Changeset 161927 in webkit

Timestamp:

Jan 13, 2014, 5:08:05 PM (11 years ago)

Author:

mark.lam@apple.com

Message:

CStack: Fix 64-bit C Loop LLINT.
​https://bugs.webkit.org/show_bug.cgi?id=126790.

Reviewed by Geoffrey Garen.

1. Fixed miscellaneous bugs relevant for the C Loop LLINT (details below).

2. Simplified CLoop::execute() by making it more emulate CPU calls as well. This is done by automatically synthesizing an opcode label at the return point after the call to JS code. The "lr" register (named after the ARM link register) will be set to that return opcode label before the call. The call itself is implemented as an opcode dispatch.

• heap/Heap.cpp:

(JSC::Heap::markRoots):

• Fixed typo: LLINT_CLOOP ==> LLINT_C_LOOP.
• interpreter/JSStack.cpp:

(JSC::JSStack::gatherConservativeRoots):

• Previously, we were declaring a span from baseOfStack() to topOfStack(). baseOfStack() points to the highest slot in the stack. topOfStack() points to the word below the lowest slot in the stack. The ConservativeRoots class will invert the high and low pointers to ensure that it iterates from low to high. However, with this span, the GC will miss not scan the highest slot in the stack, and will instead scan the slot below the stack which is technically outside the stack.

The span is now fixed to be from topOfStack() + 1 to highAddress().
highAddress() points at the slot above the highest slot in the stack.
This means GC will now correctly scan the stack from its lowest to its
highest slots (inclusive).

(JSC::JSStack::sanitizeStack):

• Similar to the gatherConservativeRoots() case, sanitizeStack() is nullifying a span of stack that starts at 2 past the lowest slot in the stack.

This is because topOfStack() points at the slot below the lowest slot
in the stack. m_lastStackTop() points to an old topOfStack() i.e. it
potentially points to a slot that is not in the region of memory
allocated for the stack.

We now add 1 to both of these values to ensure that we're zeroing a
region that is in the stack's allocated memory, and stop at the slot
(inclusive) just below the stack's current lowest used slot.

• interpreter/JSStack.h:
• interpreter/JSStackInlines.h:
• Made topOfStack() public because CLoop::execute() needs it.
• The LLINT assembly (in CLoop::execute()) now takes care of pushing and popping the stack. Hence, we no longer need JSStack's pushFrame, popFrame, and stack fence infrastruture which relies on pushFrame and popFrame. These are now removed.

• llint/LLIntOpcode.h:
• Added new pseudo opcodes:
  • llint_return_to_host: this is the pseudo return address for returning to the host i.e. return from CLoop::execute().
  • llint_cloop_did_return_from_js_X: these are synthesized by the cloop offlineasm as needed i.e. every time it needs to generate code for a cloopCallJSFunction "instruction". These are the opcodes that will serve as the return point that we store in lr and return to when we see a "ret" opcode.

While the offlineasm automatically generates these in LLIntAssembly.h,
we have to manually add the declaration of these opcodes here. If we end
up generating more or less in the future (due to changes in the LLINT
assembly code), then we'll get compiler errors that will tell us to
update this list.

• llint/LLIntSlowPaths.cpp:

(JSC::LLInt::llint_stack_check_at_vm_entry):

• llint/LLIntSlowPaths.h:
• This slow path isn't needed for the non C loop build because the stack is finite sized and grows itself on access. For the C loop, we need this check function to give the JSStack a chance to grow the stack.

• llint/LowLevelInterpreter64.asm:
• Added call to llint_stack_check_at_vm_entry in doCallToJavaScript().
• Fixed up calls and stack adjustments.

• In makeHostFunctionCall(), the non C loop build will push lr and cfr when we call the host function. That's why we adjust the sp by 16 before the call. For the C loop build, we need to set the lr and cfr ourselves here.

• In nativeCallTrampoline(), unlike makeHostFunctionCall(), the return address and cfr has already been set in the frame. Hence, we didn't have to do anything extra. Also got rid of the distinct block for the C_LOOP and just reuse the block for ARM64 since it is exactly what the C_LOOP needs for the most part.

• llint/LowLevelInterpreter.asm:
• Added push/pop or lr and cfr as needed.
• In callTargetFunction(), make the C_LOOP use the same code as other targets except for the call instruction.
• Same for slowPathForCall().
• In prologue(), exclude the OSR check code for the C_LOOP build since it is not needed. Also added popping of cfr and lr since I'm working through this logic already.

• llint/LowLevelInterpreter.cpp:

(JSC::CLoopRegister::operator Register*):
(JSC::CLoop::execute):

• Added TRACE_OPCODE() for debugging use only.
• Simplified some CLoopRegister names.
• Initialize the needed registers and incoming arguments before entering the interpreter loop.
• Added llint_return_to_host as the exit opcode for returning from CLoop::execute(). We set it as the value for lr (the return address) before we enter the interpreter loop.
• Updated the getHostCallReturnValue opcode handler to match the current getHostCallReturnValue and getHostCallReturnValueWithExecState code in JITOperations.cpp.

• offlineasm/cloop.rb:
• Updated C loop register names.
• Added tracking of the number of cloop_did_return_from_js labels.
• Added push, pop, and change the implementation of the cloopCallJSFunction pseudo instruction to use synthesized cloop_did_return_from_js opcodes / labels as return addresses.

• runtime/Executable.cpp:
• Fix C loop build breaker by a prior patch.

• runtime/VM.cpp:

(JSC::VM::VM):

• Fixed typo: LLINT_CLOOP ==> LLINT_C_LOOP.

Location:

branches/jsCStack/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• heap/Heap.cpp (modified) (3 diffs)
• interpreter/JSStack.cpp (modified) (2 diffs)
• interpreter/JSStack.h (modified) (4 diffs)
• interpreter/JSStackInlines.h (modified) (3 diffs)
• llint/LLIntOpcode.h (modified) (2 diffs)
• llint/LLIntSlowPaths.cpp (modified) (2 diffs)
• llint/LLIntSlowPaths.h (modified) (2 diffs)
• llint/LowLevelInterpreter.asm (modified) (12 diffs)
• llint/LowLevelInterpreter.cpp (modified) (11 diffs)
• llint/LowLevelInterpreter64.asm (modified) (5 diffs)
• offlineasm/cloop.rb (modified) (7 diffs)
• runtime/Executable.cpp (modified) (1 diff)
• runtime/VM.cpp (modified) (2 diffs)

branches/jsCStack/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2014-01-13  Mark Lam  <mark.lam@apple.com>
+
+        CStack: Fix 64-bit C Loop LLINT.
+        https://bugs.webkit.org/show_bug.cgi?id=126790.
+
+        Reviewed by Geoffrey Garen.
+
+        1. Fixed miscellaneous bugs relevant for the C Loop LLINT (details below).
+
+        2. Simplified CLoop::execute() by making it more emulate CPU calls as well.
+           This is done by automatically synthesizing an opcode label at the return
+           point after the call to JS code. The "lr" register (named after the ARM
+           link register) will be set to that return opcode label before the call.
+           The call itself is implemented as an opcode dispatch.
+
+        * heap/Heap.cpp:
+        (JSC::Heap::markRoots):
+        - Fixed typo: LLINT_CLOOP ==> LLINT_C_LOOP.
+        * interpreter/JSStack.cpp:
+        (JSC::JSStack::gatherConservativeRoots):
+        - Previously, we were declaring a span from baseOfStack() to topOfStack().
+          baseOfStack() points to the highest slot in the stack.
+          topOfStack() points to the word below the lowest slot in the stack.
+          The ConservativeRoots class will invert the high and low pointers to
+          ensure that it iterates from low to high. However, with this span, the
+          GC will miss not scan the highest slot in the stack, and will instead
+          scan the slot below the stack which is technically outside the stack.
+
+          The span is now fixed to be from topOfStack() + 1 to highAddress().
+          highAddress() points at the slot above the highest slot in the stack.
+          This means GC will now correctly scan the stack from its lowest to its
+          highest slots (inclusive).
+
+        (JSC::JSStack::sanitizeStack):
+        - Similar to the gatherConservativeRoots() case, sanitizeStack() is
+          nullifying a span of stack that starts at 2 past the lowest slot in
+          the stack.
+
+          This is because topOfStack() points at the slot below the lowest slot
+          in the stack. m_lastStackTop() points to an old topOfStack() i.e. it
+          potentially points to a slot that is not in the region of memory
+          allocated for the stack.
+
+          We now add 1 to both of these values to ensure that we're zeroing a
+          region that is in the stack's allocated memory, and stop at the slot
+          (inclusive) just below the stack's current lowest used slot.
+
+        * interpreter/JSStack.h:
+        * interpreter/JSStackInlines.h:
+        - Made topOfStack() public because CLoop::execute() needs it.
+        - The LLINT assembly (in CLoop::execute()) now takes care of pushing
+          and popping the stack. Hence, we no longer need JSStack's pushFrame,
+          popFrame, and stack fence infrastruture which relies on pushFrame
+          and popFrame. These are now removed.
+
+        * llint/LLIntOpcode.h:
+        - Added new pseudo opcodes:
+          - llint_return_to_host: this is the pseudo return address for returning
+            to the host i.e. return from CLoop::execute().
+          - llint_cloop_did_return_from_js_X: these are synthesized by the cloop offlineasm
+            as needed i.e. every time it needs to generate code for a cloopCallJSFunction
+            "instruction". These are the opcodes that will serve as the return point
+            that we store in lr and return to when we see a "ret" opcode.
+
+            While the offlineasm automatically generates these in LLIntAssembly.h,
+            we have to manually add the declaration of these opcodes here. If we end
+            up generating more or less in the future (due to changes in the LLINT
+            assembly code), then we'll get compiler errors that will tell us to
+            update this list.
+
+        * llint/LLIntSlowPaths.cpp:
+        (JSC::LLInt::llint_stack_check_at_vm_entry):
+        * llint/LLIntSlowPaths.h:
+        - This slow path isn't needed for the non C loop build because the stack is
+          finite sized and grows itself on access. For the C loop, we need this check
+          function to give the JSStack a chance to grow the stack.
+
+        * llint/LowLevelInterpreter64.asm:
+        - Added call to llint_stack_check_at_vm_entry in doCallToJavaScript().
+        - Fixed up calls and stack adjustments.
+
+        - In makeHostFunctionCall(), the non C loop build will push lr and cfr when
+          we call the host function. That's why we adjust the sp by 16 before the call.
+          For the C loop build, we need to set the lr and cfr ourselves here.
+
+        - In nativeCallTrampoline(), unlike makeHostFunctionCall(), the return address
+          and cfr has already been set in the frame. Hence, we didn't have to do
+          anything extra. Also got rid of the distinct block for the C_LOOP and just
+          reuse the block for ARM64 since it is exactly what the C_LOOP needs for
+          the most part.
+
+        * llint/LowLevelInterpreter.asm:
+        - Added push/pop or lr and cfr as needed.
+        - In callTargetFunction(), make the C_LOOP use the same code as other
+          targets except for the call instruction.
+        - Same for slowPathForCall().
+        - In prologue(), exclude the OSR check code for the C_LOOP build since it
+          is not needed. Also added popping of cfr and lr since I'm working through
+          this logic already.
+
+        * llint/LowLevelInterpreter.cpp:
+        (JSC::CLoopRegister::operator Register*):
+        (JSC::CLoop::execute):
+        - Added TRACE_OPCODE() for debugging use only.
+        - Simplified some CLoopRegister names.
+        - Initialize the needed registers and incoming arguments before entering
+          the interpreter loop.
+        - Added llint_return_to_host as the exit opcode for returning from
+          CLoop::execute(). We set it as the value for lr (the return address)
+          before we enter the interpreter loop.
+        - Updated the getHostCallReturnValue opcode handler to match the current
+          getHostCallReturnValue and getHostCallReturnValueWithExecState code in
+          JITOperations.cpp.
+
+        * offlineasm/cloop.rb:
+        - Updated C loop register names.
+        - Added tracking of the number of cloop_did_return_from_js labels.
+        - Added push, pop, and change the implementation of the cloopCallJSFunction
+          pseudo instruction to use synthesized cloop_did_return_from_js opcodes
+          / labels as return addresses.
+
+        * runtime/Executable.cpp:
+        - Fix C loop build breaker by a prior patch.
+
+        * runtime/VM.cpp:
+        (JSC::VM::VM):
+        - Fixed typo: LLINT_CLOOP ==> LLINT_C_LOOP.
+
 2014-01-13  Michael Saboff  <msaboff@apple.com>
 

branches/jsCStack/Source/JavaScriptCore/heap/Heap.cpp

@@ -1 +1 @@
 /*
- *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2013 Apple Inc. All rights reserved.
+ *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2013, 2014 Apple Inc. All rights reserved.
  *  Copyright (C) 2007 Eric Seidel <eric@webkit.org>
  *
@@ -460 +460 @@
     }
 
-#if ENABLE(LLINT_CLOOP)
+#if ENABLE(LLINT_C_LOOP)
     ConservativeRoots stackRoots(&m_objectSpace.blocks(), &m_storageSpace);
     {
@@ -500 +500 @@
             visitor.donateAndDrain();
         }
-#if ENABLE(LLINT_CLOOP)
+#if ENABLE(LLINT_C_LOOP)
         {
             GCPHASE(VisitStackRoots);

branches/jsCStack/Source/JavaScriptCore/interpreter/JSStack.cpp

@@ -108 +108 @@
 void JSStack::gatherConservativeRoots(ConservativeRoots& conservativeRoots)
 {
-    conservativeRoots.add(baseOfStack(), topOfStack());
+    conservativeRoots.add(topOfStack() + 1, highAddress());
 }
 
 void JSStack::gatherConservativeRoots(ConservativeRoots& conservativeRoots, JITStubRoutineSet& jitStubRoutines, CodeBlockSet& codeBlocks)
 {
-    conservativeRoots.add(baseOfStack(), topOfStack(), jitStubRoutines, codeBlocks);
+    conservativeRoots.add(topOfStack() + 1, highAddress(), jitStubRoutines, codeBlocks);
 }
 
@@ -121 +121 @@
     
     if (m_lastStackTop < topOfStack()) {
-        char* begin = reinterpret_cast<char*>(m_lastStackTop);
-        char* end = reinterpret_cast<char*>(topOfStack());
+        char* begin = reinterpret_cast<char*>(m_lastStackTop + 1);
+        char* end = reinterpret_cast<char*>(topOfStack() + 1);
         memset(begin, 0, end - begin);
     }

branches/jsCStack/Source/JavaScriptCore/interpreter/JSStack.h

@@ -35 +35 @@
 #include <wtf/PageReservation.h>
 #include <wtf/VMTags.h>
-
-#if ENABLE(LLINT_C_LOOP)
-#define ENABLE_DEBUG_JSSTACK 0
-#if !defined(NDEBUG) && !defined(ENABLE_DEBUG_JSSTACK)
-#define ENABLE_DEBUG_JSSTACK 1
-#endif
-#endif // ENABLE(LLINT_C_LOOP)
 
 namespace JSC {
@@ -110 +103 @@
         void setReservedZoneSize(size_t);
 
-        CallFrame* pushFrame(class CodeBlock*, JSScope*, int argsCount, JSObject* callee);
-
-        void popFrame(CallFrame*);
-
-#if ENABLE(DEBUG_JSSTACK)
-        void installFence(CallFrame*, const char *function = "", int lineNo = 0);
-        void validateFence(CallFrame*, const char *function = "", int lineNo = 0);
-        static const int FenceSize = 4;
-#else // !ENABLE(DEBUG_JSSTACK)
-        void installFence(CallFrame*, const char* = "", int = 0) { }
-        void validateFence(CallFrame*, const char* = "", int = 0) { }
-#endif // !ENABLE(DEBUG_JSSTACK)
+        inline Register* topOfStack();
 #endif // ENABLE(LLINT_C_LOOP)
 
     private:
-
-        inline Register* topOfFrameFor(CallFrame*);
-        inline Register* topOfStack();
 
 #if ENABLE(LLINT_C_LOOP)
@@ -145 +124 @@
 
 #if ENABLE(LLINT_C_LOOP)
+        inline Register* topOfFrameFor(CallFrame*);
+
         Register* reservationTop() const
         {
@@ -150 +131 @@
             return reinterpret_cast_ptr<Register*>(reservationTop);
         }
-
-#if ENABLE(DEBUG_JSSTACK)
-        static JSValue generateFenceValue(size_t argIndex);
-        void installTrapsAfterFrame(CallFrame*);
-        Register* startOfFrameFor(CallFrame*);
-#else
-        void installTrapsAfterFrame(CallFrame*) { }
-#endif
 
         bool grow(Register* newTopOfStack);

branches/jsCStack/Source/JavaScriptCore/interpreter/JSStackInlines.h

@@ -44 +44 @@
 }
 
+#if ENABLE(LLINT_C_LOOP)
+
 inline Register* JSStack::topOfFrameFor(CallFrame* frame)
 {
@@ -56 +58 @@
 {
     return topOfFrameFor(m_topCallFrame);
-}
-
-#if ENABLE(LLINT_C_LOOP)
-
-#if ENABLE(DEBUG_JSSTACK)
-inline Register* JSStack::startOfFrameFor(CallFrame* frame)
-{
-    CallFrame* callerFrame = frame->callerFrameSkippingVMEntrySentinel();
-    return topOfFrameFor(callerFrame);
-}
-#endif // ENABLE(DEBUG_JSSTACK)
-
-inline CallFrame* JSStack::pushFrame(class CodeBlock* codeBlock, JSScope* scope, int argsCount, JSObject* callee)
-{
-    ASSERT(!!scope);
-    Register* oldEnd = topOfStack();
-
-    // Ensure that we have enough space for the parameters:
-    size_t paddedArgsCount = argsCount;
-    if (codeBlock) {
-        size_t numParameters = codeBlock->numParameters();
-        if (paddedArgsCount < numParameters)
-            paddedArgsCount = numParameters;
-    }
-
-    Register* newCallFrameSlot = oldEnd - paddedArgsCount - (2 * JSStack::CallFrameHeaderSize) + 1;
-
-#if ENABLE(DEBUG_JSSTACK)
-    newCallFrameSlot -= JSStack::FenceSize;
-#endif
-
-    Register* topOfStack = newCallFrameSlot;
-    if (!!codeBlock)
-        topOfStack += codeBlock->stackPointerOffset();
-
-    // Ensure that we have the needed stack capacity to push the new frame:
-    if (!grow(topOfStack))
-        return 0;
-
-    // Compute the address of the new VM sentinel frame for this invocation:
-    CallFrame* newVMEntrySentinelFrame = CallFrame::create(newCallFrameSlot + paddedArgsCount + JSStack::CallFrameHeaderSize);
-    ASSERT(!!newVMEntrySentinelFrame);
-
-    // Compute the address of the new frame for this invocation:
-    CallFrame* newCallFrame = CallFrame::create(newCallFrameSlot);
-    ASSERT(!!newCallFrame);
-
-    // The caller frame should always be the real previous frame on the stack,
-    // and not a potential GlobalExec that was passed in. Point callerFrame to
-    // the top frame on the stack.
-    CallFrame* callerFrame = m_topCallFrame;
-
-    // Initialize the VM sentinel frame header:
-    newVMEntrySentinelFrame->initializeVMEntrySentinelFrame(callerFrame);
-
-    // Initialize the callee frame header:
-    newCallFrame->init(codeBlock, 0, scope, newVMEntrySentinelFrame, argsCount, callee);
-
-    ASSERT(!!newCallFrame->scope());
-
-    // Pad additional args if needed:
-    // Note: we need to subtract 1 from argsCount and paddedArgsCount to
-    // exclude the this pointer.
-    for (size_t i = argsCount-1; i < paddedArgsCount-1; ++i)
-        newCallFrame->setArgument(i, jsUndefined());
-
-    installFence(newCallFrame, __FUNCTION__, __LINE__);
-    validateFence(newCallFrame, __FUNCTION__, __LINE__);
-    installTrapsAfterFrame(newCallFrame);
-
-    // Push the new frame:
-    m_topCallFrame = newCallFrame;
-
-    return newCallFrame;
-}
-
-inline void JSStack::popFrame(CallFrame* frame)
-{
-    validateFence(frame, __FUNCTION__, __LINE__);
-
-    // Pop off the callee frame and the sentinel frame.
-    CallFrame* callerFrame = frame->callerFrame()->vmEntrySentinelCallerFrame();
-
-    // Pop to the caller:
-    m_topCallFrame = callerFrame;
-
-    // If we are popping the very first frame from the stack i.e. no more
-    // frames before this, then we can now safely shrink the stack. In
-    // this case, we're shrinking all the way to the beginning since there
-    // are no more frames on the stack.
-    if (!callerFrame)
-        shrink(highAddress());
-
-    installTrapsAfterFrame(callerFrame);
 }
 
@@ -184 +92 @@
 }
 
-#if ENABLE(DEBUG_JSSTACK)
-inline JSValue JSStack::generateFenceValue(size_t argIndex)
-{
-    unsigned fenceBits = 0xfacebad0 | ((argIndex+1) & 0xf);
-    JSValue fenceValue = JSValue(fenceBits);
-    return fenceValue;
-}
-
-// The JSStack fences mechanism works as follows:
-// 1. A fence is a number (JSStack::FenceSize) of JSValues that are initialized
-//    with values generated by JSStack::generateFenceValue().
-// 2. When pushFrame() is called, the fence is installed after the max extent
-//    of the previous topCallFrame and the last arg of the new frame:
-//
-//                     | ...                                  |
-//                     |--------------------------------------|
-//                     | Frame Header of previous frame       |
-//                     |--------------------------------------|
-//    topCallFrame --> |                                      |
-//                     | Locals of previous frame             |
-//                     |--------------------------------------|
-//                     | *** the Fence ***                    |
-//                     |--------------------------------------|
-//                     | VM entry sentinel frame header       |
-//                     |--------------------------------------|
-//                     | Args of new frame                    |
-//                     |--------------------------------------|
-//                     | Frame Header of new frame            |
-//                     |--------------------------------------|
-//           frame --> | Locals of new frame                  |
-//                     |                                      |
-//
-// 3. In popFrame() and elsewhere, we can call JSStack::validateFence() to
-//    assert that the fence contains the values we expect.
-
-inline void JSStack::installFence(CallFrame* frame, const char *function, int lineNo)
-{
-    UNUSED_PARAM(function);
-    UNUSED_PARAM(lineNo);
-    Register* startOfFrame = startOfFrameFor(frame);
-
-    // The last argIndex is at:
-    size_t maxIndex = frame->argIndexForRegister(startOfFrame) + 1;
-    size_t startIndex = maxIndex - FenceSize;
-    for (size_t i = startIndex; i < maxIndex; ++i) {
-        JSValue fenceValue = generateFenceValue(i);
-        frame->setArgument(i, fenceValue);
-    }
-}
-
-inline void JSStack::validateFence(CallFrame* frame, const char *function, int lineNo)
-{
-    UNUSED_PARAM(function);
-    UNUSED_PARAM(lineNo);
-    ASSERT(!!frame->scope());
-    Register* startOfFrame = startOfFrameFor(frame);
-    size_t maxIndex = frame->argIndexForRegister(startOfFrame) + 1;
-    size_t startIndex = maxIndex - FenceSize;
-    for (size_t i = startIndex; i < maxIndex; ++i) {
-        JSValue fenceValue = generateFenceValue(i);
-        JSValue actualValue = frame->getArgumentUnsafe(i);
-        ASSERT(fenceValue == actualValue);
-    }
-}
-
-// When debugging the JSStack, we install bad values after the extent of the
-// topCallFrame at the end of pushFrame() and popFrame(). The intention is
-// to trigger crashes in the event that memory in this supposedly unused
-// region is read and consumed without proper initialization. After the trap
-// words are installed, the stack looks like this:
-//
-//                     | ...                         |
-//                     |-----------------------------|
-//                     | Frame Header of frame       |
-//                     |-----------------------------|
-//    topCallFrame --> |                             |
-//                     | Locals of frame             |
-//                     |-----------------------------|
-//                     | *** Trap words ***          |
-//                     |-----------------------------|
-//                     | Unused space ...            |
-//                     | ...                         |
-
-inline void JSStack::installTrapsAfterFrame(CallFrame* frame)
-{
-    Register* topOfFrame = topOfFrameFor(frame);
-    const int sizeOfTrap = 64;
-    int32_t* startOfTrap = reinterpret_cast<int32_t*>(topOfFrame);
-    int32_t* endOfTrap = startOfTrap - sizeOfTrap;
-    int32_t* endOfCommitedMemory = reinterpret_cast<int32_t*>(m_commitTop);
-
-    // Make sure we're not exceeding the amount of available memory to write to:
-    if (endOfTrap < endOfCommitedMemory)
-        endOfTrap = endOfCommitedMemory;
-
-    // Lay the traps:
-    int32_t* p = startOfTrap;
-    while (--p >= endOfTrap)
-        *p = 0xabadcafe; // A bad word to trigger a crash if deref'ed.
-}
-#endif // ENABLE(DEBUG_JSSTACK)
 #endif // ENABLE(LLINT_C_LOOP)
 

branches/jsCStack/Source/JavaScriptCore/llint/LLIntOpcode.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2012, 2013 Apple Inc. All rights reserved.
+ * Copyright (C) 2012, 2013, 2014 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -35 +35 @@
 #define FOR_EACH_LLINT_NOJIT_NATIVE_HELPER(macro) \
     macro(getHostCallReturnValue, 1) \
+    macro(llint_return_to_host, 1) \
     macro(llint_call_to_javascript, 1) \
     macro(llint_call_to_native_function, 1) \
-    macro(handleUncaughtException, 1)
+    macro(handleUncaughtException, 1) \
+    \
+    macro(llint_cloop_did_return_from_js_1, 1) \
+    macro(llint_cloop_did_return_from_js_2, 1) \
+    macro(llint_cloop_did_return_from_js_3, 1) \
+    macro(llint_cloop_did_return_from_js_4, 1) \
+    macro(llint_cloop_did_return_from_js_5, 1) \
+    macro(llint_cloop_did_return_from_js_6, 1) \
+    macro(llint_cloop_did_return_from_js_7, 1) \
 
 #else // !ENABLE(LLINT_C_LOOP)

branches/jsCStack/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2011, 2012, 2013 Apple Inc. All rights reserved.
+ * Copyright (C) 2011, 2012, 2013, 2014 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -1430 +1430 @@
 }
 
+#if ENABLE(LLINT_C_LOOP)
+SlowPathReturnType llint_stack_check_at_vm_entry(VM* vm, Register* newTopOfStack)
+{
+    bool success = vm->interpreter->stack().ensureCapacityFor(newTopOfStack);
+    return encodeResult(reinterpret_cast<void*>(success), 0);
+}
+#endif
+
 } } // namespace JSC::LLInt
 

branches/jsCStack/Source/JavaScriptCore/llint/LLIntSlowPaths.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2011 Apple Inc. All rights reserved.
+ * Copyright (C) 2011, 2014 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -125 +125 @@
 LLINT_SLOW_PATH_HIDDEN_DECL(slow_path_put_to_scope);
 extern "C" SlowPathReturnType llint_throw_stack_overflow_error(VM*, ProtoCallFrame*);
+#if ENABLE(LLINT_C_LOOP)
+extern "C" SlowPathReturnType llint_stack_check_at_vm_entry(VM*, Register*);
+#endif
 
 } } // namespace JSC::LLInt

branches/jsCStack/Source/JavaScriptCore/llint/LowLevelInterpreter.asm

@@ -218 +218 @@
 
 macro checkStackPointerAlignment(tempReg, location)
-    if ARM64
+    if ARM64 or C_LOOP
         # ARM64 will check for us!
+        # C_LOOP does not need the alignment, and can use a little perf
+        # improvement from avoiding useless work.
     else
         andp sp, 0xf, tempReg
@@ -231 +233 @@
 macro preserveCallerPCAndCFR()
     if C_LOOP or ARM or ARMv7 or ARMv7_TRADITIONAL or MIPS or SH4
-        # In C_LOOP case, we're only preserving the bytecode vPC.
-        # FIXME: Need to fix for other ports
-        # move lr, destinationRegister
+        push lr
+        push cfr
+        move sp, cfr
     elsif X86 or X86_64
         push cfr
@@ -247 +249 @@
 macro restoreCallerPCAndCFR()
     if C_LOOP or ARM or ARMv7 or ARMv7_TRADITIONAL or MIPS or SH4
-        # In C_LOOP case, we're only preserving the bytecode vPC.
-        # FIXME: Need to fix for other ports
-        # move lr, destinationRegister
+        move cfr, sp
+        pop cfr
+        pop lr
     elsif X86 or X86_64
         move cfr, sp
@@ -286 +288 @@
     elsif ARM64
         pushLRAndFP
-    elsif ARM or ARMv7 or ARMv7_TRADITIONAL or MIPS
+    elsif C_LOOP or ARM or ARMv7 or ARMv7_TRADITIONAL or MIPS
+        push lr
         push cfr
-        push lr
     end
     move sp, cfr
@@ -298 +300 @@
     elsif ARM64
         popLRAndFP
-    elsif ARM or ARMv7 or ARMv7_TRADITIONAL or MIPS
+    elsif C_LOOP or ARM or ARMv7 or ARMv7_TRADITIONAL or MIPS
+        pop cfr
         pop lr
-        pop cfr
     end
 end
@@ -311 +313 @@
     elsif ARM64
         pushLRAndFP
-    elsif ARM or ARMv7 or ARMv7_TRADITIONAL or MIPS
+    elsif C_LOOP or ARM or ARMv7 or ARMv7_TRADITIONAL or MIPS
+        push lr
         push lr
         push cfr
@@ -328 +331 @@
     elsif ARM64
         popLRAndFP
-    elsif ARM or ARMv7 or ARMv7_TRADITIONAL or MIPS
+    elsif C_LOOP or ARM or ARMv7 or ARMv7_TRADITIONAL or MIPS
+        pop cfr
         pop cfr
         pop lr
@@ -353 +357 @@
 
 macro callTargetFunction(callLinkInfo, calleeFramePtr)
+    move calleeFramePtr, sp
     if C_LOOP
         cloopCallJSFunction LLIntCallLinkInfo::machineCodeTarget[callLinkInfo]
     else
-        move calleeFramePtr, sp
         call LLIntCallLinkInfo::machineCodeTarget[callLinkInfo]
-        restoreStackPointerAfterCall()
-        dispatchAfterCall()
-    end
+    end
+    restoreStackPointerAfterCall()
+    dispatchAfterCall()
 end
 
@@ -367 +371 @@
         slowPath,
         macro (callee)
+            btpz t1, .dontUpdateSP
+            addp CallerFrameAndPCSize, t1, sp
+        .dontUpdateSP:
             if C_LOOP
                 cloopCallJSFunction callee
             else
-                btpz t1, .dontUpdateSP
-                addp CallerFrameAndPCSize, t1, sp
-            .dontUpdateSP:
                 call callee
-                restoreStackPointerAfterCall()
-                dispatchAfterCall()
             end
+            restoreStackPointerAfterCall()
+            dispatchAfterCall()
         end)
 end
@@ -440 +444 @@
     end
     codeBlockGetter(t1)
+if C_LOOP
+else
     baddis 5, CodeBlock::m_llintExecuteCounter + ExecutionCounter::m_counter[t1], .continue
     cCall2(osrSlowPath, cfr, PC)
@@ -447 +453 @@
     if ARM64
         popLRAndFP
+    elsif ARM or ARMv7 or ARMv7_TRADITIONAL or MIPS or SH4
+        pop cfr
+        pop lr
     else
         pop cfr
@@ -454 +463 @@
     codeBlockGetter(t1)
 .continue:
+end
+
     codeBlockSetter(t1)
     

branches/jsCStack/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2012 Apple Inc. All rights reserved.
+ * Copyright (C) 2012, 2014 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -91 +91 @@
 #define OFFLINE_ASM_END
 
+#if ENABLE(OPCODE_TRACING)
+#define TRACE_OPCODE(opcode) dataLogF("   op %s\n", #opcode)
+#else
+#define TRACE_OPCODE(opcode)
+#endif
+
 // To keep compilers happy in case of unused labels, force usage of the label:
 #define USE_LABEL(label) \
@@ -98 +104 @@
     } while (false)
 
-#define OFFLINE_ASM_OPCODE_LABEL(opcode) DEFINE_OPCODE(opcode) USE_LABEL(opcode);
+#define OFFLINE_ASM_OPCODE_LABEL(opcode) DEFINE_OPCODE(opcode) USE_LABEL(opcode); TRACE_OPCODE(opcode);
 
 #if ENABLE(COMPUTED_GOTO_OPCODES)
@@ -213 +219 @@
 #endif // !USE(JSVALUE64)
 
+        intptr_t* ip;
         int8_t* i8p;
         void* vp;
+        CallFrame* callFrame;
         ExecState* execState;
         void* instruction;
@@ -233 +241 @@
     operator VM*() { return vm; }
     operator ProtoCallFrame*() { return protoCallFrame; }
+    operator Register*() { return reinterpret_cast<Register*>(vp); }
 
 #if USE(JSVALUE64)
@@ -314 +323 @@
     // 3. 64 bit result values will be in t0.
 
-    CLoopRegister t0, t1, t2, t3, t5, sp;
+    CLoopRegister t0, t1, t2, t3, t5, sp, cfr, lr, pc;
 #if USE(JSVALUE64)
-    CLoopRegister rBasePC, tagTypeNumber, tagMask;
-#endif
-    CLoopRegister rRetVPC;
+    CLoopRegister pcBase, tagTypeNumber, tagMask;
+#endif
     CLoopDoubleRegister d0, d1;
 
-    Instruction* vPC;
-
-    // rPC is an alias for vPC. Set up the alias:
-    CLoopRegister& rPC = *CAST<CLoopRegister*>(&vPC);
+    lr.opcode = getOpcode(llint_return_to_host);
+    sp.vp = vm->interpreter->stack().topOfStack() + 1;
+    cfr.callFrame = vm->topCallFrame;
+#ifndef NDEBUG
+    void* startSP = sp.vp;
+    CallFrame* startCFR = cfr.callFrame;
+#endif
 
     // Initialize the incoming args for doCallToJavaScript:
@@ -338 +349 @@
 #endif // USE(JSVALUE64)
 
-    // cfr is an alias for callFrame. Set up this alias:
-    CallFrame* callFrame;
-    CLoopRegister& cfr = *CAST<CLoopRegister*>(&callFrame);
-
-    // Simulate a native return PC which should never be used:
-    rRetVPC.i = 0xbbadbeef;
-
     // Interpreter variables for value passing between opcodes and/or helpers:
     NativeFunction nativeFunc = 0;
     JSValue functionReturnValue;
     Opcode opcode = getOpcode(entryOpcodeID);
+
+    #define PUSH(cloopReg) \
+        do { \
+            sp.ip--; \
+            *sp.ip = cloopReg.i; \
+        } while (false)
+    
+    #define POP(cloopReg) \
+        do { \
+            cloopReg.i = *sp.ip; \
+            sp.ip++; \
+        } while (false)
 
     #if ENABLE(OPCODE_STATS)
@@ -358 +374 @@
 
     #if USE(JSVALUE32_64)
-        #define FETCH_OPCODE() vPC->u.opcode
+        #define FETCH_OPCODE() pc.opcode
     #else // USE(JSVALUE64)
-        #define FETCH_OPCODE() *bitwise_cast<Opcode*>(rBasePC.i8p + rPC.i * 8)
+        #define FETCH_OPCODE() *bitwise_cast<Opcode*>(pcBase.i8p + pc.i * 8)
     #endif // USE(JSVALUE64)
 
@@ -409 +425 @@
         #include "LLIntAssembly.h"
 
+        OFFLINE_ASM_GLUE_LABEL(llint_return_to_host)
+        {
+            ASSERT(startSP == sp.vp);
+            ASSERT(startCFR == cfr.callFrame);
+#if USE(JSVALUE32_64)
+            return JSValue(t1.i, t0.i); // returning JSValue(tag, payload);
+#else
+            return JSValue::decode(t0.encodedJSValue);
+#endif
+        }
+
         // In the ASM llint, getHostCallReturnValue() is a piece of glue
-        // function provided by the JIT (see dfg/DFGOperations.cpp).
+        // function provided by the JIT (see jit/JITOperations.cpp).
         // We simulate it here with a pseduo-opcode handler.
         OFFLINE_ASM_GLUE_LABEL(getHostCallReturnValue)
         {
-            // The ASM part pops the frame:
-            callFrame = callFrame->callerFrame();
-
             // The part in getHostCallReturnValueWithExecState():
             JSValue result = vm->hostCallReturnValue;
@@ -425 +449 @@
             t0.encodedJSValue = JSValue::encode(result);
 #endif
-            goto doReturnHelper;
+            opcode = lr.opcode;
+            DISPATCH_OPCODE();
         }
 
@@ -434 +459 @@
 
     } // END bytecode handler cases.
-
-    //========================================================================
-    // Bytecode helpers:
-
-    doReturnHelper: {
-        ASSERT(!!callFrame);
-        if (callFrame->isVMEntrySentinel()) {
-#if USE(JSVALUE32_64)
-            return JSValue(t1.i, t0.i); // returning JSValue(tag, payload);
-#else
-            return JSValue::decode(t0.encodedJSValue);
-#endif
-        }
-
-        // The normal ASM llint call implementation returns to the caller as
-        // recorded in rRetVPC, and the caller would fetch the return address
-        // from ArgumentCount.tag() (see the dispatchAfterCall() macro used in
-        // the callTargetFunction() macro in the llint asm files).
-        //
-        // For the C loop, we don't have the JIT stub to do this work for us. So,
-        // we jump to llint_generic_return_point.
-
-        vPC = callFrame->currentVPC();
-
-#if USE(JSVALUE64)
-        // Based on LowLevelInterpreter64.asm's dispatchAfterCall():
-
-        // When returning from a native trampoline call, unlike the assembly
-        // LLInt, we can't simply return to the caller. In our case, we grab
-        // the caller's VPC and resume execution there. However, the caller's
-        // VPC returned by callFrame->currentVPC() is in the form of the real
-        // address of the target bytecode, but the 64-bit llint expects the
-        // VPC to be a bytecode offset. Hence, we need to map it back to a
-        // bytecode offset before we dispatch via the usual dispatch mechanism
-        // i.e. NEXT_INSTRUCTION():
-
-        CodeBlock* codeBlock = callFrame->codeBlock();
-        ASSERT(codeBlock);
-        rPC.vp = callFrame->currentVPC();
-        rPC.i = rPC.i8p - reinterpret_cast<int8_t*>(codeBlock->instructions().begin());
-        rPC.i >>= 3;
-
-        rBasePC.vp = codeBlock->instructions().begin();
-#endif // USE(JSVALUE64)
-
-        goto llint_generic_return_point;
-
-    } // END doReturnHelper.
-
 
 #if ENABLE(COMPUTED_GOTO_OPCODES)

branches/jsCStack/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm

@@ -151 +151 @@
 
     if C_LOOP
-    # FIXME: Need to call stack check here to see if we can grow the stack.
-    # Will need to preserve registers so that we can recover if we do not end
-    # up throwing a StackOverflowError.
+        move entry, temp2
+        move vm, temp3
+        cloopCallSlowPath _llint_stack_check_at_vm_entry, vm, temp1
+        bpeq t0, 0, .stackCheckFailed
+        move temp2, entry
+        move temp3, vm
+        jmp .stackHeightOK
+
+.stackCheckFailed:
+        move temp2, entry
+        move temp3, vm
     end
 
@@ -226 +234 @@
 macro makeJavaScriptCall(entry, temp)
     addp 16, sp
-    call entry
+    if C_LOOP
+        cloopCallJSFunction entry
+    else
+        call entry
+    end
     subp 16, sp
 end
@@ -238 +250 @@
         move sp, a0
     end
-    addp 16, sp
-    call temp
-    subp 16, sp
+    if C_LOOP
+        storep cfr, [sp]
+        storep lr, 8[sp]
+        cloopCallNative temp
+    else
+        addp 16, sp 
+        call temp
+        subp 16, sp
+    end
 end
 
@@ -1896 +1914 @@
         andp MarkedBlockMask, t3
         loadp MarkedBlock::m_weakSet + WeakSet::m_vm[t3], t3
-    elsif ARM64
+    elsif ARM64 or C_LOOP
         loadp ScopeChain[cfr], t0
         andp MarkedBlockMask, t0
@@ -1910 +1928 @@
         loadp JSFunction::m_executable[t1], t1
         move t2, cfr # Restore cfr to avoid loading from stack
-        call executableOffsetToFunction[t1]
-        restoreReturnAddressBeforeReturn(t3)
-        loadp ScopeChain[cfr], t3
-        andp MarkedBlockMask, t3
-        loadp MarkedBlock::m_weakSet + WeakSet::m_vm[t3], t3
-    elsif C_LOOP
-        loadp CallerFrame[cfr], t0
-        loadp ScopeChain[t0], t1
-        storep t1, ScopeChain[cfr]
-
-        loadp ScopeChain[cfr], t3
-        andp MarkedBlockMask, t3
-        loadp MarkedBlock::m_weakSet + WeakSet::m_vm[t3], t3
-        storep cfr, VM::topCallFrame[t3]
-
-        move t0, t2
-        preserveReturnAddressAfterCall(t3)
-        storep t3, ReturnPC[cfr]
-        move cfr, t0
-        loadp Callee[cfr], t1
-        loadp JSFunction::m_executable[t1], t1
-        move t2, cfr
-        cloopCallNative executableOffsetToFunction[t1]
-
+        if C_LOOP
+            cloopCallNative executableOffsetToFunction[t1]
+        else
+            call executableOffsetToFunction[t1]
+        end
         restoreReturnAddressBeforeReturn(t3)
         loadp ScopeChain[cfr], t3

branches/jsCStack/Source/JavaScriptCore/offlineasm/cloop.rb

@@ -1 @@
-# Copyright (C) 2012 Apple Inc. All rights reserved.
+# Copyright (C) 2012, 2014 Apple Inc. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -80 +80 @@
             "t3"
         when "t4"
-            "rPC"
+            "pc"
         when "t5"
             "t5"
         when "t6"
-            "rBasePC"
+            "pcBase"
         when "csr1"
             "tagTypeNumber"
@@ -92 +92 @@
             "cfr"
         when "lr"
-            "rRetVPC"
+            "lr"
         when "sp"
             "sp"
@@ -545 +545 @@
     $asm.putc "{"
     $asm.putc "    SlowPathReturnType result = #{operands[0].cLabel}(#{operands[1].clDump}, #{operands[2].clDump});"
-    $asm.putc "    decodeResult(result, t0.instruction, t1.vp);"
+    $asm.putc "    decodeResult(result, t0.vp, t1.vp);"
     $asm.putc "}"
 end
 
 class Instruction
+    @@didReturnFromJSLabelCounter = 0
+
     def lowerC_LOOP
         $asm.codeOrigin codeOriginString if $enableCodeOriginComments
@@ -863 +865 @@
             $asm.putc "CRASH(); // break instruction not implemented."
         when "ret"
-            $asm.putc "goto doReturnHelper;"
+            $asm.putc "opcode = lr.opcode;"
+            $asm.putc "DISPATCH_OPCODE();"
 
         when "cbeq"
@@ -1084 +1087 @@
             
         when "memfence"
+
+        when "push"
+            $asm.putc "PUSH(#{operands[0].clDump});"
         when "pop"
-            $asm.putc "RELEASE_ASSERT_NOT_REACHED(); // pop not implemented."
+            $asm.putc "POP(#{operands[0].clDump});"
 
         when "pushCalleeSaves"
@@ -1103 +1109 @@
         # as an opcode dispatch.
         when "cloopCallJSFunction"
+            @@didReturnFromJSLabelCounter += 1
+            $asm.putc "lr.opcode = getOpcode(llint_cloop_did_return_from_js_#{@@didReturnFromJSLabelCounter});"
             $asm.putc "opcode = #{operands[0].clValue(:opcode)};"
             $asm.putc "DISPATCH_OPCODE();"
+            $asm.putsLabel("llint_cloop_did_return_from_js_#{@@didReturnFromJSLabelCounter}")
 
         # We can't do generic function calls with an arbitrary set of args, but

branches/jsCStack/Source/JavaScriptCore/runtime/Executable.cpp

@@ -35 +35 @@
 #include "Operations.h"
 #include "Parser.h"
+#include <wtf/CommaPrinter.h>
 #include <wtf/Vector.h>
 #include <wtf/text/StringBuilder.h>

branches/jsCStack/Source/JavaScriptCore/runtime/VM.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2008, 2011, 2013 Apple Inc. All rights reserved.
+ * Copyright (C) 2008, 2011, 2013, 2014 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -222 +222 @@
 #endif
     , m_stackLimit(0)
-#if ENABLE(LLINT_CLOOP)
+#if ENABLE(LLINT_C_LOOP)
     , m_jsStackLimit(0)
 #endif