Changeset 153211 in webkit for trunk/Source/JavaScriptCore/interpreter/CallFrame.h

Timestamp:

Jul 24, 2013, 9:02:07 PM (12 years ago)

Author:

[email protected]

Message:

fourthTier: CallFrame::trueCallFrame() should populate the bytecodeOffset field
when reifying inlined frames..
​https://bugs.webkit.org/show_bug.cgi?id=117209.

Reviewed by Geoffrey Garen.

When reifying an inlined frame, we fill in its CodeBlock, and
bytecodeOffset. We also set the InlinedFrame bit in the location field.
This is needed in order to iterate the stack correctly. Here's why:

Let's say we have the following stack trace:

X calls A inlines B inlines C calls D

Based on the above scenario,

1. D's callerFrame points to A (not C).
2. A has a codeOriginIndex that points to C.

When iterating the stack (from D back towards X), we will encounter A
twice:

t1. when trying to find C as D's caller.

This is the time when we reify B and C using the
codeOriginIndex in A, and return C as the caller frame of D.

t2. when getting's the reified B's caller.

This time, we don't run the reification process, and
just take A as the caller frame of B.

To discern which treatment of the DFG frame (i.e. A) we need to apply,
we check if the callee is an inlined frame:

If callee is NOT an inlined frame (e.g. frame D), apply treatment t1.
If callee is an inlined frame (e.g. frame B), apply treatment t2.

Why not just reify A by replacing its codeOriginIndex with A's
bytecodeOffset?

We can't do this because D's callerFrame pointer still points to A, and
needs to remain that way because we did not deopt A. It remains a DFG
frame which inlined B and C.

If we replace the codeOriginIndex in A with A's bytecodeOffset, we will
only get to iterate the stack correctly once. If we try to iterate the
stack a second time, we will not have the information from the
codeOriginIndex to tell us that D's caller is actually the inlined C,
and not A.

To recap, when reifying frames for stack iteration purposes, the DFG
frame needs to hold on to its codeOriginIndex. This in turn means the
DFG frame will need to be treated in 2 possible ways, and we need to
know if a callee frame is an inlined frame in order to choose the
correct treatment for the DFG frame.

Other changes:

• Simplified Interpreter::getCallerInfo().
• Removed CodeBlock::codeOriginForReturn() and supporting code which is now unneeded.
• Moved CallFrame location bit encoding from the CodeOrigin to the new CallFrame::Location class.
• Explicitly tagged inlined frames. This is necessary in order to iterate the stack correctly as explained above.

• bytecode/CodeBlock.cpp:
• bytecode/CodeBlock.h:

(JSC::CodeBlock::codeOrigins):
(CodeBlock):
(JSC::CodeBlock::codeOrigin):
(RareData):

• bytecode/CodeOrigin.h:

(CodeOrigin):

• dfg/DFGJITCompiler.cpp:

(JSC::DFG::JITCompiler::link):

• dfg/DFGJITCompiler.h:

(JSC::DFG::JITCompiler::beginCall):

• interpreter/CallFrame.cpp:

(JSC::CallFrame::trueCallFrame):
(JSC::CallFrame::trueCallerFrame):
(JSC::CallFrame::bytecodeOffsetFromCodeOriginIndex):

• interpreter/CallFrame.h:

(Location):
(ExecState):
(JSC::ExecState::trueCallerFrame):
(JSC::ExecState::callerFrameNoFlags):

• interpreter/CallFrameInlines.h:

(JSC::CallFrame::Location::encode):
(JSC::CallFrame::Location::decode):
(JSC::CallFrame::Location::isBytecodeOffset):
(JSC::CallFrame::Location::isCodeOriginIndex):
(JSC::CallFrame::Location::isInlinedFrame):
(JSC::CallFrame::isInlinedFrame):
(JSC::CallFrame::setIsInlinedFrame):
(JSC::CallFrame::hasLocationAsBytecodeOffset):
(JSC::CallFrame::hasLocationAsCodeOriginIndex):
(JSC::CallFrame::locationAsBytecodeOffset):
(JSC::CallFrame::setLocationAsBytecodeOffset):
(JSC::CallFrame::locationAsCodeOriginIndex):

• interpreter/Interpreter.cpp:

(JSC::getCallerInfo):
(JSC::Interpreter::getStackTrace):
(JSC::Interpreter::findFunctionCallFrameFromVMCode):

• runtime/Arguments.cpp:

(JSC::Arguments::tearOff):

File:

• trunk/Source/JavaScriptCore/interpreter/CallFrame.h (modified) (5 diffs)

trunk/Source/JavaScriptCore/interpreter/CallFrame.h

@@ -115 +115 @@
         AbstractPC abstractReturnPC(VM& vm) { return AbstractPC(vm, this); }
 
+        class Location {
+        public:
+            enum Type {
+                BytecodeOffset = 0,
+                CodeOriginIndex = (1 << 0),
+                IsInlinedCode = (1 << 1),
+            };
+
+            static inline uint32_t encode(Type, uint32_t bits);
+            static inline uint32_t decode(uint32_t bits);
+            static inline bool isBytecodeOffset(uint32_t bits);
+            static inline bool isCodeOriginIndex(uint32_t bits);
+            static inline bool isInlinedCode(uint32_t bits);
+
+        private:
+            static const uint32_t s_mask = 0x3;
+#if USE(JSVALUE64)
+            static const uint32_t s_shift = 30;
+            static const uint32_t s_shiftedMask = s_mask << s_shift;
+#else
+            static const uint32_t s_shift = 2;
+#endif
+        };
+
+        bool isInlinedFrame() const;
+        void setIsInlinedFrame();
+
         bool hasLocationAsBytecodeOffset() const;
         bool hasLocationAsCodeOriginIndex() const;
@@ -124 +151 @@
         void setLocationAsRawBits(unsigned);
         void setLocationAsBytecodeOffset(unsigned);
+
+        unsigned bytecodeOffsetFromCodeOriginIndex();
 
         Register* frameExtent()
@@ -138 +167 @@
 #else
         // This will never be called if !ENABLE(DFG_JIT) since all calls should be guarded by
-        // isInlineCallFrame(). But to make it easier to write code without having a bunch of
+        // isInlinedFrame(). But to make it easier to write code without having a bunch of
         // #if's, we make a dummy implementation available anyway.
         InlineCallFrame* inlineCallFrame() const
@@ -232 +261 @@
         
 #if ENABLE(DFG_JIT)
-        bool isInlineCallFrame();
-        
         void setInlineCallFrame(InlineCallFrame* inlineCallFrame) { static_cast<Register*>(this)[JSStack::ReturnPC] = inlineCallFrame; }
-        
+
         // Call this to get the semantically correct JS CallFrame* for the
         // currently executing function.
-        CallFrame* trueCallFrame(AbstractPC);
-        
+        CallFrame* trueCallFrame();
+
         // Call this to get the semantically correct JS CallFrame* corresponding
         // to the caller. This resolves issues surrounding inlining and the
         // HostCallFrameFlag stuff.
         CallFrame* trueCallerFrame();
-        
-        CodeBlock* someCodeBlockForPossiblyInlinedCode();
 #else
-        bool isInlineCallFrame() { return false; }
-        
         CallFrame* trueCallFrame(AbstractPC) { return this; }
         CallFrame* trueCallerFrame() { return callerFrame()->removeHostCallFrameFlag(); }
-        
-        CodeBlock* someCodeBlockForPossiblyInlinedCode() { return codeBlock(); }
 #endif
         CallFrame* callerFrameNoFlags() { return callerFrame()->removeHostCallFrameFlag(); }
-        
-        // Call this to get the true call frame (accounted for inlining and any
-        // other optimizations), when you have entered into VM code through one
-        // of the "blessed" entrypoints (JITStubs or DFGOperations). This means
-        // that if you're pretty much anywhere in the VM you can safely call this;
-        // though if you were to magically get an ExecState* by, say, interrupting
-        // a thread that is running JS code and brutishly scraped the call frame
-        // register, calling this method would probably lead to horrible things
-        // happening.
-        CallFrame* trueCallFrameFromVMCode() { return trueCallFrame(AbstractPC()); }
 
     private:
@@ -273 +284 @@
 #ifndef NDEBUG
         JSStack* stack();
-#endif
-#if ENABLE(DFG_JIT)
-        bool isInlineCallFrameSlow();
 #endif
         ExecState();