Changeset 38330 in webkit for trunk/JavaScriptCore/VM/Machine.cpp

Timestamp:

Nov 12, 2008, 1:34:22 AM (17 years ago)

Author:

[email protected]

Message:

2008-11-12 Cameron Zwarich <​[email protected]>

Rubber-stamped by Mark Rowe.

Roll out r38322 due to test failures on the bots.

JavaScriptCore:

• VM/CTI.cpp: (JSC::CTI::compileOpCallSetupArgs): (JSC::CTI::compileOpCall): (JSC::CTI::privateCompileMainPass): (JSC::CTI::privateCompileSlowCases):
• VM/CTI.h:
• VM/CodeBlock.cpp: (JSC::CodeBlock::dump):
• VM/Machine.cpp: (JSC::Machine::callEval): (JSC::Machine::dumpCallFrame): (JSC::Machine::dumpRegisters): (JSC::Machine::execute): (JSC::Machine::privateExecute): (JSC::Machine::throwStackOverflowPreviousFrame): (JSC::Machine::cti_register_file_check): (JSC::Machine::cti_op_call_arityCheck): (JSC::Machine::cti_op_call_NotJSFunction): (JSC::Machine::cti_op_construct_JSConstruct): (JSC::Machine::cti_op_construct_NotJSConstruct): (JSC::Machine::cti_op_call_eval): (JSC::Machine::cti_vm_throw):
• VM/Machine.h:
• bytecompiler/CodeGenerator.cpp: (JSC::CodeGenerator::emitCall): (JSC::CodeGenerator::emitCallEval): (JSC::CodeGenerator::emitConstruct):
• bytecompiler/CodeGenerator.h:
• parser/Nodes.cpp: (JSC::EvalFunctionCallNode::emitCode): (JSC::FunctionCallValueNode::emitCode): (JSC::FunctionCallResolveNode::emitCode): (JSC::FunctionCallBracketNode::emitCode): (JSC::FunctionCallDotNode::emitCode):
• parser/Nodes.h: (JSC::ScopeNode::neededConstants):

LayoutTests:

• fast/js/global-recursion-on-full-stack-expected.txt:

File:

• trunk/JavaScriptCore/VM/Machine.cpp (modified) (31 diffs)

trunk/JavaScriptCore/VM/Machine.cpp

@@ -581 +581 @@
 }
 
-NEVER_INLINE JSValue* Machine::callEval(CallFrame* callFrame, RegisterFile* registerFile, Register* argv, int argc, int registerOffset, JSValue*& exceptionValue)
+NEVER_INLINE JSValue* Machine::callEval(CallFrame* callFrame, JSObject* thisObj, ScopeChainNode* scopeChain, RegisterFile* registerFile, int argv, int argc, JSValue*& exceptionValue)
 {
     if (argc < 2)
         return jsUndefined();
 
-    JSValue* program = argv[1].jsValue(callFrame);
+    JSValue* program = callFrame[argv + 1].jsValue(callFrame);
 
     if (!program->isString())
@@ -593 +593 @@
     UString programSource = asString(program)->value();
 
-    ScopeChainNode* scopeChain = callFrame->scopeChain();
     CodeBlock* codeBlock = callFrame->codeBlock();
     RefPtr<EvalNode> evalNode = codeBlock->evalCodeCache.get(callFrame, programSource, scopeChain, exceptionValue);
@@ -599 +598 @@
     JSValue* result = jsUndefined();
     if (evalNode)
-        result = callFrame->globalData().machine->execute(evalNode.get(), callFrame, callFrame->thisValue()->toThisObject(callFrame), callFrame->registers() - registerFile->start() + registerOffset, scopeChain, &exceptionValue);
+        result = callFrame->globalData().machine->execute(evalNode.get(), callFrame, thisObj, callFrame->registers() - registerFile->start() + argv + 1 + RegisterFile::CallFrameHeaderSize, scopeChain, &exceptionValue);
 
     return result;
@@ -657 +656 @@
 #ifndef NDEBUG
 
-void Machine::dumpCallFrame(CallFrame* callFrame)
-{
-    callFrame->codeBlock()->dump(callFrame);
-    dumpRegisters(callFrame);
-}
-
-void Machine::dumpRegisters(CallFrame* callFrame)
+void Machine::dumpCallFrame(const RegisterFile* registerFile, CallFrame* callFrame)
+{
+    JSGlobalObject* globalObject = callFrame->scopeChain()->globalObject();
+
+    CodeBlock* codeBlock = callFrame->codeBlock();
+    codeBlock->dump(globalObject->globalExec());
+
+    dumpRegisters(registerFile, callFrame);
+}
+
+void Machine::dumpRegisters(const RegisterFile* registerFile, CallFrame* callFrame)
 {
     printf("Register frame: \n\n");
@@ -671 +674 @@
 
     CodeBlock* codeBlock = callFrame->codeBlock();
-    RegisterFile* registerFile = &callFrame->scopeChain()->globalObject()->globalData()->machine->registerFile();
     const Register* it;
     const Register* end;
@@ -1022 +1024 @@
 }
 
-JSValue* Machine::execute(EvalNode* evalNode, CallFrame* callFrame, JSObject* thisObj, int globalRegisterOffset, ScopeChainNode* scopeChain, JSValue** exception)
+JSValue* Machine::execute(EvalNode* evalNode, CallFrame* callFrame, JSObject* thisObj, int registerOffset, ScopeChainNode* scopeChain, JSValue** exception)
 {
     ASSERT(!scopeChain->globalData->exception);
@@ -1068 +1070 @@
 
     Register* oldEnd = m_registerFile.end();
-    Register* newEnd = m_registerFile.start() + globalRegisterOffset + codeBlock->numCalleeRegisters;
+    Register* newEnd = m_registerFile.start() + registerOffset + codeBlock->numCalleeRegisters;
     if (!m_registerFile.grow(newEnd)) {
         *exception = createStackOverflowError(callFrame);
@@ -1074 +1076 @@
     }
 
-    CallFrame* newCallFrame = CallFrame::create(m_registerFile.start() + globalRegisterOffset);
+    CallFrame* newCallFrame = CallFrame::create(m_registerFile.start() + registerOffset);
 
     // a 0 codeBlock indicates a built-in caller
@@ -3263 +3265 @@
     }
     BEGIN_OPCODE(op_call_eval) {
-        /* call_eval dst(r) func(r) argCount(n) registerOffset(n)
+        /* call_eval dst(r) func(r) thisVal(r) firstArg(r) argCount(n)
 
            Call a function named "eval" with no explicit "this" value
@@ -3276 +3278 @@
         int dst = vPC[1].u.operand;
         int func = vPC[2].u.operand;
-        int argCount = vPC[3].u.operand;
-        int registerOffset = vPC[4].u.operand;
+        int thisVal = vPC[3].u.operand;
+        int firstArg = vPC[4].u.operand;
+        int argCount = vPC[5].u.operand;
 
         JSValue* funcVal = callFrame[func].jsValue(callFrame);
-
-        Register* newCallFrame = callFrame->registers() + registerOffset;
-        Register* argv = newCallFrame - RegisterFile::CallFrameHeaderSize - argCount;
-        JSValue* thisValue = argv[0].jsValue(callFrame);
-        JSGlobalObject* globalObject = callFrame->scopeChain()->globalObject();
-
-        if (thisValue == globalObject && funcVal == globalObject->evalFunction()) {
-            JSValue* result = callEval(callFrame, registerFile, argv, argCount, registerOffset, exceptionValue);
+        JSValue* baseVal = callFrame[thisVal].jsValue(callFrame);
+
+        ScopeChainNode* scopeChain = callFrame->scopeChain();
+        if (baseVal == scopeChain->globalObject() && funcVal == scopeChain->globalObject()->evalFunction()) {
+            JSObject* thisObject = asObject(callFrame[callFrame->codeBlock()->thisRegister].jsValue(callFrame));
+            JSValue* result = callEval(callFrame, thisObject, scopeChain, registerFile, firstArg, argCount, exceptionValue);
             if (exceptionValue)
                 goto vm_throw;
+
             callFrame[dst] = result;
 
-            vPC += 5;
+            vPC += 7;
             NEXT_OPCODE;
         }
 
-        // We didn't find the blessed version of eval, so process this
-        // instruction as a normal function call.
+        // We didn't find the blessed version of eval, so reset vPC and process
+        // this instruction as a normal function call, supplying the proper 'this'
+        // value.
+        callFrame[thisVal] = baseVal->toThisObject(callFrame);
 
 #if HAVE(COMPUTED_GOTO)
@@ -3308 +3312 @@
     }
     BEGIN_OPCODE(op_call) {
-        /* call dst(r) func(r) argCount(n) registerOffset(n)
-
-           Perform a function call.
-           
-           registerOffset is the distance the callFrame pointer should move
-           before the VM initializes the new call frame's header.
-           
-           dst is where op_ret should store its result.
+        /* call dst(r) func(r) thisVal(r) firstArg(r) argCount(n) registerOffset(n)
+
+           Perform a function call. Specifically, call register func
+           with a "this" value of register thisVal, and put the result
+           in register dst.
+
+           The arguments start at register firstArg and go up to
+           argCount, but the "this" value is considered an implicit
+           first argument, so the argCount should be one greater than
+           the number of explicit arguments passed, and the register
+           after firstArg should contain the actual first
+           argument. This opcode will copy from the thisVal register
+           to the firstArg register, unless the register index of
+           thisVal is the special missing this object marker, which is
+           2^31-1; in that case, the global object will be used as the
+           "this" value.
+
+           If func is a native code function, then this opcode calls
+           it and returns the value immediately. 
+
+           But if it is a JS function, then the current scope chain
+           and code block is set to the function's, and we slide the
+           register window so that the arguments would form the first
+           few local registers of the called function's register
+           window. In addition, a call frame header is written
+           immediately before the arguments; see the call frame
+           documentation for an explanation of how many registers a
+           call frame takes and what they contain. That many registers
+           before the firstArg register will be overwritten by the
+           call. In addition, any registers higher than firstArg +
+           argCount may be overwritten. Once this setup is complete,
+           execution continues from the called function's first
+           argument, and does not return until a "ret" opcode is
+           encountered.
          */
 
         int dst = vPC[1].u.operand;
         int func = vPC[2].u.operand;
-        int argCount = vPC[3].u.operand;
-        int registerOffset = vPC[4].u.operand;
+        int thisVal = vPC[3].u.operand;
+        int firstArg = vPC[4].u.operand;
+        int argCount = vPC[5].u.operand;
+        int registerOffset = vPC[6].u.operand;
 
         JSValue* v = callFrame[func].jsValue(callFrame);
@@ -3333 +3365 @@
             CodeBlock* newCodeBlock = &functionBodyNode->byteCode(callDataScopeChain);
 
+            callFrame[firstArg] = thisVal == missingThisObjectMarker() ? callFrame->globalThisValue() : callFrame[thisVal].jsValue(callFrame);
+            
             CallFrame* previousCallFrame = callFrame;
 
@@ -3342 +3376 @@
             }
 
-            callFrame->init(newCodeBlock, vPC + 5, callDataScopeChain, previousCallFrame, dst, argCount, asFunction(v));
+            callFrame->init(newCodeBlock, vPC + 7, callDataScopeChain, previousCallFrame, dst, argCount, asFunction(v));
             vPC = newCodeBlock->instructions.begin();
 
@@ -3353 +3387 @@
 
         if (callType == CallTypeHost) {
+            JSValue* thisValue = thisVal == missingThisObjectMarker() ? callFrame->globalThisValue() : callFrame[thisVal].jsValue(callFrame);
+            ArgList args(callFrame->registers() + firstArg + 1, argCount - 1);
+
             ScopeChainNode* scopeChain = callFrame->scopeChain();
             CallFrame* newCallFrame = CallFrame::create(callFrame->registers() + registerOffset);
-            newCallFrame->init(0, vPC + 5, scopeChain, callFrame, dst, argCount, 0);
-
-            Register* thisRegister = newCallFrame->registers() - RegisterFile::CallFrameHeaderSize - argCount;
-            ArgList args(thisRegister + 1, argCount - 1);
-
-            // FIXME: All host methods should be calling toThisObject, but this is not presently the case.
-            JSValue* thisValue = thisRegister->jsValue(callFrame);
-            if (thisValue == jsNull())
-                thisValue = callFrame->globalThisValue();
+            newCallFrame->init(0, vPC + 7, scopeChain, callFrame, dst, argCount, 0);
 
             JSValue* returnValue;
@@ -3374 +3403 @@
             callFrame[dst] = returnValue;
 
-            vPC += 5;
+            vPC += 7;
             NEXT_OPCODE;
         }
@@ -3544 +3573 @@
     }
     BEGIN_OPCODE(op_construct) {
-        /* construct dst(r) func(r) argCount(n) registerOffset(n) proto(r) thisRegister(r)
-
-           Invoke register "func" as a constructor. For JS
+        /* construct dst(r) constr(r) constrProto(r) firstArg(r) argCount(n) registerOffset(n)
+
+           Invoke register "constr" as a constructor. For JS
            functions, the calling convention is exactly as for the
            "call" opcode, except that the "this" value is a newly
-           created Object. For native constructors, no "this"
-           value is passed. In either case, the argCount and registerOffset
+           created Object. For native constructors, a null "this"
+           value is passed. In either case, the firstArg and argCount
            registers are interpreted as for the "call" opcode.
 
-           Register proto must contain the prototype property of
-           register func. This is to enable polymorphic inline
+           Register constrProto must contain the prototype property of
+           register constsr. This is to enable polymorphic inline
            caching of this lookup.
         */
 
         int dst = vPC[1].u.operand;
-        int func = vPC[2].u.operand;
-        int argCount = vPC[3].u.operand;
-        int registerOffset = vPC[4].u.operand;
-        int proto = vPC[5].u.operand;
-        int thisRegister = vPC[6].u.operand;
-
-        JSValue* v = callFrame[func].jsValue(callFrame);
+        int constr = vPC[2].u.operand;
+        int constrProto = vPC[3].u.operand;
+        int firstArg = vPC[4].u.operand;
+        int argCount = vPC[5].u.operand;
+        int registerOffset = vPC[6].u.operand;
+
+        JSValue* v = callFrame[constr].jsValue(callFrame);
 
         ConstructData constructData;
@@ -3576 +3605 @@
 
             StructureID* structure;
-            JSValue* prototype = callFrame[proto].jsValue(callFrame);
+            JSValue* prototype = callFrame[constrProto].jsValue(callFrame);
             if (prototype->isObject())
                 structure = asObject(prototype)->inheritorID();
@@ -3583 +3612 @@
             JSObject* newObject = new (globalData) JSObject(structure);
 
-            callFrame[thisRegister] = newObject; // "this" value
+            callFrame[firstArg] = newObject; // "this" value
 
             CallFrame* previousCallFrame = callFrame;
@@ -3605 +3634 @@
 
         if (constructType == ConstructTypeHost) {
-            ArgList args(callFrame->registers() + thisRegister + 1, argCount - 1);
+            ArgList args(callFrame->registers() + firstArg + 1, argCount - 1);
 
             ScopeChainNode* scopeChain = callFrame->scopeChain();
@@ -4336 +4365 @@
     } while (0)
 
-// This macro rewinds to the previous call frame because CTI functions that
-// throw stack overflow exceptions execute after the call frame has
-// optimistically moved forward.
-#define CTI_THROW_STACK_OVERFLOW() do { \
-    CallFrame* oldCallFrame = ARG_callFrame->callerFrame(); \
-    JSGlobalData* globalData = ARG_globalData; \
-    globalData->exception = createStackOverflowError(oldCallFrame); \
-    globalData->throwReturnAddress = CTI_RETURN_ADDRESS; \
-    ARG_setCallFrame(oldCallFrame); \
-    CTI_SET_RETURN_ADDRESS(reinterpret_cast<void*>(ctiVMThrowTrampoline)); \
-} while (0);
-
 JSObject* Machine::cti_op_convert_this(CTI_ARGS)
 {
@@ -4436 +4453 @@
 }
 
+NEVER_INLINE void Machine::throwStackOverflowPreviousFrame(CallFrame* callFrame, JSGlobalData* globalData, void*& returnAddress)
+{
+    globalData->exception = createStackOverflowError(callFrame->callerFrame());
+    globalData->throwReturnAddress = callFrame->returnPC();
+    ctiSetReturnAddress(&returnAddress, reinterpret_cast<void*>(ctiVMThrowTrampoline));
+}
+
 void Machine::cti_register_file_check(CTI_ARGS)
 {
@@ -4443 +4467 @@
         return;
 
-    CTI_THROW_STACK_OVERFLOW();
+    ARG_setCallFrame(ARG_callFrame->callerFrame());
+    throwStackOverflowPreviousFrame(ARG_callFrame, ARG_globalData, CTI_RETURN_ADDRESS);
 }
 
@@ -4720 +4745 @@
         Register* newEnd = r + newCodeBlock->numCalleeRegisters;
         if (!ARG_registerFile->grow(newEnd)) {
-            CTI_THROW_STACK_OVERFLOW();
-            VoidPtrPairValue pair = {{ 0, 0 }};
-            return pair.i;
+            ARG_globalData->exception = createStackOverflowError(oldCallFrame);
+            VM_THROW_EXCEPTION_2();
         }
 
@@ -4787 +4811 @@
             SamplingTool::HostCallRecord callRecord(CTI_SAMPLER);
 
-            // FIXME: All host methods should be calling toThisObject, but this is not presently the case.
+            // All host methods should be calling toThisObject, but this is not presently the case.
             JSValue* thisValue = argv[0].jsValue(callFrame);
             if (thisValue == jsNull())
@@ -4911 +4935 @@
 
     StructureID* structure;
-    if (ARG_src4->isObject())
-        structure = asObject(ARG_src4)->inheritorID();
+    if (ARG_src5->isObject())
+        structure = asObject(ARG_src5)->inheritorID();
     else
         structure = asFunction(ARG_src1)->m_scopeChain.node()->globalObject()->emptyObjectStructure();
@@ -4926 +4950 @@
     JSValue* constrVal = ARG_src1;
     int argCount = ARG_int3;
-    int thisRegister = ARG_int5;
+    int firstArg = ARG_int6;
 
     ConstructData constructData;
@@ -4932 +4956 @@
 
     if (constructType == ConstructTypeHost) {
-        ArgList argList(callFrame->registers() + thisRegister + 1, argCount - 1);
+        ArgList argList(callFrame->registers() + firstArg + 1, argCount - 1);
 
         JSValue* returnValue;
@@ -4946 +4970 @@
     ASSERT(constructType == ConstructTypeNone);
 
-    ARG_globalData->exception = createNotAConstructorError(callFrame, constrVal, ARG_instr6, callFrame->codeBlock());
+    ARG_globalData->exception = createNotAConstructorError(callFrame, constrVal, ARG_instr4, callFrame->codeBlock());
     VM_THROW_EXCEPTION();
 }
@@ -5545 +5569 @@
     CallFrame* callFrame = ARG_callFrame;
     RegisterFile* registerFile = ARG_registerFile;
+    CodeBlock* codeBlock = callFrame->codeBlock();
+    ScopeChainNode* scopeChain = callFrame->scopeChain();
 
     Machine* machine = ARG_globalData->machine;
@@ -5551 +5577 @@
     int registerOffset = ARG_int2;
     int argCount = ARG_int3;
-
-    Register* newCallFrame = callFrame->registers() + registerOffset;
-    Register* argv = newCallFrame - RegisterFile::CallFrameHeaderSize - argCount;
-    JSValue* thisValue = argv[0].jsValue(callFrame);
-    JSGlobalObject* globalObject = callFrame->scopeChain()->globalObject();
-
-    if (thisValue == globalObject && funcVal == globalObject->evalFunction()) {
+    JSValue* baseVal = ARG_src5;
+
+    if (baseVal == scopeChain->globalObject() && funcVal == scopeChain->globalObject()->evalFunction()) {
+        JSObject* thisObject = callFrame[codeBlock->thisRegister].jsValue(callFrame)->toThisObject(callFrame);
         JSValue* exceptionValue = noValue();
-        JSValue* result = machine->callEval(callFrame, registerFile, argv, argCount, registerOffset, exceptionValue);
+        JSValue* result = machine->callEval(callFrame, thisObject, scopeChain, registerFile, registerOffset - RegisterFile::CallFrameHeaderSize - argCount, argCount, exceptionValue);
         if (UNLIKELY(exceptionValue != noValue())) {
             ARG_globalData->exception = exceptionValue;
@@ -5922 +5945 @@
     CallFrame* callFrame = ARG_callFrame;
     CodeBlock* codeBlock = callFrame->codeBlock();
-    JSGlobalData* globalData = ARG_globalData;
-
-    ASSERT(codeBlock->ctiReturnAddressVPCMap.contains(globalData->throwReturnAddress));
-    unsigned vPCIndex = codeBlock->ctiReturnAddressVPCMap.get(globalData->throwReturnAddress);
-
-    JSValue* exceptionValue = globalData->exception;
+
+    ASSERT(codeBlock->ctiReturnAddressVPCMap.contains(ARG_globalData->throwReturnAddress));
+    unsigned vPCIndex = codeBlock->ctiReturnAddressVPCMap.get(ARG_globalData->throwReturnAddress);
+
+    JSValue* exceptionValue = ARG_globalData->exception;
     ASSERT(exceptionValue);
-    globalData->exception = noValue();
-
-    Instruction* handlerVPC = globalData->machine->throwException(callFrame, exceptionValue, codeBlock->instructions.begin() + vPCIndex, false);
+    ARG_globalData->exception = noValue();
+
+    Instruction* handlerVPC = ARG_globalData->machine->throwException(callFrame, exceptionValue, codeBlock->instructions.begin() + vPCIndex, false);
 
     if (!handlerVPC) {