Changeset 235419 in webkit

Timestamp:

Aug 27, 2018, 10:01:05 PM (7 years ago)

Author:

mark.lam@apple.com

Message:

Fix exception throwing code so that topCallFrame and topEntryFrame stay true to their names.
​https://bugs.webkit.org/show_bug.cgi?id=188577
<rdar://problem/42985684>

Reviewed by Saam Barati.

JSTests:

• stress/regress-188577.js: Added.

Source/JavaScriptCore:

1. Introduced CallFrame::convertToStackOverflowFrame() which converts the current (top) CallFrame (which may not have a valid callee) into a StackOverflowFrame.

The StackOverflowFrame is a sentinel frame that the low level code (exception
throwing code, stack visitor, and stack unwinding code) will know to skip
over. The StackOverflowFrame will also have a valid JSCallee so that client
code can compute the globalObject or VM from this frame.

As a result, client code that throws StackOverflowErrors no longer need to
compute the caller frame to throw from: it just converts the top frame into
a StackOverflowFrame and everything should *Just Work*.

2. NativeCallFrameTracerWithRestore is now obsolete.

Instead, client code should always call convertToStackOverflowFrame() on the
frame before instantiating a NativeCallFrameTracer with it.

This means that topCallFrame will always point to the top CallFrame (which
may be a StackOverflowFrame), and topEntryFrame will always point to the top
EntryFrame. We'll never temporarily point them to the previous EntryFrame
(which we used to do with NativeCallFrameTracerWithRestore).

3. genericUnwind() and Interpreter::unwind() will now always unwind from the top CallFrame, and will know how to handle a StackOverflowFrame if they see one.

This obsoletes the UnwindStart flag.

• CMakeLists.txt:
• JavaScriptCore.xcodeproj/project.pbxproj:
• Sources.txt:
• debugger/Debugger.cpp:

(JSC::Debugger::pauseIfNeeded):

• interpreter/CallFrame.cpp:

(JSC::CallFrame::callerFrame const):
(JSC::CallFrame::unsafeCallerFrame const):
(JSC::CallFrame::convertToStackOverflowFrame):
(JSC::CallFrame::callerFrame): Deleted.
(JSC::CallFrame::unsafeCallerFrame): Deleted.

• interpreter/CallFrame.h:

(JSC::ExecState::iterate):

• interpreter/CallFrameInlines.h: Added.

(JSC::CallFrame::isStackOverflowFrame const):
(JSC::CallFrame::isWasmFrame const):

• interpreter/EntryFrame.h: Added.

(JSC::EntryFrame::vmEntryRecordOffset):
(JSC::EntryFrame::calleeSaveRegistersBufferOffset):

• interpreter/FrameTracers.h:

(JSC::NativeCallFrameTracerWithRestore::NativeCallFrameTracerWithRestore): Deleted.
(JSC::NativeCallFrameTracerWithRestore::~NativeCallFrameTracerWithRestore): Deleted.

• interpreter/Interpreter.cpp:

(JSC::Interpreter::unwind):

• interpreter/Interpreter.h:
• interpreter/StackVisitor.cpp:

(JSC::StackVisitor::StackVisitor):

• interpreter/StackVisitor.h:

(JSC::StackVisitor::visit):
(JSC::StackVisitor::topEntryFrameIsEmpty const):

• interpreter/VMEntryRecord.h:

(JSC::VMEntryRecord::callee const):
(JSC::EntryFrame::vmEntryRecordOffset): Deleted.
(JSC::EntryFrame::calleeSaveRegistersBufferOffset): Deleted.

• jit/AssemblyHelpers.h:
• jit/JITExceptions.cpp:

(JSC::genericUnwind):

• jit/JITExceptions.h:
• jit/JITOperations.cpp:
• llint/LLIntOffsetsExtractor.cpp:
• llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

• llint/LowLevelInterpreter.asm:
• llint/LowLevelInterpreter32_64.asm:
• llint/LowLevelInterpreter64.asm:
• runtime/CallData.cpp:
• runtime/CommonSlowPaths.cpp:

(JSC::throwArityCheckStackOverflowError):
(JSC::SLOW_PATH_DECL):

• runtime/CommonSlowPathsExceptions.cpp: Removed.
• runtime/CommonSlowPathsExceptions.h: Removed.
• runtime/Completion.cpp:

(JSC::evaluateWithScopeExtension):

• runtime/JSGeneratorFunction.h:
• runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::visitChildren):

• runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::stackOverflowFrameCallee const):

• runtime/VM.cpp:

(JSC::VM::throwException):

• runtime/VM.h:
• runtime/VMInlines.h:

(JSC::VM::topJSCallFrame const):

LayoutTests:

• http/tests/misc/large-js-program-expected.txt:

Location:

trunk

Files:

• JSTests/ChangeLog (modified) (1 diff)
• JSTests/stress/regress-188577.js (added)
• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/misc/large-js-program-expected.txt (modified) (1 diff)
• Source/JavaScriptCore/CMakeLists.txt (modified) (1 diff)
• Source/JavaScriptCore/ChangeLog (modified) (1 diff)
• Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj (modified) (11 diffs)
• Source/JavaScriptCore/Sources.txt (modified) (1 diff)
• Source/JavaScriptCore/debugger/Debugger.cpp (modified) (2 diffs)
• Source/JavaScriptCore/interpreter/CallFrame.cpp (modified) (4 diffs)
• Source/JavaScriptCore/interpreter/CallFrame.h (modified) (4 diffs)
• Source/JavaScriptCore/interpreter/CallFrameInlines.h (added)
• Source/JavaScriptCore/interpreter/EntryFrame.h (added)
• Source/JavaScriptCore/interpreter/FrameTracers.h (modified) (2 diffs)
• Source/JavaScriptCore/interpreter/Interpreter.cpp (modified) (2 diffs)
• Source/JavaScriptCore/interpreter/Interpreter.h (modified) (2 diffs)
• Source/JavaScriptCore/interpreter/StackVisitor.cpp (modified) (2 diffs)
• Source/JavaScriptCore/interpreter/StackVisitor.h (modified) (6 diffs)
• Source/JavaScriptCore/interpreter/VMEntryRecord.h (modified) (4 diffs)
• Source/JavaScriptCore/jit/AssemblyHelpers.h (modified) (1 diff)
• Source/JavaScriptCore/jit/JITExceptions.cpp (modified) (4 diffs)
• Source/JavaScriptCore/jit/JITExceptions.h (modified) (2 diffs)
• Source/JavaScriptCore/jit/JITOperations.cpp (modified) (4 diffs)
• Source/JavaScriptCore/llint/LLIntOffsetsExtractor.cpp (modified) (1 diff)
• Source/JavaScriptCore/llint/LLIntSlowPaths.cpp (modified) (3 diffs)
• Source/JavaScriptCore/llint/LowLevelInterpreter.asm (modified) (1 diff)
• Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm (modified) (3 diffs)
• Source/JavaScriptCore/llint/LowLevelInterpreter64.asm (modified) (4 diffs)
• Source/JavaScriptCore/runtime/CallData.cpp (modified) (1 diff)
• Source/JavaScriptCore/runtime/CommonSlowPaths.cpp (modified) (4 diffs)
• Source/JavaScriptCore/runtime/CommonSlowPathsExceptions.cpp (deleted)
• Source/JavaScriptCore/runtime/CommonSlowPathsExceptions.h (deleted)
• Source/JavaScriptCore/runtime/Completion.cpp (modified) (2 diffs)
• Source/JavaScriptCore/runtime/JSGeneratorFunction.h (modified) (1 diff)
• Source/JavaScriptCore/runtime/JSGlobalObject.cpp (modified) (2 diffs)
• Source/JavaScriptCore/runtime/JSGlobalObject.h (modified) (3 diffs)
• Source/JavaScriptCore/runtime/VM.cpp (modified) (2 diffs)
• Source/JavaScriptCore/runtime/VM.h (modified) (3 diffs)
• Source/JavaScriptCore/runtime/VMInlines.h (modified) (3 diffs)

trunk/JSTests/ChangeLog

@@ +1 @@
+2018-08-27  Mark Lam  <mark.lam@apple.com>
+
+        Fix exception throwing code so that topCallFrame and topEntryFrame stay true to their names.
+        https://bugs.webkit.org/show_bug.cgi?id=188577
+        <rdar://problem/42985684>
+
+        Reviewed by Saam Barati.
+
+        * stress/regress-188577.js: Added.
+
 2018-08-24  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
 

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2018-08-27  Mark Lam  <mark.lam@apple.com>
+
+        Fix exception throwing code so that topCallFrame and topEntryFrame stay true to their names.
+        https://bugs.webkit.org/show_bug.cgi?id=188577
+        <rdar://problem/42985684>
+
+        Reviewed by Saam Barati.
+
+        * http/tests/misc/large-js-program-expected.txt:
+
 2018-08-27  Justin Fan  <justin_fan@apple.com>
 

trunk/LayoutTests/http/tests/misc/large-js-program-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: line 27: RangeError: Maximum call stack size exceeded.
+CONSOLE MESSAGE: RangeError: Maximum call stack size exceeded.
 This tests verifies that a large program doesn't crash JavaScript.
 

trunk/Source/JavaScriptCore/CMakeLists.txt

@@ -613 +613 @@
     interpreter/AbstractPC.h
     interpreter/CallFrame.h
+    interpreter/CallFrameInlines.h
     interpreter/CalleeBits.h
+    interpreter/EntryFrame.h
     interpreter/FrameTracers.h
     interpreter/Register.h

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2018-08-27  Mark Lam  <mark.lam@apple.com>
+
+        Fix exception throwing code so that topCallFrame and topEntryFrame stay true to their names.
+        https://bugs.webkit.org/show_bug.cgi?id=188577
+        <rdar://problem/42985684>
+
+        Reviewed by Saam Barati.
+
+        1. Introduced CallFrame::convertToStackOverflowFrame() which converts the current
+           (top) CallFrame (which may not have a valid callee) into a StackOverflowFrame.
+
+           The StackOverflowFrame is a sentinel frame that the low level code (exception
+           throwing code, stack visitor, and stack unwinding code) will know to skip
+           over.  The StackOverflowFrame will also have a valid JSCallee so that client
+           code can compute the globalObject or VM from this frame.
+
+           As a result, client code that throws StackOverflowErrors no longer need to
+           compute the caller frame to throw from: it just converts the top frame into
+           a StackOverflowFrame and everything should *Just Work*.
+
+        2. NativeCallFrameTracerWithRestore is now obsolete.
+
+           Instead, client code should always call convertToStackOverflowFrame() on the
+           frame before instantiating a NativeCallFrameTracer with it.
+
+           This means that topCallFrame will always point to the top CallFrame (which
+           may be a StackOverflowFrame), and topEntryFrame will always point to the top
+           EntryFrame.  We'll never temporarily point them to the previous EntryFrame
+           (which we used to do with NativeCallFrameTracerWithRestore).
+
+        3. genericUnwind() and Interpreter::unwind() will now always unwind from the top
+           CallFrame, and will know how to handle a StackOverflowFrame if they see one.
+
+           This obsoletes the UnwindStart flag.
+
+        * CMakeLists.txt:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * Sources.txt:
+        * debugger/Debugger.cpp:
+        (JSC::Debugger::pauseIfNeeded):
+        * interpreter/CallFrame.cpp:
+        (JSC::CallFrame::callerFrame const):
+        (JSC::CallFrame::unsafeCallerFrame const):
+        (JSC::CallFrame::convertToStackOverflowFrame):
+        (JSC::CallFrame::callerFrame): Deleted.
+        (JSC::CallFrame::unsafeCallerFrame): Deleted.
+        * interpreter/CallFrame.h:
+        (JSC::ExecState::iterate):
+        * interpreter/CallFrameInlines.h: Added.
+        (JSC::CallFrame::isStackOverflowFrame const):
+        (JSC::CallFrame::isWasmFrame const):
+        * interpreter/EntryFrame.h: Added.
+        (JSC::EntryFrame::vmEntryRecordOffset):
+        (JSC::EntryFrame::calleeSaveRegistersBufferOffset):
+        * interpreter/FrameTracers.h:
+        (JSC::NativeCallFrameTracerWithRestore::NativeCallFrameTracerWithRestore): Deleted.
+        (JSC::NativeCallFrameTracerWithRestore::~NativeCallFrameTracerWithRestore): Deleted.
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::unwind):
+        * interpreter/Interpreter.h:
+        * interpreter/StackVisitor.cpp:
+        (JSC::StackVisitor::StackVisitor):
+        * interpreter/StackVisitor.h:
+        (JSC::StackVisitor::visit):
+        (JSC::StackVisitor::topEntryFrameIsEmpty const):
+        * interpreter/VMEntryRecord.h:
+        (JSC::VMEntryRecord::callee const):
+        (JSC::EntryFrame::vmEntryRecordOffset): Deleted.
+        (JSC::EntryFrame::calleeSaveRegistersBufferOffset): Deleted.
+        * jit/AssemblyHelpers.h:
+        * jit/JITExceptions.cpp:
+        (JSC::genericUnwind):
+        * jit/JITExceptions.h:
+        * jit/JITOperations.cpp:
+        * llint/LLIntOffsetsExtractor.cpp:
+        * llint/LLIntSlowPaths.cpp:
+        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+        * llint/LowLevelInterpreter.asm:
+        * llint/LowLevelInterpreter32_64.asm:
+        * llint/LowLevelInterpreter64.asm:
+        * runtime/CallData.cpp:
+        * runtime/CommonSlowPaths.cpp:
+        (JSC::throwArityCheckStackOverflowError):
+        (JSC::SLOW_PATH_DECL):
+        * runtime/CommonSlowPathsExceptions.cpp: Removed.
+        * runtime/CommonSlowPathsExceptions.h: Removed.
+        * runtime/Completion.cpp:
+        (JSC::evaluateWithScopeExtension):
+        * runtime/JSGeneratorFunction.h:
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::init):
+        (JSC::JSGlobalObject::visitChildren):
+        * runtime/JSGlobalObject.h:
+        (JSC::JSGlobalObject::stackOverflowFrameCallee const):
+        * runtime/VM.cpp:
+        (JSC::VM::throwException):
+        * runtime/VM.h:
+        * runtime/VMInlines.h:
+        (JSC::VM::topJSCallFrame const):
+
 2018-08-27  Keith Rollin  <krollin@apple.com>
 

trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj

@@ -1077 +1077 @@
                 6514F21918B3E1670098FF8B /* Bytecodes.h in Headers */ = {isa = PBXBuildFile; fileRef = 6514F21718B3E1670098FF8B /* Bytecodes.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 65303D641447B9E100D3F904 /* ParserTokens.h in Headers */ = {isa = PBXBuildFile; fileRef = 65303D631447B9E100D3F904 /* ParserTokens.h */; settings = {ATTRIBUTES = (Private, ); }; };
-                6553A33217A1F1EE008CF6F3 /* CommonSlowPathsExceptions.h in Headers */ = {isa = PBXBuildFile; fileRef = 6553A33017A1F1EE008CF6F3 /* CommonSlowPathsExceptions.h */; };
                 65570F5A1AA4C3EA009B3C23 /* Regress141275.mm in Sources */ = {isa = PBXBuildFile; fileRef = 65570F591AA4C00A009B3C23 /* Regress141275.mm */; };
                 657CF45919BF6662004ACBF2 /* JSCallee.h in Headers */ = {isa = PBXBuildFile; fileRef = 657CF45719BF6662004ACBF2 /* JSCallee.h */; settings = {ATTRIBUTES = (Private, ); }; };
@@ -1750 +1749 @@
                 E49DC16D12EF295300184A1F /* SourceProviderCacheItem.h in Headers */ = {isa = PBXBuildFile; fileRef = E49DC14912EF261A00184A1F /* SourceProviderCacheItem.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 FE05FAFD1FE4CEDA00093230 /* DeprecatedInspectorValues.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 992D6A111FBD491D000245F4 /* DeprecatedInspectorValues.cpp */; };
+                FE086BCA2123DEFB003F2929 /* EntryFrame.h in Headers */ = {isa = PBXBuildFile; fileRef = FE086BC92123DEFA003F2929 /* EntryFrame.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 FE0D4A061AB8DD0A002F54BF /* ExecutionTimeLimitTest.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE0D4A041AB8DD0A002F54BF /* ExecutionTimeLimitTest.cpp */; };
                 FE0D4A091ABA2437002F54BF /* GlobalContextWithFinalizerTest.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE0D4A071ABA2437002F54BF /* GlobalContextWithFinalizerTest.cpp */; };
@@ -1801 +1801 @@
                 FEA08621182B7A0400F6D851 /* DebuggerPrimitives.h in Headers */ = {isa = PBXBuildFile; fileRef = FEA0861F182B7A0400F6D851 /* DebuggerPrimitives.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 FEA0C4031CDD7D1D00481991 /* FunctionWhitelist.h in Headers */ = {isa = PBXBuildFile; fileRef = FEA0C4011CDD7D0E00481991 /* FunctionWhitelist.h */; };
+                FEA3BBA8212B655900E93AD1 /* CallFrameInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = FEA3BBA7212B655800E93AD1 /* CallFrameInlines.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 FEA3BBAC212C97CB00E93AD1 /* DFGCFG.h in Headers */ = {isa = PBXBuildFile; fileRef = FEA3BBAB212C97CB00E93AD1 /* DFGCFG.h */; };
                 FEB51F6C1A97B688001F921C /* Regress141809.mm in Sources */ = {isa = PBXBuildFile; fileRef = FEB51F6B1A97B688001F921C /* Regress141809.mm */; };
@@ -3565 +3566 @@
                 65525FC31A6DD3B3007B5495 /* NullSetterFunction.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = NullSetterFunction.cpp; sourceTree = "<group>"; };
                 65525FC41A6DD3B3007B5495 /* NullSetterFunction.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = NullSetterFunction.h; sourceTree = "<group>"; };
-                6553A32F17A1F1EE008CF6F3 /* CommonSlowPathsExceptions.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CommonSlowPathsExceptions.cpp; sourceTree = "<group>"; };
-                6553A33017A1F1EE008CF6F3 /* CommonSlowPathsExceptions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CommonSlowPathsExceptions.h; sourceTree = "<group>"; };
                 65570F581AA4C00A009B3C23 /* Regress141275.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = Regress141275.h; path = API/tests/Regress141275.h; sourceTree = "<group>"; };
                 65570F591AA4C00A009B3C23 /* Regress141275.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; name = Regress141275.mm; path = API/tests/Regress141275.mm; sourceTree = "<group>"; };
@@ -4679 +4678 @@
                 F692A8870255597D01FF60F7 /* JSCJSValue.cpp */ = {isa = PBXFileReference; fileEncoding = 30; indentWidth = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSCJSValue.cpp; sourceTree = "<group>"; tabWidth = 8; };
                 F73926918DC64330AFCDF0D7 /* JSSourceCode.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSSourceCode.cpp; sourceTree = "<group>"; };
+                FE086BC92123DEFA003F2929 /* EntryFrame.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = EntryFrame.h; sourceTree = "<group>"; };
                 FE0D4A041AB8DD0A002F54BF /* ExecutionTimeLimitTest.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = ExecutionTimeLimitTest.cpp; path = API/tests/ExecutionTimeLimitTest.cpp; sourceTree = "<group>"; };
                 FE0D4A051AB8DD0A002F54BF /* ExecutionTimeLimitTest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ExecutionTimeLimitTest.h; path = API/tests/ExecutionTimeLimitTest.h; sourceTree = "<group>"; };
@@ -4767 +4767 @@
                 FEA0C4001CDD7D0E00481991 /* FunctionWhitelist.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = FunctionWhitelist.cpp; sourceTree = "<group>"; };
                 FEA0C4011CDD7D0E00481991 /* FunctionWhitelist.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = FunctionWhitelist.h; sourceTree = "<group>"; };
-                FEA3BBAB212C97CB00E93AD1 /* DFGCFG.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGCFG.h; path = dfg/DFGCFG.h; sourceTree = "<group>"; };
+                FEA3BBA7212B655800E93AD1 /* CallFrameInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CallFrameInlines.h; sourceTree = "<group>"; };
+                FEA3BBAB212C97CB00E93AD1 /* DFGCFG.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DFGCFG.h; sourceTree = "<group>"; };
                 FEB137561BB11EEE00CD5100 /* MacroAssemblerARM64.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MacroAssemblerARM64.cpp; sourceTree = "<group>"; };
                 FEB41CCB1F73284200C5481E /* ProbeFrame.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ProbeFrame.h; sourceTree = "<group>"; };
@@ -5502 +5503 @@
                                 1429D8DB0ED2205B00B89619 /* CallFrame.cpp */,
                                 1429D8DC0ED2205B00B89619 /* CallFrame.h */,
+                                FEA3BBA7212B655800E93AD1 /* CallFrameInlines.h */,
                                 A7F869EC0F95C2EC00558697 /* CallFrameClosure.h */,
                                 1429D85B0ED218E900B89619 /* CLoopStack.cpp */,
                                 14D792640DAA03FB001A9F05 /* CLoopStack.h */,
                                 A7C1EAEB17987AB600299DB2 /* CLoopStackInlines.h */,
+                                FE086BC92123DEFA003F2929 /* EntryFrame.h */,
                                 E34EDBF61DB5FFC100DC87A5 /* FrameTracers.h */,
                                 1429D7D30ED2128200B89619 /* Interpreter.cpp */,
@@ -6500 +6503 @@
                                 A709F2F117A0AC2A00512E98 /* CommonSlowPaths.cpp */,
                                 0F15F15D14B7A73A005DE37D /* CommonSlowPaths.h */,
-                                6553A32F17A1F1EE008CF6F3 /* CommonSlowPathsExceptions.cpp */,
-                                6553A33017A1F1EE008CF6F3 /* CommonSlowPathsExceptions.h */,
                                 A7E5A3A51797432D00E893C0 /* CompilationResult.cpp */,
                                 A7E5A3A61797432D00E893C0 /* CompilationResult.h */,
@@ -8434 +8435 @@
                                 99DA00A41BD5993100F4575C /* builtins_model.py in Headers */,
                                 99DA00A51BD5993100F4575C /* builtins_templates.py in Headers */,
+                                FEA3BBA8212B655900E93AD1 /* CallFrameInlines.h in Headers */,
                                 41DEA1321B9F3163006D65DD /* BuiltinUtils.h in Headers */,
                                 9E72940B190F0514001A91B5 /* BundlePath.h in Headers */,
@@ -8495 +8497 @@
                                 BC18C3F30E16F5CD00B34460 /* CommonIdentifiers.h in Headers */,
                                 0F15F15F14B7A73E005DE37D /* CommonSlowPaths.h in Headers */,
-                                6553A33217A1F1EE008CF6F3 /* CommonSlowPathsExceptions.h in Headers */,
                                 A7E5A3A81797432D00E893C0 /* CompilationResult.h in Headers */,
                                 0F4F11E8209BCDAB00709654 /* CompilerTimingScope.h in Headers */,
@@ -9085 +9086 @@
                                 C2A7F688160432D400F76B98 /* JSDestructibleObject.h in Headers */,
                                 0F7DF13C1E2971130095951B /* JSDestructibleObjectHeapCellType.h in Headers */,
+                                FE086BCA2123DEFB003F2929 /* EntryFrame.h in Headers */,
                                 FE384EE61ADDB7AD0055DE2C /* JSDollarVM.h in Headers */,
                                 86E3C614167BABD7006D760A /* JSExport.h in Headers */,

trunk/Source/JavaScriptCore/Sources.txt

@@ -716 +716 @@
 runtime/CommonIdentifiers.cpp
 runtime/CommonSlowPaths.cpp
-runtime/CommonSlowPathsExceptions.cpp
 runtime/CompilationResult.cpp
 tools/CompilerTimingScope.cpp

trunk/Source/JavaScriptCore/debugger/Debugger.cpp

@@ -1 +1 @@
 /*
- *  Copyright (C) 2008-2017 Apple Inc. All rights reserved.
+ *  Copyright (C) 2008-2018 Apple Inc. All rights reserved.
  *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
  *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
@@ -687 +687 @@
     VM& vm = m_vm;
     auto scope = DECLARE_THROW_SCOPE(vm);
+    ASSERT(callFrame);
 
     if (m_isPaused)

trunk/Source/JavaScriptCore/interpreter/CallFrame.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2008-2017 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2008-2018 Apple Inc. All Rights Reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -214 +214 @@
 }
 
-CallFrame* CallFrame::callerFrame(EntryFrame*& currEntryFrame)
+CallFrame* CallFrame::callerFrame(EntryFrame*& currEntryFrame) const
 {
     if (callerFrameOrEntryFrame() == currEntryFrame) {
@@ -224 +224 @@
 }
 
-SUPPRESS_ASAN CallFrame* CallFrame::unsafeCallerFrame(EntryFrame*& currEntryFrame)
+SUPPRESS_ASAN CallFrame* CallFrame::unsafeCallerFrame(EntryFrame*& currEntryFrame) const
 {
     if (unsafeCallerFrameOrEntryFrame() == currEntryFrame) {
@@ -338 +338 @@
 }
 
+void CallFrame::convertToStackOverflowFrame(VM& vm)
+{
+    ASSERT(!isGlobalExec());
+
+    EntryFrame* entryFrame = vm.topEntryFrame;
+    CallFrame* throwOriginFrame = this;
+    do {
+        throwOriginFrame = throwOriginFrame->callerFrame(entryFrame);
+    } while (throwOriginFrame && throwOriginFrame->callee().isWasm());
+
+    JSObject* originCallee = throwOriginFrame ? throwOriginFrame->jsCallee() : vmEntryRecord(vm.topEntryFrame)->callee();
+    JSObject* stackOverflowCallee = originCallee->globalObject()->stackOverflowFrameCallee();
+
+    setCodeBlock(nullptr);
+    setCallee(stackOverflowCallee);
+    setArgumentCountIncludingThis(0);
+}
+
 } // namespace JSC

trunk/Source/JavaScriptCore/interpreter/CallFrame.h

@@ -141 +141 @@
         SUPPRESS_ASAN void* unsafeCallerFrameOrEntryFrame() const { return unsafeCallerFrameAndPC().callerFrame; }
 
-        CallFrame* unsafeCallerFrame(EntryFrame*&);
-        JS_EXPORT_PRIVATE CallFrame* callerFrame(EntryFrame*&);
+        CallFrame* unsafeCallerFrame(EntryFrame*&) const;
+        JS_EXPORT_PRIVATE CallFrame* callerFrame(EntryFrame*&) const;
 
         JS_EXPORT_PRIVATE SourceOrigin callerSourceOrigin();
@@ -257 +257 @@
         }
 
+        void convertToStackOverflowFrame(VM&);
+        inline bool isStackOverflowFrame() const;
+        inline bool isWasmFrame() const;
+
         void setArgumentCountIncludingThis(int count) { static_cast<Register*>(this)[CallFrameSlot::argumentCount].payload() = count; }
         void setCallee(JSObject* callee) { static_cast<Register*>(this)[CallFrameSlot::callee] = callee; }
@@ -269 +273 @@
         // receiver. We should always be using StackVisitor directly.
         // It's only valid to call this from a non-wasm top frame.
-        template <typename Functor> void iterate(const Functor& functor)
+        template <StackVisitor::EmptyEntryFrameAction action = StackVisitor::ContinueIfTopEntryFrameIsEmpty, typename Functor> void iterate(const Functor& functor)
         {
             VM* vm;
@@ -278 +282 @@
             } else
                 vm = nullptr;
-            StackVisitor::visit<Functor>(this, vm, functor);
+            StackVisitor::visit<action, Functor>(this, vm, functor);
         }
 

trunk/Source/JavaScriptCore/interpreter/FrameTracers.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2016-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2016-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -94 +94 @@
 };
 
-class NativeCallFrameTracerWithRestore {
-public:
-    ALWAYS_INLINE NativeCallFrameTracerWithRestore(VM* vm, EntryFrame* EntryFrame, CallFrame* callFrame)
-        : m_vm(vm)
-    {
-        ASSERT(vm);
-        ASSERT(callFrame);
-        assertStackPointerIsAligned();
-        m_savedTopEntryFrame = vm->topEntryFrame;
-        m_savedTopCallFrame = vm->topCallFrame;
-        vm->topEntryFrame = EntryFrame;
-        vm->topCallFrame = callFrame;
-    }
-
-    ALWAYS_INLINE ~NativeCallFrameTracerWithRestore()
-    {
-        m_vm->topEntryFrame = m_savedTopEntryFrame;
-        m_vm->topCallFrame = m_savedTopCallFrame;
-    }
-
-private:
-    VM* m_vm;
-    EntryFrame* m_savedTopEntryFrame;
-    CallFrame* m_savedTopCallFrame;
-};
-
-}
+} // namespace JSC

trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp

@@ -719 +719 @@
 };
 
-NEVER_INLINE HandlerInfo* Interpreter::unwind(VM& vm, CallFrame*& callFrame, Exception* exception, UnwindStart unwindStart)
+NEVER_INLINE HandlerInfo* Interpreter::unwind(VM& vm, CallFrame*& callFrame, Exception* exception)
 {
     auto scope = DECLARE_CATCH_SCOPE(vm);
 
-    if (unwindStart == UnwindFromCallerFrame) {
-        if (callFrame->callerFrameOrEntryFrame() == vm.topEntryFrame)
-            return nullptr;
-
-        callFrame = callFrame->callerFrame();
-        vm.topCallFrame = callFrame;
-    }
-
+    ASSERT(reinterpret_cast<void*>(callFrame) != vm.topEntryFrame);
     CodeBlock* codeBlock = callFrame->codeBlock();
 
@@ -741 +734 @@
         exceptionValue = jsNull();
 
-    EXCEPTION_ASSERT_UNUSED(scope, scope.exception() && (!Options::exceptionStackTraceLimit() || scope.exception()->stack().size()));
+    EXCEPTION_ASSERT_UNUSED(scope, scope.exception());
 
     // Calculate an exception handler vPC, unwinding call frames as necessary.
     HandlerInfo* handler = nullptr;
     UnwindFunctor functor(vm, callFrame, isTerminatedExecutionException(vm, exception), codeBlock, handler);
-    StackVisitor::visit(callFrame, &vm, functor);
+    StackVisitor::visit<StackVisitor::TerminateIfTopEntryFrameIsEmpty>(callFrame, &vm, functor);
     if (!handler)
         return nullptr;

trunk/Source/JavaScriptCore/interpreter/Interpreter.h

@@ -65 +65 @@
     struct UnlinkedInstruction;
 
-    enum UnwindStart : uint8_t { UnwindFromCurrentFrame, UnwindFromCallerFrame };
-
     enum DebugHookType {
         WillExecuteProgram,
@@ -117 +115 @@
 
         void getArgumentsData(CallFrame*, JSFunction*&, ptrdiff_t& firstParameterIndex, Register*& argv, int& argc);
-        
-        NEVER_INLINE HandlerInfo* unwind(VM&, CallFrame*&, Exception*, UnwindStart);
+
+        NEVER_INLINE HandlerInfo* unwind(VM&, CallFrame*&, Exception*);
         void notifyDebuggerOfExceptionToBeThrown(VM&, CallFrame*, Exception*);
         NEVER_INLINE void debug(CallFrame*, DebugHookType);

trunk/Source/JavaScriptCore/interpreter/StackVisitor.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2013, 2015-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -45 +45 @@
     if (startFrame) {
         ASSERT(vm);
+        ASSERT(!vm->topCallFrame || reinterpret_cast<void*>(vm->topCallFrame) != vm->topEntryFrame);
+
         m_frame.m_entryFrame = vm->topEntryFrame;
         topFrame = vm->topCallFrame;
-        
-        if (topFrame && static_cast<void*>(m_frame.m_entryFrame) == static_cast<void*>(topFrame)) {
-            topFrame = vmEntryRecord(m_frame.m_entryFrame)->m_prevTopCallFrame;
-            m_frame.m_entryFrame = vmEntryRecord(m_frame.m_entryFrame)->m_prevTopEntryFrame;
+
+        if (topFrame && topFrame->isStackOverflowFrame()) {
+            topFrame = topFrame->callerFrame(m_frame.m_entryFrame);
+            m_topEntryFrameIsEmpty = (m_frame.m_entryFrame != vm->topEntryFrame);
+            if (startFrame == vm->topCallFrame)
+                startFrame = topFrame;
         }
+
     } else {
         m_frame.m_entryFrame = 0;

trunk/Source/JavaScriptCore/interpreter/StackVisitor.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2013-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -27 +27 @@
 
 #include "CalleeBits.h"
-#include "VMEntryRecord.h"
 #include "WasmIndexOrName.h"
 #include <wtf/Function.h>
@@ -36 +35 @@
 
 struct CodeOrigin;
+struct EntryFrame;
 struct InlineCallFrame;
 
@@ -137 +137 @@
     //     Status operator()(StackVisitor&) const;
 
-    template <typename Functor>
+    enum EmptyEntryFrameAction {
+        ContinueIfTopEntryFrameIsEmpty,
+        TerminateIfTopEntryFrameIsEmpty,
+    };
+
+    template <EmptyEntryFrameAction action = ContinueIfTopEntryFrameIsEmpty, typename Functor>
     static void visit(CallFrame* startFrame, VM* vm, const Functor& functor)
     {
         StackVisitor visitor(startFrame, vm);
+        if (action == TerminateIfTopEntryFrameIsEmpty && visitor.topEntryFrameIsEmpty())
+            return;
         while (visitor->callFrame()) {
             Status status = functor(visitor);
@@ -153 +160 @@
     void unwindToMachineCodeBlockFrame();
 
+    bool topEntryFrameIsEmpty() const { return m_topEntryFrameIsEmpty; }
+
 private:
     JS_EXPORT_PRIVATE StackVisitor(CallFrame* startFrame, VM*);
@@ -165 +174 @@
 
     Frame m_frame;
+    bool m_topEntryFrameIsEmpty { false };
 };
 

trunk/Source/JavaScriptCore/interpreter/VMEntryRecord.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2014-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2014-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -32 +32 @@
 struct EntryFrame;
 class ExecState;
+class JSObject;
 class VM;
 
@@ -42 +43 @@
     ExecState* m_prevTopCallFrame;
     EntryFrame* m_prevTopEntryFrame;
+    JSObject* m_callee;
+
+    JSObject* callee() const { return m_callee; }
 
 #if ENABLE(JIT) && NUMBER_OF_CALLEE_SAVES_REGISTERS > 0
@@ -56 +60 @@
 extern "C" VMEntryRecord* vmEntryRecord(EntryFrame*);
 
-struct EntryFrame {
-#if ENABLE(JIT) && NUMBER_OF_CALLEE_SAVES_REGISTERS > 0
-    static ptrdiff_t vmEntryRecordOffset()
-    {
-        EntryFrame* fakeEntryFrame = reinterpret_cast<EntryFrame*>(0x1000);
-        VMEntryRecord* record = vmEntryRecord(fakeEntryFrame);
-        return static_cast<ptrdiff_t>(
-            reinterpret_cast<char*>(record) - reinterpret_cast<char*>(fakeEntryFrame));
-    }
-
-    static ptrdiff_t calleeSaveRegistersBufferOffset()
-    {
-        return vmEntryRecordOffset() + OBJECT_OFFSETOF(VMEntryRecord, calleeSaveRegistersBuffer);
-    }
-#endif
-};
-
 } // namespace JSC

trunk/Source/JavaScriptCore/jit/AssemblyHelpers.h

@@ -29 +29 @@
 
 #include "CodeBlock.h"
+#include "EntryFrame.h"
 #include "FPRInfo.h"
 #include "GPRInfo.h"

trunk/Source/JavaScriptCore/jit/JITExceptions.cpp

@@ -31 +31 @@
 #include "CodeBlock.h"
 #include "Disassembler.h"
+#include "EntryFrame.h"
 #include "Interpreter.h"
 #include "JSCInlines.h"
@@ -39 +40 @@
 #include "Opcode.h"
 #include "ShadowChicken.h"
-#include "VM.h"
+#include "VMInlines.h"
 
 namespace JSC {
 
-void genericUnwind(VM* vm, ExecState* callFrame, UnwindStart unwindStart)
+void genericUnwind(VM* vm, ExecState* callFrame)
 {
     auto scope = DECLARE_CATCH_SCOPE(*vm);
+    CallFrame* topJSCallFrame = vm->topJSCallFrame();
     if (Options::breakOnThrow()) {
-        CodeBlock* codeBlock = callFrame->codeBlock();
-        if (codeBlock)
-            dataLog("In call frame ", RawPointer(callFrame), " for code block ", *codeBlock, "\n");
-        else
-            dataLog("In call frame ", RawPointer(callFrame), " with null CodeBlock\n");
+        CodeBlock* codeBlock = topJSCallFrame->codeBlock();
+        dataLog("In call frame ", RawPointer(topJSCallFrame), " for code block ", codeBlock, "\n");
         CRASH();
     }
     
-    ExecState* shadowChickenTopFrame = callFrame;
-    if (unwindStart == UnwindFromCallerFrame) {
-        EntryFrame* topEntryFrame = vm->topEntryFrame;
-        shadowChickenTopFrame = callFrame->callerFrame(topEntryFrame);
-    }
-    vm->shadowChicken().log(*vm, shadowChickenTopFrame, ShadowChicken::Packet::throwPacket());
-    
+    vm->shadowChicken().log(*vm, topJSCallFrame, ShadowChicken::Packet::throwPacket());
+
     Exception* exception = scope.exception();
     RELEASE_ASSERT(exception);
-    HandlerInfo* handler = vm->interpreter->unwind(*vm, callFrame, exception, unwindStart); // This may update callFrame.
+    HandlerInfo* handler = vm->interpreter->unwind(*vm, callFrame, exception); // This may update callFrame.
 
     void* catchRoutine;
@@ -84 +78 @@
     } else
         catchRoutine = LLInt::getCodePtr<ExceptionHandlerPtrTag>(handleUncaughtException).executableAddress();
-    
+
     ASSERT(bitwise_cast<uintptr_t>(callFrame) < bitwise_cast<uintptr_t>(vm->topEntryFrame));
 
@@ -95 +89 @@
 }
 
-void genericUnwind(VM* vm, ExecState* callFrame)
-{
-    genericUnwind(vm, callFrame, UnwindFromCurrentFrame);
-}
-
 } // namespace JSC

trunk/Source/JavaScriptCore/jit/JITExceptions.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2012 Apple Inc. All rights reserved.
+ * Copyright (C) 2012-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -28 +28 @@
 namespace JSC {
 
-enum UnwindStart : uint8_t;
-
 class ExecState;
 class VM;
 
-void genericUnwind(VM*, ExecState*, UnwindStart);
 void genericUnwind(VM*, ExecState*);
 

trunk/Source/JavaScriptCore/jit/JITOperations.cpp

@@ -103 +103 @@
     VM* vm = codeBlock->vm();
     auto scope = DECLARE_THROW_SCOPE(*vm);
-
-    EntryFrame* entryFrame = vm->topEntryFrame;
-    CallFrame* callerFrame = exec->callerFrame(entryFrame);
-    if (!callerFrame) {
-        callerFrame = exec;
-        entryFrame = vm->topEntryFrame;
-    }
-
-    NativeCallFrameTracerWithRestore tracer(vm, entryFrame, callerFrame);
-    throwStackOverflowError(callerFrame, scope);
+    exec->convertToStackOverflowFrame(*vm);
+    NativeCallFrameTracer tracer(vm, exec);
+    throwStackOverflowError(exec, scope);
 }
 
@@ -122 +115 @@
     int32_t missingArgCount = CommonSlowPaths::arityCheckFor(exec, *vm, CodeForCall);
     if (missingArgCount < 0) {
-        EntryFrame* entryFrame = vm->topEntryFrame;
-        CallFrame* callerFrame = exec->callerFrame(entryFrame);
-        NativeCallFrameTracerWithRestore tracer(vm, entryFrame, callerFrame);
-        throwStackOverflowError(callerFrame, scope);
+        exec->convertToStackOverflowFrame(*vm);
+        NativeCallFrameTracer tracer(vm, exec);
+        throwStackOverflowError(vm->topCallFrame, scope);
     }
 
@@ -138 +130 @@
     int32_t missingArgCount = CommonSlowPaths::arityCheckFor(exec, *vm, CodeForConstruct);
     if (missingArgCount < 0) {
-        EntryFrame* entryFrame = vm->topEntryFrame;
-        CallFrame* callerFrame = exec->callerFrame(entryFrame);
-        NativeCallFrameTracerWithRestore tracer(vm, entryFrame, callerFrame);
-        throwStackOverflowError(callerFrame, scope);
+        exec->convertToStackOverflowFrame(*vm);
+        NativeCallFrameTracer tracer(vm, exec);
+        throwStackOverflowError(vm->topCallFrame, scope);
     }
 
@@ -2450 +2441 @@
 void JIT_OPERATION lookupExceptionHandlerFromCallerFrame(VM* vm, ExecState* exec)
 {
-    vm->topCallFrame = exec->callerFrame();
-    genericUnwind(vm, exec, UnwindFromCallerFrame);
-    ASSERT(vm->targetMachinePCForThrow);
+    exec->convertToStackOverflowFrame(*vm);
+    lookupExceptionHandler(vm, exec);
 }
 

trunk/Source/JavaScriptCore/llint/LLIntOffsetsExtractor.cpp

@@ -59 +59 @@
 #include "TypeProfilerLog.h"
 #include "VM.h"
-#include "VMEntryRecord.h"
 #include "ValueProfile.h"
 #include "Watchdog.h"

trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp

@@ -30 +30 @@
 #include "CallFrame.h"
 #include "CommonSlowPaths.h"
-#include "CommonSlowPathsExceptions.h"
 #include "Error.h"
 #include "ErrorHandlingScope.h"
@@ -526 +525 @@
     auto throwScope = DECLARE_THROW_SCOPE(vm);
 
-    EntryFrame* topEntryFrame = vm.topEntryFrame;
-    CallFrame* callerFrame = exec->callerFrame(topEntryFrame);
-    if (!callerFrame) {
-        callerFrame = exec;
-        topEntryFrame = vm.topEntryFrame;
-    }
-    NativeCallFrameTracerWithRestore tracer(&vm, topEntryFrame, callerFrame);
+    // It's ok to create the NativeCallFrameTracer here before we
+    // convertToStackOverflowFrame() because this function is always called
+    // after the frame has been propulated with a proper CodeBlock and callee.
+    NativeCallFrameTracer tracer(&vm, exec);
 
     LLINT_SET_PC_FOR_STUBS();
@@ -564 +560 @@
 #endif
 
+    exec->convertToStackOverflowFrame(vm);
     ErrorHandlingScope errorScope(vm);
-    throwStackOverflowError(callerFrame, throwScope);
-    pc = returnToThrow(callerFrame);
+    throwStackOverflowError(exec, throwScope);
+    pc = returnToThrow(exec);
     LLINT_RETURN_TWO(pc, exec);
 }

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter.asm

@@ -1077 +1077 @@
     callSlowPath(_llint_stack_check)
     bpeq r1, 0, .stackHeightOKGetCodeBlock
+
+    # We're throwing before the frame is fully set up. This frame will be
+    # ignored by the unwinder. So, let's restore the callee saves before we
+    # start unwinding. We need to do this before we change the cfr.
+    restoreCalleeSavesUsedByLLInt()
+
     move r1, cfr
-    dispatch(0) # Go to exception handler in PC
+    jmp _llint_throw_from_slow_path_trampoline
 
 .stackHeightOKGetCodeBlock:

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm

@@ -128 +128 @@
     loadp VM::topEntryFrame[vm], t4
     storep t4, VMEntryRecord::m_prevTopEntryFrame[sp]
+    loadp ProtoCallFrame::calleeValue[protoCallFrame], t4
+    storep t4, VMEntryRecord::m_callee[sp]
 
     # Align stack pointer
@@ -310 +312 @@
     loadp MarkedBlockFooterOffset + MarkedBlock::Footer::m_vm[t3], t3
     restoreCalleeSavesFromVMEntryFrameCalleeSavesBuffer(t3, t0)
-    loadp VM::callFrameForCatch[t3], cfr
     storep 0, VM::callFrameForCatch[t3]
 
-    loadp CallerFrame[cfr], cfr
-
+    loadp VM::topEntryFrame[t3], cfr
     if ARMv7
         vmEntryRecord(cfr, t3)
@@ -576 +576 @@
     cCall2(slowPath)   # This slowPath has a simple protocol: t0 = 0 => no error, t0 != 0 => error
     btiz r0, .noError
+
+    # We're throwing before the frame is fully set up. This frame will be
+    # ignored by the unwinder. So, let's restore the callee saves before we
+    # start unwinding. We need to do this before we change the cfr.
+    restoreCalleeSavesUsedByLLInt()
+
     move r1, cfr   # r1 contains caller frame
     jmp _llint_throw_from_slow_path_trampoline

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm

@@ -133 +133 @@
     loadp VM::topEntryFrame[vm], t4
     storep t4, VMEntryRecord::m_prevTopEntryFrame[sp]
+    loadp ProtoCallFrame::calleeValue[protoCallFrame], t4
+    storep t4, VMEntryRecord::m_callee[sp]
 
     loadi ProtoCallFrame::paddedArgCount[protoCallFrame], t4
@@ -245 +247 @@
     popCalleeSaves()
     functionEpilogue()
-
     ret
 end
@@ -283 +284 @@
     loadp MarkedBlockFooterOffset + MarkedBlock::Footer::m_vm[t3], t3
     restoreCalleeSavesFromVMEntryFrameCalleeSavesBuffer(t3, t0)
-    loadp VM::callFrameForCatch[t3], cfr
     storep 0, VM::callFrameForCatch[t3]
 
-    loadp CallerFrame[cfr], cfr
+    loadp VM::topEntryFrame[t3], cfr
     vmEntryRecord(cfr, t2)
 
@@ -509 +509 @@
     cCall2(slowPath)   # This slowPath has the protocol: r0 = 0 => no error, r0 != 0 => error
     btiz r0, .noError
+
+    # We're throwing before the frame is fully set up. This frame will be
+    # ignored by the unwinder. So, let's restore the callee saves before we
+    # start unwinding. We need to do this before we change the cfr.
+    restoreCalleeSavesUsedByLLInt()
+
     move r1, cfr   # r1 contains caller frame
     jmp _llint_throw_from_slow_path_trampoline

trunk/Source/JavaScriptCore/runtime/CallData.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2008, 2016 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2008-2018 Apple Inc. All Rights Reserved.
  *
  * Redistribution and use in source and binary forms, with or without

trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp

@@ -34 +34 @@
 #include "ClonedArguments.h"
 #include "CodeProfiling.h"
-#include "CommonSlowPathsExceptions.h"
 #include "DefinePropertyAttributes.h"
 #include "DirectArguments.h"
@@ -164 +163 @@
     } while (false)
 
+static void throwArityCheckStackOverflowError(ExecState* exec, ThrowScope& scope)
+{
+    JSObject* error = createStackOverflowError(exec);
+    throwException(exec, scope, error);
+#if LLINT_TRACING
+    if (UNLIKELY(Options::traceLLIntSlowPath()))
+        dataLog("Throwing exception ", JSValue(scope.exception()), ".\n");
+#endif
+}
+
 SLOW_PATH_DECL(slow_path_call_arityCheck)
 {
@@ -169 +178 @@
     int slotsToAdd = CommonSlowPaths::arityCheckFor(exec, vm, CodeForCall);
     if (slotsToAdd < 0) {
-        exec = exec->callerFrame();
-        vm.topCallFrame = exec;
+        exec->convertToStackOverflowFrame(vm);
+        NativeCallFrameTracer tracer(&vm, exec);
         ErrorHandlingScope errorScope(vm);
         throwScope.release();
-        CommonSlowPaths::interpreterThrowInCaller(exec, createStackOverflowError(exec));
+        throwArityCheckStackOverflowError(exec, throwScope);
         RETURN_TWO(bitwise_cast<void*>(static_cast<uintptr_t>(1)), exec);
     }
@@ -184 +193 @@
     int slotsToAdd = CommonSlowPaths::arityCheckFor(exec, vm, CodeForConstruct);
     if (slotsToAdd < 0) {
-        exec = exec->callerFrame();
-        vm.topCallFrame = exec;
+        exec->convertToStackOverflowFrame(vm);
+        NativeCallFrameTracer tracer(&vm, exec);
         ErrorHandlingScope errorScope(vm);
-        CommonSlowPaths::interpreterThrowInCaller(exec, createStackOverflowError(exec));
+        throwArityCheckStackOverflowError(exec, throwScope);
         RETURN_TWO(bitwise_cast<void*>(static_cast<uintptr_t>(1)), exec);
     }

trunk/Source/JavaScriptCore/runtime/Completion.cpp

@@ -2 +2 @@
  *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
  *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
- *  Copyright (C) 2003-2017 Apple Inc.
+ *  Copyright (C) 2003-2018 Apple Inc.
  *
  *  This library is free software; you can redistribute it and/or
@@ -127 +127 @@
     if (scopeExtensionObject) {
         JSScope* ignoredPreviousScope = globalObject->globalScope();
-        globalObject->setGlobalScopeExtension(JSWithScope::create(exec->vm(), globalObject, ignoredPreviousScope, scopeExtensionObject));
+        globalObject->setGlobalScopeExtension(JSWithScope::create(vm, globalObject, ignoredPreviousScope, scopeExtensionObject));
     }
 

trunk/Source/JavaScriptCore/runtime/JSGeneratorFunction.h

@@ -33 +33 @@
 class JSGlobalObject;
 class LLIntOffsetsExtractor;
-class LLIntDesiredOffsets;
 
 class JSGeneratorFunction final : public JSFunction {

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp

@@ -417 +417 @@
     ExecState* exec = JSGlobalObject::globalExec();
 
+    JSCallee* stackOverflowFrameCallee = JSCallee::create(vm, this, globalScope());
+    m_stackOverflowFrameCallee.set(vm, this, stackOverflowFrameCallee);
+
     m_hostFunctionStructure.set(vm, this, JSFunction::createStructure(vm, this, m_functionPrototype.get()));
 
@@ -1328 +1331 @@
     visitor.append(thisObject->m_globalScopeExtension);
     visitor.append(thisObject->m_globalCallee);
+    visitor.append(thisObject->m_stackOverflowFrameCallee);
     visitor.append(thisObject->m_regExpConstructor);
     visitor.append(thisObject->m_errorConstructor);

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h

@@ -84 +84 @@
 class JSArrayBufferConstructor;
 class JSArrayBufferPrototype;
+class JSCallee;
 class JSGlobalObjectDebuggable;
 class JSInternalPromise;
@@ -257 +258 @@
     WriteBarrier<JSGlobalLexicalEnvironment> m_globalLexicalEnvironment;
     WriteBarrier<JSScope> m_globalScopeExtension;
-    WriteBarrier<JSObject> m_globalCallee;
+    WriteBarrier<JSCallee> m_globalCallee;
+    WriteBarrier<JSCallee> m_stackOverflowFrameCallee;
     WriteBarrier<RegExpConstructor> m_regExpConstructor;
     WriteBarrier<ErrorConstructor> m_errorConstructor;
@@ -442 +444 @@
 
     WeakRandom m_weakRandom;
+
+    JSCallee* stackOverflowFrameCallee() const { return m_stackOverflowFrameCallee.get(); }
 
     InlineWatchpointSet& arrayIteratorProtocolWatchpoint() { return m_arrayIteratorProtocolWatchpoint; }

trunk/Source/JavaScriptCore/runtime/VM.cpp

@@ -144 +144 @@
 #include "UnlinkedCodeBlock.h"
 #include "VMEntryScope.h"
+#include "VMInlines.h"
 #include "VMInspector.h"
 #include "VariableEnvironment.h"
@@ -831 +832 @@
 void VM::throwException(ExecState* exec, Exception* exception)
 {
+    ASSERT(exec == topCallFrame || exec->isGlobalExec());
+    CallFrame* throwOriginFrame = exec->isGlobalExec() ? exec : topJSCallFrame();
+
     if (Options::breakOnThrow()) {
-        CodeBlock* codeBlock = exec->codeBlock();
-        dataLog("Throwing exception in call frame ", RawPointer(exec), " for code block ", codeBlock, "\n");
+        CodeBlock* codeBlock = throwOriginFrame ? throwOriginFrame->codeBlock() : nullptr;
+        dataLog("Throwing exception in call frame ", RawPointer(throwOriginFrame), " for code block ", codeBlock, "\n");
         CRASH();
     }
 
-    ASSERT(exec == topCallFrame || exec->isGlobalExec());
-
-    interpreter->notifyDebuggerOfExceptionToBeThrown(*this, exec, exception);
+    interpreter->notifyDebuggerOfExceptionToBeThrown(*this, throwOriginFrame, exception);
 
     setException(exception);

trunk/Source/JavaScriptCore/runtime/VM.h

@@ -52 +52 @@
 #include "Strong.h"
 #include "StructureCache.h"
-#include "VMEntryRecord.h"
 #include "VMTraps.h"
 #include "WasmContext.h"
@@ -169 +168 @@
 }
 
+struct EntryFrame;
 struct HashTable;
 struct Instruction;
@@ -295 +295 @@
     unsigned id() const { return m_id; }
     bool isEntered() const { return !!entryScope; }
+
+    inline CallFrame* topJSCallFrame() const;
 
     // Global object in which execution began.

trunk/Source/JavaScriptCore/runtime/VMInlines.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2015-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2015-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -26 +26 @@
 #pragma once
 
+#include "CallFrameInlines.h"
+#include "EntryFrame.h"
 #include "ProfilerDatabase.h"
 #include "VM.h"
@@ -61 +63 @@
 }
 
+inline CallFrame* VM::topJSCallFrame() const
+{
+    CallFrame* frame = topCallFrame;
+    if (UNLIKELY(!frame))
+        return frame;
+    if (LIKELY(!frame->isWasmFrame() && !frame->isStackOverflowFrame()))
+        return frame;
+    EntryFrame* entryFrame = topEntryFrame;
+    do {
+        frame = frame->callerFrame(entryFrame);
+        ASSERT(!frame || !frame->isStackOverflowFrame());
+    } while (frame && frame->isWasmFrame());
+    return frame;
+}
+
 } // namespace JSC