrorHandlingMode mode(exec);
+        ErrorHandlingScope errorScope(exec->vm());
         CommonSlowPaths::interpreterThrowInCaller(exec, createStackOverflowError(exec));
         RETURN_TWO(bitwise_cast<void*>(static_cast<uintptr_t>(1)), exec);

branches/jsCStack/Source/JavaScriptCore/runtime/ExceptionHelpers.cpp

-              r155143
+              r161575
 #include "CodeBlock.h"
 #include "CallFrame.h"
+#include "ErrorHandlingScope.h"
 #include "ErrorInstance.h"
 #include "JSGlobalObjectFunctions.h"
 …
 JSObject* throwStackOverflowError(ExecState* exec)
+{
+    Interpreter::ErrorHandlingMode mode(exec);
+    return exec->vm().throwException(exec, createStackOverflowError(exec));
+    VM& vm = exec->vm();
+    ErrorHandlingScope errorScope(vm);
+    return vm.throwException(exec, createStackOverflowError(exec));
+}
 JSObject* throwTerminatedExecutionException(ExecState* exec)
+{
+    Interpreter::ErrorHandlingMode mode(exec);
+    return exec->vm().throwException(exec, createTerminatedExecutionException(&exec->vm()));
+    VM& vm = exec->vm();
+    ErrorHandlingScope errorScope(vm);
+    return vm.throwException(exec, createTerminatedExecutionException(&vm));
+}

branches/jsCStack/Source/JavaScriptCore/runtime/JSLock.cpp

-              r157809
+              r161575
     SpinLockHolder holder(&spinLock);
 #endif
+    m_savedHostZoneSize = m_vm->hostZoneSize();
+    m_savedStackPointerAtVMEntry = m_vm->stackPointerAtVMEntry;
+    m_vm->stackPointerAtVMEntry = nullptr;
     if (alwaysDropLocks)
         m_lockCount = m_vm->apiLock().dropAllLocksUnconditionally(spinLock);
 …
     SpinLockHolder holder(&spinLock);
 #endif
+    m_savedHostZoneSize = m_vm->hostZoneSize();
+    m_savedStackPointerAtVMEntry = m_vm->stackPointerAtVMEntry;
+    m_vm->stackPointerAtVMEntry = nullptr;
     if (alwaysDropLocks)
         m_lockCount = m_vm->apiLock().dropAllLocksUnconditionally(spinLock);
 …
 #endif
     m_vm->apiLock().grabAllLocks(m_lockCount, spinLock);
+    m_vm->stackPointerAtVMEntry = m_savedStackPointerAtVMEntry;
+    m_vm->updateStackLimitWithHostZoneSize(m_savedHostZoneSize);
+}

branches/jsCStack/Source/JavaScriptCore/runtime/JSLock.h

r161372	r161575
111	111	intptr_t m_lockCount;
112	112	RefPtr<VM> m_vm;
	113	size_t m_savedHostZoneSize;
	114	void* m_savedStackPointerAtVMEntry;
113	115	};
114	116

branches/jsCStack/Source/JavaScriptCore/runtime/Options.h

r161515	r161575
96	96	v(bool, useRegExpJIT, true) \
97	97	\
98		v(unsigned, maxStackSize, 4 * MB) \
	98	v(unsigned, maxPerThreadStackUsage, 4 * MB) \
	99	v(unsigned, hostZoneSize, 128 * KB) \
	100	v(unsigned, errorModeHostZoneSize, 64 * KB) \
99	101	\
100	102	v(bool, crashIfCantAllocateJITMemory, false) \

branches/jsCStack/Source/JavaScriptCore/runtime/VM.cpp

-              r161219
+              r161575
     , jsFinalObjectClassInfo(JSFinalObject::info())
     , sizeOfLastScratchBuffer(0)
+    , firstEntryScope(0)
+    , topEntryScope(0)
+    , entryScope(0)
     , m_enabledProfiler(0)
     , m_regExpCache(new RegExpCache(this))
 …
     interpreter = new Interpreter(*this);
     StackBounds stack = wtfThreadData().stack();
+    setStackLimit(stack.recursionLimit());
+    updateStackLimitWithHostZoneSize(Options::hostZoneSize());
+#if ENABLE(LLINT_C_LOOP)
+    interpreter->stack().setHostZoneSize(Options::hostZoneSize());
+#endif
     setLastStackTop(stack.origin());
 …
     prepareToDiscardCode();
     if (firstEntryScope) {
+    if (entryScope) {
         StackPreservingRecompiler recompiler;
         HeapIterationScope iterationScope(heap);
 …
+}
+size_t VM::updateStackLimitWithHostZoneSize(size_t hostZoneSize)
+{
+    size_t oldHostZoneSize = m_hostZoneSize;
+    m_hostZoneSize = hostZoneSize;
+    void* stackLimit;
+    if (stackPointerAtVMEntry) {
+        ASSERT(wtfThreadData().stack().isGrowingDownward());
+        char* startOfStack = reinterpret_cast<char*>(stackPointerAtVMEntry);
+        char* desiredStackLimit = startOfStack - Options::maxPerThreadStackUsage() + hostZoneSize;
+        stackLimit = wtfThreadData().stack().recursionLimit(hostZoneSize, desiredStackLimit);
+    } else
+        stackLimit = wtfThreadData().stack().recursionLimit(hostZoneSize);
+    setStackLimit(stackLimit);
+    return oldHostZoneSize;
+}
 void releaseExecutableMemory(VM& vm)
+{

branches/jsCStack/Source/JavaScriptCore/runtime/VM.h

-              r161180
+              r161575
         JS_EXPORT_PRIVATE JSObject* throwException(ExecState*, JSObject*);
+        size_t hostZoneSize() const { return m_hostZoneSize; }
+        size_t updateStackLimitWithHostZoneSize(size_t hostZoneSize);
         void** addressOfJSStackLimit() { return &m_jsStackLimit; }
+#if ENABLE(LLINT_C_LOOP)
         void* jsStackLimit() { return m_jsStackLimit; }
         void setJSStackLimit(void* limit) { m_jsStackLimit = limit; }
+#endif
         void* stackLimit() { return m_stackLimit; }
+        void setStackLimit(void* limit) { m_stackLimit = limit; }
         bool isSafeToRecurse(size_t neededStackInBytes = 0) const
+        {
 …
         void gatherConservativeRoots(ConservativeRoots&);
+        VMEntryScope* firstEntryScope;
+        VMEntryScope* topEntryScope;
+        VMEntryScope* entryScope;
         HashSet<JSObject*> stringRecursionCheckVisitedObjects;
 …
         static VM*& sharedInstanceInternal();
         void createNativeThunk();
+        void setStackLimit(void* limit) { m_stackLimit = limit; }
 #if ENABLE(ASSEMBLER)
         bool m_canUseAssembler;
 …
         const ClassInfo* m_initializingObjectClass;
 #endif
+        void* m_stackLimit;
+        void* m_jsStackLimit;
+        size_t m_hostZoneSize;
+#if ENABLE(LLINT_C_LOOP)
+        struct {
+            void* m_stackLimit;
+            void* m_jsStackLimit;
+        };
+#else
+        union {
+            void* m_stackLimit;
+            void* m_jsStackLimit;
+        };
+#endif
         void* m_lastStackTop;
         JSValue m_exception;

branches/jsCStack/Source/JavaScriptCore/runtime/VMEntryScope.cpp

-              r161369
+              r161575
 /*
  * Copyright (C) 2013 Apple Inc. All rights reserved.
+ * Copyright (C) 2013, 2014 Apple Inc. All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
 …
 VMEntryScope::VMEntryScope(VM& vm, JSGlobalObject* globalObject)
     : m_vm(vm)
-    , m_stack(wtfThreadData().stack())
     , m_globalObject(globalObject)
-    , m_prevStackUsage(0)
-    , m_prevTopEntryScope(vm.topEntryScope)
-    , m_prevStackLimit(vm.stackLimit())
-#if !ENABLE(LLINT_C_LOOP)
-    , m_prevJSStackLimit(vm.jsStackLimit())
-#endif
-    , m_prevLastStackTop(vm.lastStackTop())
-    , m_prevStackPointerAtVMEntry(vm.stackPointerAtVMEntry)
-    , m_prevTopCallFrame(vm.topCallFrame)
+{
     ASSERT(wtfThreadData().stack().isGrowingDownward());
+    ASSERT(!vm.topCallFrame || currentStackPointer() <= reinterpret_cast<char*>(vm.topCallFrame->topOfFrame()));
+    // Step 1: Compute the stack usage of the last VM entry before we install
+    // the current entry scope below.
+    if (vm.topEntryScope) {
+        char* topOfStack = reinterpret_cast<char*>(vm.topCallFrame->topOfFrame());
+        m_prevStackUsage = vm.topEntryScope->stackUsageFor(topOfStack);
+    }
+    // Step 2: Install the current entry scope.
+    if (!vm.firstEntryScope) {
+    if (!vm.entryScope) {
 #if ENABLE(ASSEMBLER)
         if (ExecutableAllocator::underMemoryPressure())
             vm.heap.deleteAllCompiledCode();
 #endif
         vm.firstEntryScope = this;
+        vm.entryScope = this;
         // Reset the date cache between JS invocations to force the VM to
 …
         vm.resetDateCache();
+    }
+    vm.stackPointerAtVMEntry = 0;
+    vm.topEntryScope = this;
+    if (!vm.stackPointerAtVMEntry) {
+        vm.stackPointerAtVMEntry = this;
+        m_savedHostZoneSize = vm.updateStackLimitWithHostZoneSize(Options::hostZoneSize());
+    }
     // Clear the captured exception stack between entries
     vm.clearExceptionStack();
-    vm.setLastStackTop(m_stack.origin());
-    // Step 3: Compute the stack limit using the installed entry scope.
-    updateStackLimits();
+}
 VMEntryScope::~VMEntryScope()
+{
+    if (m_vm.firstEntryScope == this)
+        m_vm.firstEntryScope = nullptr;
+    m_vm.topEntryScope = m_prevTopEntryScope;
+    m_vm.setStackLimit(m_prevStackLimit);
+#if !ENABLE(LLINT_C_LOOP)
+    m_vm.setJSStackLimit(m_prevJSStackLimit);
+#endif
+    m_vm.setLastStackTop(m_prevLastStackTop);
+    m_vm.stackPointerAtVMEntry = m_prevStackPointerAtVMEntry;
+    m_vm.topCallFrame = m_prevTopCallFrame;
+}
+size_t VMEntryScope::stackUsageFor(char* topOfStack) const
+{
+    size_t currentStackUsage = 0;
+    ASSERT(m_vm.stackPointerAtVMEntry);
+    char* startOfStack = reinterpret_cast<char*>(m_vm.stackPointerAtVMEntry);
+    ASSERT(topOfStack <= startOfStack);
+    currentStackUsage = startOfStack - topOfStack;
+    ASSERT(Options::maxStackSize() >= m_prevStackUsage + currentStackUsage);
+    return m_prevStackUsage + currentStackUsage;
+}
+void VMEntryScope::updateStackLimits()
+{
+    ASSERT(wtfThreadData().stack().isGrowingDownward());
+    char* topOfStack = currentStackPointer();
+#if !ENABLE(LLINT_C_LOOP)
+    char* topOfJSStack = m_vm.topCallFrame ? reinterpret_cast<char*>(m_vm.topCallFrame->topOfFrame()) : topOfStack;
+    // If we have not re-entered the VM yet via callToJavaScript / callToNativeFunction,
+    // then stackPointerAtVMEntry will not have been set up yet. Instead, we'll
+    // compute the stack limit relative to the current topOfJSStack (as an estimate
+    // of stackPointerAtVMEntry). When we enter callToJavaScript later, we'll adjust
+    // the stack limit with the delta between the actual stackPointerAtVMEntry and
+    // the estimate value that we use here.
+    if (!m_vm.stackPointerAtVMEntry)
+        m_vm.stackPointerAtVMEntry = topOfJSStack;
+    void* jsStackLimit = m_stack.recursionLimit(requiredCapacity(topOfJSStack, JSStackCapacity));
+#ifndef NDEBUG
+    char* startOfStack = reinterpret_cast<char*>(m_vm.stackPointerAtVMEntry);
+    char* stackLimit = reinterpret_cast<char*>(jsStackLimit);
+    ASSERT(m_prevStackUsage + (startOfStack - stackLimit) <= Options::maxStackSize());
+#endif
+    m_vm.setJSStackLimit(jsStackLimit);
+    // Some sanity checks for our pointers into the stack:
+    ASSERT(m_vm.interpreter->stack().containsAddress(reinterpret_cast<Register*>(m_vm.stackPointerAtVMEntry)));
+    ASSERT(m_vm.interpreter->stack().containsAddress(reinterpret_cast<Register*>(topOfJSStack)));
+    ASSERT(currentStackPointer() <= topOfJSStack);
+    ASSERT(topOfJSStack <= m_vm.stackPointerAtVMEntry);
+#endif // !ENABLE(LLINT_C_LOOP)
+    void* nativeStackLimit = m_stack.recursionLimit(requiredCapacity(topOfStack, NativeStackCapacity));
+    m_vm.setStackLimit(nativeStackLimit);
+}
+char* VMEntryScope::currentStackPointer() const
+{
+    char* p;
+#if ENABLE(LLINT_C_LOOP)
+    p = reinterpret_cast<char*>(m_vm.topCallFrame->topOfFrame());
+#else
+    p = reinterpret_cast<char*>(&p);
+#endif
+    return p;
+}
+size_t VMEntryScope::requiredCapacity(char* topOfStack, CapacityType type) const
+{
+    ASSERT(m_stack.isGrowingDownward());
+    size_t excessCStackSize = 0;
+#if !ENABLE(LLINT_C_LOOP)
+    if (type == JSStackCapacity) {
+        ASSERT(Options::maxStackSize() >= stackUsageFor(topOfStack));
+        size_t availableJSStack = Options::maxStackSize() - stackUsageFor(topOfStack);
+        char* bottomOfStack = reinterpret_cast<char*>(m_stack.origin());
+        size_t availableCStack = m_stack.size() - (bottomOfStack - topOfStack);
+        if (availableCStack > availableJSStack)
+            excessCStackSize = availableCStack - availableJSStack;
+    if (m_vm.entryScope == this)
+        m_vm.entryScope = nullptr;
+    if (m_vm.stackPointerAtVMEntry == this) {
+        m_vm.stackPointerAtVMEntry = nullptr;
+        m_vm.updateStackLimitWithHostZoneSize(m_savedHostZoneSize);
+    }
-#else
-    UNUSED_PARAM(topOfStack);
-    UNUSED_PARAM(type);
-    ASSERT(type == NativeStackCapacity);
-#endif
-    // We require a smaller stack budget for the error stack. This is to allow
-    // some minimal JS execution to proceed and do the work of throwing a stack
-    // overflow error if needed. In contrast, arbitrary JS code will require the
-    // more generous stack budget in order to proceed.
-    //
-    // These sizes were derived from the stack usage of a number of sites when
-    // layout occurs when we've already consumed most of the C stack.
-    const size_t requiredStack = 128 * KB;
-    const size_t errorModeRequiredStack = 64 * KB;
-    Interpreter* interpreter = m_vm.interpreter;
-    size_t requiredCapacity = interpreter->isInErrorHandlingMode() ? errorModeRequiredStack : requiredStack;
-    requiredCapacity += excessCStackSize;
-    RELEASE_ASSERT(m_stack.size() >= requiredCapacity);
-    return requiredCapacity;
+}
 } // namespace JSC

branches/jsCStack/Source/JavaScriptCore/runtime/VMEntryScope.h

-              r161369
+              r161575
 /*
  * Copyright (C) 2013 Apple Inc. All rights reserved.
+ * Copyright (C) 2013, 2014 Apple Inc. All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
 …
     JS_EXPORT_PRIVATE ~VMEntryScope();
-    void updateStackLimits();
     JSGlobalObject* globalObject() const { return m_globalObject; }
 private:
-    enum CapacityType {
-        JSStackCapacity,
-        NativeStackCapacity,
-    };
-    size_t requiredCapacity(char* topOfStack, CapacityType) const;
-    char* currentStackPointer() const;
-    size_t stackUsageFor(char* topOfStack) const;
     VM& m_vm;
     StackStats::CheckPoint m_stackCheckPoint;
-    StackBounds m_stack;
     JSGlobalObject* m_globalObject;
+    size_t m_prevStackUsage;
+    // The following pointers may point to a different thread's stack.
+    VMEntryScope* m_prevTopEntryScope;
+    void* m_prevStackLimit;
+#if !ENABLE(LLINT_C_LOOP)
+    void* m_prevJSStackLimit;
+#endif
+    void* m_prevLastStackTop;
+    void* m_prevStackPointerAtVMEntry;
+    ExecState* m_prevTopCallFrame;
+    size_t m_savedHostZoneSize;
 };

branches/jsCStack/Source/WTF/ChangeLog

-              r161409
+              r161575
+-01-09  Mark Lam  <mark.lam@apple.com>
+        CStack: Need a separate stack limit for the JS stack and the C stack.
+        https://bugs.webkit.org/show_bug.cgi?id=126320.
+        Reviewed by Geoffrey Garen.
+        * wtf/StackBounds.h:
+        (WTF::StackBounds::recursionLimit):
+        - Previously, StackBounds::recursionLimit() only takes a host zone size
+          which it uses to compute the client's desired stack limit. Now, there's
+          an alternate version that also allows the client to explicitly specify
+          its desired stack limit in addition to its hostZoneSize requirement.
+          In both cases, StackBounds::recursionLimit() will cap the limit (with
+          allowance for the hostZoneSize) to be within its bounds, and return the
+          capped limit.
 -01-06  Filip Pizlo  <fpizlo@apple.com>

branches/jsCStack/Source/WTF/wtf/StackBounds.h

-              r159605
+              r161575
 #ifndef StackBounds_h
 #define StackBounds_h
+#include <algorithm>
 namespace WTF {
 …
             return static_cast<char*>(m_bound) + minAvailableDelta;
         return static_cast<char*>(m_bound) - minAvailableDelta;
+    }
+    void* recursionLimit(size_t hostZoneSize, void* desiredLimit) const
+    {
+        checkConsistency();
+        if (isGrowingDownward()) {
+            char* endOfStackWithHostZone = reinterpret_cast<char*>(m_bound) + hostZoneSize;
+            return std::max(desiredLimit, reinterpret_cast<void*>(endOfStackWithHostZone));
+        }
+        char* endOfStackWithHostZone = reinterpret_cast<char*>(m_bound) - hostZoneSize;
+        return std::min(desiredLimit, reinterpret_cast<void*>(endOfStackWithHostZone));
+    }

branches/jsCStack/Source/WebCore/ChangeLog

-              r160228
+              r161575
+-01-09  Mark Lam  <mark.lam@apple.com>
+        CStack: Need a separate stack limit for the JS stack and the C stack.
+        https://bugs.webkit.org/show_bug.cgi?id=126320.
+        Reviewed by Geoffrey Garen.
+        No new tests.
+        * ForwardingHeaders/runtime/ErrorHandlingScope.h: Added.
+        * WebCore.vcxproj/WebCore.vcxproj:
+        * WebCore.vcxproj/WebCore.vcxproj.filters:
+        * bindings/js/JSDOMBinding.cpp:
+        (WebCore::reportException):
+        - Updated to use ErrorHandlingScope instead of Interpreter::ErrorHandlingMode.
 -12-06  Laszlo Vidacs  <lac@inf.u-szeged.hu>

branches/jsCStack/Source/WebCore/WebCore.vcxproj/WebCore.vcxproj

r160152	r161575
18592	18592	<ClInclude Include="..\ForwardingHeaders\runtime\DateInstance.h" />
18593	18593	<ClInclude Include="..\ForwardingHeaders\runtime\Error.h" />
	18594	<ClInclude Include="..\ForwardingHeaders\runtime\ErrorHandlingScope.h" />
18594	18595	<ClInclude Include="..\ForwardingHeaders\runtime\ErrorPrototype.h" />
18595	18596	<ClInclude Include="..\ForwardingHeaders\runtime\ExceptionHelpers.h" />

branches/jsCStack/Source/WebCore/WebCore.vcxproj/WebCore.vcxproj.filters

-              r160152
+              r161575
       <Filter>ForwardingHeaders\runtime</Filter>
     </ClInclude>
+    <ClInclude Include="..\ForwardingHeaders\runtime\ErrorHandlingScope.h">
+      <Filter>ForwardingHeaders\runtime</Filter>
+    </ClInclude>
     <ClInclude Include="..\ForwardingHeaders\runtime\ErrorPrototype.h">
       <Filter>ForwardingHeaders\runtime</Filter>

branches/jsCStack/Source/WebCore/bindings/js/JSDOMBinding.cpp

-              r160208
+              r161575
 #include <runtime/DateInstance.h>
 #include <runtime/Error.h>
+#include <runtime/ErrorHandlingScope.h>
 #include <runtime/ExceptionHelpers.h>
 #include <runtime/JSFunction.h>
 …
         return;
     Interpreter::ErrorHandlingMode mode(exec);
+    ErrorHandlingScope errorScope(exec->vm());
     RefPtr<ScriptCallStack> callStack(createScriptCallStackFromException(exec, exception, ScriptCallStack::maxCallStackSizeToCapture));

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 161575 in webkit

Legend:

Download in other formats: