Changeset 38322 in webkit for trunk/JavaScriptCore/VM/Machine.cpp

Timestamp:

Nov 11, 2008, 4:32:38 PM (17 years ago)

Author:

[email protected]

Message:

2008-11-11 Geoffrey Garen <​[email protected]>

Reviewed by Darin Adler.

Fixed ​https://bugs.webkit.org/show_bug.cgi?id=22174
Simplified op_call by nixing its responsibility for moving the value of
"this" into the first argument slot.

Instead, the caller emits an explicit load or mov instruction, or relies
on implicit knowledge that "this" is already in the first argument slot.
As a result, two operands to op_call are gone: firstArg and thisVal.

SunSpider and v8 tests show no change in bytecode or CTI.

• VM/CTI.cpp: (JSC::CTI::compileOpCallSetupArgs): (JSC::CTI::compileOpCallEvalSetupArgs): (JSC::CTI::compileOpConstructSetupArgs): Split apart these three versions of setting up arguments to op_call, because they're more different than they are the same -- even more so with this patch.

(JSC::CTI::compileOpCall): Updated for the fact that op_construct doesn't
match op_call anymore.

(JSC::CTI::privateCompileMainPass):
(JSC::CTI::privateCompileSlowCases): Merged a few call cases. Updated
for changes mentioned above.

• VM/CTI.h:

• VM/CodeBlock.cpp: (JSC::CodeBlock::dump): Updated for new bytecode format of call / construct.

• VM/Machine.cpp: (JSC::Machine::callEval): Updated for new bytecode format of call / construct.

(JSC::Machine::dumpCallFrame):
(JSC::Machine::dumpRegisters): Simplified these debugging functions,
taking advantage of the new call frame layout.

(JSC::Machine::execute): Fixed up the eval version of execute to be
friendlier to calls in the new format.

(JSC::Machine::privateExecute): Implemented the new call format in
bytecode.

(JSC::Machine::cti_op_call_NotJSFunction):
(JSC::Machine::cti_op_construct_JSConstruct):
(JSC::Machine::cti_op_construct_NotJSConstruct):
(JSC::Machine::cti_op_call_eval): Updated CTI helpers to match the new
call format.

Fixed a latent bug in stack overflow checking that is now hit because
the register layout has changed a bit -- namely: when throwing a stack
overflow exception inside an op_call helper, we need to account for the
fact that the current call frame is only half-constructed, and use the
parent call frame instead.

• VM/Machine.h:

• bytecompiler/CodeGenerator.cpp: (JSC::CodeGenerator::emitCall): (JSC::CodeGenerator::emitCallEval): (JSC::CodeGenerator::emitConstruct):
• bytecompiler/CodeGenerator.h: Updated codegen to match the new call format.

• parser/Nodes.cpp: (JSC::EvalFunctionCallNode::emitCode): (JSC::FunctionCallValueNode::emitCode): (JSC::FunctionCallResolveNode::emitCode): (JSC::FunctionCallBracketNode::emitCode): (JSC::FunctionCallDotNode::emitCode):
• parser/Nodes.h: (JSC::ScopeNode::neededConstants): ditto

2008-11-10 Geoffrey Garen <​[email protected]>

Reviewed by Darin Adler.

Updated a test after fixing ​https://bugs.webkit.org/show_bug.cgi?id=22174
Simplified op_call by nixing its responsibility for moving the value of
"this" into the first argument slot.

• fast/js/global-recursion-on-full-stack-expected.txt: This test passes a little differently now, because the register layout has changed. Specifically, the stack overflow now happens in the call to f() instead of the initiation of the <script> tag, so it is caught, and it does not log an exception to the console.

File:

• trunk/JavaScriptCore/VM/Machine.cpp (modified) (31 diffs)

trunk/JavaScriptCore/VM/Machine.cpp

@@ -581 +581 @@
 }
 
-NEVER_INLINE JSValue* Machine::callEval(CallFrame* callFrame, JSObject* thisObj, ScopeChainNode* scopeChain, RegisterFile* registerFile, int argv, int argc, JSValue*& exceptionValue)
+NEVER_INLINE JSValue* Machine::callEval(CallFrame* callFrame, RegisterFile* registerFile, Register* argv, int argc, int registerOffset, JSValue*& exceptionValue)
 {
     if (argc < 2)
         return jsUndefined();
 
-    JSValue* program = callFrame[argv + 1].jsValue(callFrame);
+    JSValue* program = argv[1].jsValue(callFrame);
 
     if (!program->isString())
@@ -593 +593 @@
     UString programSource = asString(program)->value();
 
+    ScopeChainNode* scopeChain = callFrame->scopeChain();
     CodeBlock* codeBlock = callFrame->codeBlock();
     RefPtr<EvalNode> evalNode = codeBlock->evalCodeCache.get(callFrame, programSource, scopeChain, exceptionValue);
@@ -598 +599 @@
     JSValue* result = jsUndefined();
     if (evalNode)
-        result = callFrame->globalData().machine->execute(evalNode.get(), callFrame, thisObj, callFrame->registers() - registerFile->start() + argv + 1 + RegisterFile::CallFrameHeaderSize, scopeChain, &exceptionValue);
+        result = callFrame->globalData().machine->execute(evalNode.get(), callFrame, callFrame->thisValue()->toThisObject(callFrame), callFrame->registers() - registerFile->start() + registerOffset, scopeChain, &exceptionValue);
 
     return result;
@@ -656 +657 @@
 #ifndef NDEBUG
 
-void Machine::dumpCallFrame(const RegisterFile* registerFile, CallFrame* callFrame)
-{
-    JSGlobalObject* globalObject = callFrame->scopeChain()->globalObject();
-
-    CodeBlock* codeBlock = callFrame->codeBlock();
-    codeBlock->dump(globalObject->globalExec());
-
-    dumpRegisters(registerFile, callFrame);
-}
-
-void Machine::dumpRegisters(const RegisterFile* registerFile, CallFrame* callFrame)
+void Machine::dumpCallFrame(CallFrame* callFrame)
+{
+    callFrame->codeBlock()->dump(callFrame);
+    dumpRegisters(callFrame);
+}
+
+void Machine::dumpRegisters(CallFrame* callFrame)
 {
     printf("Register frame: \n\n");
@@ -674 +671 @@
 
     CodeBlock* codeBlock = callFrame->codeBlock();
+    RegisterFile* registerFile = &callFrame->scopeChain()->globalObject()->globalData()->machine->registerFile();
     const Register* it;
     const Register* end;
@@ -1024 +1022 @@
 }
 
-JSValue* Machine::execute(EvalNode* evalNode, CallFrame* callFrame, JSObject* thisObj, int registerOffset, ScopeChainNode* scopeChain, JSValue** exception)
+JSValue* Machine::execute(EvalNode* evalNode, CallFrame* callFrame, JSObject* thisObj, int globalRegisterOffset, ScopeChainNode* scopeChain, JSValue** exception)
 {
     ASSERT(!scopeChain->globalData->exception);
@@ -1070 +1068 @@
 
     Register* oldEnd = m_registerFile.end();
-    Register* newEnd = m_registerFile.start() + registerOffset + codeBlock->numCalleeRegisters;
+    Register* newEnd = m_registerFile.start() + globalRegisterOffset + codeBlock->numCalleeRegisters;
     if (!m_registerFile.grow(newEnd)) {
         *exception = createStackOverflowError(callFrame);
@@ -1076 +1074 @@
     }
 
-    CallFrame* newCallFrame = CallFrame::create(m_registerFile.start() + registerOffset);
+    CallFrame* newCallFrame = CallFrame::create(m_registerFile.start() + globalRegisterOffset);
 
     // a 0 codeBlock indicates a built-in caller
@@ -3265 +3263 @@
     }
     BEGIN_OPCODE(op_call_eval) {
-        /* call_eval dst(r) func(r) thisVal(r) firstArg(r) argCount(n)
+        /* call_eval dst(r) func(r) argCount(n) registerOffset(n)
 
            Call a function named "eval" with no explicit "this" value
@@ -3278 +3276 @@
         int dst = vPC[1].u.operand;
         int func = vPC[2].u.operand;
-        int thisVal = vPC[3].u.operand;
-        int firstArg = vPC[4].u.operand;
-        int argCount = vPC[5].u.operand;
+        int argCount = vPC[3].u.operand;
+        int registerOffset = vPC[4].u.operand;
 
         JSValue* funcVal = callFrame[func].jsValue(callFrame);
-        JSValue* baseVal = callFrame[thisVal].jsValue(callFrame);
-
-        ScopeChainNode* scopeChain = callFrame->scopeChain();
-        if (baseVal == scopeChain->globalObject() && funcVal == scopeChain->globalObject()->evalFunction()) {
-            JSObject* thisObject = asObject(callFrame[callFrame->codeBlock()->thisRegister].jsValue(callFrame));
-            JSValue* result = callEval(callFrame, thisObject, scopeChain, registerFile, firstArg, argCount, exceptionValue);
+
+        Register* newCallFrame = callFrame->registers() + registerOffset;
+        Register* argv = newCallFrame - RegisterFile::CallFrameHeaderSize - argCount;
+        JSValue* thisValue = argv[0].jsValue(callFrame);
+        JSGlobalObject* globalObject = callFrame->scopeChain()->globalObject();
+
+        if (thisValue == globalObject && funcVal == globalObject->evalFunction()) {
+            JSValue* result = callEval(callFrame, registerFile, argv, argCount, registerOffset, exceptionValue);
             if (exceptionValue)
                 goto vm_throw;
-
             callFrame[dst] = result;
 
-            vPC += 7;
+            vPC += 5;
             NEXT_OPCODE;
         }
 
-        // We didn't find the blessed version of eval, so reset vPC and process
-        // this instruction as a normal function call, supplying the proper 'this'
-        // value.
-        callFrame[thisVal] = baseVal->toThisObject(callFrame);
+        // We didn't find the blessed version of eval, so process this
+        // instruction as a normal function call.
 
 #if HAVE(COMPUTED_GOTO)
@@ -3312 +3308 @@
     }
     BEGIN_OPCODE(op_call) {
-        /* call dst(r) func(r) thisVal(r) firstArg(r) argCount(n) registerOffset(n)
-
-           Perform a function call. Specifically, call register func
-           with a "this" value of register thisVal, and put the result
-           in register dst.
-
-           The arguments start at register firstArg and go up to
-           argCount, but the "this" value is considered an implicit
-           first argument, so the argCount should be one greater than
-           the number of explicit arguments passed, and the register
-           after firstArg should contain the actual first
-           argument. This opcode will copy from the thisVal register
-           to the firstArg register, unless the register index of
-           thisVal is the special missing this object marker, which is
-           2^31-1; in that case, the global object will be used as the
-           "this" value.
-
-           If func is a native code function, then this opcode calls
-           it and returns the value immediately. 
-
-           But if it is a JS function, then the current scope chain
-           and code block is set to the function's, and we slide the
-           register window so that the arguments would form the first
-           few local registers of the called function's register
-           window. In addition, a call frame header is written
-           immediately before the arguments; see the call frame
-           documentation for an explanation of how many registers a
-           call frame takes and what they contain. That many registers
-           before the firstArg register will be overwritten by the
-           call. In addition, any registers higher than firstArg +
-           argCount may be overwritten. Once this setup is complete,
-           execution continues from the called function's first
-           argument, and does not return until a "ret" opcode is
-           encountered.
+        /* call dst(r) func(r) argCount(n) registerOffset(n)
+
+           Perform a function call.
+           
+           registerOffset is the distance the callFrame pointer should move
+           before the VM initializes the new call frame's header.
+           
+           dst is where op_ret should store its result.
          */
 
         int dst = vPC[1].u.operand;
         int func = vPC[2].u.operand;
-        int thisVal = vPC[3].u.operand;
-        int firstArg = vPC[4].u.operand;
-        int argCount = vPC[5].u.operand;
-        int registerOffset = vPC[6].u.operand;
+        int argCount = vPC[3].u.operand;
+        int registerOffset = vPC[4].u.operand;
 
         JSValue* v = callFrame[func].jsValue(callFrame);
@@ -3365 +3333 @@
             CodeBlock* newCodeBlock = &functionBodyNode->byteCode(callDataScopeChain);
 
-            callFrame[firstArg] = thisVal == missingThisObjectMarker() ? callFrame->globalThisValue() : callFrame[thisVal].jsValue(callFrame);
-            
             CallFrame* previousCallFrame = callFrame;
 
@@ -3376 +3342 @@
             }
 
-            callFrame->init(newCodeBlock, vPC + 7, callDataScopeChain, previousCallFrame, dst, argCount, asFunction(v));
+            callFrame->init(newCodeBlock, vPC + 5, callDataScopeChain, previousCallFrame, dst, argCount, asFunction(v));
             vPC = newCodeBlock->instructions.begin();
 
@@ -3387 +3353 @@
 
         if (callType == CallTypeHost) {
-            JSValue* thisValue = thisVal == missingThisObjectMarker() ? callFrame->globalThisValue() : callFrame[thisVal].jsValue(callFrame);
-            ArgList args(callFrame->registers() + firstArg + 1, argCount - 1);
-
             ScopeChainNode* scopeChain = callFrame->scopeChain();
             CallFrame* newCallFrame = CallFrame::create(callFrame->registers() + registerOffset);
-            newCallFrame->init(0, vPC + 7, scopeChain, callFrame, dst, argCount, 0);
+            newCallFrame->init(0, vPC + 5, scopeChain, callFrame, dst, argCount, 0);
+
+            Register* thisRegister = newCallFrame->registers() - RegisterFile::CallFrameHeaderSize - argCount;
+            ArgList args(thisRegister + 1, argCount - 1);
+
+            // FIXME: All host methods should be calling toThisObject, but this is not presently the case.
+            JSValue* thisValue = thisRegister->jsValue(callFrame);
+            if (thisValue == jsNull())
+                thisValue = callFrame->globalThisValue();
 
             JSValue* returnValue;
@@ -3403 +3374 @@
             callFrame[dst] = returnValue;
 
-            vPC += 7;
+            vPC += 5;
             NEXT_OPCODE;
         }
@@ -3573 +3544 @@
     }
     BEGIN_OPCODE(op_construct) {
-        /* construct dst(r) constr(r) constrProto(r) firstArg(r) argCount(n) registerOffset(n)
-
-           Invoke register "constr" as a constructor. For JS
+        /* construct dst(r) func(r) argCount(n) registerOffset(n) proto(r) thisRegister(r)
+
+           Invoke register "func" as a constructor. For JS
            functions, the calling convention is exactly as for the
            "call" opcode, except that the "this" value is a newly
-           created Object. For native constructors, a null "this"
-           value is passed. In either case, the firstArg and argCount
+           created Object. For native constructors, no "this"
+           value is passed. In either case, the argCount and registerOffset
            registers are interpreted as for the "call" opcode.
 
-           Register constrProto must contain the prototype property of
-           register constsr. This is to enable polymorphic inline
+           Register proto must contain the prototype property of
+           register func. This is to enable polymorphic inline
            caching of this lookup.
         */
 
         int dst = vPC[1].u.operand;
-        int constr = vPC[2].u.operand;
-        int constrProto = vPC[3].u.operand;
-        int firstArg = vPC[4].u.operand;
-        int argCount = vPC[5].u.operand;
-        int registerOffset = vPC[6].u.operand;
-
-        JSValue* v = callFrame[constr].jsValue(callFrame);
+        int func = vPC[2].u.operand;
+        int argCount = vPC[3].u.operand;
+        int registerOffset = vPC[4].u.operand;
+        int proto = vPC[5].u.operand;
+        int thisRegister = vPC[6].u.operand;
+
+        JSValue* v = callFrame[func].jsValue(callFrame);
 
         ConstructData constructData;
@@ -3605 +3576 @@
 
             StructureID* structure;
-            JSValue* prototype = callFrame[constrProto].jsValue(callFrame);
+            JSValue* prototype = callFrame[proto].jsValue(callFrame);
             if (prototype->isObject())
                 structure = asObject(prototype)->inheritorID();
@@ -3612 +3583 @@
             JSObject* newObject = new (globalData) JSObject(structure);
 
-            callFrame[firstArg] = newObject; // "this" value
+            callFrame[thisRegister] = newObject; // "this" value
 
             CallFrame* previousCallFrame = callFrame;
@@ -3634 +3605 @@
 
         if (constructType == ConstructTypeHost) {
-            ArgList args(callFrame->registers() + firstArg + 1, argCount - 1);
+            ArgList args(callFrame->registers() + thisRegister + 1, argCount - 1);
 
             ScopeChainNode* scopeChain = callFrame->scopeChain();
@@ -4365 +4336 @@
     } while (0)
 
+// This macro rewinds to the previous call frame because CTI functions that
+// throw stack overflow exceptions execute after the call frame has
+// optimistically moved forward.
+#define CTI_THROW_STACK_OVERFLOW() do { \
+    CallFrame* oldCallFrame = ARG_callFrame->callerFrame(); \
+    JSGlobalData* globalData = ARG_globalData; \
+    globalData->exception = createStackOverflowError(oldCallFrame); \
+    globalData->throwReturnAddress = CTI_RETURN_ADDRESS; \
+    ARG_setCallFrame(oldCallFrame); \
+    CTI_SET_RETURN_ADDRESS(reinterpret_cast<void*>(ctiVMThrowTrampoline)); \
+} while (0);
+
 JSObject* Machine::cti_op_convert_this(CTI_ARGS)
 {
@@ -4453 +4436 @@
 }
 
-NEVER_INLINE void Machine::throwStackOverflowPreviousFrame(CallFrame* callFrame, JSGlobalData* globalData, void*& returnAddress)
-{
-    globalData->exception = createStackOverflowError(callFrame->callerFrame());
-    globalData->throwReturnAddress = callFrame->returnPC();
-    ctiSetReturnAddress(&returnAddress, reinterpret_cast<void*>(ctiVMThrowTrampoline));
-}
-
 void Machine::cti_register_file_check(CTI_ARGS)
 {
@@ -4467 +4443 @@
         return;
 
-    ARG_setCallFrame(ARG_callFrame->callerFrame());
-    throwStackOverflowPreviousFrame(ARG_callFrame, ARG_globalData, CTI_RETURN_ADDRESS);
+    CTI_THROW_STACK_OVERFLOW();
 }
 
@@ -4745 +4720 @@
         Register* newEnd = r + newCodeBlock->numCalleeRegisters;
         if (!ARG_registerFile->grow(newEnd)) {
-            ARG_globalData->exception = createStackOverflowError(oldCallFrame);
-            VM_THROW_EXCEPTION_2();
+            CTI_THROW_STACK_OVERFLOW();
+            VoidPtrPairValue pair = {{ 0, 0 }};
+            return pair.i;
         }
 
@@ -4811 +4787 @@
             SamplingTool::HostCallRecord callRecord(CTI_SAMPLER);
 
-            // All host methods should be calling toThisObject, but this is not presently the case.
+            // FIXME: All host methods should be calling toThisObject, but this is not presently the case.
             JSValue* thisValue = argv[0].jsValue(callFrame);
             if (thisValue == jsNull())
@@ -4935 +4911 @@
 
     StructureID* structure;
-    if (ARG_src5->isObject())
-        structure = asObject(ARG_src5)->inheritorID();
+    if (ARG_src4->isObject())
+        structure = asObject(ARG_src4)->inheritorID();
     else
         structure = asFunction(ARG_src1)->m_scopeChain.node()->globalObject()->emptyObjectStructure();
@@ -4950 +4926 @@
     JSValue* constrVal = ARG_src1;
     int argCount = ARG_int3;
-    int firstArg = ARG_int6;
+    int thisRegister = ARG_int5;
 
     ConstructData constructData;
@@ -4956 +4932 @@
 
     if (constructType == ConstructTypeHost) {
-        ArgList argList(callFrame->registers() + firstArg + 1, argCount - 1);
+        ArgList argList(callFrame->registers() + thisRegister + 1, argCount - 1);
 
         JSValue* returnValue;
@@ -4970 +4946 @@
     ASSERT(constructType == ConstructTypeNone);
 
-    ARG_globalData->exception = createNotAConstructorError(callFrame, constrVal, ARG_instr4, callFrame->codeBlock());
+    ARG_globalData->exception = createNotAConstructorError(callFrame, constrVal, ARG_instr6, callFrame->codeBlock());
     VM_THROW_EXCEPTION();
 }
@@ -5569 +5545 @@
     CallFrame* callFrame = ARG_callFrame;
     RegisterFile* registerFile = ARG_registerFile;
-    CodeBlock* codeBlock = callFrame->codeBlock();
-    ScopeChainNode* scopeChain = callFrame->scopeChain();
 
     Machine* machine = ARG_globalData->machine;
@@ -5577 +5551 @@
     int registerOffset = ARG_int2;
     int argCount = ARG_int3;
-    JSValue* baseVal = ARG_src5;
-
-    if (baseVal == scopeChain->globalObject() && funcVal == scopeChain->globalObject()->evalFunction()) {
-        JSObject* thisObject = callFrame[codeBlock->thisRegister].jsValue(callFrame)->toThisObject(callFrame);
+
+    Register* newCallFrame = callFrame->registers() + registerOffset;
+    Register* argv = newCallFrame - RegisterFile::CallFrameHeaderSize - argCount;
+    JSValue* thisValue = argv[0].jsValue(callFrame);
+    JSGlobalObject* globalObject = callFrame->scopeChain()->globalObject();
+
+    if (thisValue == globalObject && funcVal == globalObject->evalFunction()) {
         JSValue* exceptionValue = noValue();
-        JSValue* result = machine->callEval(callFrame, thisObject, scopeChain, registerFile, registerOffset - RegisterFile::CallFrameHeaderSize - argCount, argCount, exceptionValue);
+        JSValue* result = machine->callEval(callFrame, registerFile, argv, argCount, registerOffset, exceptionValue);
         if (UNLIKELY(exceptionValue != noValue())) {
             ARG_globalData->exception = exceptionValue;
@@ -5945 +5922 @@
     CallFrame* callFrame = ARG_callFrame;
     CodeBlock* codeBlock = callFrame->codeBlock();
-
-    ASSERT(codeBlock->ctiReturnAddressVPCMap.contains(ARG_globalData->throwReturnAddress));
-    unsigned vPCIndex = codeBlock->ctiReturnAddressVPCMap.get(ARG_globalData->throwReturnAddress);
-
-    JSValue* exceptionValue = ARG_globalData->exception;
+    JSGlobalData* globalData = ARG_globalData;
+
+    ASSERT(codeBlock->ctiReturnAddressVPCMap.contains(globalData->throwReturnAddress));
+    unsigned vPCIndex = codeBlock->ctiReturnAddressVPCMap.get(globalData->throwReturnAddress);
+
+    JSValue* exceptionValue = globalData->exception;
     ASSERT(exceptionValue);
-    ARG_globalData->exception = noValue();
-
-    Instruction* handlerVPC = ARG_globalData->machine->throwException(callFrame, exceptionValue, codeBlock->instructions.begin() + vPCIndex, false);
+    globalData->exception = noValue();
+
+    Instruction* handlerVPC = globalData->machine->throwException(callFrame, exceptionValue, codeBlock->instructions.begin() + vPCIndex, false);
 
     if (!handlerVPC) {