Changeset 188555 in webkit

Timestamp:

Aug 17, 2015, 4:58:00 PM (10 years ago)

Author:

msaboff@apple.com

Message:

jsc-tailcall: Handling exception in caller frame cannot unwind past VMEntry frame
​https://bugs.webkit.org/show_bug.cgi?id=148076

Reviewed by Basile Clement.

When we are unwinding from our caller, we need to check if we are the top JavaScript entry frame.
If so, we don't need to unwind any further, we just process as an unhandled exception.
Moved the processing of "unwind from caller frame" into genericUnwind(). Added an enum parameter
to indicate whether or not we start unwinding from the current frame or caller's frame.
In the case of the LLInt, we now handle a stack overflow exception from the current frame and not
the caller's frame. This is needed because the unwind code needs to restore the callee saves
that the LLInt has saved, namely the PC register which is needed to make slow path calls.

• interpreter/CallFrame.cpp:

(JSC::CallFrame::callerFrameIsVMEntryFrame):

• interpreter/CallFrame.h:

(JSC::CallFrame::callerFrameIsVMEntryFrame):
New helper function to determine if we are the top JavaScript frame.

• jit/JITExceptions.cpp:

(JSC::genericUnwind):

• jit/JITExceptions.h:

Added enum parameter to genericUnwind() to indicate if we are unwinding from the current or
caller frame.

• jit/JITOperations.cpp:

(JSC:lookupExceptionHandlerFromCallerFrame): Moved the caller frame processing to genericUnwind().

• llint/LLIntSlowPaths.cpp:

(JSC::LLInt::llint_stack_check): Changed to process the exception in the current frame.

• llint/LowLevelInterpreter.asm:

Made sure to account for calle save register space when making a call to llint_stack_check.

Location:

branches/jsc-tailcall/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• interpreter/CallFrame.cpp (modified) (1 diff)
• interpreter/CallFrame.h (modified) (1 diff)
• jit/JITExceptions.cpp (modified) (2 diffs)
• jit/JITExceptions.h (modified) (1 diff)
• jit/JITOperations.cpp (modified) (1 diff)
• llint/LLIntSlowPaths.cpp (modified) (1 diff)
• llint/LowLevelInterpreter.asm (modified) (2 diffs)

branches/jsc-tailcall/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2015-08-17  Michael Saboff  <msaboff@apple.com>
+
+        jsc-tailcall: Handling exception in caller frame cannot unwind past VMEntry frame
+        https://bugs.webkit.org/show_bug.cgi?id=148076
+
+        Reviewed by Basile Clement.
+
+        When we are unwinding from our caller, we need to check if we are the top JavaScript entry frame.
+        If so, we don't need to unwind any further, we just process as an unhandled exception.
+        Moved the processing of "unwind from caller frame" into genericUnwind().  Added an enum parameter
+        to indicate whether or not we start unwinding from the current frame or caller's frame.
+        In the case of the LLInt, we now handle a stack overflow exception from the current frame and not
+        the caller's frame.  This is needed because the unwind code needs to restore the callee saves
+        that the LLInt has saved, namely the PC register which is needed to make slow path calls.
+
+        * interpreter/CallFrame.cpp:
+        (JSC::CallFrame::callerFrameIsVMEntryFrame):
+        * interpreter/CallFrame.h:
+        (JSC::CallFrame::callerFrameIsVMEntryFrame):
+        New helper function to determine if we are the top JavaScript frame.
+
+        * jit/JITExceptions.cpp:
+        (JSC::genericUnwind):
+        * jit/JITExceptions.h:
+        Added enum parameter to genericUnwind() to indicate if we are unwinding from the current or
+        caller frame.
+
+        * jit/JITOperations.cpp:
+        (JSC:lookupExceptionHandlerFromCallerFrame): Moved the caller frame processing to genericUnwind().
+
+        * llint/LLIntSlowPaths.cpp:
+        (JSC::LLInt::llint_stack_check): Changed to process the exception in the current frame.
+
+        * llint/LowLevelInterpreter.asm:
+        Made sure to account for calle save register space when making a call to llint_stack_check.
+
 2015-08-11  Basile Clement  <basile_clement@apple.com>
 

branches/jsc-tailcall/Source/JavaScriptCore/interpreter/CallFrame.cpp

@@ -147 +147 @@
 }
 
+bool CallFrame::callerFrameIsVMEntryFrame(VMEntryFrame* vmEntryFrame)
+{
+    return callerFrameOrVMEntryFrame() == vmEntryFrame;
+}
+
 JSLexicalEnvironment* CallFrame::lexicalEnvironment() const
 {

branches/jsc-tailcall/Source/JavaScriptCore/interpreter/CallFrame.h

@@ -100 +100 @@
         JS_EXPORT_PRIVATE CallFrame* callerFrame(VMEntryFrame*&);
 
+        bool callerFrameIsVMEntryFrame(VMEntryFrame*);
+
         static ptrdiff_t callerFrameOffset() { return OBJECT_OFFSETOF(CallerFrameAndPC, callerFrame); }
 

branches/jsc-tailcall/Source/JavaScriptCore/jit/JITExceptions.cpp

@@ -41 +41 @@
 namespace JSC {
 
-void genericUnwind(VM* vm, ExecState* callFrame)
+void genericUnwind(VM* vm, ExecState* callFrame, UnwindStart unwindStart)
 {
     if (Options::breakOnThrow()) {
@@ -51 +51 @@
     RELEASE_ASSERT(exception);
     VMEntryFrame* vmEntryFrame = vm->topVMEntryFrame;
+
+    if (unwindStart == UnwindFromCallerFrame) {
+        if (callFrame->callerFrameIsVMEntryFrame(vmEntryFrame)) {
+            // If we are unwinding from our caller and our caller is a VMEntryFrame, we don't need to unwind.
+            // We can go straight to handleUncaughtException.
+            vm->vmEntryFrameForThrow = vmEntryFrame;
+            vm->callFrameForThrow = callFrame;
+            vm->targetMachinePCForThrow = LLInt::getCodePtr(handleUncaughtException);
+            vm->targetInterpreterPCForThrow = nullptr;
+
+            return;
+        }
+
+        // Start unwinding from our caller's frame.
+        callFrame = callFrame->callerFrame();
+        vm->topCallFrame = callFrame;
+    }
     HandlerInfo* handler = vm->interpreter->unwind(vmEntryFrame, callFrame, exception); // This may update vmEntryFrame and callFrame.
 

branches/jsc-tailcall/Source/JavaScriptCore/jit/JITExceptions.h

@@ -34 +34 @@
 class VM;
 
-void genericUnwind(VM*, ExecState*);
+enum UnwindStart { UnwindFromCurrentFrame, UnwindFromCallerFrame };
+
+void genericUnwind(VM*, ExecState*, UnwindStart unwindStart = UnwindFromCurrentFrame);
 
 } // namespace JSC

branches/jsc-tailcall/Source/JavaScriptCore/jit/JITOperations.cpp

@@ -1937 +1937 @@
 void JIT_OPERATION lookupExceptionHandlerFromCallerFrame(VM* vm, ExecState* exec)
 {
-    VMEntryFrame* vmEntryFrame = vm->topVMEntryFrame;
-    CallFrame* callerFrame = exec->callerFrame(vmEntryFrame);
-    ASSERT(callerFrame);
-
-    NativeCallFrameTracerWithRestore tracer(vm, vmEntryFrame, callerFrame);
-    genericUnwind(vm, callerFrame);
+    NativeCallFrameTracer tracer(vm, exec);
+    genericUnwind(vm, exec, UnwindFromCallerFrame);
     ASSERT(vm->targetMachinePCForThrow);
 }

branches/jsc-tailcall/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp

@@ -484 +484 @@
     vm.topCallFrame = exec;
     ErrorHandlingScope errorScope(vm);
-    CommonSlowPaths::interpreterThrowInCaller(exec, createStackOverflowError(exec));
-    pc = returnToThrowForThrownException(exec);
+    vm.throwException(exec, createStackOverflowError(exec));
+    pc = returnToThrow(exec);
     LLINT_RETURN_TWO(pc, exec);
 }

branches/jsc-tailcall/Source/JavaScriptCore/llint/LowLevelInterpreter.asm

@@ -227 +227 @@
     const CalleeSaveSpaceAsVirtualRegisters = 0
 end
+
+const CalleeSaveSpaceStackAligned = (CalleeSaveSpaceAsVirtualRegisters * SlotSize + StackAlignment - 1) & ~StackAlignmentMask
+
 
 # Watchpoint states
@@ -917 +920 @@
 
     # Stack height check failed - need to call a slow_path.
-    subp maxFrameExtentForSlowPathCall, sp # Set up temporary stack pointer for call
+    # Set up temporary stack pointer for call including callee saves
+    subp maxFrameExtentForSlowPathCall + CalleeSaveSpaceStackAligned, sp
     callSlowPath(_llint_stack_check)
     bpeq r1, 0, .stackHeightOKGetCodeBlock