Changeset 226940 in webkit for trunk/Source/JavaScriptCore/bytecode/CodeBlock.h

Timestamp:

Jan 13, 2018, 10:11:55 PM (8 years ago)

Author:

[email protected]

Message:

Replace all use of ConstExprPoisoned with Poisoned.
​https://bugs.webkit.org/show_bug.cgi?id=181542
<rdar://problem/36442138>

Reviewed by JF Bastien.

Source/JavaScriptCore:

1. All JSC poisons are now defined in JSCPoison.h.

2. Change all clients to use the new poison values via the POISON() macro.

3. The LLInt code has been updated to handle CodeBlock poison. Some of this code uses the t5 temp register, which is not available on the Windows port. Fortunately, we don't currently do poisoning on the Windows port yet. So, it will just work for now.

When poisoning is enabled for the Windows port, this LLInt code will need a
Windows specific implementation to workaround its lack of a t5 register.

• API/JSAPIWrapperObject.h:
• API/JSCallbackFunction.h:
• API/JSCallbackObject.h:
• JavaScriptCore.xcodeproj/project.pbxproj:
• Sources.txt:
• assembler/MacroAssemblerCodeRef.h:

(JSC::MacroAssemblerCodePtr::emptyValue):
(JSC::MacroAssemblerCodePtr::deletedValue):

• b3/B3LowerMacros.cpp:
• b3/testb3.cpp:

(JSC::B3::testInterpreter):

• bytecode/CodeBlock.h:

(JSC::CodeBlock::instructions):
(JSC::CodeBlock::instructions const):
(JSC::CodeBlock::makePoisonedUnique):

• dfg/DFGOSRExitCompilerCommon.h:

(JSC::DFG::adjustFrameAndStackInOSRExitCompilerThunk):

• dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileCheckSubClass):
(JSC::DFG::SpeculativeJIT::emitSwitchIntJump):

• ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileCheckSubClass):

• jit/JIT.h:
• jit/ThunkGenerators.cpp:

(JSC::virtualThunkFor):
(JSC::nativeForGenerator):
(JSC::boundThisNoArgsFunctionCallGenerator):

• llint/LowLevelInterpreter.asm:
• llint/LowLevelInterpreter32_64.asm:
• llint/LowLevelInterpreter64.asm:
• parser/UnlinkedSourceCode.h:
• runtime/ArrayPrototype.h:
• runtime/CustomGetterSetter.h:
• runtime/DateInstance.h:
• runtime/InternalFunction.h:
• runtime/JSArrayBuffer.h:
• runtime/JSCPoison.cpp: Copied from Source/JavaScriptCore/runtime/JSCPoisonedPtr.cpp.

(JSC::initializePoison):

• runtime/JSCPoison.h:

(): Deleted.

• runtime/JSCPoisonedPtr.cpp: Removed.
• runtime/JSCPoisonedPtr.h: Removed.
• runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::makePoisonedUnique):

• runtime/JSScriptFetchParameters.h:
• runtime/JSScriptFetcher.h:
• runtime/NativeExecutable.h:
• runtime/StructureTransitionTable.h:

(JSC::StructureTransitionTable::map const):
(JSC::StructureTransitionTable::weakImpl const):

• runtime/WriteBarrier.h:

(JSC::WriteBarrier::poison):

• wasm/js/JSToWasm.cpp:

(JSC::Wasm::createJSToWasmWrapper):

• wasm/js/JSWebAssemblyCodeBlock.cpp:

(JSC::JSWebAssemblyCodeBlock::JSWebAssemblyCodeBlock):

• wasm/js/JSWebAssemblyCodeBlock.h:
• wasm/js/JSWebAssemblyInstance.h:
• wasm/js/JSWebAssemblyMemory.h:
• wasm/js/JSWebAssemblyModule.h:
• wasm/js/JSWebAssemblyTable.h:
• wasm/js/WasmToJS.cpp:

(JSC::Wasm::handleBadI64Use):
(JSC::Wasm::wasmToJS):

• wasm/js/WebAssemblyFunctionBase.h:
• wasm/js/WebAssemblyModuleRecord.h:
• wasm/js/WebAssemblyToJSCallee.h:
• wasm/js/WebAssemblyWrapperFunction.h:

Source/WTF:

1. Removed ConstExprPoisoned and its artifacts.

2. Consolidated Poisoned into PoisonedImpl. PoisonedImpl is not more.

3. Changed all clients of ConstExprPoisoned to use Poisoned instead.

4. Worked around the GCC and Clang compiler bug that confuses an intptr_t& template arg with intptr_t. See use of std::enable_if_t<Other::isPoisoned> in Poisoned.h.

5. Removed ENABLE(MIXED_POISON) since we now have a workaround (3) that makes it possible to use the mixed poison code.

6. Also fixed broken implementation of comparison operators in Poisoned.

• wtf/Bag.h:
• wtf/DumbPtrTraits.h:

(WTF::DumbPtrTraits::poison):

• wtf/DumbValueTraits.h:

(WTF::DumbValueTraits::poison):

• wtf/Poisoned.h:

(WTF::Poisoned::Poisoned):
(WTF::Poisoned::operator== const):
(WTF::Poisoned::operator!= const):
(WTF::Poisoned::operator< const):
(WTF::Poisoned::operator<= const):
(WTF::Poisoned::operator> const):
(WTF::Poisoned::operator>= const):
(WTF::Poisoned::operator=):
(WTF::Poisoned::swap):
(WTF::swap):
(WTF::PoisonedPtrTraits::poison):
(WTF::PoisonedPtrTraits::swap):
(WTF::PoisonedValueTraits::poison):
(WTF::PoisonedValueTraits::swap):
(WTF::PoisonedImpl::PoisonedImpl): Deleted.
(WTF::PoisonedImpl::assertIsPoisoned const): Deleted.
(WTF::PoisonedImpl::assertIsNotPoisoned const): Deleted.
(WTF::PoisonedImpl::unpoisoned const): Deleted.
(WTF::PoisonedImpl::clear): Deleted.
(WTF::PoisonedImpl::operator* const): Deleted.
(WTF::PoisonedImpl::operator-> const): Deleted.
(WTF::PoisonedImpl::bits const): Deleted.
(WTF::PoisonedImpl::operator! const): Deleted.
(WTF::PoisonedImpl::operator bool const): Deleted.
(WTF::PoisonedImpl::operator== const): Deleted.
(WTF::PoisonedImpl::operator!= const): Deleted.
(WTF::PoisonedImpl::operator< const): Deleted.
(WTF::PoisonedImpl::operator<= const): Deleted.
(WTF::PoisonedImpl::operator> const): Deleted.
(WTF::PoisonedImpl::operator>= const): Deleted.
(WTF::PoisonedImpl::operator=): Deleted.
(WTF::PoisonedImpl::swap): Deleted.
(WTF::PoisonedImpl::exchange): Deleted.
(WTF::PoisonedImpl::poison): Deleted.
(WTF::PoisonedImpl::unpoison): Deleted.
(WTF::constExprPoisonRandom): Deleted.
(WTF::makeConstExprPoison): Deleted.
(WTF::ConstExprPoisonedPtrTraits::exchange): Deleted.
(WTF::ConstExprPoisonedPtrTraits::swap): Deleted.
(WTF::ConstExprPoisonedPtrTraits::unwrap): Deleted.
(WTF::ConstExprPoisonedValueTraits::exchange): Deleted.
(WTF::ConstExprPoisonedValueTraits::swap): Deleted.
(WTF::ConstExprPoisonedValueTraits::unwrap): Deleted.

• wtf/PoisonedUniquePtr.h:

(WTF::PoisonedUniquePtr::PoisonedUniquePtr):
(WTF::PoisonedUniquePtr::operator=):

• wtf/Ref.h:
• wtf/RefCountedArray.h:

(WTF::RefCountedArray::RefCountedArray):

• wtf/RefPtr.h:
• wtf/WTFAssertions.cpp:

Tools:

1. Converted tests to using new uintptr_t& poison type.
2. Added tests for Poisoned comparison operators.

• TestWebKitAPI/CMakeLists.txt:
• TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
• TestWebKitAPI/Tests/WTF/ConstExprPoisoned.cpp: Removed.
• TestWebKitAPI/Tests/WTF/Poisoned.cpp:

(TestWebKitAPI::TEST):
(TestWebKitAPI::initializeTestPoison): Deleted.

• TestWebKitAPI/Tests/WTF/PoisonedRef.cpp:

(TestWebKitAPI::TEST):
(TestWebKitAPI::passWithRef):

• TestWebKitAPI/Tests/WTF/PoisonedRefPtr.cpp:

(TestWebKitAPI::TEST):
(TestWebKitAPI::f1):

• TestWebKitAPI/Tests/WTF/PoisonedUniquePtr.cpp:

(TestWebKitAPI::TEST):
(TestWebKitAPI::poisonedPtrFoo):

• TestWebKitAPI/Tests/WTF/PoisonedUniquePtrForNonTriviallyDestructibleArrays.cpp:

(TestWebKitAPI::TEST):

• TestWebKitAPI/Tests/WTF/PoisonedUniquePtrForTriviallyDestructibleArrays.cpp:

(TestWebKitAPI::TEST):

File:

• trunk/Source/JavaScriptCore/bytecode/CodeBlock.h (modified) (5 diffs)

trunk/Source/JavaScriptCore/bytecode/CodeBlock.h

@@ -320 +320 @@
 
     typedef JSC::Instruction Instruction;
-    typedef PoisonedRefCountedArray<CodeBlockPoison, Instruction>& UnpackedInstructions;
+    typedef PoisonedRefCountedArray<POISON(CodeBlock), Instruction>& UnpackedInstructions;
 
     unsigned numberOfInstructions() const { return m_instructions.size(); }
-    PoisonedRefCountedArray<CodeBlockPoison, Instruction>& instructions() { return m_instructions; }
-    const PoisonedRefCountedArray<CodeBlockPoison, Instruction>& instructions() const { return m_instructions; }
+    PoisonedRefCountedArray<POISON(CodeBlock), Instruction>& instructions() { return m_instructions; }
+    const PoisonedRefCountedArray<POISON(CodeBlock), Instruction>& instructions() const { return m_instructions; }
 
     size_t predictedMachineCodeSize();
@@ -888 +888 @@
     bool hasTailCalls() const { return m_unlinkedCode->hasTailCalls(); }
 
-    static constexpr uintptr_t s_poison = makeConstExprPoison(CodeBlockPoison);
-
 protected:
     void finalizeLLIntInlineCaches();
@@ -950 +948 @@
 
     template<typename T, typename... Arguments, typename Enable = void>
-    static PoisonedUniquePtr<CodeBlockPoison, T> makePoisonedUnique(Arguments&&... arguments)
-    {
-        return WTF::makePoisonedUnique<CodeBlockPoison, T>(std::forward<Arguments>(arguments)...);
+    static PoisonedUniquePtr<POISON(CodeBlock), T> makePoisonedUnique(Arguments&&... arguments)
+    {
+        return WTF::makePoisonedUnique<POISON(CodeBlock), T>(std::forward<Arguments>(arguments)...);
     }
 
@@ -968 +966 @@
     WriteBarrier<ExecutableBase> m_ownerExecutable;
     WriteBarrier<ExecutableToCodeBlockEdge> m_ownerEdge;
-    ConstExprPoisoned<CodeBlockPoison, VM*> m_poisonedVM;
-
-    PoisonedRefCountedArray<CodeBlockPoison, Instruction> m_instructions;
+    Poisoned<POISON(CodeBlock), VM*> m_poisonedVM;
+
+    PoisonedRefCountedArray<POISON(CodeBlock), Instruction> m_instructions;
     VirtualRegister m_thisRegister;
     VirtualRegister m_scopeRegister;
     mutable CodeBlockHash m_hash;
 
-    PoisonedRefPtr<CodeBlockPoison, SourceProvider> m_source;
+    PoisonedRefPtr<POISON(CodeBlock), SourceProvider> m_source;
     unsigned m_sourceOffset;
     unsigned m_firstLineColumnOffset;
@@ -982 +980 @@
     SentinelLinkedList<LLIntCallLinkInfo, BasicRawSentinelNode<LLIntCallLinkInfo>> m_incomingLLIntCalls;
     StructureWatchpointMap m_llintGetByIdWatchpointMap;
-    PoisonedRefPtr<CodeBlockPoison, JITCode> m_jitCode;
+    PoisonedRefPtr<POISON(CodeBlock), JITCode> m_jitCode;
 #if ENABLE(JIT)
     std::unique_ptr<RegisterAtOffsetList> m_calleeSaveRegisters;
-    PoisonedBag<CodeBlockPoison, StructureStubInfo> m_stubInfos;
-    PoisonedBag<CodeBlockPoison, JITAddIC> m_addICs;
-    PoisonedBag<CodeBlockPoison, JITMulIC> m_mulICs;
-    PoisonedBag<CodeBlockPoison, JITNegIC> m_negICs;
-    PoisonedBag<CodeBlockPoison, JITSubIC> m_subICs;
-    PoisonedBag<CodeBlockPoison, ByValInfo> m_byValInfos;
-    PoisonedBag<CodeBlockPoison, CallLinkInfo> m_callLinkInfos;
+    PoisonedBag<POISON(CodeBlock), StructureStubInfo> m_stubInfos;
+    PoisonedBag<POISON(CodeBlock), JITAddIC> m_addICs;
+    PoisonedBag<POISON(CodeBlock), JITMulIC> m_mulICs;
+    PoisonedBag<POISON(CodeBlock), JITNegIC> m_negICs;
+    PoisonedBag<POISON(CodeBlock), JITSubIC> m_subICs;
+    PoisonedBag<POISON(CodeBlock), ByValInfo> m_byValInfos;
+    PoisonedBag<POISON(CodeBlock), CallLinkInfo> m_callLinkInfos;
     SentinelLinkedList<CallLinkInfo, BasicRawSentinelNode<CallLinkInfo>> m_incomingCalls;
     SentinelLinkedList<PolymorphicCallNode, BasicRawSentinelNode<PolymorphicCallNode>> m_incomingPolymorphicCalls;