[webkit-changes] [WebKit/WebKit] e94a54: [JSC] exception from handleHostCall for tail-call ...

Yusuke Suzuki noreply at github.com
Tue Jan 9 07:29:12 PST 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: e94a54e5f285c566688cb047bb8008efea0665dc
      https://github.com/WebKit/WebKit/commit/e94a54e5f285c566688cb047bb8008efea0665dc
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2024-01-09 (Tue, 09 Jan 2024)

  Changed paths:
    A JSTests/stress/tail-call-callee-frame-polymorphic.js
    M LayoutTests/inspector/unit-tests/array-utilities-expected.txt
    M LayoutTests/inspector/unit-tests/set-utilities-expected.txt
    M Source/JavaScriptCore/bytecode/CodeBlock.cpp
    M Source/JavaScriptCore/bytecode/CodeBlock.h
    M Source/JavaScriptCore/bytecode/RepatchInlines.h
    M Source/JavaScriptCore/interpreter/CallFrame.cpp
    M Source/JavaScriptCore/interpreter/CallFrame.h
    M Source/JavaScriptCore/interpreter/CallFrameInlines.h
    M Source/JavaScriptCore/interpreter/FrameTracers.h
    M Source/JavaScriptCore/interpreter/StackVisitor.cpp
    M Source/JavaScriptCore/interpreter/StackVisitor.h
    M Source/JavaScriptCore/jit/JITOperations.cpp
    M Source/JavaScriptCore/jit/JITThunks.h
    M Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.cpp
    M Source/JavaScriptCore/jit/ThunkGenerators.cpp
    M Source/JavaScriptCore/jit/ThunkGenerators.h
    M Source/JavaScriptCore/runtime/JSGlobalObject.cpp
    M Source/JavaScriptCore/runtime/JSGlobalObject.h
    M Source/JavaScriptCore/runtime/VMInlines.h

  Log Message:
  -----------
  [JSC] exception from handleHostCall for tail-call should be handled correctly
https://bugs.webkit.org/show_bug.cgi?id=267249
rdar://120662635

Reviewed by Mark Lam.

272580 at main introduced failing in the fast path in polymorphic thunk (calling operationLinkPolymorphicFromRegularCall etc.).
In this case,

1. We should anyway use the top-most CallFrame* for NativeCallFrameTracer since it confuses StackVisitor (It assumes vm.topCallFrame is the top-most CallFrame*).
   We use calleeFrame instead of callerFrame.
2. Then, we should make StackVisitor work with CallFrame* which has non-cell JSCallee (when calling a non-function value). We rename stackOverflowFrameCallee to
   partiallyInitializedFrameCallee and use it. This tells StackVisitor that it should skip the first frame since it is pre-baked one. Also, make it possible to throw
   exception from this frame since exception catching code assumes that Callee is some cells.
3. To throw an exception from the current calleeFrame, this patch adds throwExceptionFromCallGenerator thunk, which throws an exception from the current frame when
   it is called as a normal JS function.

* JSTests/stress/tail-call-callee-frame-polymorphic.js: Added.
* Source/JavaScriptCore/bytecode/RepatchInlines.h:
(JSC::handleHostCall):
* Source/JavaScriptCore/interpreter/CallFrame.h:
* Source/JavaScriptCore/interpreter/CallFrameInlines.h:
(JSC::CallFrame::isHandleHostCallExceptionFrame const):
* Source/JavaScriptCore/interpreter/FrameTracers.h:
(JSC::NativeCallFrameTracerForTailCall::NativeCallFrameTracerForTailCall): Deleted.
* Source/JavaScriptCore/interpreter/StackVisitor.cpp:
(JSC::StackVisitor::StackVisitor):
* Source/JavaScriptCore/jit/JITOperations.cpp:
(JSC::JSC_DEFINE_JIT_OPERATION):
* Source/JavaScriptCore/jit/JITThunks.h:
* Source/JavaScriptCore/jit/ThunkGenerators.cpp:
(JSC::throwExceptionFromCallGenerator):
(JSC::polymorphicThunkFor):
* Source/JavaScriptCore/jit/ThunkGenerators.h:
* Source/JavaScriptCore/runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::visitChildrenImpl):
* Source/JavaScriptCore/runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::handleHostCallExceptionCallee const):
* Source/JavaScriptCore/runtime/VMInlines.h:
(JSC::VM::topJSCallFrame const):

Canonical link: https://commits.webkit.org/272816@main

More information about the webkit-changes mailing list