Changeset 218936 in webkit for trunk/Source/JavaScriptCore/jsc.cpp

Timestamp:

Jun 29, 2017, 10:34:57 AM (8 years ago)

Author:

[email protected]

Message:

VMTraps has some races
​https://bugs.webkit.org/show_bug.cgi?id=173941

Reviewed by Michael Saboff.

Source/JavaScriptCore:

This patch refactors much of the VMTraps API.

On the message sending side:

1) No longer uses the Yarr JIT check to determine if we are in
RegExp code. That was unsound because RegExp JIT code can be run
on compilation threads. Instead it looks at the current frame's
code block slot and checks if it is valid, which is the same as
what it did for JIT code previously.

2) Only have one signal sender thread, previously, there could be
many at once, which caused some data races. Additionally, the
signal sender thread is an automatic thread so it will deallocate
itself when not in use.

On the VMTraps breakpoint side:

1) We now have a true mapping of if we hit a breakpoint instead of
a JIT assertion. So the exception handler won't eat JIT assertions
anymore.

2) It jettisons all CodeBlocks that have VMTraps breakpoints on
them instead of every CodeBlock on the stack. This both prevents
us from hitting stale VMTraps breakpoints and also doesn't OSR
codeblocks that otherwise don't need to be jettisoned.

3) The old exception handler could theoretically fail for a couple
of reasons then resume execution with a clobbered instruction
set. This patch will kill the program if the exception handler
would fail.

This patch also refactors some of the jsc.cpp functions to take the
CommandLine options object instead of individual options. Also, there
is a new command line option that makes exceptions due to watchdog
timeouts an acceptable result.

• API/tests/testapi.c:

(main):

• bytecode/CodeBlock.cpp:

(JSC::CodeBlock::installVMTrapBreakpoints):

• dfg/DFGCommonData.cpp:

(JSC::DFG::pcCodeBlockMap):
(JSC::DFG::CommonData::invalidate):
(JSC::DFG::CommonData::~CommonData):
(JSC::DFG::CommonData::installVMTrapBreakpoints):
(JSC::DFG::codeBlockForVMTrapPC):

• dfg/DFGCommonData.h:
• jsc.cpp:

(functionDollarAgentStart):
(checkUncaughtException):
(checkException):
(runWithOptions):
(printUsageStatement):
(CommandLine::parseArguments):
(jscmain):
(runWithScripts): Deleted.

• runtime/JSLock.cpp:

(JSC::JSLock::didAcquireLock):

• runtime/VMTraps.cpp:

(JSC::sanitizedTopCallFrame):
(JSC::VMTraps::tryInstallTrapBreakpoints):
(JSC::VMTraps::willDestroyVM):
(JSC::VMTraps::fireTrap):
(JSC::VMTraps::handleTraps):
(JSC::VMTraps::VMTraps):
(JSC::VMTraps::~VMTraps):
(JSC::findActiveVMAndStackBounds): Deleted.
(JSC::installSignalHandler): Deleted.
(JSC::VMTraps::addSignalSender): Deleted.
(JSC::VMTraps::removeSignalSender): Deleted.
(JSC::VMTraps::SignalSender::willDestroyVM): Deleted.
(JSC::VMTraps::SignalSender::send): Deleted.

• runtime/VMTraps.h:

(JSC::VMTraps::~VMTraps): Deleted.
(JSC::VMTraps::SignalSender::SignalSender): Deleted.

Tools:

Add new testing mode for testing the Watchdog with our stress
tests.

• Scripts/run-jsc-stress-tests:

File:

• trunk/Source/JavaScriptCore/jsc.cpp (modified) (12 diffs)

trunk/Source/JavaScriptCore/jsc.cpp

@@ -987 +987 @@
 template<typename Func>
 int runJSC(CommandLine, bool isWorker, const Func&);
-static void checkException(GlobalObject*, bool isLastFile, bool hasException, JSValue, const String& uncaughtExceptionName, bool alwaysDumpUncaughtException, bool dump, bool& success);
+static void checkException(GlobalObject*, bool isLastFile, bool hasException, JSValue, CommandLine&, bool& success);
 
 class Message : public ThreadSafeRefCounted<Message> {
@@ -1211 +1211 @@
     String m_profilerOutput;
     String m_uncaughtExceptionName;
+    bool m_treatWatchdogExceptionAsSuccess { false };
     bool m_alwaysDumpUncaughtException { false };
     bool m_dumpSamplingProfilerData { false };
@@ -2618 +2619 @@
                     if (evaluationException)
                         result = evaluationException->value();
-                    checkException(globalObject, true, evaluationException, result, String(), false, false, success);
+                    checkException(globalObject, true, evaluationException, result, commandLine, success);
                     if (!success)
                         exit(1);
@@ -3293 +3294 @@
 }
 
-static bool checkUncaughtException(VM& vm, GlobalObject* globalObject, JSValue exception, const String& expectedExceptionName, bool alwaysDumpException)
-{
+static bool checkUncaughtException(VM& vm, GlobalObject* globalObject, JSValue exception, CommandLine& options)
+{
+    const String& expectedExceptionName = options.m_uncaughtExceptionName;
     auto scope = DECLARE_CATCH_SCOPE(vm);
     scope.clearException();
@@ -3315 +3317 @@
     }
     if (isInstanceOfExpectedException) {
-        if (alwaysDumpException)
+        if (options.m_alwaysDumpUncaughtException)
             dumpException(globalObject, exception);
         return true;
@@ -3325 +3327 @@
 }
 
-static void checkException(GlobalObject* globalObject, bool isLastFile, bool hasException, JSValue value, const String& uncaughtExceptionName, bool alwaysDumpUncaughtException, bool dump, bool& success)
+static void checkException(GlobalObject* globalObject, bool isLastFile, bool hasException, JSValue value, CommandLine& options, bool& success)
 {
     VM& vm = globalObject->vm();
-    if (!uncaughtExceptionName || !isLastFile) {
+
+    if (options.m_treatWatchdogExceptionAsSuccess && value.inherits(vm, TerminatedExecutionError::info())) {
+        ASSERT(hasException);
+        return;
+    }
+
+    if (!options.m_uncaughtExceptionName || !isLastFile) {
         success = success && !hasException;
-        if (dump && !hasException)
+        if (options.m_dump && !hasException)
             printf("End: %s\n", value.toWTFString(globalObject->globalExec()).utf8().data());
         if (hasException)
             dumpException(globalObject, value);
     } else
-        success = success && checkUncaughtException(vm, globalObject, (hasException) ? value : JSValue(), uncaughtExceptionName, alwaysDumpUncaughtException);
-}
-
-static bool runWithScripts(GlobalObject* globalObject, const Vector<Script>& scripts, const String& uncaughtExceptionName, bool alwaysDumpUncaughtException, bool dump, bool module)
-{
+        success = success && checkUncaughtException(vm, globalObject, (hasException) ? value : JSValue(), options);
+}
+
+static bool runWithOptions(GlobalObject* globalObject, CommandLine& options)
+{
+    Vector<Script>& scripts = options.m_scripts;
     String fileName;
     Vector<char> scriptBuffer;
 
-    if (dump)
+    if (options.m_dump)
         JSC::Options::dumpGeneratedBytecodes() = true;
 
@@ -3356 +3365 @@
     for (size_t i = 0; i < scripts.size(); i++) {
         JSInternalPromise* promise = nullptr;
-        bool isModule = module || scripts[i].scriptType == Script::ScriptType::Module;
+        bool isModule = options.m_module || scripts[i].scriptType == Script::ScriptType::Module;
         if (scripts[i].codeSource == Script::CodeSource::File) {
             fileName = scripts[i].argument;
@@ -3383 +3392 @@
 
             JSFunction* fulfillHandler = JSNativeStdFunction::create(vm, globalObject, 1, String(), [&, isLastFile](ExecState* exec) {
-                checkException(globalObject, isLastFile, false, exec->argument(0), uncaughtExceptionName, alwaysDumpUncaughtException, dump, success);
+                checkException(globalObject, isLastFile, false, exec->argument(0), options, success);
                 return JSValue::encode(jsUndefined());
             });
 
             JSFunction* rejectHandler = JSNativeStdFunction::create(vm, globalObject, 1, String(), [&, isLastFile](ExecState* exec) {
-                checkException(globalObject, isLastFile, true, exec->argument(0), uncaughtExceptionName, alwaysDumpUncaughtException, dump, success);
+                checkException(globalObject, isLastFile, true, exec->argument(0), options, success);
                 return JSValue::encode(jsUndefined());
             });
@@ -3401 +3410 @@
             if (evaluationException)
                 returnValue = evaluationException->value();
-            checkException(globalObject, isLastFile, evaluationException, returnValue, uncaughtExceptionName, alwaysDumpUncaughtException, dump, success);
+            checkException(globalObject, isLastFile, evaluationException, returnValue, options, success);
         }
 
@@ -3503 +3512 @@
     fprintf(stderr, "  --module-file=<file>       Parse and evaluate the given file as module (this option may be passed more than once)\n");
     fprintf(stderr, "  --exception=<name>         Check the last script exits with an uncaught exception with the specified name\n");
+    fprintf(stderr, "  --watchdog-exception-ok    Uncaught watchdog exceptions exit with success\n");
     fprintf(stderr, "  --dumpException            Dump uncaught exception text\n");
     fprintf(stderr, "  --options                  Dumps all JSC VM options and exits\n");
@@ -3629 +3639 @@
         if (!strncmp(arg, "--exception=", exceptionStrLength)) {
             m_uncaughtExceptionName = String(arg + exceptionStrLength);
+            continue;
+        }
+
+        if (!strcmp(arg, "--watchdog-exception-ok")) {
+            m_treatWatchdogExceptionAsSuccess = true;
             continue;
         }
@@ -3779 +3794 @@
         options, false,
         [&] (VM&, GlobalObject* globalObject) {
-            return runWithScripts(globalObject, options.m_scripts, options.m_uncaughtExceptionName, options.m_alwaysDumpUncaughtException, options.m_dump, options.m_module);
+            return runWithOptions(globalObject, options);
         });