Changeset 61553 in webkit for trunk/JavaScriptCore/interpreter

Timestamp:

Jun 21, 2010, 10:43:03 AM (15 years ago)

Author:

[email protected]

Message:

2010-06-19 Oliver Hunt <​[email protected]>

Reviewed by Geoffrey Garen.

Need to ensure that we grow the RegisterFile when creating a callframe for host code
​https://bugs.webkit.org/show_bug.cgi?id=40858
<rdar://problem/8108986>

In the past the use of the callframe in hostcode was much more
limited. Now that we expect the callframe to always be valid
we need to grow the RegisterFile so that this is actually the
case. In this particular case the problem was failing to grow
the registerfile could lead to a callframe that extended beyond
RegisterFiler::end(), so vm re-entry would clobber the callframe
other scenarios could also lead to badness.

I was unable to construct a simple testcase to trigger badness,
and any such testcase would be so dependent on exact vm stack
layout that it would be unlikely to work as a testcase following
any callframe or register allocation changes anyway.

Thankfully the new assertion I added should help to catch these
failures in future, and triggers on a couple of tests currently.

• interpreter/CallFrame.cpp: (JSC::CallFrame::registerFile):
• interpreter/CallFrame.h: (JSC::ExecState::init):
• interpreter/Interpreter.cpp: (JSC::Interpreter::privateExecute):
• jit/JITStubs.cpp: (JSC::DEFINE_STUB_FUNCTION):

Location:

trunk/JavaScriptCore/interpreter

Files:

• CallFrame.cpp (modified) (1 diff)
• CallFrame.h (modified) (2 diffs)
• Interpreter.cpp (modified) (3 diffs)

trunk/JavaScriptCore/interpreter/CallFrame.cpp

@@ -43 +43 @@
     printf("Callpoint => %s:%d\n", urlString.ascii(), signedLineNumber);
 }
+
+RegisterFile* CallFrame::registerFile()
+{
+    return &interpreter()->registerFile();
+}
+
 #endif
 

trunk/JavaScriptCore/interpreter/CallFrame.h

@@ -118 +118 @@
         {
             ASSERT(callerFrame); // Use noCaller() rather than 0 for the outer host call frame caller.
+            ASSERT(callerFrame == noCaller() || callerFrame->removeHostCallFrameFlag()->registerFile()->end() >= this);
 
             setCodeBlock(codeBlock);
@@ -156 +157 @@
     private:
         static const intptr_t HostCallFrameFlag = 1;
-
+#ifndef NDEBUG
+        RegisterFile* registerFile();
+#endif
         ExecState();
         ~ExecState();

trunk/JavaScriptCore/interpreter/Interpreter.cpp

@@ -3646 +3646 @@
             ScopeChainNode* scopeChain = callFrame->scopeChain();
             CallFrame* newCallFrame = CallFrame::create(callFrame->registers() + registerOffset);
+            if (!registerFile->grow(newCallFrame->registers())) {
+                exceptionValue = createStackOverflowError(callFrame);
+                goto vm_throw;
+            }
+
             newCallFrame->init(0, vPC + OPCODE_LENGTH(op_call), scopeChain, callFrame, argCount, asObject(v));
 
@@ -3793 +3798 @@
             ScopeChainNode* scopeChain = callFrame->scopeChain();
             CallFrame* newCallFrame = CallFrame::create(callFrame->registers() + registerOffset);
+            if (!registerFile->grow(newCallFrame->registers())) {
+                exceptionValue = createStackOverflowError(callFrame);
+                goto vm_throw;
+            }
             newCallFrame->init(0, vPC + OPCODE_LENGTH(op_call_varargs), scopeChain, callFrame, argCount, asObject(v));
             
@@ -4111 +4120 @@
             ScopeChainNode* scopeChain = callFrame->scopeChain();
             CallFrame* newCallFrame = CallFrame::create(callFrame->registers() + registerOffset);
+            if (!registerFile->grow(newCallFrame->registers())) {
+                exceptionValue = createStackOverflowError(callFrame);
+                goto vm_throw;
+            }
             newCallFrame->init(0, vPC + OPCODE_LENGTH(op_construct), scopeChain, callFrame, argCount, asObject(v));