Changeset 264688 in webkit

Timestamp:

Jul 21, 2020, 6:40:59 PM (5 years ago)

Author:

mark.lam@apple.com

Message:

Simplify DisallowScope, DisallowGC, and DisallowVMReentry implementations.
​https://bugs.webkit.org/show_bug.cgi?id=214539
<rdar://problem/65795729>

Reviewed by Keith Miller.

Previously, DisallowScope needed to support enabling and disabling. This was
only needed to enable the implementation of ObjectInitializationScope. Now, we
can make the DisallowGC and DisallowVMReentry inside ObjectInitializationScope
optional with WTF::Optional. With that we can simplify these scopes and make
them true RAII scope objects.

This patch also does the following:

1. Renamed DisallowVMReentry to DisallowVMEntry. The scope can be used to disable VM entry completely. There's no need to restrict it to only re-entries.

2. Enforcement of DisallowVMReentry is now done in the LLInt's doVMEntry() instead of the VMEntryScope's constructor. This is a stronger guarantee.

If Options::crashOnDisallowedVMEntry() is true, the VM will crash if it sees
an attempt to enter the VM while disallowed.

If Options::crashOnDisallowedVMEntry() is false, an attempt to call into the VM
while disallowed will return immediately with an undefined result without
invoking any script.

By default, Options::crashOnDisallowedVMEntry() is true if ASSERT_ENABLED is
true.

3. Change DisallowScope and DisallowGC to be based on ASSERT_ENABLED instead of NEBUG.

4. Make DisallowVMEntry always enforceable, not just when ASSERT_ENABLED. It's enforcement action depends on Options::crashOnDisallowedVMEntry() as described above.

• CMakeLists.txt:
• JavaScriptCore.xcodeproj/project.pbxproj:
• Sources.txt:
• heap/DeferGC.cpp:
• heap/DeferGC.h:

(JSC::DisallowGC::DisallowGC):
(JSC::DisallowGC::initialize):

• interpreter/Interpreter.cpp:

(JSC::Interpreter::executeProgram):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
(JSC::Interpreter::execute):
(JSC::Interpreter::executeModuleProgram):

• llint/LLIntSlowPaths.cpp:

(JSC::LLInt::llint_check_vm_entry_permission):

• llint/LLIntSlowPaths.h:
• llint/LowLevelInterpreter32_64.asm:
• llint/LowLevelInterpreter64.asm:
• runtime/DisallowScope.h:

(JSC::DisallowScope::DisallowScope):
(JSC::DisallowScope::~DisallowScope):
(JSC::DisallowScope::isInEffectOnCurrentThread):
(JSC::DisallowScope::enable): Deleted.
(JSC::DisallowScope::disable): Deleted.
(JSC::DisallowScope::enterScope): Deleted.
(JSC::DisallowScope::exitScope): Deleted.

• runtime/DisallowVMEntry.h: Copied from Source/JavaScriptCore/runtime/DisallowVMReentry.h.

(JSC::DisallowVMEntryImpl::DisallowVMEntryImpl):
(JSC::DisallowVMEntryImpl::~DisallowVMEntryImpl):
(JSC::DisallowVMEntryImpl::isEngaged const):
(JSC::DisallowVMEntryImpl::release):
(JSC::DisallowVMReentry::DisallowVMReentry): Deleted.
(JSC::DisallowVMReentry::initialize): Deleted.
(JSC::DisallowVMReentry::scopeReentryCount): Deleted.
(JSC::DisallowVMReentry::setScopeReentryCount): Deleted.

• runtime/DisallowVMReentry.cpp: Removed.
• runtime/DisallowVMReentry.h: Removed.
• runtime/InitializeThreading.cpp:

(JSC::initialize):

• runtime/JSArray.cpp:

(JSC::JSArray::tryCreateUninitializedRestricted):

• runtime/ObjectInitializationScope.cpp:

(JSC::ObjectInitializationScope::ObjectInitializationScope):
(JSC::ObjectInitializationScope::notifyAllocated):
(JSC::ObjectInitializationScope::notifyInitialized):

• runtime/ObjectInitializationScope.h:

(JSC::ObjectInitializationScope::vm const):
(JSC::ObjectInitializationScope::ObjectInitializationScope):
(JSC::ObjectInitializationScope::~ObjectInitializationScope):
(JSC::ObjectInitializationScope::notifyAllocated):
(JSC::ObjectInitializationScope::notifyInitialized):

• runtime/OptionsList.h:
• runtime/RegExpMatchesArray.h:

(JSC::tryCreateUninitializedRegExpMatchesArray):

• runtime/VM.h:
• runtime/VMEntryScope.cpp:

(JSC::VMEntryScope::VMEntryScope):

Location:

trunk/Source/JavaScriptCore

Files:

• CMakeLists.txt (modified) (1 diff)
• ChangeLog (modified) (1 diff)
• JavaScriptCore.xcodeproj/project.pbxproj (modified) (4 diffs)
• Sources.txt (modified) (1 diff)
• heap/DeferGC.cpp (modified) (2 diffs)
• heap/DeferGC.h (modified) (2 diffs)
• interpreter/Interpreter.cpp (modified) (6 diffs)
• llint/LLIntSlowPaths.cpp (modified) (1 diff)
• llint/LLIntSlowPaths.h (modified) (2 diffs)
• llint/LowLevelInterpreter32_64.asm (modified) (3 diffs)
• llint/LowLevelInterpreter64.asm (modified) (2 diffs)
• runtime/DisallowScope.h (modified) (3 diffs)
• runtime/DisallowVMEntry.h (moved) (moved from trunk/Source/JavaScriptCore/runtime/DisallowVMReentry.h ) (2 diffs)
• runtime/DisallowVMReentry.cpp (deleted)
• runtime/InitializeThreading.cpp (modified) (2 diffs)
• runtime/JSArray.cpp (modified) (2 diffs)
• runtime/ObjectInitializationScope.cpp (modified) (5 diffs)
• runtime/ObjectInitializationScope.h (modified) (5 diffs)
• runtime/OptionsList.h (modified) (1 diff)
• runtime/RegExpMatchesArray.h (modified) (1 diff)
• runtime/VM.h (modified) (2 diffs)
• runtime/VMEntryScope.cpp (modified) (3 diffs)

trunk/Source/JavaScriptCore/CMakeLists.txt ¶

@@ -839 +839 @@
     runtime/DirectEvalExecutable.h
     runtime/DisallowScope.h
-    runtime/DisallowVMReentry.h
+    runtime/DisallowVMEntry.h
     runtime/DumpContext.h
     runtime/ECMAMode.h

trunk/Source/JavaScriptCore/ChangeLog ¶

@@ +1 @@
+2020-07-21  Mark Lam  <mark.lam@apple.com>
+
+        Simplify DisallowScope, DisallowGC, and DisallowVMReentry implementations.
+        https://bugs.webkit.org/show_bug.cgi?id=214539
+        <rdar://problem/65795729>
+
+        Reviewed by Keith Miller.
+
+        Previously, DisallowScope needed to support enabling and disabling.  This was
+        only needed to enable the implementation of ObjectInitializationScope.  Now, we
+        can make the DisallowGC and DisallowVMReentry inside ObjectInitializationScope
+        optional with WTF::Optional.  With that we can simplify these scopes and make
+        them true RAII scope objects.
+
+        This patch also does the following:
+
+        1. Renamed DisallowVMReentry to DisallowVMEntry.
+           The scope can be used to disable VM entry completely.  There's no need to
+           restrict it to only re-entries.
+
+        2. Enforcement of DisallowVMReentry is now done in the LLInt's doVMEntry() instead
+           of the VMEntryScope's constructor.  This is a stronger guarantee.
+
+           If Options::crashOnDisallowedVMEntry() is true, the VM will crash if it sees
+           an attempt to enter the VM while disallowed.
+
+           If Options::crashOnDisallowedVMEntry() is false, an attempt to call into the VM
+           while disallowed will return immediately with an undefined result without
+           invoking any script.
+
+           By default, Options::crashOnDisallowedVMEntry() is true if ASSERT_ENABLED is
+           true.
+
+        3. Change DisallowScope and DisallowGC to be based on ASSERT_ENABLED instead of NEBUG.
+
+        4. Make DisallowVMEntry always enforceable, not just when ASSERT_ENABLED.
+           It's enforcement action depends on Options::crashOnDisallowedVMEntry() as
+           described above.
+
+        * CMakeLists.txt:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * Sources.txt:
+        * heap/DeferGC.cpp:
+        * heap/DeferGC.h:
+        (JSC::DisallowGC::DisallowGC):
+        (JSC::DisallowGC::initialize):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::executeProgram):
+        (JSC::Interpreter::executeCall):
+        (JSC::Interpreter::executeConstruct):
+        (JSC::Interpreter::execute):
+        (JSC::Interpreter::executeModuleProgram):
+        * llint/LLIntSlowPaths.cpp:
+        (JSC::LLInt::llint_check_vm_entry_permission):
+        * llint/LLIntSlowPaths.h:
+        * llint/LowLevelInterpreter32_64.asm:
+        * llint/LowLevelInterpreter64.asm:
+        * runtime/DisallowScope.h:
+        (JSC::DisallowScope::DisallowScope):
+        (JSC::DisallowScope::~DisallowScope):
+        (JSC::DisallowScope::isInEffectOnCurrentThread):
+        (JSC::DisallowScope::enable): Deleted.
+        (JSC::DisallowScope::disable): Deleted.
+        (JSC::DisallowScope::enterScope): Deleted.
+        (JSC::DisallowScope::exitScope): Deleted.
+        * runtime/DisallowVMEntry.h: Copied from Source/JavaScriptCore/runtime/DisallowVMReentry.h.
+        (JSC::DisallowVMEntryImpl::DisallowVMEntryImpl):
+        (JSC::DisallowVMEntryImpl::~DisallowVMEntryImpl):
+        (JSC::DisallowVMEntryImpl::isEngaged const):
+        (JSC::DisallowVMEntryImpl::release):
+        (JSC::DisallowVMReentry::DisallowVMReentry): Deleted.
+        (JSC::DisallowVMReentry::initialize): Deleted.
+        (JSC::DisallowVMReentry::scopeReentryCount): Deleted.
+        (JSC::DisallowVMReentry::setScopeReentryCount): Deleted.
+        * runtime/DisallowVMReentry.cpp: Removed.
+        * runtime/DisallowVMReentry.h: Removed.
+        * runtime/InitializeThreading.cpp:
+        (JSC::initialize):
+        * runtime/JSArray.cpp:
+        (JSC::JSArray::tryCreateUninitializedRestricted):
+        * runtime/ObjectInitializationScope.cpp:
+        (JSC::ObjectInitializationScope::ObjectInitializationScope):
+        (JSC::ObjectInitializationScope::notifyAllocated):
+        (JSC::ObjectInitializationScope::notifyInitialized):
+        * runtime/ObjectInitializationScope.h:
+        (JSC::ObjectInitializationScope::vm const):
+        (JSC::ObjectInitializationScope::ObjectInitializationScope):
+        (JSC::ObjectInitializationScope::~ObjectInitializationScope):
+        (JSC::ObjectInitializationScope::notifyAllocated):
+        (JSC::ObjectInitializationScope::notifyInitialized):
+        * runtime/OptionsList.h:
+        * runtime/RegExpMatchesArray.h:
+        (JSC::tryCreateUninitializedRegExpMatchesArray):
+        * runtime/VM.h:
+        * runtime/VMEntryScope.cpp:
+        (JSC::VMEntryScope::VMEntryScope):
+
 2020-07-21  Mark Lam  <mark.lam@apple.com>
 

trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj ¶

@@ -1926 +1926 @@
                 FE533CA61F217DB30016A1FE /* JavaScriptCore.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 932F5BD90822A1C700736975 /* JavaScriptCore.framework */; };
                 FE533CAD1F217EA50016A1FE /* testmasm.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE533CA01F217C310016A1FE /* testmasm.cpp */; };
-                FE54DEFB1E8C6D8800A892C5 /* DisallowVMReentry.h in Headers */ = {isa = PBXBuildFile; fileRef = FE54DEFA1E8C6D7200A892C5 /* DisallowVMReentry.h */; settings = {ATTRIBUTES = (Private, ); }; };
+                FE54DEFB1E8C6D8800A892C5 /* DisallowVMEntry.h in Headers */ = {isa = PBXBuildFile; fileRef = FE54DEFA1E8C6D7200A892C5 /* DisallowVMEntry.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 FE54DEFF1E8D76FA00A892C5 /* DisallowScope.h in Headers */ = {isa = PBXBuildFile; fileRef = FE54DEFE1E8D742800A892C5 /* DisallowScope.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 FE5628CE1E99513200C49E45 /* AirPrintSpecial.h in Headers */ = {isa = PBXBuildFile; fileRef = FE5628CC1E99512400C49E45 /* AirPrintSpecial.h */; };
@@ -5226 +5226 @@
                 FE533CA01F217C310016A1FE /* testmasm.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = testmasm.cpp; sourceTree = "<group>"; };
                 FE533CAC1F217DB40016A1FE /* testmasm */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = testmasm; sourceTree = BUILT_PRODUCTS_DIR; };
-                FE54DEFA1E8C6D7200A892C5 /* DisallowVMReentry.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DisallowVMReentry.h; sourceTree = "<group>"; };
-                FE54DEFC1E8C6DFF00A892C5 /* DisallowVMReentry.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DisallowVMReentry.cpp; sourceTree = "<group>"; };
+                FE54DEFA1E8C6D7200A892C5 /* DisallowVMEntry.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DisallowVMEntry.h; sourceTree = "<group>"; };
                 FE54DEFE1E8D742800A892C5 /* DisallowScope.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DisallowScope.h; sourceTree = "<group>"; };
                 FE5628CB1E99512400C49E45 /* AirPrintSpecial.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = AirPrintSpecial.cpp; path = b3/air/AirPrintSpecial.cpp; sourceTree = "<group>"; };
@@ -7173 +7172 @@
                                 14386A731DD69895008652C4 /* DirectEvalExecutable.h */,
                                 FE54DEFE1E8D742800A892C5 /* DisallowScope.h */,
-                                FE54DEFC1E8C6DFF00A892C5 /* DisallowVMReentry.cpp */,
-                                FE54DEFA1E8C6D7200A892C5 /* DisallowVMReentry.h */,
+                                FE54DEFA1E8C6D7200A892C5 /* DisallowVMEntry.h */,
                                 E31618101EC5FE080006A218 /* DOMAnnotation.h */,
                                 E31618111EC5FE080006A218 /* DOMAttributeGetterSetter.cpp */,
@@ -9529 +9527 @@
                                 0F37308F1C0CD68500052BFA /* DisallowMacroScratchRegisterUsage.h in Headers */,
                                 FE54DEFF1E8D76FA00A892C5 /* DisallowScope.h in Headers */,
-                                FE54DEFB1E8C6D8800A892C5 /* DisallowVMReentry.h in Headers */,
+                                FE54DEFB1E8C6D8800A892C5 /* DisallowVMEntry.h in Headers */,
                                 0FF42731158EBD54004CB9FF /* Disassembler.h in Headers */,
                                 E31618131EC5FE170006A218 /* DOMAnnotation.h in Headers */,

trunk/Source/JavaScriptCore/Sources.txt ¶

@@ -767 +767 @@
 runtime/DirectArgumentsOffset.cpp
 runtime/DirectEvalExecutable.cpp
-runtime/DisallowVMReentry.cpp
 runtime/DoublePredictionFuzzerAgent.cpp
 runtime/DumpContext.cpp

trunk/Source/JavaScriptCore/heap/DeferGC.cpp ¶

@@ -1 +1 @@
 /*
- * Copyright (C) 2013-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -29 +29 @@
 namespace JSC {
 
-#ifndef NDEBUG
+#if ASSERT_ENABLED
 LazyNeverDestroyed<ThreadSpecific<unsigned, WTF::CanBeGCThread::True>> DisallowGC::s_scopeReentryCount;
 #endif

trunk/Source/JavaScriptCore/heap/DeferGC.h ¶

@@ -78 +78 @@
     typedef DisallowScope<DisallowGC> Base;
 public:
-#ifdef NDEBUG
-
-    ALWAYS_INLINE DisallowGC(bool = false) { }
-    ALWAYS_INLINE static void initialize() { }
-
-#else // not NDEBUG
-
-    DisallowGC(bool enabled = true)
-        : Base(enabled)
-    { }
+#if ASSERT_ENABLED
+    DisallowGC() = default;
 
     static void initialize()
@@ -106 +98 @@
     JS_EXPORT_PRIVATE static LazyNeverDestroyed<ThreadSpecific<unsigned, WTF::CanBeGCThread::True>> s_scopeReentryCount;
 
-#endif // NDEBUG
+#else
+    ALWAYS_INLINE DisallowGC() { } // We need this to placate Clang due to unused warnings.
+    ALWAYS_INLINE static void initialize() { }
+#endif // ASSERT_ENABLED
     
     friend class DisallowScope<DisallowGC>;

trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp ¶

@@ -1 +1 @@
 /*
- * Copyright (C) 2008-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2008-2020 Apple Inc. All rights reserved.
  * Copyright (C) 2008 Cameron Zwarich <cwzwarich@uwaterloo.ca>
  *
@@ -826 +826 @@
     }
 
-    DisallowGC disallowGC; // Ensure no GC happens. GC can replace CodeBlock in Executable.
-
-    RefPtr<JITCode> jitCode = program->generatedJITCode();
-
+    RefPtr<JITCode> jitCode;
     ProtoCallFrame protoCallFrame;
-    protoCallFrame.init(codeBlock, globalObject, globalCallee, thisObj, 1);
+    {
+        DisallowGC disallowGC; // Ensure no GC happens. GC can replace CodeBlock in Executable.
+        jitCode = program->generatedJITCode();
+        protoCallFrame.init(codeBlock, globalObject, globalCallee, thisObj, 1);
+    }
 
     // Execute the code:
-    disallowGC.disable();
     throwScope.release();
     ASSERT(jitCode == program->generatedJITCode().ptr());
@@ -891 +891 @@
     }
 
-    DisallowGC disallowGC; // Ensure no GC happens. GC can replace CodeBlock in Executable.
-
     RefPtr<JITCode> jitCode;
-    if (isJSCall)
-        jitCode = callData.js.functionExecutable->generatedJITCodeForCall();
-
     ProtoCallFrame protoCallFrame;
-    protoCallFrame.init(newCodeBlock, globalObject, function, thisValue, argsCount, args.data());
+    {
+        DisallowGC disallowGC; // Ensure no GC happens. GC can replace CodeBlock in Executable.
+        if (isJSCall)
+            jitCode = callData.js.functionExecutable->generatedJITCodeForCall();
+        protoCallFrame.init(newCodeBlock, globalObject, function, thisValue, argsCount, args.data());
+    }
 
     JSValue result;
-    {
-        // Execute the code:
-        disallowGC.disable();
-        if (isJSCall) {
-            throwScope.release();
-            ASSERT(jitCode == callData.js.functionExecutable->generatedJITCodeForCall().ptr());
-            result = jitCode->execute(&vm, &protoCallFrame);
-        } else {
-            result = JSValue::decode(vmEntryToNative(callData.native.function.rawPointer(), &vm, &protoCallFrame));
-            RETURN_IF_EXCEPTION(throwScope, JSValue());
-        }
+    // Execute the code:
+    if (isJSCall) {
+        throwScope.release();
+        ASSERT(jitCode == callData.js.functionExecutable->generatedJITCodeForCall().ptr());
+        result = jitCode->execute(&vm, &protoCallFrame);
+    } else {
+        result = JSValue::decode(vmEntryToNative(callData.native.function.rawPointer(), &vm, &protoCallFrame));
+        RETURN_IF_EXCEPTION(throwScope, JSValue());
     }
 
@@ -973 +970 @@
     }
 
-    DisallowGC disallowGC; // Ensure no GC happens. GC can replace CodeBlock in Executable.
-
     RefPtr<JITCode> jitCode;
-    if (isJSConstruct)
-        jitCode = constructData.js.functionExecutable->generatedJITCodeForConstruct();
-
     ProtoCallFrame protoCallFrame;
-    protoCallFrame.init(newCodeBlock, globalObject, constructor, newTarget, argsCount, args.data());
+    {
+        DisallowGC disallowGC; // Ensure no GC happens. GC can replace CodeBlock in Executable.
+        if (isJSConstruct)
+            jitCode = constructData.js.functionExecutable->generatedJITCodeForConstruct();
+        protoCallFrame.init(newCodeBlock, globalObject, constructor, newTarget, argsCount, args.data());
+    }
 
     JSValue result;
-    {
-        // Execute the code.
-        disallowGC.disable();
-        if (isJSConstruct) {
-            ASSERT(jitCode == constructData.js.functionExecutable->generatedJITCodeForConstruct().ptr());
-            result = jitCode->execute(&vm, &protoCallFrame);
-        } else {
-            result = JSValue::decode(vmEntryToNative(constructData.native.function.rawPointer(), &vm, &protoCallFrame));
-
-            if (LIKELY(!throwScope.exception()))
-                RELEASE_ASSERT(result.isObject());
-        }
+    // Execute the code.
+    if (isJSConstruct) {
+        ASSERT(jitCode == constructData.js.functionExecutable->generatedJITCodeForConstruct().ptr());
+        result = jitCode->execute(&vm, &protoCallFrame);
+    } else {
+        result = JSValue::decode(vmEntryToNative(constructData.native.function.rawPointer(), &vm, &protoCallFrame));
+
+        if (LIKELY(!throwScope.exception()))
+            RELEASE_ASSERT(result.isObject());
     }
 
@@ -1194 +1188 @@
     }
 
-    DisallowGC disallowGC; // Ensure no GC happens. GC can replace CodeBlock in Executable.
-
-    RefPtr<JITCode> jitCode = eval->generatedJITCode();
-
+    RefPtr<JITCode> jitCode;
     ProtoCallFrame protoCallFrame;
-    protoCallFrame.init(codeBlock, globalObject, callee, thisValue, 1);
+    {
+        DisallowGC disallowGC; // Ensure no GC happens. GC can replace CodeBlock in Executable.
+        jitCode = eval->generatedJITCode();
+        protoCallFrame.init(codeBlock, globalObject, callee, thisValue, 1);
+    }
 
     // Execute the code:
-    disallowGC.disable();
     throwScope.release();
     ASSERT(jitCode == eval->generatedJITCode().ptr());
@@ -1252 +1246 @@
     }
 
-    DisallowGC disallowGC; // Ensure no GC happens. GC can replace CodeBlock in Executable.
-
-    RefPtr<JITCode> jitCode = executable->generatedJITCode();
-
-    // The |this| of the module is always `undefined`.
-    // http://www.ecma-international.org/ecma-262/6.0/#sec-module-environment-records-hasthisbinding
-    // http://www.ecma-international.org/ecma-262/6.0/#sec-module-environment-records-getthisbinding
+    RefPtr<JITCode> jitCode;
     ProtoCallFrame protoCallFrame;
-    protoCallFrame.init(codeBlock, globalObject, callee, jsUndefined(), 1);
+    {
+        DisallowGC disallowGC; // Ensure no GC happens. GC can replace CodeBlock in Executable.
+        jitCode = executable->generatedJITCode();
+        // The |this| of the module is always `undefined`.
+        // http://www.ecma-international.org/ecma-262/6.0/#sec-module-environment-records-hasthisbinding
+        // http://www.ecma-international.org/ecma-262/6.0/#sec-module-environment-records-getthisbinding
+        protoCallFrame.init(codeBlock, globalObject, callee, jsUndefined(), 1);
+    }
 
     // Execute the code:
-    disallowGC.disable();
     throwScope.release();
     ASSERT(jitCode == executable->generatedJITCode().ptr());

trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp ¶

@@ -2317 +2317 @@
 }
 
+extern "C" SlowPathReturnType llint_check_vm_entry_permission(VM* vm, ProtoCallFrame*)
+{
+    ASSERT_UNUSED(vm, vm->disallowVMEntryCount);
+    if (Options::crashOnDisallowedVMEntry())
+        CRASH();
+
+    // Else return, and let doVMEntry return undefined.
+    return encodeResult(nullptr, nullptr);
+}
+
 extern "C" void llint_dump_value(EncodedJSValue value);
 extern "C" void llint_dump_value(EncodedJSValue value)

trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.h ¶

@@ -1 +1 @@
 /*
- * Copyright (C) 2011-2018 Apple Inc. All rights reserved.
+ * Copyright (C) 2011-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -148 +148 @@
 extern "C" SlowPathReturnType llint_stack_check_at_vm_entry(VM*, Register*) WTF_INTERNAL;
 #endif
+extern "C" SlowPathReturnType llint_check_vm_entry_permission(VM*, ProtoCallFrame*) WTF_INTERNAL;
 extern "C" NO_RETURN_DUE_TO_CRASH void llint_crash() WTF_INTERNAL;
 

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm ¶

@@ -1 @@
-# Copyright (C) 2011-2019 Apple Inc. All rights reserved.
+# Copyright (C) 2011-2020 Apple Inc. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -171 +171 @@
     # aliasing problems with our arguments.
 
+    loadi VM::disallowVMEntryCount[vm], t4
+    btinz t4, .checkVMEntryPermission
+
     if ARMv7
         vmEntryRecord(cfr, t3)
@@ -317 +320 @@
     end
 
+    popCalleeSaves()
+    functionEpilogue()
+    ret
+
+.checkVMEntryPermission:
+    move vm, a0
+    move protoCallFrame, a1
+    cCall2(_llint_check_vm_entry_permission)
+    move UndefinedTag, r0
+    move 0, r1
+
+    subp cfr, CalleeRegisterSaveSize, sp
     popCalleeSaves()
     functionEpilogue()

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm ¶

@@ -167 +167 @@
     checkStackPointerAlignment(t4, 0xbad0dc01)
 
+    loadi VM::disallowVMEntryCount[vm], t4
+    btinz t4, .checkVMEntryPermission
+
     storep vm, VMEntryRecord::m_vm[sp]
     loadp VM::topCallFrame[vm], t4
@@ -282 +285 @@
     subp cfr, CalleeRegisterSaveSize, sp
 
+    popCalleeSaves()
+    functionEpilogue()
+    ret
+
+.checkVMEntryPermission:
+    move vm, a0
+    move protoCallFrame, a1
+    cCall2(_llint_check_vm_entry_permission)
+    move ValueUndefined, r0
+
+    subp cfr, CalleeRegisterSaveSize, sp
     popCalleeSaves()
     functionEpilogue()

trunk/Source/JavaScriptCore/runtime/DisallowScope.h ¶

@@ -1 +1 @@
 /*
- * Copyright (C) 2017-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2017-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -36 +36 @@
     WTF_FORBID_HEAP_ALLOCATION;
 public:
-#ifdef NDEBUG
-
-    ALWAYS_INLINE DisallowScope(bool = false) { }
-    ALWAYS_INLINE ~DisallowScope() { }
-    ALWAYS_INLINE static bool isInEffectOnCurrentThread() { return false; }
-    ALWAYS_INLINE void enable() { }
-    ALWAYS_INLINE void disable() { }
-
-#else // not NDEBUG
-
-    DisallowScope(bool enabled = true)
+#if ASSERT_ENABLED
+    DisallowScope()
     {
-        m_isEnabled = enabled;
-        if (m_isEnabled)
-            enterScope();
+        auto count = T::scopeReentryCount();
+        T::setScopeReentryCount(++count);
     }
 
     ~DisallowScope()
     {
-        if (m_isEnabled)
-            exitScope();
+        auto count = T::scopeReentryCount();
+        ASSERT(count);
+        T::setScopeReentryCount(--count);
     }
 
@@ -64 +55 @@
     }
 
-    void enable()
-    {
-        m_isEnabled = true;
-        enterScope();
-    }
-
-    void disable()
-    {
-        m_isEnabled = false;
-        exitScope();
-    }
-
-private:
-    void enterScope()
-    {
-        auto count = T::scopeReentryCount();
-        T::setScopeReentryCount(++count);
-    }
-
-    void exitScope()
-    {
-        auto count = T::scopeReentryCount();
-        ASSERT(count);
-        T::setScopeReentryCount(--count);
-    }
-
-    bool m_isEnabled;
-#endif // NDEBUG
+#else // not ASSERT_ENABLED
+    ALWAYS_INLINE DisallowScope() { } // We need this to placate Clang due to unused warnings.
+    ALWAYS_INLINE static bool isInEffectOnCurrentThread() { return false; }
+#endif // ASSERT_ENABLED
 };
 

trunk/Source/JavaScriptCore/runtime/DisallowVMEntry.h ¶

@@ -1 +1 @@
 /*
- * Copyright (C) 2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2017-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -26 +26 @@
 #pragma once
 
-#include "DisallowScope.h"
-#include <wtf/NeverDestroyed.h>
-#include <wtf/ThreadSpecific.h>
-
 namespace JSC {
 
-class DisallowVMReentry : public DisallowScope<DisallowVMReentry> {
-    WTF_MAKE_NONCOPYABLE(DisallowVMReentry);
-    typedef DisallowScope<DisallowVMReentry> Base;
+class VM;
+
+// The only reason we implement DisallowVMEntry as specialization of a template
+// is so that we can work around having to #include VM.h, which can hurt build
+// time. This defers the cost of #include'ing VM.h to only the clients that
+// need it.
+
+template<typename VMType = VM>
+class DisallowVMEntryImpl {
+    WTF_MAKE_NONCOPYABLE(DisallowVMEntryImpl);
 public:
-#ifdef NDEBUG
+    DisallowVMEntryImpl(VMType& vm)
+        : m_vm(&vm)
+    {
+        m_vm->disallowVMEntryCount++;
+    }
 
-    ALWAYS_INLINE DisallowVMReentry(bool = false) { }
-    ALWAYS_INLINE static void initialize() { }
-
-#else // not NDEBUG
-
-    DisallowVMReentry(bool enabled = true)
-        : Base(enabled)
-    { }
-
-    static void initialize()
+    ~DisallowVMEntryImpl()
     {
-        s_scopeReentryCount.construct();
+        RELEASE_ASSERT(m_vm->disallowVMEntryCount);
+        m_vm->disallowVMEntryCount--;
+        m_vm = nullptr;
     }
 
 private:
-    static unsigned scopeReentryCount()
-    {
-        return *s_scopeReentryCount.get();
-    }
-    static void setScopeReentryCount(unsigned value)
-    {
-        *s_scopeReentryCount.get() = value;
-    }
-
-    JS_EXPORT_PRIVATE static LazyNeverDestroyed<ThreadSpecific<unsigned, WTF::CanBeGCThread::True>> s_scopeReentryCount;
-
-#endif // NDEBUG
-
-    friend class DisallowScope<DisallowVMReentry>;
+    VMType* m_vm;
 };
 
+using DisallowVMEntry = DisallowVMEntryImpl<VM>;
+
 } // namespace JSC

trunk/Source/JavaScriptCore/runtime/InitializeThreading.cpp ¶

@@ -30 +30 @@
 #include "InitializeThreading.h"
 
-#include "DisallowVMReentry.h"
 #include "ExecutableAllocator.h"
 #include "JSCConfig.h"
@@ -79 +78 @@
 
         LLInt::initialize();
-#ifndef NDEBUG
         DisallowGC::initialize();
-        DisallowVMReentry::initialize();
-#endif
+
         initializeSuperSampler();
         Thread& thread = Thread::current();

trunk/Source/JavaScriptCore/runtime/JSArray.cpp ¶

@@ -1 +1 @@
 /*
  *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
- *  Copyright (C) 2003-2019 Apple Inc. All rights reserved.
+ *  Copyright (C) 2003-2020 Apple Inc. All rights reserved.
  *  Copyright (C) 2003 Peter Kelly (pmk@post.com)
  *  Copyright (C) 2006 Alexey Proskuryakov (ap@nypop.com)
@@ -97 +97 @@
     JSArray* result = createWithButterfly(vm, deferralContext, structure, butterfly);
 
-    const bool createUninitialized = true;
-    scope.notifyAllocated(result, createUninitialized);
+    scope.notifyAllocated(result);
     return result;
 }

trunk/Source/JavaScriptCore/runtime/ObjectInitializationScope.cpp ¶

@@ -1 +1 @@
 /*
- * Copyright (C) 2017-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2017-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -35 +35 @@
 namespace JSC {
 
-#ifndef NDEBUG
+#if ASSERT_ENABLED
+
 ObjectInitializationScope::ObjectInitializationScope(VM& vm)
     : m_vm(vm)
-    , m_disallowGC(false)
-    , m_disallowVMReentry(false)
 {
 }
@@ -51 +50 @@
 }
 
-void ObjectInitializationScope::notifyAllocated(JSObject* object, bool wasCreatedUninitialized)
+void ObjectInitializationScope::notifyAllocated(JSObject* object)
 {
-    if (wasCreatedUninitialized) {
-        m_disallowGC.enable();
-        m_disallowVMReentry.enable();
-        m_object = object;
-    } else
-        verifyPropertiesAreInitialized(object);
+    ASSERT(!m_disallowGC);
+    ASSERT(!m_disallowVMEntry);
+    m_disallowGC.emplace();
+    m_disallowVMEntry.emplace(m_vm);
+    m_object = object;
 }
 
@@ -64 +62 @@
 {
     if (m_object) {
-        m_disallowGC.disable();
-        m_disallowVMReentry.disable();
+        m_disallowGC.reset();
+        m_disallowVMEntry.reset();
         m_object = nullptr;
     }
@@ -115 +113 @@
     }
 }
-#endif
+
+#endif // ASSERT_ENABLED
 
 } // namespace JSC

trunk/Source/JavaScriptCore/runtime/ObjectInitializationScope.h ¶

@@ -1 +1 @@
 /*
- * Copyright (C) 2017-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2017-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -27 +27 @@
 
 #include "DeferGC.h"
-#include "DisallowVMReentry.h"
+#include "DisallowVMEntry.h"
 #include "VM.h"
+#include <wtf/Optional.h>
 
 namespace JSC {
@@ -35 +36 @@
 class JSObject;
 
-#ifdef NDEBUG
+#if ASSERT_ENABLED
+
+class ObjectInitializationScope {
+public:
+    JS_EXPORT_PRIVATE ObjectInitializationScope(VM&);
+    JS_EXPORT_PRIVATE ~ObjectInitializationScope();
+
+    VM& vm() const { return m_vm; }
+    void notifyAllocated(JSObject*);
+    void notifyInitialized(JSObject*);
+
+private:
+    void verifyPropertiesAreInitialized(JSObject*);
+
+    VM& m_vm;
+    Optional<DisallowGC> m_disallowGC;
+    Optional<DisallowVMEntry> m_disallowVMEntry;
+    JSObject* m_object { nullptr };
+};
+
+#else // not ASSERT_ENABLED
 
 class ObjectInitializationScope {
@@ -48 +69 @@
 
     ALWAYS_INLINE VM& vm() const { return m_vm; }
-    ALWAYS_INLINE void notifyAllocated(JSObject*, bool) { }
+    ALWAYS_INLINE void notifyAllocated(JSObject*) { }
     ALWAYS_INLINE void notifyInitialized(JSObject*) { }
 
@@ -55 +76 @@
 };
 
-#else // not NDEBUG
-
-class ObjectInitializationScope {
-public:
-    JS_EXPORT_PRIVATE ObjectInitializationScope(VM&);
-    JS_EXPORT_PRIVATE ~ObjectInitializationScope();
-
-    VM& vm() const { return m_vm; }
-    void notifyAllocated(JSObject*, bool wasCreatedUninitialized);
-    void notifyInitialized(JSObject*);
-
-private:
-    void verifyPropertiesAreInitialized(JSObject*);
-
-    VM& m_vm;
-    DisallowGC m_disallowGC;
-    DisallowVMReentry m_disallowVMReentry;
-    JSObject* m_object { nullptr };
-};
-
-#endif // NDEBUG
+#endif // ASSERT_ENABLED
 
 } // namespace JSC

trunk/Source/JavaScriptCore/runtime/OptionsList.h ¶

@@ -95 +95 @@
     v(Unsigned, reservedZoneSize, 64 * KB, Normal, "The amount of stack space we guarantee to our clients (and to interal VM code that does not call out to clients).") \
     \
+    v(Bool, crashOnDisallowedVMEntry, ASSERT_ENABLED, Normal, "Forces a crash if we attempt to enter the VM when disallowed") \
     v(Bool, crashIfCantAllocateJITMemory, false, Normal, nullptr) \
     v(Unsigned, jitMemoryReservationSize, 0, Normal, "Set this number to change the executable allocation size in ExecutableAllocatorFixedVMPool. (In bytes.)") \

trunk/Source/JavaScriptCore/runtime/RegExpMatchesArray.h ¶

@@ -55 +55 @@
     JSArray* result = JSArray::createWithButterfly(vm, deferralContext, structure, butterfly);
 
-    const bool createUninitialized = true;
-    scope.notifyAllocated(result, createUninitialized);
+    scope.notifyAllocated(result);
     return result;
 }

trunk/Source/JavaScriptCore/runtime/VM.h ¶

@@ -36 +36 @@
 #include "DateInstanceCache.h"
 #include "DeleteAllCodeEffort.h"
+#include "DisallowVMEntry.h"
 #include "ExceptionEventLocation.h"
 #include "ExecutableAllocator.h"
@@ -953 +954 @@
     void scanSideState(ConservativeRoots&) const;
 
+    unsigned disallowVMEntryCount { 0 };
     VMEntryScope* entryScope;
 

trunk/Source/JavaScriptCore/runtime/VMEntryScope.cpp ¶

@@ -1 +1 @@
 /*
- * Copyright (C) 2013-2018 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -27 +27 @@
 #include "VMEntryScope.h"
 
-#include "DisallowVMReentry.h"
 #include "Options.h"
 #include "SamplingProfiler.h"
@@ -40 +39 @@
     , m_globalObject(globalObject)
 {
-    ASSERT(!DisallowVMReentry::isInEffectOnCurrentThread());
     if (!vm.entryScope) {
         vm.entryScope = this;