Changeset 214905 in webkit for trunk/Source/JavaScriptCore/interpreter

Timestamp:

Apr 4, 2017, 3:23:37 PM (8 years ago)

Author:

[email protected]

Message:

WebAssembly: JSWebAssemblyCallee should not be a JSCell
​https://bugs.webkit.org/show_bug.cgi?id=170135

Reviewed by Michael Saboff.

Source/JavaScriptCore:

This patch is perhaps the last big change to the design of fundamental
Wasm API to allow for PIC. It changes JSWebAssemblyCallee into a thing
called Wasm::Callee. It serves the same purpose as before, except
Wasm::Callee is not a JSCell. I had to refactor the various parts of the
runtime that will see CallFrame's with Wasm::Callee's in the callee slot.
Thankfully, the parts of the runtime that Wasm touches are limited. The
main refactoring is changing the exception handling code, such as taking
a stack trace, to be friendly to seeing a non JSCell callee.

The callee() function on ExecState now returns a class I added in this
patch called CalleeBits. CalleeBits will tell you if the callee is a
JSCell or a Wasm::Callee. We tag Wasm::Callee's with a 1 in their lower
bit so we can easily tell what is and isn't a Wasm::Callee.

The stub that calls out from Wasm to JS still puts a JSCell callee
into the call frame, even though the callee logically represents a
Wasm frame. The reason for this is that we use the call IC infrastructure
to make a call out to JS code, and the code that writes the IC expects
a JSCell as the callee. This is knowingly part of our design. When we
do structured cloning of Wasm Modules, we'll need to regenerate these
JS call stubs.

• API/JSContextRef.cpp:

(BacktraceFunctor::operator()):

• CMakeLists.txt:
• JavaScriptCore.xcodeproj/project.pbxproj:
• debugger/Debugger.cpp:

(JSC::Debugger::pauseIfNeeded):
(JSC::Debugger::currentDebuggerCallFrame):

• debugger/DebuggerCallFrame.cpp:

(JSC::DebuggerCallFrame::create):
(JSC::DebuggerCallFrame::DebuggerCallFrame):
(JSC::DebuggerCallFrame::currentPosition):
(JSC::DebuggerCallFrame::positionForCallFrame):

• debugger/DebuggerCallFrame.h:
• interpreter/CallFrame.cpp:

(JSC::CallFrame::vmEntryGlobalObject):
(JSC::CallFrame::wasmAwareLexicalGlobalObject):
(JSC::CallFrame::isAnyWasmCallee):
(JSC::CallFrame::callerSourceOrigin):

• interpreter/CallFrame.h:

(JSC::ExecState::calleeAsValue):
(JSC::ExecState::jsCallee):
(JSC::ExecState::callee):
(JSC::ExecState::unsafeCallee):
(JSC::ExecState::scope):
(JSC::ExecState::iterate):

• interpreter/CalleeBits.h: Added.

(JSC::CalleeBits::CalleeBits):
(JSC::CalleeBits::operator=):
(JSC::CalleeBits::boxWasm):
(JSC::CalleeBits::isWasm):
(JSC::CalleeBits::isCell):
(JSC::CalleeBits::asCell):
(JSC::CalleeBits::asWasmCallee):
(JSC::CalleeBits::rawPtr):

• interpreter/Interpreter.cpp:

(JSC::GetStackTraceFunctor::operator()):
(JSC::Interpreter::getStackTrace):
(JSC::notifyDebuggerOfUnwinding):
(JSC::UnwindFunctor::UnwindFunctor):
(JSC::UnwindFunctor::operator()):
(JSC::UnwindFunctor::copyCalleeSavesToVMEntryFrameCalleeSavesBuffer):
(JSC::Interpreter::unwind):
(JSC::Interpreter::notifyDebuggerOfExceptionToBeThrown):

• interpreter/Interpreter.h:
• interpreter/Register.h:

(JSC::Register::pointer):

• interpreter/ShadowChicken.cpp:

(JSC::ShadowChicken::update):

• interpreter/ShadowChickenInlines.h:

(JSC::ShadowChicken::iterate):

• interpreter/StackVisitor.cpp:

(JSC::StackVisitor::StackVisitor):
(JSC::StackVisitor::readFrame):
(JSC::StackVisitor::readNonInlinedFrame):
(JSC::StackVisitor::readInlinedFrame):
(JSC::StackVisitor::Frame::calleeSaveRegisters):
(JSC::StackVisitor::Frame::functionName):
(JSC::StackVisitor::Frame::dump):

• interpreter/StackVisitor.h:

(JSC::StackVisitor::Frame::callee):
(JSC::StackVisitor::visit):

• jit/Repatch.cpp:

(JSC::linkFor):
(JSC::linkPolymorphicCall):

• jsc.cpp:

(callWasmFunction):
(functionTestWasmModuleFunctions):

• runtime/ArrayPrototype.cpp:
• runtime/Error.cpp:

(JSC::addErrorInfoAndGetBytecodeOffset):

• runtime/ErrorInstance.cpp:

(JSC::ErrorInstance::finishCreation):

• runtime/JSCell.cpp:

(JSC::JSCell::isAnyWasmCallee): Deleted.

• runtime/JSCell.h:
• runtime/JSCellInlines.h:

(JSC::ExecState::vm):

• runtime/JSFunction.cpp:

(JSC::RetrieveArgumentsFunctor::operator()):
(JSC::RetrieveCallerFunctionFunctor::operator()):

• runtime/JSGlobalObject.cpp:
• runtime/SamplingProfiler.cpp:

(JSC::FrameWalker::recordJSFrame):
(JSC::SamplingProfiler::processUnverifiedStackTraces):

• runtime/SamplingProfiler.h:

(JSC::SamplingProfiler::UnprocessedStackFrame::UnprocessedStackFrame):

• runtime/StackFrame.cpp:

(JSC::StackFrame::sourceURL):
(JSC::StackFrame::functionName):

• runtime/StackFrame.h:

(JSC::StackFrame::wasm):

• runtime/VM.cpp:

(JSC::VM::VM):
(JSC::VM::throwException):

• runtime/VM.h:
• wasm/JSWebAssembly.h:
• wasm/WasmB3IRGenerator.cpp:
• wasm/WasmBinding.cpp:

(JSC::Wasm::wasmToWasm):

• wasm/WasmCallee.cpp: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyCallee.cpp.

(JSC::Wasm::Callee::Callee):
(JSC::JSWebAssemblyCallee::JSWebAssemblyCallee): Deleted.
(JSC::JSWebAssemblyCallee::finishCreation): Deleted.
(JSC::JSWebAssemblyCallee::destroy): Deleted.

• wasm/WasmCallee.h: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyCallee.h.

(JSC::Wasm::Callee::create):
(JSC::JSWebAssemblyCallee::create): Deleted.
(JSC::JSWebAssemblyCallee::createStructure): Deleted.
(JSC::JSWebAssemblyCallee::entrypoint): Deleted.
(JSC::JSWebAssemblyCallee::calleeSaveRegisters): Deleted.

• wasm/WasmContext.h:
• wasm/WasmPlan.cpp:
• wasm/WasmPlan.h:
• wasm/WasmPlanInlines.h:

(JSC::Wasm::Plan::initializeCallees):

• wasm/WasmThunks.cpp:

(JSC::Wasm::throwExceptionFromWasmThunkGenerator):

• wasm/js/JSWebAssemblyCallee.cpp: Removed.
• wasm/js/JSWebAssemblyCallee.h: Removed.
• wasm/js/JSWebAssemblyCodeBlock.cpp:

(JSC::JSWebAssemblyCodeBlock::JSWebAssemblyCodeBlock):
(JSC::JSWebAssemblyCodeBlock::initialize):
(JSC::JSWebAssemblyCodeBlock::visitChildren):

• wasm/js/JSWebAssemblyCodeBlock.h:

(JSC::JSWebAssemblyCodeBlock::create):
(JSC::JSWebAssemblyCodeBlock::jsEntrypointCalleeFromFunctionIndexSpace):
(JSC::JSWebAssemblyCodeBlock::wasmEntrypointCalleeFromFunctionIndexSpace):
(JSC::JSWebAssemblyCodeBlock::wasmToJsCallStubForImport):
(JSC::JSWebAssemblyCodeBlock::offsetOfImportWasmToJSStub):
(JSC::JSWebAssemblyCodeBlock::setJSEntrypointCallee):
(JSC::JSWebAssemblyCodeBlock::setWasmEntrypointCallee):
(JSC::JSWebAssemblyCodeBlock::offsetOfImportStubs):
(JSC::JSWebAssemblyCodeBlock::allocationSize):
(JSC::JSWebAssemblyCodeBlock::importWasmToJSStub):
(JSC::JSWebAssemblyCodeBlock::callees): Deleted.
(JSC::JSWebAssemblyCodeBlock::offsetOfCallees): Deleted.

• wasm/js/JSWebAssemblyInstance.h:

(JSC::JSWebAssemblyInstance::webAssemblyToJSCallee):

• wasm/js/JSWebAssemblyModule.cpp:
• wasm/js/WebAssemblyFunction.cpp:

(JSC::callWebAssemblyFunction):
(JSC::WebAssemblyFunction::create):
(JSC::WebAssemblyFunction::WebAssemblyFunction):
(JSC::WebAssemblyFunction::visitChildren):
(JSC::WebAssemblyFunction::finishCreation):

• wasm/js/WebAssemblyFunction.h:

(JSC::WebAssemblyFunction::wasmEntrypoint):
(JSC::WebAssemblyFunction::jsEntrypoint):
(JSC::WebAssemblyFunction::offsetOfWasmEntrypoint):
(JSC::WebAssemblyFunction::offsetOfWasmEntryPointCode): Deleted.

• wasm/js/WebAssemblyModuleConstructor.cpp:
• wasm/js/WebAssemblyModuleRecord.cpp:

(JSC::WebAssemblyModuleRecord::link):
(JSC::WebAssemblyModuleRecord::evaluate):

Source/WebCore:

• bindings/js/JSDOMWindowBase.cpp:

(WebCore::callerDOMWindow):

Location:

trunk/Source/JavaScriptCore/interpreter

Files:

• CallFrame.cpp (modified) (4 diffs)
• CallFrame.h (modified) (4 diffs)
• CalleeBits.h (added)
• Interpreter.cpp (modified) (12 diffs)
• Interpreter.h (modified) (1 diff)
• Register.h (modified) (2 diffs)
• ShadowChicken.cpp (modified) (4 diffs)
• ShadowChickenInlines.h (modified) (1 diff)
• StackVisitor.cpp (modified) (9 diffs)
• StackVisitor.h (modified) (5 diffs)

trunk/Source/JavaScriptCore/interpreter/CallFrame.cpp

@@ -32 +32 @@
 #include "JSCInlines.h"
 #include "VMEntryScope.h"
+#include "WasmContext.h"
 #include <wtf/StringPrintStream.h>
 
@@ -186 +187 @@
 JSGlobalObject* CallFrame::vmEntryGlobalObject()
 {
-    if (callee()->isObject()) { 
+    RELEASE_ASSERT(callee().isCell());
+    if (callee().asCell()->isObject()) { 
         if (this == lexicalGlobalObject()->globalExec())
             return lexicalGlobalObject();
@@ -198 +200 @@
 }
 
+JSGlobalObject* CallFrame::vmEntryGlobalObject(VM& vm)
+{
+    if (callee().isCell() && callee().asCell()->isObject()) {
+        if (this == lexicalGlobalObject()->globalExec())
+            return lexicalGlobalObject();
+    }
+
+    // For any ExecState that's not a globalExec, the 
+    // dynamic global object must be set since code is running
+    ASSERT(vm.entryScope);
+    return vm.entryScope->globalObject();
+}
+
+JSGlobalObject* CallFrame::wasmAwareLexicalGlobalObject(VM& vm)
+{
+#if ENABLE(WEBASSEMBLY)
+    if (!callee().isWasm())
+        return lexicalGlobalObject();
+    return Wasm::loadContext(vm)->globalObject();
+#else
+    UNUSED_PARAM(vm);
+    return lexicalGlobalObject();
+#endif
+}
+
+bool CallFrame::isAnyWasmCallee()
+{
+    CalleeBits callee = this->callee();
+    if (callee.isWasm())
+        return true;
+
+    ASSERT(callee.isCell());
+    if (!!callee.rawPtr() && isWebAssemblyToJSCallee(callee.asCell()))
+        return true;
+
+    return false;
+}
+
 CallFrame* CallFrame::callerFrame(VMEntryFrame*& currVMEntryFrame)
 {
@@ -220 +260 @@
 SourceOrigin CallFrame::callerSourceOrigin()
 {
+    RELEASE_ASSERT(callee().isCell());
+    VM* vm = &this->vm();
     SourceOrigin sourceOrigin;
     bool haveSkippedFirstFrame = false;
-    StackVisitor::visit(this, [&](StackVisitor& visitor) {
+    StackVisitor::visit(this, vm, [&](StackVisitor& visitor) {
         if (!std::exchange(haveSkippedFirstFrame, true))
             return StackVisitor::Status::Continue;

trunk/Source/JavaScriptCore/interpreter/CallFrame.h

@@ -24 +24 @@
 
 #include "AbstractPC.h"
+#include "CalleeBits.h"
 #include "MacroAssemblerCodeRef.h"
 #include "Register.h"
@@ -87 +88 @@
         static const int headerSizeInRegisters = CallFrameSlot::argumentCount + 1;
 
-        JSValue calleeAsValue() const { return this[CallFrameSlot::callee].jsValue(); }
-        JSObject* jsCallee() const { return this[CallFrameSlot::callee].object(); }
-        JSCell* callee() const { return this[CallFrameSlot::callee].unboxedCell(); }
-        SUPPRESS_ASAN JSValue unsafeCallee() const { return this[CallFrameSlot::callee].asanUnsafeJSValue(); }
+        JSValue calleeAsValue() const
+        {
+            ASSERT(!callee().isWasm());
+            return this[CallFrameSlot::callee].jsValue();
+        }
+        JSObject* jsCallee() const
+        {
+            ASSERT(!callee().isWasm());
+            return this[CallFrameSlot::callee].object();
+        }
+        CalleeBits callee() const { return CalleeBits(this[CallFrameSlot::callee].pointer()); }
+        SUPPRESS_ASAN CalleeBits unsafeCallee() const { return CalleeBits(this[CallFrameSlot::callee].pointer()); }
         CodeBlock* codeBlock() const { return this[CallFrameSlot::codeBlock].Register::codeBlock(); }
         CodeBlock** addressOfCodeBlock() const { return bitwise_cast<CodeBlock**>(this + CallFrameSlot::codeBlock); }
@@ -99 +108 @@
             return this[scopeRegisterOffset].Register::scope();
         }
-
         // Global object in which execution began.
+        // This variant is not safe to call from a Wasm frame.
         JS_EXPORT_PRIVATE JSGlobalObject* vmEntryGlobalObject();
+        // This variant is safe to call from a Wasm frame.
+        JSGlobalObject* vmEntryGlobalObject(VM&);
+
+        JSGlobalObject* wasmAwareLexicalGlobalObject(VM&);
+
+        bool isAnyWasmCallee();
 
         // Global object in which the currently executing code was defined.
@@ -258 +273 @@
         // FIXME: This method is improper. We rely on the fact that we can call it with a null
         // receiver. We should always be using StackVisitor directly.
+        // It's only valid to call this from a non-wasm top frame.
         template <typename Functor> void iterate(const Functor& functor)
         {
-            StackVisitor::visit<Functor>(this, functor);
+            VM* vm;
+            void* rawThis = this;
+            if (!!rawThis) {
+                RELEASE_ASSERT(callee().isCell());
+                vm = &this->vm();
+            } else
+                vm = nullptr;
+            StackVisitor::visit<Functor>(this, vm, functor);
         }
 

trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp

@@ -473 +473 @@
 
         if (m_remainingCapacityForFrameCapture) {
-            if (!visitor->isWasmFrame()
-                && !!visitor->codeBlock()
-                && !visitor->codeBlock()->unlinkedCodeBlock()->isBuiltinFunction()) {
+            if (visitor->isWasmFrame())
+                m_results.append(StackFrame::wasm());
+            else if (!!visitor->codeBlock() && !visitor->codeBlock()->unlinkedCodeBlock()->isBuiltinFunction()) {
                 m_results.append(
-                    StackFrame(m_vm, visitor->callee(), visitor->codeBlock(), visitor->bytecodeOffset()));
+                    StackFrame(m_vm, visitor->callee().asCell(), visitor->codeBlock(), visitor->bytecodeOffset()));
             } else {
                 m_results.append(
-                    StackFrame(m_vm,  visitor->callee()));
+                    StackFrame(m_vm, visitor->callee().asCell()));
             }
     
@@ -504 +504 @@
 
     size_t framesCount = 0;
-    callFrame->iterate([&] (StackVisitor&) -> StackVisitor::Status {
+    StackVisitor::visit(callFrame, &vm, [&] (StackVisitor&) -> StackVisitor::Status {
         framesCount++;
         return StackVisitor::Continue;
@@ -515 +515 @@
 
     GetStackTraceFunctor functor(vm, results, framesToSkip, framesCount);
-    callFrame->iterate(functor);
+    StackVisitor::visit(callFrame, &vm, functor);
     ASSERT(results.size() == results.capacity());
 }
@@ -576 +576 @@
 };
 
-ALWAYS_INLINE static void notifyDebuggerOfUnwinding(CallFrame* callFrame)
-{
-    VM& vm = callFrame->vm();
+ALWAYS_INLINE static void notifyDebuggerOfUnwinding(VM& vm, CallFrame* callFrame)
+{
     auto catchScope = DECLARE_CATCH_SCOPE(vm);
-    if (Debugger* debugger = callFrame->vmEntryGlobalObject()->debugger()) {
+    if (Debugger* debugger = callFrame->vmEntryGlobalObject(vm)->debugger()) {
         SuspendExceptionScope scope(&vm);
-        if (jsDynamicCast<JSFunction*>(vm, callFrame->jsCallee()))
+        if (callFrame->isAnyWasmCallee()
+            || (callFrame->callee().isCell() && callFrame->callee().asCell()->inherits(vm, JSFunction::info())))
             debugger->unwindEvent(callFrame);
         else
@@ -592 +592 @@
 class UnwindFunctor {
 public:
-    UnwindFunctor(CallFrame*& callFrame, bool isTermination, CodeBlock*& codeBlock, HandlerInfo*& handler)
-        : m_callFrame(callFrame)
+    UnwindFunctor(VM& vm, CallFrame*& callFrame, bool isTermination, CodeBlock*& codeBlock, HandlerInfo*& handler)
+        : m_vm(vm)
+        , m_callFrame(callFrame)
         , m_isTermination(isTermination)
         , m_codeBlock(codeBlock)
@@ -615 +616 @@
         }
 
-        notifyDebuggerOfUnwinding(m_callFrame);
+        notifyDebuggerOfUnwinding(m_vm, m_callFrame);
 
         copyCalleeSavesToVMEntryFrameCalleeSavesBuffer(visitor);
@@ -635 +636 @@
             return;
 
-        VM& vm = m_callFrame->vm();
         RegisterAtOffsetList* allCalleeSaves = VM::getAllCalleeSaveRegisterOffsets();
         RegisterSet dontCopyRegisters = RegisterSet::stackRegisters();
@@ -641 +641 @@
 
         unsigned registerCount = currentCalleeSaves->size();
-        VMEntryRecord* record = vmEntryRecord(vm.topVMEntryFrame);
+        VMEntryRecord* record = vmEntryRecord(m_vm.topVMEntryFrame);
         for (unsigned i = 0; i < registerCount; i++) {
             RegisterAtOffset currentEntry = currentCalleeSaves->at(i);
@@ -655 +655 @@
     }
 
+    VM& m_vm;
     CallFrame*& m_callFrame;
     bool m_isTermination;
@@ -687 +688 @@
     // Calculate an exception handler vPC, unwinding call frames as necessary.
     HandlerInfo* handler = nullptr;
-    UnwindFunctor functor(callFrame, isTerminatedExecutionException(vm, exception), codeBlock, handler);
-    callFrame->iterate(functor);
+    UnwindFunctor functor(vm, callFrame, isTerminatedExecutionException(vm, exception), codeBlock, handler);
+    StackVisitor::visit(callFrame, &vm, functor);
     if (!handler)
         return nullptr;
@@ -695 +696 @@
 }
 
-void Interpreter::notifyDebuggerOfExceptionToBeThrown(CallFrame* callFrame, Exception* exception)
-{
-    VM& vm = callFrame->vm();
-    Debugger* debugger = callFrame->vmEntryGlobalObject()->debugger();
+void Interpreter::notifyDebuggerOfExceptionToBeThrown(VM& vm, CallFrame* callFrame, Exception* exception)
+{
+    Debugger* debugger = callFrame->vmEntryGlobalObject(vm)->debugger();
     if (debugger && debugger->needsExceptionCallbacks() && !exception->didNotifyInspectorOfThrow()) {
         // This code assumes that if the debugger is enabled then there is no inlining.
@@ -711 +711 @@
         else {
             GetCatchHandlerFunctor functor;
-            callFrame->iterate(functor);
+            StackVisitor::visit(callFrame, &vm, functor);
             HandlerInfo* handler = functor.handler();
             ASSERT(!handler || handler->isCatchHandler());

trunk/Source/JavaScriptCore/interpreter/Interpreter.h

@@ -139 +139 @@
         
         NEVER_INLINE HandlerInfo* unwind(VM&, CallFrame*&, Exception*, UnwindStart);
-        void notifyDebuggerOfExceptionToBeThrown(CallFrame*, Exception*);
+        void notifyDebuggerOfExceptionToBeThrown(VM&, CallFrame*, Exception*);
         NEVER_INLINE void debug(CallFrame*, DebugHookType);
         static JSString* stackTraceAsString(VM&, const Vector<StackFrame>&);

trunk/Source/JavaScriptCore/interpreter/Register.h

@@ -77 +77 @@
         int32_t& tag();
 
+        void* pointer() const;
+
         static Register withInt(int32_t i)
         {
@@ -196 +198 @@
     }
 
+    ALWAYS_INLINE void* Register::pointer() const
+    {
+#if USE(JSVALUE64)
+        return u.encodedValue.ptr;
+#else
+        return bitwise_cast<void*>(payload());
+#endif
+    }
+
     ALWAYS_INLINE int32_t Register::payload() const
     {

trunk/Source/JavaScriptCore/interpreter/ShadowChicken.cpp

@@ -153 +153 @@
         Vector<Frame> stackRightNow;
         StackVisitor::visit(
-            exec, [&] (StackVisitor& visitor) -> StackVisitor::Status {
+            exec, &vm, [&] (StackVisitor& visitor) -> StackVisitor::Status {
                 if (visitor->isInlinedFrame())
                     return StackVisitor::Continue;
@@ -165 +165 @@
                 // FIXME: Make shadow chicken work with Wasm.
                 // https://bugs.webkit.org/show_bug.cgi?id=165441
-                stackRightNow.append(Frame(jsCast<JSObject*>(visitor->callee()), visitor->callFrame(), isTailDeleted));
+                stackRightNow.append(Frame(jsCast<JSObject*>(visitor->callee().asCell()), visitor->callFrame(), isTailDeleted));
                 return StackVisitor::Continue;
             });
@@ -274 +274 @@
     Vector<Frame> toPush;
     StackVisitor::visit(
-        exec, [&] (StackVisitor& visitor) -> StackVisitor::Status {
+        exec, &vm, [&] (StackVisitor& visitor) -> StackVisitor::Status {
             if (visitor->isInlinedFrame()) {
                 // FIXME: Handle inlining.
@@ -307 +307 @@
                     RELEASE_ASSERT(scope->inherits(vm, JSScope::info()));
             }
-            toPush.append(Frame(jsCast<JSObject*>(visitor->callee()), callFrame, isTailDeleted, callFrame->thisValue(), scope, codeBlock, callFrame->callSiteIndex()));
+            toPush.append(Frame(jsCast<JSObject*>(visitor->callee().asCell()), callFrame, isTailDeleted, callFrame->thisValue(), scope, codeBlock, callFrame->callSiteIndex()));
 
             if (indexInLog < logCursorIndex

trunk/Source/JavaScriptCore/interpreter/ShadowChickenInlines.h

@@ -34 +34 @@
 void ShadowChicken::iterate(VM& vm, ExecState* exec, const Functor& functor)
 {
-    DeferGC deferGC(exec->vm().heap);
+    DeferGC deferGC(vm.heap);
 
     update(vm, exec);

trunk/Source/JavaScriptCore/interpreter/StackVisitor.cpp

@@ -32 +32 @@
 #include "Interpreter.h"
 #include "JSCInlines.h"
-#include "JSWebAssemblyCallee.h"
+#include "WasmCallee.h"
 #include <wtf/text/StringBuilder.h>
 
 namespace JSC {
 
-StackVisitor::StackVisitor(CallFrame* startFrame)
+StackVisitor::StackVisitor(CallFrame* startFrame, VM* vm)
 {
     m_frame.m_index = 0;
@@ -43 +43 @@
     CallFrame* topFrame;
     if (startFrame) {
-        m_frame.m_VMEntryFrame = startFrame->vm().topVMEntryFrame;
-        topFrame = startFrame->vm().topCallFrame;
+        ASSERT(vm);
+        m_frame.m_VMEntryFrame = vm->topVMEntryFrame;
+        topFrame = vm->topCallFrame;
         
         if (topFrame && static_cast<void*>(m_frame.m_VMEntryFrame) == static_cast<void*>(topFrame)) {
@@ -104 +105 @@
     }
 
-    if (callFrame->callee()->isAnyWasmCallee(callFrame->vm())) {
+    if (callFrame->isAnyWasmCallee()) {
         readNonInlinedFrame(callFrame);
         return;
@@ -156 +157 @@
     m_frame.m_isWasmFrame = false;
 
-    JSCell* callee = callFrame->callee();
+    CalleeBits callee = callFrame->callee();
     m_frame.m_callee = callee;
 
-    if (callee->isAnyWasmCallee(*callee->vm())) {
+    if (callFrame->isAnyWasmCallee()) {
         m_frame.m_isWasmFrame = true;
         m_frame.m_codeBlock = nullptr;
@@ -205 +206 @@
         JSFunction* callee = inlineCallFrame->calleeForCallFrame(callFrame);
         m_frame.m_callee = callee;
-        ASSERT(m_frame.callee());
+        ASSERT(!!m_frame.callee().rawPtr());
 
         // The callerFrame just needs to be non-null to indicate that we
@@ -255 +256 @@
 #if ENABLE(WEBASSEMBLY)
     if (isWasmFrame()) {
-        if (JSCell* callee = this->callee()) {
-            if (JSWebAssemblyCallee* wasmCallee = jsDynamicCast<JSWebAssemblyCallee*>(*callee->vm(), callee))
-                return wasmCallee->calleeSaveRegisters();
-            // Other wasm callees (e.g, stubs) don't use callee save registers, so nothing needs
-            // to be restored for them.
+        if (callee().isCell()) {
+            RELEASE_ASSERT(isWebAssemblyToJSCallee(callee().asCell()));
+            return nullptr;
         }
-
-        return nullptr;
+        Wasm::Callee* wasmCallee = callee().asWasmCallee();
+        return wasmCallee->calleeSaveRegisters();
     }
 #endif // ENABLE(WEBASSEMBLY)
@@ -277 +276 @@
 {
     String traceLine;
-    JSCell* callee = this->callee();
 
     switch (codeType()) {
@@ -289 +287 @@
         traceLine = ASCIILiteral("module code");
         break;
-    case CodeType::Native:
+    case CodeType::Native: {
+        JSCell* callee = this->callee().asCell();
         if (callee)
             traceLine = getCalculatedDisplayName(callFrame()->vm(), jsCast<JSObject*>(callee)).impl();
         break;
-    case CodeType::Function:
-        traceLine = getCalculatedDisplayName(callFrame()->vm(), jsCast<JSObject*>(callee)).impl();
+    }
+    case CodeType::Function: 
+        traceLine = getCalculatedDisplayName(callFrame()->vm(), jsCast<JSObject*>(this->callee().asCell())).impl();
         break;
     case CodeType::Global:
@@ -456 +456 @@
 #endif
 
-        out.print(indent, "callee: ", RawPointer(callee()), "\n");
+        out.print(indent, "callee: ", RawPointer(callee().rawPtr()), "\n");
         out.print(indent, "returnPC: ", RawPointer(returnPC), "\n");
         out.print(indent, "callerFrame: ", RawPointer(callerFrame), "\n");

trunk/Source/JavaScriptCore/interpreter/StackVisitor.h

@@ -26 +26 @@
 #pragma once
 
+#include "CalleeBits.h"
 #include "VMEntryRecord.h"
 #include <functional>
@@ -63 +64 @@
         bool callerIsVMEntryFrame() const { return m_callerIsVMEntryFrame; }
         CallFrame* callerFrame() const { return m_callerFrame; }
-        JSCell* callee() const { return m_callee; }
+        CalleeBits callee() const { return m_callee; }
         CodeBlock* codeBlock() const { return m_codeBlock; }
         unsigned bytecodeOffset() const { return m_bytecodeOffset; }
@@ -111 +112 @@
         VMEntryFrame* m_CallerVMEntryFrame;
         CallFrame* m_callerFrame;
-        JSCell* m_callee;
+        CalleeBits m_callee;
         CodeBlock* m_codeBlock;
         size_t m_index;
@@ -131 +132 @@
 
     template <typename Functor>
-    static void visit(CallFrame* startFrame, const Functor& functor)
+    static void visit(CallFrame* startFrame, VM* vm, const Functor& functor)
     {
-        StackVisitor visitor(startFrame);
+        StackVisitor visitor(startFrame, vm);
         while (visitor->callFrame()) {
             Status status = functor(visitor);
@@ -147 +148 @@
 
 private:
-    JS_EXPORT_PRIVATE StackVisitor(CallFrame* startFrame);
+    JS_EXPORT_PRIVATE StackVisitor(CallFrame* startFrame, VM*);
 
     JS_EXPORT_PRIVATE void gotoNextFrame();