WebKit Bugzilla
Attachment 347320 Details for
Bug 188577
: Fix exception throwing code so that topCallFrame and topEntryFrame stay true to their names.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
proposed patch.
bug-188577.patch (text/plain), 63.62 KB, created by
Mark Lam
on 2018-08-16 16:36:57 PDT
(
hide
)
Description:
proposed patch.
Filename:
MIME Type:
Creator:
Mark Lam
Created:
2018-08-16 16:36:57 PDT
Size:
63.62 KB
patch
obsolete
>Index: JSTests/ChangeLog >=================================================================== >--- JSTests/ChangeLog (revision 234968) >+++ JSTests/ChangeLog (working copy) >@@ -1,3 +1,13 @@ >+2018-08-16 Mark Lam <mark.lam@apple.com> >+ >+ Make uses of CallFrame::callerFrame() and VM::topCallFrame more intuitive. >+ https://bugs.webkit.org/show_bug.cgi?id=188577 >+ <rdar://problem/42985684> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * stress/regress-188577.js: Added. >+ > 2018-08-10 Keith Miller <keith_miller@apple.com> > > Slicing an ArrayBuffer with a long number returns an ArrayBuffer with byteLength zero >Index: JSTests/stress/regress-188577.js >=================================================================== >--- JSTests/stress/regress-188577.js (nonexistent) >+++ JSTests/stress/regress-188577.js (working copy) >@@ -0,0 +1,20 @@ >+//@ requireOptions("--maxPerThreadStackUsage=262144") >+ >+var exception; >+try { >+ var i = 25000; >+ var args = []; >+ var v3; >+ while (i--) >+ args[i] = "a"; >+ var argsList = args.join(); >+ setter = Function(argsList, ""); >+ Object.defineProperty(args, '0', {set: setter}); >+ args.sort(); >+ >+} catch (e) { >+ exception = e; >+} >+ >+if (exception != "RangeError: Maximum call stack size exceeded.") >+ throw "FAILED"; >\ No newline at end of file >Index: Source/JavaScriptCore/ChangeLog >=================================================================== >--- Source/JavaScriptCore/ChangeLog (revision 234968) >+++ Source/JavaScriptCore/ChangeLog (working copy) >@@ -1,3 +1,238 @@ >+2018-08-16 Mark Lam <mark.lam@apple.com> >+ >+ Make uses of CallFrame::callerFrame() and VM::topCallFrame more intuitive. >+ https://bugs.webkit.org/show_bug.cgi?id=188577 >+ <rdar://problem/42985684> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ In our pre-existing code, we would like to have the following invariants: >+ >+ The pre-existing desired "invariants": >+ ===================================== >+ >+ 1. An EntryFrame is not a CallFrame. >+ 2. VM::topCallFrame should always be less than VM::topEntryFrame (currently >+ enforced by assertions). >+ 3. VM::topEntryFrame always points to the top EntryFrame. >+ 4. VM::topEntryFrame should only be changed by the VM entry glue code. >+ 5. VM::topCallFrame should always point to the top most CallFrame. >+ 6. VM::topCallFrame should be null or always point to a valid CallFrame (non-EntryFrame). >+ 7. Native code entrypoints should always use the NativeCallFrameTracer to update >+ VM::topCallFrame so that C++ code will always have a valid topCallFrame. >+ >+ However, our code already breaks these invariants like so: >+ >+ a. We sometimes sets topCallFrame to the topEntryFrame. >+ >+ b. We sometimes use NativeCallFrameTracerWithRestore to temporarily set VM::topCallFrame >+ to the first valid CallFrame in the link of frames, and VM::topEntryFrame to its >+ corresponding EntryFrame. >+ >+ Hence, when a NativeCallFrameTracerWithRestore scope is in use, VM::topCallFrame >+ and VM::topEntryFrame may not actually point to the top CallFrame and top EntryFrame >+ in the link of frames respectively. >+ >+ c. Because NativeCallFrameTracer asserts "invariant" (2) above and because we >+ sometimes want to break that invariant, we sometimes just set VM::topCallFrame >+ directly and bypass NativeCallFrameTracer altogether. >+ >+ Therefore, the above "invariants" aren't actually invariant at all. This makes >+ it harder to reason about the code base, and opens opportunities for introducing >+ bugs e.g. mistaking an EntryFrame for a CallFrame and crashing when trying to use >+ its callee to compute the VM pointer. >+ >+ The architectural change: >+ ======================== >+ >+ We can make the code much easier to reason about and have true invariants by >+ changing one thing: >+ >+ Make the EntryFrame a CallFrame (i.e. it is polymorphic with respect to >+ CallFrames), and populate it with a valid callee to enable computation >+ of the VM pointer. >+ >+ We already have precedence for this pattern of usage: the GlobalExec, which is >+ polymorphic with respect to the CallFrame, and we can compute the VM pointer >+ from it. >+ >+ By making this change, we can now have true invariants to help us reason about >+ the code more easily: no need to be mindful of exception cases which make the >+ invariants not true sometimes. >+ >+ The new invariants: >+ ================== >+ >+ 1. VM::topCallFrame should always be less than or equal to VM::topEntryFrame >+ (since topCallFrame can now point to an EntryFrame). >+ 2. VM::topEntryFrame always points to the top EntryFrame. >+ 3. VM::topEntryFrame should only be changed by the VM entry glue code. >+ 4. VM::topCallFrame should always point to the top most CallFrame (which may be >+ an EntryFrame). >+ 5. VM::topCallFrame should be null or always point to a valid CallFrame (which may >+ be an EntryFrame). >+ 6. Native code entrypoints should always use the NativeCallFrameTracer to update >+ VM::topCallFrame so that C++ code will always have a valid topCallFrame >+ (which may be an EntryFrame). >+ >+ Note that these 6 invariants are the same as the original (2) - (7), except: >+ a. these are always true i.e. they are true invariants. >+ b. the top CallFrame may be an EntryFrame (which is logically a legal CallFrame >+ because we now define it as such). >+ >+ Implementation details: >+ ====================== >+ >+ 1. Update StackVisitor to be able to handle the case where the startFrame to >+ iterate from may be the topCallFrame and may be an EntryFrame. Since StackVisitor >+ is only interested in non-EntryFrames, it should skip it. >+ >+ Note: this is not entirely new behavior. Previously, StackVisitor already >+ knows to skip EntryFrames in the middle of the stack. Now, we've taught it >+ to also skip a potential EntryFrame at the top of the stack. >+ >+ Fun fact: StackVisitor also already works with GlobalExecs. It works because >+ it will iterate the entire stack of frames and not find the GlobalExec, thereby >+ never visiting any frames, effectively skipping the GlobalExec "frame". >+ >+ 2. Added CallFrame::isGlobalExec() which gives us a convenient way to check if >+ an ExecState is a GlobalExec. This is possible because ExecState::initGlobalExec() >+ always sets the ExecState CallerFrame and ReturnPC fields to null. No real >+ CallFrame or EntryFrame will every have null CallerFrame and ReturnPC fields. >+ >+ 3. Refactored EntryFrame into its own file from VMEntryRecord.h. >+ Also make EntryFrame inherit from ClassFrame to document their polymorphic >+ relationship. >+ >+ This change also reduces the amount of casting we have to do when comparing >+ a CallFrame* with a EntryFrame*. The only few places where we still cast is >+ if we don't want to incur the build time cost to #include "EntryFrame.h" e.g. >+ in FrameTracers.h, which is included in many files. >+ >+ 4. Delete NativeCallFrameTracerWithRestore and the UnwindStart enum. >+ We no longer need it. >+ >+ 5. Added a "break" instruction before vmEntryToJavaScript to separate that label >+ from llintPCRangeStart. Otherwise, libunwind will report vmEntryToJavaScript >+ as llintPCRangeStart in stack traces. >+ >+ 6. Break vmEntryToJavaScript into vmEntryToJavaScript and vmEntryToJavaScriptInternal. >+ >+ The new vmEntryToJavaScript allocates stack space for the EntryFrame and calls >+ vmEntryToJavaScriptInternal to initialize the EntryFrame and enter the VM. >+ >+ The only reason we need to break the VM entry glue into 2 parts like this is >+ because libunwind is not smart enough to unwind past the EntryFrame if we >+ simply move the EntryFrame on the stack instead of using a call to set it up. >+ If libunwind gets stumped, we'll get less informative stack traces. With this >+ change, stack traces and btjs still work as before (except we'll now see 2 >+ vmEntryToJavaScript frames at the entry point instead of 1). >+ >+ Note: one might be concern that this extra call impacts performance too much. >+ However, the benchmark results say otherwise (see benchmark results attachment >+ in bugzilla). >+ >+ Ditto for vmEntryToNative and vmEntryToNativeInternal. >+ >+ Regarding the layout of the EntryFrame, we currently store saved callee saved >+ register values and the VMEntryRecord at a negative offset relative to the >+ EntryFrame. With the new vmEntryToJavaScript, we can store them as part >+ of the EntryFrame (at a positive offset). This will simplify the offsets >+ computation a bit, and may reduce the number of stack adjustments we need to >+ do in the VM entry glue code. I'll leave this as an optimization exercise for >+ a follow-up patch to keep the current patch minimal. >+ >+ 7. Added the cloopCallLocal pseudo instruction. >+ >+ Rename C_LOOP synthesized labels from llint_cloop_did_return_from_js_X to >+ llint_cloop_synthesized_return_label_X. We're now going to use these labels >+ in the implementation of cloopCallLocal in addition to cloopCallJSFunction. >+ Hence, it makes sense to give the synthesized labels a more generic name. >+ >+ 8. Fix a bug in slow_path_call_arityCheck. >+ >+ Previously, if we fail an arity check when trying to call a setter/getter right >+ immediately after entering the VM, we will crash due to the EntryFrame being >+ used as a CallFrame to compute the VM pointer. With the new EntryFrames, we >+ can now compute the VM pointer from it. So, this issue is now fixed. >+ >+ I don't see a way to manifest this issue in slow_path_construct_arityCheck, >+ but I also fixed it to match slow_path_call_arityCheck. >+ >+ 9. Deleted interpreterThrowInCaller() and CommonSlowPathsExceptions.cpp/h. >+ >+ It is not needed. The subset of it that is still needed is now implemented >+ as a static function slowPathThrowStackOverflowError() in CommonSlowPaths.cpp. >+ >+ Since slow_path_construct_arityCheck, slow_path_call_arityCheck, and >+ slowPathThrowStackOverflowError are only used by the LLint, we can move them >+ into LLIntSlowPaths.cpp instead, but I'll leave that for a follow up patch >+ to minimize the diffs. >+ >+ 10. Added VM::topJSCallFrame() to get the first JS (i.e. non-EntryFrame) CallFrame >+ in the link of frames. >+ >+ VM::topCallFrame will now (if properly initialized by the NativeCallFrameTracer) >+ always yield the top CallFrame which may or may not be an EntryFrame. >+ >+ This patch is perf neutral. See bugzilla for benchmark results. >+ >+ This patch has been tested with JSC stress tests on x86_64, i386, and some tests >+ on 64-bit C_LOOP. >+ >+ * JavaScriptCore.xcodeproj/project.pbxproj: >+ * Sources.txt: >+ * bytecode/BytecodeList.json: >+ * interpreter/CallFrame.h: >+ (JSC::ExecState::noCaller): >+ (JSC::ExecState::isGlobalExec const): >+ * interpreter/EntryFrame.h: Added. >+ (JSC::EntryFrame::vmEntryRecordOffset): >+ (JSC::EntryFrame::calleeSaveRegistersBufferOffset): >+ * interpreter/FrameTracers.h: >+ (JSC::NativeCallFrameTracer::NativeCallFrameTracer): >+ (JSC::NativeCallFrameTracerWithRestore::NativeCallFrameTracerWithRestore): Deleted. >+ (JSC::NativeCallFrameTracerWithRestore::~NativeCallFrameTracerWithRestore): Deleted. >+ * interpreter/Interpreter.cpp: >+ (JSC::Interpreter::unwind): >+ * interpreter/Interpreter.h: >+ * interpreter/StackVisitor.cpp: >+ (JSC::StackVisitor::StackVisitor): >+ * interpreter/StackVisitor.h: >+ * interpreter/VMEntryRecord.h: >+ (JSC::EntryFrame::vmEntryRecordOffset): Deleted. >+ (JSC::EntryFrame::calleeSaveRegistersBufferOffset): Deleted. >+ * jit/AssemblyHelpers.h: >+ * jit/JITExceptions.cpp: >+ (JSC::genericUnwind): >+ * jit/JITExceptions.h: >+ * jit/JITOperations.cpp: >+ * llint/LLIntOffsetsExtractor.cpp: >+ * llint/LLIntSlowPaths.cpp: >+ (JSC::LLInt::LLINT_SLOW_PATH_DECL): >+ * llint/LowLevelInterpreter.asm: >+ * llint/LowLevelInterpreter32_64.asm: >+ * llint/LowLevelInterpreter64.asm: >+ * offlineasm/cloop.rb: >+ * offlineasm/instructions.rb: >+ * runtime/CommonSlowPaths.cpp: >+ (JSC::slowPathThrowStackOverflowError): >+ (JSC::SLOW_PATH_DECL): >+ * runtime/CommonSlowPathsExceptions.cpp: Removed. >+ * runtime/CommonSlowPathsExceptions.h: Removed. >+ * runtime/Error.cpp: >+ (JSC::getStackTrace): >+ * runtime/ExceptionHelpers.cpp: >+ (JSC::createStackOverflowError): >+ * runtime/JSGeneratorFunction.h: >+ * runtime/VM.cpp: >+ (JSC::VM::throwException): >+ * runtime/VM.h: >+ * runtime/VMInlines.h: >+ (JSC::VM::topJSCallFrame const): >+ * runtime/VMTraps.cpp: >+ (JSC::isSaneFrame): >+ > 2018-08-14 Yusuke Suzuki <yusukesuzuki@slowstart.org> > > [YARR] Align allocation size in BumpPointerAllocator with sizeof(void*) >Index: Source/JavaScriptCore/Sources.txt >=================================================================== >--- Source/JavaScriptCore/Sources.txt (revision 234968) >+++ Source/JavaScriptCore/Sources.txt (working copy) >@@ -715,7 +715,6 @@ runtime/CodeCache.cpp > runtime/CodeSpecializationKind.cpp > runtime/CommonIdentifiers.cpp > runtime/CommonSlowPaths.cpp >-runtime/CommonSlowPathsExceptions.cpp > runtime/CompilationResult.cpp > tools/CompilerTimingScope.cpp > runtime/Completion.cpp >Index: Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj >=================================================================== >--- Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj (revision 234968) >+++ Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj (working copy) >@@ -1076,7 +1076,6 @@ > 6511230714046B0A002B101D /* testRegExp.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 651122E5140469BA002B101D /* testRegExp.cpp */; }; > 6514F21918B3E1670098FF8B /* Bytecodes.h in Headers */ = {isa = PBXBuildFile; fileRef = 6514F21718B3E1670098FF8B /* Bytecodes.h */; settings = {ATTRIBUTES = (Private, ); }; }; > 65303D641447B9E100D3F904 /* ParserTokens.h in Headers */ = {isa = PBXBuildFile; fileRef = 65303D631447B9E100D3F904 /* ParserTokens.h */; settings = {ATTRIBUTES = (Private, ); }; }; >- 6553A33217A1F1EE008CF6F3 /* CommonSlowPathsExceptions.h in Headers */ = {isa = PBXBuildFile; fileRef = 6553A33017A1F1EE008CF6F3 /* CommonSlowPathsExceptions.h */; }; > 65570F5A1AA4C3EA009B3C23 /* Regress141275.mm in Sources */ = {isa = PBXBuildFile; fileRef = 65570F591AA4C00A009B3C23 /* Regress141275.mm */; }; > 657CF45919BF6662004ACBF2 /* JSCallee.h in Headers */ = {isa = PBXBuildFile; fileRef = 657CF45719BF6662004ACBF2 /* JSCallee.h */; settings = {ATTRIBUTES = (Private, ); }; }; > 658824AF1E5CFDB000FB7359 /* ConfigFile.h in Headers */ = {isa = PBXBuildFile; fileRef = 658824AE1E5CFDB000FB7359 /* ConfigFile.h */; settings = {ATTRIBUTES = (Private, ); }; }; >@@ -1749,6 +1748,7 @@ > E49DC16C12EF294E00184A1F /* SourceProviderCache.h in Headers */ = {isa = PBXBuildFile; fileRef = E49DC15112EF272200184A1F /* SourceProviderCache.h */; settings = {ATTRIBUTES = (Private, ); }; }; > E49DC16D12EF295300184A1F /* SourceProviderCacheItem.h in Headers */ = {isa = PBXBuildFile; fileRef = E49DC14912EF261A00184A1F /* SourceProviderCacheItem.h */; settings = {ATTRIBUTES = (Private, ); }; }; > FE05FAFD1FE4CEDA00093230 /* DeprecatedInspectorValues.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 992D6A111FBD491D000245F4 /* DeprecatedInspectorValues.cpp */; }; >+ FE086BCA2123DEFB003F2929 /* EntryFrame.h in Headers */ = {isa = PBXBuildFile; fileRef = FE086BC92123DEFA003F2929 /* EntryFrame.h */; settings = {ATTRIBUTES = (Private, ); }; }; > FE0D4A061AB8DD0A002F54BF /* ExecutionTimeLimitTest.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE0D4A041AB8DD0A002F54BF /* ExecutionTimeLimitTest.cpp */; }; > FE0D4A091ABA2437002F54BF /* GlobalContextWithFinalizerTest.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE0D4A071ABA2437002F54BF /* GlobalContextWithFinalizerTest.cpp */; }; > FE10AAEB1F44D528009DEDC5 /* ProbeStack.h in Headers */ = {isa = PBXBuildFile; fileRef = FE10AAEA1F44D512009DEDC5 /* ProbeStack.h */; settings = {ATTRIBUTES = (Private, ); }; }; >@@ -3563,8 +3563,6 @@ > 654788421C937D2C000781A0 /* RegExpPrototype.js */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.javascript; path = RegExpPrototype.js; sourceTree = "<group>"; }; > 65525FC31A6DD3B3007B5495 /* NullSetterFunction.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = NullSetterFunction.cpp; sourceTree = "<group>"; }; > 65525FC41A6DD3B3007B5495 /* NullSetterFunction.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = NullSetterFunction.h; sourceTree = "<group>"; }; >- 6553A32F17A1F1EE008CF6F3 /* CommonSlowPathsExceptions.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CommonSlowPathsExceptions.cpp; sourceTree = "<group>"; }; >- 6553A33017A1F1EE008CF6F3 /* CommonSlowPathsExceptions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CommonSlowPathsExceptions.h; sourceTree = "<group>"; }; > 65570F581AA4C00A009B3C23 /* Regress141275.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = Regress141275.h; path = API/tests/Regress141275.h; sourceTree = "<group>"; }; > 65570F591AA4C00A009B3C23 /* Regress141275.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; name = Regress141275.mm; path = API/tests/Regress141275.mm; sourceTree = "<group>"; }; > 655EB29A10CE2581001A990E /* NodesCodegen.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = NodesCodegen.cpp; sourceTree = "<group>"; }; >@@ -4677,6 +4675,7 @@ > F692A87E0255597D01FF60F7 /* RegExp.h */ = {isa = PBXFileReference; fileEncoding = 30; indentWidth = 4; lastKnownFileType = sourcecode.c.h; path = RegExp.h; sourceTree = "<group>"; tabWidth = 8; }; > F692A8870255597D01FF60F7 /* JSCJSValue.cpp */ = {isa = PBXFileReference; fileEncoding = 30; indentWidth = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSCJSValue.cpp; sourceTree = "<group>"; tabWidth = 8; }; > F73926918DC64330AFCDF0D7 /* JSSourceCode.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSSourceCode.cpp; sourceTree = "<group>"; }; >+ FE086BC92123DEFA003F2929 /* EntryFrame.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = EntryFrame.h; sourceTree = "<group>"; }; > FE0D4A041AB8DD0A002F54BF /* ExecutionTimeLimitTest.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = ExecutionTimeLimitTest.cpp; path = API/tests/ExecutionTimeLimitTest.cpp; sourceTree = "<group>"; }; > FE0D4A051AB8DD0A002F54BF /* ExecutionTimeLimitTest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ExecutionTimeLimitTest.h; path = API/tests/ExecutionTimeLimitTest.h; sourceTree = "<group>"; }; > FE0D4A071ABA2437002F54BF /* GlobalContextWithFinalizerTest.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = GlobalContextWithFinalizerTest.cpp; path = API/tests/GlobalContextWithFinalizerTest.cpp; sourceTree = "<group>"; }; >@@ -5503,6 +5502,7 @@ > 1429D85B0ED218E900B89619 /* CLoopStack.cpp */, > 14D792640DAA03FB001A9F05 /* CLoopStack.h */, > A7C1EAEB17987AB600299DB2 /* CLoopStackInlines.h */, >+ FE086BC92123DEFA003F2929 /* EntryFrame.h */, > E34EDBF61DB5FFC100DC87A5 /* FrameTracers.h */, > 1429D7D30ED2128200B89619 /* Interpreter.cpp */, > 1429D77B0ED20D7300B89619 /* Interpreter.h */, >@@ -6497,8 +6497,6 @@ > 65EA73630BAE35D1001BB560 /* CommonIdentifiers.h */, > A709F2F117A0AC2A00512E98 /* CommonSlowPaths.cpp */, > 0F15F15D14B7A73A005DE37D /* CommonSlowPaths.h */, >- 6553A32F17A1F1EE008CF6F3 /* CommonSlowPathsExceptions.cpp */, >- 6553A33017A1F1EE008CF6F3 /* CommonSlowPathsExceptions.h */, > A7E5A3A51797432D00E893C0 /* CompilationResult.cpp */, > A7E5A3A61797432D00E893C0 /* CompilationResult.h */, > 969A09220ED1E09C00F1F681 /* Completion.cpp */, >@@ -8490,7 +8488,6 @@ > A53243981856A489002ED692 /* CombinedDomains.json in Headers */, > BC18C3F30E16F5CD00B34460 /* CommonIdentifiers.h in Headers */, > 0F15F15F14B7A73E005DE37D /* CommonSlowPaths.h in Headers */, >- 6553A33217A1F1EE008CF6F3 /* CommonSlowPathsExceptions.h in Headers */, > A7E5A3A81797432D00E893C0 /* CompilationResult.h in Headers */, > 0F4F11E8209BCDAB00709654 /* CompilerTimingScope.h in Headers */, > 0FDCE12A1FAFA85F006F3901 /* CompleteSubspace.h in Headers */, >@@ -9080,6 +9077,7 @@ > 978801411471AD920041B016 /* JSDateMath.h in Headers */, > C2A7F688160432D400F76B98 /* JSDestructibleObject.h in Headers */, > 0F7DF13C1E2971130095951B /* JSDestructibleObjectHeapCellType.h in Headers */, >+ FE086BCA2123DEFB003F2929 /* EntryFrame.h in Headers */, > FE384EE61ADDB7AD0055DE2C /* JSDollarVM.h in Headers */, > 86E3C614167BABD7006D760A /* JSExport.h in Headers */, > A7B4ACAF1484C9CE00B38A36 /* JSExportMacros.h in Headers */, >Index: Source/JavaScriptCore/bytecode/BytecodeList.json >=================================================================== >--- Source/JavaScriptCore/bytecode/BytecodeList.json (revision 234968) >+++ Source/JavaScriptCore/bytecode/BytecodeList.json (working copy) >@@ -198,18 +198,20 @@ > { "name" : "llint_return_to_host" }, > { "name" : "llint_vm_entry_to_javascript" }, > { "name" : "llint_vm_entry_to_native" }, >- { "name" : "llint_cloop_did_return_from_js_1" }, >- { "name" : "llint_cloop_did_return_from_js_2" }, >- { "name" : "llint_cloop_did_return_from_js_3" }, >- { "name" : "llint_cloop_did_return_from_js_4" }, >- { "name" : "llint_cloop_did_return_from_js_5" }, >- { "name" : "llint_cloop_did_return_from_js_6" }, >- { "name" : "llint_cloop_did_return_from_js_7" }, >- { "name" : "llint_cloop_did_return_from_js_8" }, >- { "name" : "llint_cloop_did_return_from_js_9" }, >- { "name" : "llint_cloop_did_return_from_js_10" }, >- { "name" : "llint_cloop_did_return_from_js_11" }, >- { "name" : "llint_cloop_did_return_from_js_12" } >+ { "name" : "llint_cloop_synthesized_return_label_1" }, >+ { "name" : "llint_cloop_synthesized_return_label_2" }, >+ { "name" : "llint_cloop_synthesized_return_label_3" }, >+ { "name" : "llint_cloop_synthesized_return_label_4" }, >+ { "name" : "llint_cloop_synthesized_return_label_5" }, >+ { "name" : "llint_cloop_synthesized_return_label_6" }, >+ { "name" : "llint_cloop_synthesized_return_label_7" }, >+ { "name" : "llint_cloop_synthesized_return_label_8" }, >+ { "name" : "llint_cloop_synthesized_return_label_9" }, >+ { "name" : "llint_cloop_synthesized_return_label_10" }, >+ { "name" : "llint_cloop_synthesized_return_label_11" }, >+ { "name" : "llint_cloop_synthesized_return_label_12" }, >+ { "name" : "llint_cloop_synthesized_return_label_13" }, >+ { "name" : "llint_cloop_synthesized_return_label_14" } > ] > }, > { >Index: Source/JavaScriptCore/interpreter/CallFrame.h >=================================================================== >--- Source/JavaScriptCore/interpreter/CallFrame.h (revision 234968) >+++ Source/JavaScriptCore/interpreter/CallFrame.h (working copy) >@@ -1,7 +1,7 @@ > /* > * Copyright (C) 1999-2001 Harri Porten (porten@kde.org) > * Copyright (C) 2001 Peter Kelly (pmk@post.com) >- * Copyright (C) 2003-2017 Apple Inc. All rights reserved. >+ * Copyright (C) 2003-2018 Apple Inc. All rights reserved. > * > * This library is free software; you can redistribute it and/or > * modify it under the terms of the GNU Library General Public >@@ -255,7 +255,11 @@ namespace JSC { > > static int offsetFor(size_t argumentCountIncludingThis) { return argumentCountIncludingThis + CallFrameSlot::thisArgument - 1; } > >- static CallFrame* noCaller() { return 0; } >+ static CallFrame* noCaller() { return nullptr; } >+ bool isGlobalExec() const >+ { >+ return callerFrameAndPC().callerFrame == noCaller() && callerFrameAndPC().pc == nullptr; >+ } > > void setArgumentCountIncludingThis(int count) { static_cast<Register*>(this)[CallFrameSlot::argumentCount].payload() = count; } > void setCallee(JSObject* callee) { static_cast<Register*>(this)[CallFrameSlot::callee] = callee; } >Index: Source/JavaScriptCore/interpreter/EntryFrame.h >=================================================================== >--- Source/JavaScriptCore/interpreter/EntryFrame.h (nonexistent) >+++ Source/JavaScriptCore/interpreter/EntryFrame.h (working copy) >@@ -0,0 +1,51 @@ >+/* >+ * Copyright (C) 2018 Apple Inc. All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * 1. Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * 2. Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in the >+ * documentation and/or other materials provided with the distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY >+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE >+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR >+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, >+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR >+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY >+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE >+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >+ */ >+ >+#pragma once >+ >+#include "CallFrame.h" >+#include "StackAlignment.h" >+#include "VMEntryRecord.h" >+ >+namespace JSC { >+ >+struct EntryFrame : public CallFrame { >+#if ENABLE(JIT) && NUMBER_OF_CALLEE_SAVES_REGISTERS > 0 >+ static ptrdiff_t vmEntryRecordOffset() >+ { >+ EntryFrame* fakeEntryFrame = reinterpret_cast<EntryFrame*>(0x1000); >+ VMEntryRecord* record = vmEntryRecord(fakeEntryFrame); >+ return static_cast<ptrdiff_t>( >+ reinterpret_cast<char*>(record) - reinterpret_cast<char*>(fakeEntryFrame)); >+ } >+ >+ static ptrdiff_t calleeSaveRegistersBufferOffset() >+ { >+ return vmEntryRecordOffset() + OBJECT_OFFSETOF(VMEntryRecord, calleeSaveRegistersBuffer); >+ } >+#endif >+}; >+ >+} // namespace JSC >Index: Source/JavaScriptCore/interpreter/FrameTracers.h >=================================================================== >--- Source/JavaScriptCore/interpreter/FrameTracers.h (revision 234968) >+++ Source/JavaScriptCore/interpreter/FrameTracers.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2016-2017 Apple Inc. All rights reserved. >+ * Copyright (C) 2016-2018 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -87,36 +87,10 @@ public: > { > ASSERT(vm); > ASSERT(callFrame); >- ASSERT(reinterpret_cast<void*>(callFrame) < reinterpret_cast<void*>(vm->topEntryFrame)); >+ ASSERT(reinterpret_cast<void*>(callFrame) <= reinterpret_cast<void*>(vm->topEntryFrame)); > assertStackPointerIsAligned(); > vm->topCallFrame = callFrame; > } > }; > >-class NativeCallFrameTracerWithRestore { >-public: >- ALWAYS_INLINE NativeCallFrameTracerWithRestore(VM* vm, EntryFrame* EntryFrame, CallFrame* callFrame) >- : m_vm(vm) >- { >- ASSERT(vm); >- ASSERT(callFrame); >- assertStackPointerIsAligned(); >- m_savedTopEntryFrame = vm->topEntryFrame; >- m_savedTopCallFrame = vm->topCallFrame; >- vm->topEntryFrame = EntryFrame; >- vm->topCallFrame = callFrame; >- } >- >- ALWAYS_INLINE ~NativeCallFrameTracerWithRestore() >- { >- m_vm->topEntryFrame = m_savedTopEntryFrame; >- m_vm->topCallFrame = m_savedTopCallFrame; >- } >- >-private: >- VM* m_vm; >- EntryFrame* m_savedTopEntryFrame; >- CallFrame* m_savedTopCallFrame; >-}; >- >-} >+} // namespace JSC >Index: Source/JavaScriptCore/interpreter/Interpreter.cpp >=================================================================== >--- Source/JavaScriptCore/interpreter/Interpreter.cpp (revision 234968) >+++ Source/JavaScriptCore/interpreter/Interpreter.cpp (working copy) >@@ -718,17 +718,12 @@ private: > HandlerInfo*& m_handler; > }; > >-NEVER_INLINE HandlerInfo* Interpreter::unwind(VM& vm, CallFrame*& callFrame, Exception* exception, UnwindStart unwindStart) >+NEVER_INLINE HandlerInfo* Interpreter::unwind(VM& vm, CallFrame*& callFrame, Exception* exception) > { > auto scope = DECLARE_CATCH_SCOPE(vm); > >- if (unwindStart == UnwindFromCallerFrame) { >- if (callFrame->callerFrameOrEntryFrame() == vm.topEntryFrame) >- return nullptr; >- >- callFrame = callFrame->callerFrame(); >- vm.topCallFrame = callFrame; >- } >+ if (callFrame == vm.topEntryFrame) >+ return nullptr; > > CodeBlock* codeBlock = callFrame->codeBlock(); > >Index: Source/JavaScriptCore/interpreter/Interpreter.h >=================================================================== >--- Source/JavaScriptCore/interpreter/Interpreter.h (revision 234968) >+++ Source/JavaScriptCore/interpreter/Interpreter.h (working copy) >@@ -64,8 +64,6 @@ namespace JSC { > struct ProtoCallFrame; > struct UnlinkedInstruction; > >- enum UnwindStart : uint8_t { UnwindFromCurrentFrame, UnwindFromCallerFrame }; >- > enum DebugHookType { > WillExecuteProgram, > DidExecuteProgram, >@@ -116,8 +114,8 @@ namespace JSC { > JSValue execute(EvalExecutable*, CallFrame*, JSValue thisValue, JSScope*); > > void getArgumentsData(CallFrame*, JSFunction*&, ptrdiff_t& firstParameterIndex, Register*& argv, int& argc); >- >- NEVER_INLINE HandlerInfo* unwind(VM&, CallFrame*&, Exception*, UnwindStart); >+ >+ NEVER_INLINE HandlerInfo* unwind(VM&, CallFrame*&, Exception*); > void notifyDebuggerOfExceptionToBeThrown(VM&, CallFrame*, Exception*); > NEVER_INLINE void debug(CallFrame*, DebugHookType); > static String stackTraceAsString(VM&, const Vector<StackFrame>&); >Index: Source/JavaScriptCore/interpreter/StackVisitor.cpp >=================================================================== >--- Source/JavaScriptCore/interpreter/StackVisitor.cpp (revision 234968) >+++ Source/JavaScriptCore/interpreter/StackVisitor.cpp (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2013, 2015-2017 Apple Inc. All rights reserved. >+ * Copyright (C) 2013-2018 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -47,10 +47,14 @@ StackVisitor::StackVisitor(CallFrame* st > m_frame.m_entryFrame = vm->topEntryFrame; > topFrame = vm->topCallFrame; > >- if (topFrame && static_cast<void*>(m_frame.m_entryFrame) == static_cast<void*>(topFrame)) { >+ if (topFrame && m_frame.m_entryFrame == topFrame) { > topFrame = vmEntryRecord(m_frame.m_entryFrame)->m_prevTopCallFrame; > m_frame.m_entryFrame = vmEntryRecord(m_frame.m_entryFrame)->m_prevTopEntryFrame; >+ >+ if (startFrame == vm->topCallFrame) >+ startFrame = topFrame; > } >+ > } else { > m_frame.m_entryFrame = 0; > topFrame = 0; >Index: Source/JavaScriptCore/interpreter/StackVisitor.h >=================================================================== >--- Source/JavaScriptCore/interpreter/StackVisitor.h (revision 234968) >+++ Source/JavaScriptCore/interpreter/StackVisitor.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2013-2017 Apple Inc. All rights reserved. >+ * Copyright (C) 2013-2018 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -26,7 +26,6 @@ > #pragma once > > #include "CalleeBits.h" >-#include "VMEntryRecord.h" > #include "WasmIndexOrName.h" > #include <wtf/Function.h> > #include <wtf/Indenter.h> >@@ -35,6 +34,7 @@ > namespace JSC { > > struct CodeOrigin; >+struct EntryFrame; > struct InlineCallFrame; > > class CodeBlock; >Index: Source/JavaScriptCore/interpreter/VMEntryRecord.h >=================================================================== >--- Source/JavaScriptCore/interpreter/VMEntryRecord.h (revision 234968) >+++ Source/JavaScriptCore/interpreter/VMEntryRecord.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2014-2017 Apple Inc. All rights reserved. >+ * Copyright (C) 2014-2018 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -55,21 +55,4 @@ struct VMEntryRecord { > > extern "C" VMEntryRecord* vmEntryRecord(EntryFrame*); > >-struct EntryFrame { >-#if ENABLE(JIT) && NUMBER_OF_CALLEE_SAVES_REGISTERS > 0 >- static ptrdiff_t vmEntryRecordOffset() >- { >- EntryFrame* fakeEntryFrame = reinterpret_cast<EntryFrame*>(0x1000); >- VMEntryRecord* record = vmEntryRecord(fakeEntryFrame); >- return static_cast<ptrdiff_t>( >- reinterpret_cast<char*>(record) - reinterpret_cast<char*>(fakeEntryFrame)); >- } >- >- static ptrdiff_t calleeSaveRegistersBufferOffset() >- { >- return vmEntryRecordOffset() + OBJECT_OFFSETOF(VMEntryRecord, calleeSaveRegistersBuffer); >- } >-#endif >-}; >- > } // namespace JSC >Index: Source/JavaScriptCore/jit/AssemblyHelpers.h >=================================================================== >--- Source/JavaScriptCore/jit/AssemblyHelpers.h (revision 234968) >+++ Source/JavaScriptCore/jit/AssemblyHelpers.h (working copy) >@@ -28,6 +28,7 @@ > #if ENABLE(JIT) > > #include "CodeBlock.h" >+#include "EntryFrame.h" > #include "FPRInfo.h" > #include "GPRInfo.h" > #include "Heap.h" >Index: Source/JavaScriptCore/jit/JITExceptions.cpp >=================================================================== >--- Source/JavaScriptCore/jit/JITExceptions.cpp (revision 234968) >+++ Source/JavaScriptCore/jit/JITExceptions.cpp (working copy) >@@ -30,6 +30,7 @@ > #include "CatchScope.h" > #include "CodeBlock.h" > #include "Disassembler.h" >+#include "EntryFrame.h" > #include "Interpreter.h" > #include "JSCInlines.h" > #include "JSCJSValue.h" >@@ -42,7 +43,7 @@ > > namespace JSC { > >-void genericUnwind(VM* vm, ExecState* callFrame, UnwindStart unwindStart) >+void genericUnwind(VM* vm, ExecState* callFrame) > { > auto scope = DECLARE_CATCH_SCOPE(*vm); > if (Options::breakOnThrow()) { >@@ -54,16 +55,11 @@ void genericUnwind(VM* vm, ExecState* ca > CRASH(); > } > >- ExecState* shadowChickenTopFrame = callFrame; >- if (unwindStart == UnwindFromCallerFrame) { >- EntryFrame* topEntryFrame = vm->topEntryFrame; >- shadowChickenTopFrame = callFrame->callerFrame(topEntryFrame); >- } >- vm->shadowChicken().log(*vm, shadowChickenTopFrame, ShadowChicken::Packet::throwPacket()); >- >+ vm->shadowChicken().log(*vm, vm->topJSCallFrame(), ShadowChicken::Packet::throwPacket()); >+ > Exception* exception = scope.exception(); > RELEASE_ASSERT(exception); >- HandlerInfo* handler = vm->interpreter->unwind(*vm, callFrame, exception, unwindStart); // This may update callFrame. >+ HandlerInfo* handler = vm->interpreter->unwind(*vm, callFrame, exception); // This may update callFrame. > > void* catchRoutine; > Instruction* catchPCForInterpreter = 0; >@@ -83,8 +79,8 @@ void genericUnwind(VM* vm, ExecState* ca > #endif > } else > catchRoutine = LLInt::getCodePtr<ExceptionHandlerPtrTag>(handleUncaughtException).executableAddress(); >- >- ASSERT(bitwise_cast<uintptr_t>(callFrame) < bitwise_cast<uintptr_t>(vm->topEntryFrame)); >+ >+ ASSERT(callFrame <= vm->topEntryFrame); > > assertIsTaggedWith(catchRoutine, ExceptionHandlerPtrTag); > vm->callFrameForCatch = callFrame; >@@ -94,9 +90,4 @@ void genericUnwind(VM* vm, ExecState* ca > RELEASE_ASSERT(catchRoutine); > } > >-void genericUnwind(VM* vm, ExecState* callFrame) >-{ >- genericUnwind(vm, callFrame, UnwindFromCurrentFrame); >-} >- > } // namespace JSC >Index: Source/JavaScriptCore/jit/JITExceptions.h >=================================================================== >--- Source/JavaScriptCore/jit/JITExceptions.h (revision 234968) >+++ Source/JavaScriptCore/jit/JITExceptions.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2012 Apple Inc. All rights reserved. >+ * Copyright (C) 2012-2018 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -27,12 +27,9 @@ > > namespace JSC { > >-enum UnwindStart : uint8_t; >- > class ExecState; > class VM; > >-void genericUnwind(VM*, ExecState*, UnwindStart); > void genericUnwind(VM*, ExecState*); > > } // namespace JSC >Index: Source/JavaScriptCore/jit/JITOperations.cpp >=================================================================== >--- Source/JavaScriptCore/jit/JITOperations.cpp (revision 234968) >+++ Source/JavaScriptCore/jit/JITOperations.cpp (working copy) >@@ -100,45 +100,35 @@ void * _ReturnAddress(void); > void JIT_OPERATION operationThrowStackOverflowError(ExecState* exec, CodeBlock* codeBlock) > { > // We pass in our own code block, because the callframe hasn't been populated. >+ exec = exec->callerFrame(); > VM* vm = codeBlock->vm(); > auto scope = DECLARE_THROW_SCOPE(*vm); >+ NativeCallFrameTracer tracer(vm, exec); > >- EntryFrame* entryFrame = vm->topEntryFrame; >- CallFrame* callerFrame = exec->callerFrame(entryFrame); >- if (!callerFrame) { >- callerFrame = exec; >- entryFrame = vm->topEntryFrame; >- } >- >- NativeCallFrameTracerWithRestore tracer(vm, entryFrame, callerFrame); >- throwStackOverflowError(callerFrame, scope); >+ throwStackOverflowError(exec, scope); > } > > #if ENABLE(WEBASSEMBLY) > void JIT_OPERATION operationThrowDivideError(ExecState* exec) > { >+ exec = exec->callerFrame(); > VM* vm = &exec->vm(); > auto scope = DECLARE_THROW_SCOPE(*vm); >+ NativeCallFrameTracer tracer(vm, exec); > >- EntryFrame* entryFrame = vm->topEntryFrame; >- CallFrame* callerFrame = exec->callerFrame(entryFrame); >- >- NativeCallFrameTracerWithRestore tracer(vm, entryFrame, callerFrame); > ErrorHandlingScope errorScope(*vm); >- throwException(callerFrame, scope, createError(callerFrame, "Division by zero or division overflow."_s)); >+ throwException(exec, scope, createError(exec, "Division by zero or division overflow."_s)); > } > > void JIT_OPERATION operationThrowOutOfBoundsAccessError(ExecState* exec) > { >+ exec = exec->callerFrame(); > VM* vm = &exec->vm(); > auto scope = DECLARE_THROW_SCOPE(*vm); >+ NativeCallFrameTracer tracer(vm, exec); > >- EntryFrame* entryFrame = vm->topEntryFrame; >- CallFrame* callerFrame = exec->callerFrame(entryFrame); >- >- NativeCallFrameTracerWithRestore tracer(vm, entryFrame, callerFrame); > ErrorHandlingScope errorScope(*vm); >- throwException(callerFrame, scope, createError(callerFrame, "Out-of-bounds access."_s)); >+ throwException(exec, scope, createError(exec, "Out-of-bounds access."_s)); > } > #endif > >@@ -149,10 +139,8 @@ int32_t JIT_OPERATION operationCallArity > > int32_t missingArgCount = CommonSlowPaths::arityCheckFor(exec, *vm, CodeForCall); > if (missingArgCount < 0) { >- EntryFrame* entryFrame = vm->topEntryFrame; >- CallFrame* callerFrame = exec->callerFrame(entryFrame); >- NativeCallFrameTracerWithRestore tracer(vm, entryFrame, callerFrame); >- throwStackOverflowError(callerFrame, scope); >+ NativeCallFrameTracer tracer(vm, exec->callerFrame()); >+ throwStackOverflowError(vm->topCallFrame, scope); > } > > return missingArgCount; >@@ -165,10 +153,8 @@ int32_t JIT_OPERATION operationConstruct > > int32_t missingArgCount = CommonSlowPaths::arityCheckFor(exec, *vm, CodeForConstruct); > if (missingArgCount < 0) { >- EntryFrame* entryFrame = vm->topEntryFrame; >- CallFrame* callerFrame = exec->callerFrame(entryFrame); >- NativeCallFrameTracerWithRestore tracer(vm, entryFrame, callerFrame); >- throwStackOverflowError(callerFrame, scope); >+ NativeCallFrameTracer tracer(vm, exec->callerFrame()); >+ throwStackOverflowError(vm->topCallFrame, scope); > } > > return missingArgCount; >@@ -2477,9 +2463,7 @@ void JIT_OPERATION lookupExceptionHandle > > void JIT_OPERATION lookupExceptionHandlerFromCallerFrame(VM* vm, ExecState* exec) > { >- vm->topCallFrame = exec->callerFrame(); >- genericUnwind(vm, exec, UnwindFromCallerFrame); >- ASSERT(vm->targetMachinePCForThrow); >+ lookupExceptionHandler(vm, exec->callerFrame()); > } > > void JIT_OPERATION operationVMHandleException(ExecState* exec) >Index: Source/JavaScriptCore/llint/LLIntOffsetsExtractor.cpp >=================================================================== >--- Source/JavaScriptCore/llint/LLIntOffsetsExtractor.cpp (revision 234968) >+++ Source/JavaScriptCore/llint/LLIntOffsetsExtractor.cpp (working copy) >@@ -58,7 +58,6 @@ > #include "TypeProfiler.h" > #include "TypeProfilerLog.h" > #include "VM.h" >-#include "VMEntryRecord.h" > #include "ValueProfile.h" > #include "Watchdog.h" > #include <wtf/text/StringImpl.h> >Index: Source/JavaScriptCore/llint/LLIntSlowPaths.cpp >=================================================================== >--- Source/JavaScriptCore/llint/LLIntSlowPaths.cpp (revision 234968) >+++ Source/JavaScriptCore/llint/LLIntSlowPaths.cpp (working copy) >@@ -29,7 +29,6 @@ > #include "ArrayConstructor.h" > #include "CallFrame.h" > #include "CommonSlowPaths.h" >-#include "CommonSlowPathsExceptions.h" > #include "Error.h" > #include "ErrorHandlingScope.h" > #include "EvalCodeBlock.h" >@@ -525,13 +524,21 @@ LLINT_SLOW_PATH_DECL(stack_check) > VM& vm = exec->vm(); > auto throwScope = DECLARE_THROW_SCOPE(vm); > >- EntryFrame* topEntryFrame = vm.topEntryFrame; >- CallFrame* callerFrame = exec->callerFrame(topEntryFrame); >- if (!callerFrame) { >- callerFrame = exec; >- topEntryFrame = vm.topEntryFrame; >- } >- NativeCallFrameTracerWithRestore tracer(&vm, topEntryFrame, callerFrame); >+ // The purpose of this function is to check if the current stack frame is >+ // actually viable (i.e. we'll have enough stack space for it after any >+ // needed arity adjustments). Note that while the current frame is already >+ // partially pushed on the stack, this function is actually performing the >+ // stack check on behalf of the caller (which is the last known viable >+ // frame at the top of the stack). So, we should only declare (via >+ // NativeCallFrameTracer) that the caller frame is the topCallFrame. >+ // >+ // At the same time, we need to continue to hold on to the current frame >+ // (exec) because it might turn out to be viable (only possible with a >+ // C_LOOP build). We're also initializing it (see LLINT_SET_PC_FOR_STUBS()) >+ // and logging its values. >+ >+ CallFrame* callerFrame = exec->callerFrame(); >+ NativeCallFrameTracer tracer(&vm, callerFrame); > > LLINT_SET_PC_FOR_STUBS(); > >Index: Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm >=================================================================== >--- Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm (revision 234968) >+++ Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm (working copy) >@@ -102,15 +102,23 @@ macro doVMEntry(makeCall) > > # x86 needs to load arguments from the stack > if X86 or X86_WIN >- loadp 16[cfr], a2 >- loadp 12[cfr], a1 >- loadp 8[cfr], a0 >+ loadp [cfr], t3 >+ loadp 16[t3], a2 >+ loadp 12[t3], a1 >+ loadp 8[t3], a0 > end > > const entry = a0 > const vm = a1 > const protoCallFrame = a2 > >+ # Fill out the VM EntryFrame to look like a native CallFrame. >+ loadp ProtoCallFrame::calleeValue[protoCallFrame], t3 >+ storep t3, Callee[cfr] >+ move 0, t3 >+ storep t3, CodeBlock[cfr] >+ storep t3, ArgumentCount[cfr] >+ > # We are using t3, t4 and t5 as temporaries through the function. > # Since we have the guarantee that tX != aY when X != Y, we are safe from > # aliasing problems with our arguments. >@@ -312,8 +320,7 @@ _handleUncaughtException: > loadp VM::callFrameForCatch[t3], cfr > storep 0, VM::callFrameForCatch[t3] > >- loadp CallerFrame[cfr], cfr >- >+ loadp VM::topEntryFrame[t3], cfr > if ARMv7 > vmEntryRecord(cfr, t3) > move t3, sp >Index: Source/JavaScriptCore/llint/LowLevelInterpreter64.asm >=================================================================== >--- Source/JavaScriptCore/llint/LowLevelInterpreter64.asm (revision 234968) >+++ Source/JavaScriptCore/llint/LowLevelInterpreter64.asm (working copy) >@@ -123,6 +123,13 @@ macro doVMEntry(makeCall) > const vm = a1 > const protoCallFrame = a2 > >+ # Fill out the VM EntryFrame to look like a native CallFrame. >+ loadp ProtoCallFrame::calleeValue[protoCallFrame], t3 >+ storep t3, Callee[cfr] >+ move 0, t3 >+ storep t3, CodeBlock[cfr] >+ storep t3, ArgumentCount[cfr] >+ > vmEntryRecord(cfr, sp) > > checkStackPointerAlignment(t4, 0xbad0dc01) >@@ -244,7 +251,6 @@ macro doVMEntry(makeCall) > > popCalleeSaves() > functionEpilogue() >- > ret > end > >@@ -285,7 +291,7 @@ _handleUncaughtException: > loadp VM::callFrameForCatch[t3], cfr > storep 0, VM::callFrameForCatch[t3] > >- loadp CallerFrame[cfr], cfr >+ loadp VM::topEntryFrame[t3], cfr > vmEntryRecord(cfr, t2) > > loadp VMEntryRecord::m_vm[t2], t3 >Index: Source/JavaScriptCore/llint/LowLevelInterpreter.asm >=================================================================== >--- Source/JavaScriptCore/llint/LowLevelInterpreter.asm (revision 234968) >+++ Source/JavaScriptCore/llint/LowLevelInterpreter.asm (working copy) >@@ -181,6 +181,8 @@ const ThisArgumentOffset = ArgumentCount > const FirstArgumentOffset = ThisArgumentOffset + SlotSize > const CallFrameHeaderSize = ThisArgumentOffset > >+const AlignedEntryFrameSizeAdjustment = (((CallFrameHeaderSize + StackAlignment - 1) & ~StackAlignmentMask) - CallerFrameAndPCSize) >+ > # Some value representation constants. > if JSVALUE64 > const TagBitTypeOther = 0x2 >@@ -1148,18 +1150,46 @@ macro doReturn() > ret > end > >+# This break instruction is needed so that the synthesized llintPCRangeStart label >+# doesn't point to the exact same location as vmEntryToJavaScript which comes after it. >+# Otherwise, libunwind will report vmEntryToJavaScript as llintPCRangeStart in >+# stack traces. >+ >+ break >+ > # stub to call into JavaScript or Native functions > # EncodedJSValue vmEntryToJavaScript(void* code, VM* vm, ProtoCallFrame* protoFrame) > # EncodedJSValue vmEntryToNativeFunction(void* code, VM* vm, ProtoCallFrame* protoFrame) > >+macro allocateEntryFrameAndDoVMEntry(makeCall, internalLabel) >+ functionPrologue() >+ subp AlignedEntryFrameSizeAdjustment, sp # Push space for the EntryFrame. >+ >+ # The only reason we need use a call in the VM entry glue to set up the >+ # EntryFrame is because libunwind will get confused otherwise. If we figure out >+ # another way to tell libunwind about this, we can remove this call and just move >+ # the frame header in the stack to make room for the EntryFrame. >+ if C_LOOP >+ cloopCallLocal internalLabel >+ else >+ call internalLabel >+ end >+ >+ addp AlignedEntryFrameSizeAdjustment, sp # Pop the EntryFrame. >+ functionEpilogue() >+ ret >+end >+ > if C_LOOP > _llint_vm_entry_to_javascript: > else > global _vmEntryToJavaScript > _vmEntryToJavaScript: > end >- doVMEntry(makeJavaScriptCall) >+ allocateEntryFrameAndDoVMEntry(makeJavaScriptCall, _vmEntryToJavaScriptInternal) > >+_vmEntryToJavaScriptInternal: >+ doVMEntry(makeJavaScriptCall) > > if C_LOOP > _llint_vm_entry_to_native: >@@ -1167,8 +1197,10 @@ else > global _vmEntryToNative > _vmEntryToNative: > end >- doVMEntry(makeHostFunctionCall) >+ allocateEntryFrameAndDoVMEntry(makeHostFunctionCall, _vmEntryToNativeInternal) > >+_vmEntryToNativeInternal: >+ doVMEntry(makeHostFunctionCall) > > if not C_LOOP > # void sanitizeStackForVMImpl(VM* vm) >Index: Source/JavaScriptCore/offlineasm/cloop.rb >=================================================================== >--- Source/JavaScriptCore/offlineasm/cloop.rb (revision 234968) >+++ Source/JavaScriptCore/offlineasm/cloop.rb (working copy) >@@ -1072,15 +1072,24 @@ class Instruction > when "cloopCrash" > $asm.putc "CRASH();" > >+ # We can't do generic function calls. This pseudo instruction simulates >+ # a call to a local function. >+ when "cloopCallLocal" >+ uid = $asm.newUID >+ $asm.putc "lr.opcode = getOpcode(llint_cloop_synthesized_return_label_#{uid});" >+ raise unless operands[0].is_a? LocalLabelReference or operands[0].is_a? LabelReference >+ $asm.putc "goto #{operands[0].cLabel};" >+ $asm.putsLabel("llint_cloop_synthesized_return_label_#{uid}", false) >+ > # We can't rely on the llint JS call mechanism which actually makes > # use of the call instruction. Instead, we just implement JS calls > # as an opcode dispatch. > when "cloopCallJSFunction" > uid = $asm.newUID >- $asm.putc "lr.opcode = getOpcode(llint_cloop_did_return_from_js_#{uid});" >+ $asm.putc "lr.opcode = getOpcode(llint_cloop_synthesized_return_label_#{uid});" > $asm.putc "opcode = #{operands[0].clValue(:opcode)};" > $asm.putc "DISPATCH_OPCODE();" >- $asm.putsLabel("llint_cloop_did_return_from_js_#{uid}", false) >+ $asm.putsLabel("llint_cloop_synthesized_return_label_#{uid}", false) > > # We can't do generic function calls with an arbitrary set of args, but > # fortunately we don't have to here. All native function calls always >Index: Source/JavaScriptCore/offlineasm/instructions.rb >=================================================================== >--- Source/JavaScriptCore/offlineasm/instructions.rb (revision 234968) >+++ Source/JavaScriptCore/offlineasm/instructions.rb (working copy) >@@ -297,6 +297,7 @@ MIPS_INSTRUCTIONS = > CXX_INSTRUCTIONS = > [ > "cloopCrash", # no operands >+ "cloopCallLocal", # operands: localLabel as callee > "cloopCallJSFunction", # operands: callee > "cloopCallNative", # operands: callee > "cloopCallSlowPath", # operands: callTarget, currentFrame, currentPC >Index: Source/JavaScriptCore/runtime/CommonSlowPaths.cpp >=================================================================== >--- Source/JavaScriptCore/runtime/CommonSlowPaths.cpp (revision 234968) >+++ Source/JavaScriptCore/runtime/CommonSlowPaths.cpp (working copy) >@@ -33,7 +33,6 @@ > #include "CallFrame.h" > #include "ClonedArguments.h" > #include "CodeProfiling.h" >-#include "CommonSlowPathsExceptions.h" > #include "DefinePropertyAttributes.h" > #include "DirectArguments.h" > #include "Error.h" >@@ -163,16 +162,26 @@ namespace JSC { > CALL_END_IMPL(cceExec, LLInt::callToThrow(cceExec), ExceptionHandlerPtrTag); \ > } while (false) > >+static void slowPathThrowStackOverflowError(ExecState* exec, ThrowScope& scope) >+{ >+ JSObject* error = createStackOverflowError(exec); >+ throwException(exec, scope, error); >+#if LLINT_TRACING >+ if (UNLIKELY(Options::traceLLIntSlowPath())) >+ dataLog("Throwing exception ", JSValue(scope.exception()), ".\n"); >+#endif >+} >+ > SLOW_PATH_DECL(slow_path_call_arityCheck) > { > BEGIN(); > int slotsToAdd = CommonSlowPaths::arityCheckFor(exec, vm, CodeForCall); > if (slotsToAdd < 0) { > exec = exec->callerFrame(); >- vm.topCallFrame = exec; >+ NativeCallFrameTracer tracer(&vm, exec); > ErrorHandlingScope errorScope(vm); > throwScope.release(); >- CommonSlowPaths::interpreterThrowInCaller(exec, createStackOverflowError(exec)); >+ slowPathThrowStackOverflowError(exec, throwScope); > RETURN_TWO(bitwise_cast<void*>(static_cast<uintptr_t>(1)), exec); > } > RETURN_TWO(0, bitwise_cast<void*>(static_cast<uintptr_t>(slotsToAdd))); >@@ -184,9 +193,9 @@ SLOW_PATH_DECL(slow_path_construct_arity > int slotsToAdd = CommonSlowPaths::arityCheckFor(exec, vm, CodeForConstruct); > if (slotsToAdd < 0) { > exec = exec->callerFrame(); >- vm.topCallFrame = exec; >+ NativeCallFrameTracer tracer(&vm, exec); > ErrorHandlingScope errorScope(vm); >- CommonSlowPaths::interpreterThrowInCaller(exec, createStackOverflowError(exec)); >+ slowPathThrowStackOverflowError(exec, throwScope); > RETURN_TWO(bitwise_cast<void*>(static_cast<uintptr_t>(1)), exec); > } > RETURN_TWO(0, bitwise_cast<void*>(static_cast<uintptr_t>(slotsToAdd))); >Index: Source/JavaScriptCore/runtime/CommonSlowPathsExceptions.cpp >=================================================================== >--- Source/JavaScriptCore/runtime/CommonSlowPathsExceptions.cpp (revision 234968) >+++ Source/JavaScriptCore/runtime/CommonSlowPathsExceptions.cpp (nonexistent) >@@ -1,56 +0,0 @@ >-/* >- * Copyright (C) 2013, 2016 Apple Inc. All rights reserved. >- * >- * Redistribution and use in source and binary forms, with or without >- * modification, are permitted provided that the following conditions >- * are met: >- * 1. Redistributions of source code must retain the above copyright >- * notice, this list of conditions and the following disclaimer. >- * 2. Redistributions in binary form must reproduce the above copyright >- * notice, this list of conditions and the following disclaimer in the >- * documentation and/or other materials provided with the distribution. >- * >- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY >- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE >- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR >- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, >- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR >- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY >- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE >- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >- */ >- >-#include "config.h" >-#include "CommonSlowPathsExceptions.h" >- >-#include "CallFrame.h" >-#include "CodeBlock.h" >-#include "FrameTracers.h" >-#include "Interpreter.h" >-#include "JITExceptions.h" >-#include "LLIntCommon.h" >-#include "JSCInlines.h" >- >-#if LLINT_TRACING >-#include "Exception.h" >-#endif >- >-namespace JSC { namespace CommonSlowPaths { >- >-void interpreterThrowInCaller(ExecState* exec, JSObject* error) >-{ >- VM* vm = &exec->vm(); >- NativeCallFrameTracer tracer(vm, exec); >- auto scope = DECLARE_THROW_SCOPE(*vm); >- >- throwException(exec, scope, error); >-#if LLINT_TRACING >- if (UNLIKELY(Options::traceLLIntSlowPath())) >- dataLog("Throwing exception ", JSValue(scope.exception()), ".\n"); >-#endif >-} >- >-} } // namespace JSC::LLInt >Index: Source/JavaScriptCore/runtime/CommonSlowPathsExceptions.h >=================================================================== >--- Source/JavaScriptCore/runtime/CommonSlowPathsExceptions.h (revision 234968) >+++ Source/JavaScriptCore/runtime/CommonSlowPathsExceptions.h (nonexistent) >@@ -1,38 +0,0 @@ >-/* >- * Copyright (C) 2013 Apple Inc. All rights reserved. >- * >- * Redistribution and use in source and binary forms, with or without >- * modification, are permitted provided that the following conditions >- * are met: >- * 1. Redistributions of source code must retain the above copyright >- * notice, this list of conditions and the following disclaimer. >- * 2. Redistributions in binary form must reproduce the above copyright >- * notice, this list of conditions and the following disclaimer in the >- * documentation and/or other materials provided with the distribution. >- * >- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY >- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE >- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR >- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, >- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR >- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY >- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE >- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >- */ >- >-#pragma once >- >-namespace JSC { >- >-class ExecState; >-class JSObject; >- >-namespace CommonSlowPaths { >- >-// Throw the currently active exception in the context of the caller's call frame. >-void interpreterThrowInCaller(ExecState* callerFrame, JSObject*); >- >-} } // namespace JSC::CommonSlowPaths >Index: Source/JavaScriptCore/runtime/Error.cpp >=================================================================== >--- Source/JavaScriptCore/runtime/Error.cpp (revision 234968) >+++ Source/JavaScriptCore/runtime/Error.cpp (working copy) >@@ -39,6 +39,7 @@ > #include "SourceCode.h" > #include "StackFrame.h" > #include "SuperSampler.h" >+#include "VMInlines.h" > > namespace JSC { > >@@ -169,7 +170,7 @@ std::unique_ptr<Vector<StackFrame>> getS > std::unique_ptr<Vector<StackFrame>> stackTrace = std::make_unique<Vector<StackFrame>>(); > vm.interpreter->getStackTrace(obj, *stackTrace, framesToSkip, errorConstructor->stackTraceLimit().value()); > if (!stackTrace->isEmpty()) >- ASSERT_UNUSED(exec, exec == vm.topCallFrame || exec == exec->lexicalGlobalObject()->globalExec() || exec == exec->vmEntryGlobalObject()->globalExec()); >+ ASSERT_UNUSED(exec, exec == vm.topCallFrame || exec->isGlobalExec()); > return stackTrace; > } > >Index: Source/JavaScriptCore/runtime/ExceptionHelpers.cpp >=================================================================== >--- Source/JavaScriptCore/runtime/ExceptionHelpers.cpp (revision 234968) >+++ Source/JavaScriptCore/runtime/ExceptionHelpers.cpp (working copy) >@@ -29,7 +29,6 @@ > #include "config.h" > #include "ExceptionHelpers.h" > >-#include "CallFrame.h" > #include "CatchScope.h" > #include "CodeBlock.h" > #include "ErrorHandlingScope.h" >@@ -38,6 +37,7 @@ > #include "JSCInlines.h" > #include "JSGlobalObjectFunctions.h" > #include "RuntimeType.h" >+#include "VMInlines.h" > #include <wtf/text/StringBuilder.h> > #include <wtf/text/StringView.h> > >@@ -69,7 +69,10 @@ bool isTerminatedExecutionException(VM& > > JSObject* createStackOverflowError(ExecState* exec) > { >- return createStackOverflowError(exec, exec->lexicalGlobalObject()); >+ JSGlobalObject* globalObject = exec->isGlobalExec() >+ ? exec->lexicalGlobalObject() >+ : exec->vm().topJSCallFrame()->lexicalGlobalObject(); >+ return createStackOverflowError(exec, globalObject); > } > > JSObject* createStackOverflowError(ExecState* exec, JSGlobalObject* globalObject) >Index: Source/JavaScriptCore/runtime/JSGeneratorFunction.h >=================================================================== >--- Source/JavaScriptCore/runtime/JSGeneratorFunction.h (revision 234968) >+++ Source/JavaScriptCore/runtime/JSGeneratorFunction.h (working copy) >@@ -32,7 +32,6 @@ namespace JSC { > > class JSGlobalObject; > class LLIntOffsetsExtractor; >-class LLIntDesiredOffsets; > > class JSGeneratorFunction final : public JSFunction { > friend class JIT; >Index: Source/JavaScriptCore/runtime/VM.cpp >=================================================================== >--- Source/JavaScriptCore/runtime/VM.cpp (revision 234968) >+++ Source/JavaScriptCore/runtime/VM.cpp (working copy) >@@ -826,14 +826,16 @@ void VM::clearSourceProviderCaches() > > void VM::throwException(ExecState* exec, Exception* exception) > { >+ ASSERT(exec == topCallFrame || exec->isGlobalExec()); >+ if (!exec->isGlobalExec()) >+ exec = topJSCallFrame(); >+ > if (Options::breakOnThrow()) { > CodeBlock* codeBlock = exec->codeBlock(); > dataLog("Throwing exception in call frame ", RawPointer(exec), " for code block ", codeBlock, "\n"); > CRASH(); > } > >- ASSERT(exec == topCallFrame || exec == exec->lexicalGlobalObject()->globalExec() || exec == exec->vmEntryGlobalObject()->globalExec()); >- > interpreter->notifyDebuggerOfExceptionToBeThrown(*this, exec, exception); > > setException(exception); >Index: Source/JavaScriptCore/runtime/VM.h >=================================================================== >--- Source/JavaScriptCore/runtime/VM.h (revision 234968) >+++ Source/JavaScriptCore/runtime/VM.h (working copy) >@@ -51,7 +51,6 @@ > #include "SmallStrings.h" > #include "Strong.h" > #include "StructureCache.h" >-#include "VMEntryRecord.h" > #include "VMTraps.h" > #include "WasmContext.h" > #include "Watchpoint.h" >@@ -168,10 +167,13 @@ namespace DOMJIT { > class Signature; > } > >+struct EntryFrame; > struct HashTable; > struct Instruction; > struct ValueProfile; > >+typedef ExecState CallFrame; >+ > struct LocalTimeOffsetCache { > LocalTimeOffsetCache() > : start(0.0) >@@ -293,6 +295,8 @@ public: > unsigned id() const { return m_id; } > bool isEntered() const { return !!entryScope; } > >+ inline CallFrame* topJSCallFrame() const; >+ > private: > unsigned nextID(); > >Index: Source/JavaScriptCore/runtime/VMInlines.h >=================================================================== >--- Source/JavaScriptCore/runtime/VMInlines.h (revision 234968) >+++ Source/JavaScriptCore/runtime/VMInlines.h (working copy) >@@ -25,6 +25,7 @@ > > #pragma once > >+#include "EntryFrame.h" > #include "ProfilerDatabase.h" > #include "VM.h" > #include "Watchdog.h" >@@ -60,4 +61,18 @@ void VM::logEvent(CodeBlock* codeBlock, > m_perBytecodeProfiler->logEvent(codeBlock, summary, func()); > } > >+inline CallFrame* VM::topJSCallFrame() const >+{ >+ CallFrame* frame = topCallFrame; >+ if (!frame) >+ return frame; >+ EntryFrame* entryFrame = topEntryFrame; >+ if (frame != entryFrame) >+ return frame; >+ VMEntryRecord* entryRecord = vmEntryRecord(entryFrame); >+ frame = entryRecord->prevTopCallFrame(); >+ ASSERT(frame != entryRecord->prevTopEntryFrame()); >+ return frame; >+} >+ > } // namespace JSC >Index: Source/JavaScriptCore/runtime/VMTraps.cpp >=================================================================== >--- Source/JavaScriptCore/runtime/VMTraps.cpp (revision 234968) >+++ Source/JavaScriptCore/runtime/VMTraps.cpp (working copy) >@@ -85,7 +85,7 @@ inline static bool vmIsInactive(VM& vm) > > static bool isSaneFrame(CallFrame* frame, CallFrame* calleeFrame, EntryFrame* entryFrame, StackBounds stackBounds) > { >- if (reinterpret_cast<void*>(frame) >= reinterpret_cast<void*>(entryFrame)) >+ if (frame >= entryFrame) > return false; > if (calleeFrame >= frame) > return false;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=347320">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
mark.lam
:
review-
ews-watchlist
:
commit-queue-
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 188577
:
347320
|
347321
|
347329
|
347330
|
347332
|
347364
|
347370
|
347372
|
347523
|
347542
|
347574
|
347604
|
348021
|
348047
|
348059