Changeset 251556 in webkit for trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm

Timestamp:

Oct 24, 2019, 1:27:38 PM (6 years ago)

Author:

[email protected]

Message:

[JSC] Remove LLInt's Callee size assumption
​https://bugs.webkit.org/show_bug.cgi?id=203282

Reviewed by Mark Lam.

LLInt code still assumes that Callee is always allocated in non-LargeAllocation.
This patch removes this assumption by following three changes.

1. If we can get CodeBlock, we get VM& from CodeBlock.
2. In nativeCallTrampoline and internalFunctionCallTrampoline, we get VM& from JSGlobalObject. It involves one more pointer-chasing but it is OK since this JSGlobalObject's VM* field will be touched in called native functions anyway. And this code is only used when we are not using JIT.
3. In exception handling code in LLInt, we get VM& from callee by checking LargeAllocation possibility. This is OK since it is only executed when exception unwinding happens, and which is an expensive operation anyway.

• heap/LargeAllocation.h:

(JSC::LargeAllocation::headerSize):

• heap/WeakSet.h:

(JSC::WeakSet::WeakSet):
(JSC::WeakSet::vm const):

• llint/LowLevelInterpreter.asm:
• llint/LowLevelInterpreter32_64.asm:
• llint/LowLevelInterpreter64.asm:
• runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::JSGlobalObject):
(JSC::JSGlobalObject::init):

• runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::vm const):
(JSC::JSGlobalObject::defaultCodeGenerationMode const):

• runtime/VM.h:

(JSC::WeakSet::heap const):

File:

• trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm (modified) (10 diffs)

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm

@@ -330 +330 @@
 op(handleUncaughtException, macro ()
     loadp Callee[cfr], t3
-    andp MarkedBlockMask, t3
-    loadp MarkedBlockFooterOffset + MarkedBlock::Footer::m_vm[t3], t3
+    convertCalleeToVM(t3)
     restoreCalleeSavesFromVMEntryFrameCalleeSavesBuffer(t3, t0)
     storep 0, VM::callFrameForCatch[t3]
@@ -682 +681 @@
 end
 
-macro branchIfException(label)
-    loadp Callee[cfr], t3
-    andp MarkedBlockMask, t3
-    loadp MarkedBlockFooterOffset + MarkedBlock::Footer::m_vm[t3], t3
-    btpz VM::m_exception[t3], .noException
-    jmp label
-.noException:
-end
-
 # Instruction implementations
+
 _llint_op_enter:
     traceExecution()
@@ -2069 +2060 @@
     # and have set VM::targetInterpreterPCForThrow.
     loadp Callee[cfr], t3
-    andp MarkedBlockMask, t3
-    loadp MarkedBlockFooterOffset + MarkedBlock::Footer::m_vm[t3], t3
+    convertCalleeToVM(t3)
     restoreCalleeSavesFromVMEntryFrameCalleeSavesBuffer(t3, t0)
     loadp VM::callFrameForCatch[t3], cfr
@@ -2087 +2077 @@
 
 .isCatchableException:
-    loadp Callee[cfr], t3
-    andp MarkedBlockMask, t3
-    loadp MarkedBlockFooterOffset + MarkedBlock::Footer::m_vm[t3], t3
+    loadp CodeBlock[cfr], t3
+    loadp CodeBlock::m_vm[t3], t3
 
     loadp VM::m_exception[t3], t0
@@ -2119 +2108 @@
 op(llint_throw_from_slow_path_trampoline, macro ()
     loadp Callee[cfr], t1
-    andp MarkedBlockMask, t1
-    loadp MarkedBlockFooterOffset + MarkedBlock::Footer::m_vm[t1], t1
+    convertCalleeToVM(t1)
     copyCalleeSavesToVMEntryFrameCalleeSavesBuffer(t1, t2)
 
@@ -2129 +2117 @@
     # This essentially emulates the JIT's throwing protocol.
     loadp Callee[cfr], t1
-    andp MarkedBlockMask, t1
-    loadp MarkedBlockFooterOffset + MarkedBlock::Footer::m_vm[t1], t1
+    convertCalleeToVM(t1)
     jmp VM::targetMachinePCForThrow[t1], ExceptionHandlerPtrTag
 end)
@@ -2142 +2129 @@
 
 macro nativeCallTrampoline(executableOffsetToFunction)
-
     functionPrologue()
     storep 0, CodeBlock[cfr]
-    loadp Callee[cfr], t0
-    andp MarkedBlockMask, t0, t1
-    loadp MarkedBlockFooterOffset + MarkedBlock::Footer::m_vm[t1], t1
-    storep cfr, VM::topCallFrame[t1]
-    if ARM64 or ARM64E or C_LOOP or C_LOOP_WIN
-        storep lr, ReturnPC[cfr]
-    end
-    move cfr, a1
     loadp Callee[cfr], a0
     loadp JSFunction::m_executable[a0], a2
     loadp JSFunction::m_globalObject[a0], a0
+    loadp JSGlobalObject::m_vm[a0], a1
+    storep cfr, VM::topCallFrame[a1]
+    if ARM64 or ARM64E or C_LOOP or C_LOOP_WIN
+        storep lr, ReturnPC[cfr]
+    end
+    move cfr, a1
     checkStackPointerAlignment(t3, 0xdead0001)
     if C_LOOP or C_LOOP_WIN
@@ -2170 +2154 @@
 
     loadp Callee[cfr], t3
-    andp MarkedBlockMask, t3
-    loadp MarkedBlockFooterOffset + MarkedBlock::Footer::m_vm[t3], t3
+    loadp JSFunction::m_globalObject[t3], t3
+    loadp JSGlobalObject::m_vm[t3], t3
 
     btpnz VM::m_exception[t3], .handleException
@@ -2186 +2170 @@
     functionPrologue()
     storep 0, CodeBlock[cfr]
-    loadp Callee[cfr], t0
-    andp MarkedBlockMask, t0, t1
-    loadp MarkedBlockFooterOffset + MarkedBlock::Footer::m_vm[t1], t1
-    storep cfr, VM::topCallFrame[t1]
+    loadp Callee[cfr], a2
+    loadp InternalFunction::m_globalObject[a2], a0
+    loadp JSGlobalObject::m_vm[a0], a1
+    storep cfr, VM::topCallFrame[a1]
     if ARM64 or ARM64E or C_LOOP or C_LOOP_WIN
         storep lr, ReturnPC[cfr]
     end
     move cfr, a1
-    loadp Callee[cfr], a2
-    loadp InternalFunction::m_globalObject[a2], a0
     checkStackPointerAlignment(t3, 0xdead0001)
     if C_LOOP or C_LOOP_WIN
@@ -2210 +2192 @@
 
     loadp Callee[cfr], t3
-    andp MarkedBlockMask, t3
-    loadp MarkedBlockFooterOffset + MarkedBlock::Footer::m_vm[t3], t3
+    loadp InternalFunction::m_globalObject[t3], t3
+    loadp JSGlobalObject::m_vm[t3], t3
 
     btpnz VM::m_exception[t3], .handleException