[webkit-changes] [WebKit/WebKit] fc1560: JIT operations should return the current exception...

Keith Miller noreply at github.com
Fri May 3 22:03:54 PDT 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: fc1560bbe0bacc088faf2b65876379f39a324979
      https://github.com/WebKit/WebKit/commit/fc1560bbe0bacc088faf2b65876379f39a324979
  Author: Keith Miller <keith_miller at apple.com>
  Date:   2024-05-03 (Fri, 03 May 2024)

  Changed paths:
    M Source/JavaScriptCore/CMakeLists.txt
    M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
    M Source/JavaScriptCore/assembler/MacroAssembler.h
    M Source/JavaScriptCore/assembler/MacroAssemblerARM64.cpp
    M Source/JavaScriptCore/assembler/MacroAssemblerARMv7.cpp
    M Source/JavaScriptCore/assembler/MacroAssemblerRISCV64.cpp
    M Source/JavaScriptCore/assembler/MacroAssemblerX86Common.cpp
    M Source/JavaScriptCore/b3/B3Type.h
    M Source/JavaScriptCore/b3/B3Validate.cpp
    M Source/JavaScriptCore/b3/air/AirCCallingConvention.cpp
    M Source/JavaScriptCore/b3/testb3.h
    M Source/JavaScriptCore/b3/testb3_5.cpp
    M Source/JavaScriptCore/b3/testb3_6.cpp
    M Source/JavaScriptCore/b3/testb3_7.cpp
    M Source/JavaScriptCore/dfg/DFGAbstractInterpreter.h
    M Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
    M Source/JavaScriptCore/dfg/DFGArithMode.h
    M Source/JavaScriptCore/dfg/DFGArrayifySlowPathGenerator.h
    M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
    M Source/JavaScriptCore/dfg/DFGCallArrayAllocatorSlowPathGenerator.h
    M Source/JavaScriptCore/dfg/DFGCallCreateDirectArgumentsSlowPathGenerator.h
    M Source/JavaScriptCore/dfg/DFGJITCompiler.h
    M Source/JavaScriptCore/dfg/DFGOSRExit.cpp
    M Source/JavaScriptCore/dfg/DFGOSRExit.h
    M Source/JavaScriptCore/dfg/DFGOperations.cpp
    M Source/JavaScriptCore/dfg/DFGOperations.h
    M Source/JavaScriptCore/dfg/DFGSaneStringGetByValSlowPathGenerator.h
    M Source/JavaScriptCore/dfg/DFGSlowPathGenerator.h
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
    M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
    M Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp
    M Source/JavaScriptCore/ftl/FTLOSRExitCompiler.h
    M Source/JavaScriptCore/ftl/FTLOperations.cpp
    M Source/JavaScriptCore/ftl/FTLOperations.h
    M Source/JavaScriptCore/ftl/FTLOutput.cpp
    M Source/JavaScriptCore/ftl/FTLOutput.h
    M Source/JavaScriptCore/jit/AssemblyHelpers.cpp
    M Source/JavaScriptCore/jit/AssemblyHelpers.h
    M Source/JavaScriptCore/jit/CCallHelpers.h
    M Source/JavaScriptCore/jit/JIT.h
    M Source/JavaScriptCore/jit/JITCall.cpp
    M Source/JavaScriptCore/jit/JITInlines.h
    M Source/JavaScriptCore/jit/JITOperations.cpp
    M Source/JavaScriptCore/jit/JITOperations.h
    A Source/JavaScriptCore/jit/OperationResult.h
    M Source/JavaScriptCore/llint/LLIntThunks.h
    M Source/JavaScriptCore/runtime/AtomicsObject.cpp
    M Source/JavaScriptCore/runtime/CommonSlowPaths.h
    M Source/JavaScriptCore/runtime/ExceptionScope.h
    M Source/JavaScriptCore/runtime/HashMapImplInlines.h
    M Source/JavaScriptCore/runtime/MathCommon.cpp
    M Source/JavaScriptCore/runtime/MathCommon.h
    M Source/JavaScriptCore/runtime/StringPrototype.cpp
    M Source/JavaScriptCore/tools/JSDollarVM.cpp
    M Source/JavaScriptCore/wasm/WasmOperations.cpp
    M Source/JavaScriptCore/wasm/WasmOperations.h
    M Source/JavaScriptCore/yarr/YarrJIT.cpp
    M Source/WTF/wtf/PlatformCallingConventions.h
    M Source/WTF/wtf/Threading.cpp
    M Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
    M Source/WebCore/bindings/scripts/test/JS/JSTestDOMJIT.cpp
    M Source/WebCore/cssjit/SelectorCompiler.cpp
    M Source/WebCore/domjit/JSDocumentDOMJIT.cpp

  Log Message:
  -----------
  JIT operations should return the current exception in a return GPR when it's free.
https://bugs.webkit.org/show_bug.cgi?id=273264
rdar://127065985

Reviewed by Yusuke Suzuki.

This patch makes a lot of changes so that we can pass the current exception in a return register.

1) There's now a new set of macros for JIT_OPERATIONS that wrap the return type in a templated
   struct containing the true result and a pointer to the current exception if there's an extra
   return register in the C++ calling convention (and returning a `struct` won't push everything
   to the stack... armv7...).

2) Exception checking macro assembler functions take an optional register parameter, which is
   the register the exception is in, typically returnGPR2 but sometimes returnGPR.

3) Started moving FTL towards the same templated operation signature deduction of arguments used
   in the other JITs.

4) exception checks have been pushed into callOperation in DFG since that has the signature
   of the operation being called already.

5) We don't support exceptions in registers for double on ARM64 since that causes the double to
   be returned in x0 rather than d0. Also, FTL doesn't support `FastOperationResult<double/float>`
   since B3 can't handle that yet.

6) Add FTL::Output::verify which behaves like an assert by using a Check node.

7) FTL has a list of tuples for operation returns since we only use pairs this is just an LType[].

* Source/JavaScriptCore/CMakeLists.txt:
* Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj:
* Source/JavaScriptCore/b3/B3Type.h:
* Source/JavaScriptCore/b3/B3Validate.cpp:
* Source/JavaScriptCore/b3/air/AirCCallingConvention.cpp:
(JSC::B3::Air::cCallResultCount):
(JSC::B3::Air::cCallResult):
* Source/JavaScriptCore/dfg/DFGAbstractInterpreter.h:
* Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeDoubleUnaryOpEffects):
* Source/JavaScriptCore/dfg/DFGArithMode.h:
* Source/JavaScriptCore/dfg/DFGArrayifySlowPathGenerator.h:
* Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleDOMJITGetter):
(JSC::DFG::ByteCodeParser::handleGetById):
* Source/JavaScriptCore/dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
* Source/JavaScriptCore/dfg/DFGCallCreateDirectArgumentsSlowPathGenerator.h:
* Source/JavaScriptCore/dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::appendCall):
(JSC::DFG::JITCompiler::appendCallWithUGPRPair):
* Source/JavaScriptCore/dfg/DFGOperations.cpp:
(JSC::DFG::JSC_DEFINE_FAST_JIT_OPERATION):
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):
* Source/JavaScriptCore/dfg/DFGOperations.h:
* Source/JavaScriptCore/dfg/DFGSaneStringGetByValSlowPathGenerator.h:
* Source/JavaScriptCore/dfg/DFGSlowPathGenerator.h:
(JSC::DFG::slowPathMove):
(JSC::DFG::CallSlowPathGenerator::tearDown):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::exceptionCheck):
(JSC::DFG::SpeculativeJIT::compileDeleteById):
(JSC::DFG::SpeculativeJIT::compileDeleteByVal):
(JSC::DFG::SpeculativeJIT::compilePushWithScope):
(JSC::DFG::SpeculativeJIT::compileStringSubstring):
(JSC::DFG::SpeculativeJIT::compileToLowerCase):
(JSC::DFG::SpeculativeJIT::compilePutByVal):
(JSC::DFG::SpeculativeJIT::compileFromCharCode):
(JSC::DFG::SpeculativeJIT::compileValueToInt32):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::operationExceptionCheck):
(JSC::DFG::SpeculativeJIT::callOperation):
(JSC::DFG::SpeculativeJIT::callOperationWithoutExceptionCheck):
(JSC::DFG::SpeculativeJIT::appendCall):
(JSC::DFG::SpeculativeJIT::appendCallWithUGPRPair):
(JSC::DFG::SpeculativeJIT::appendCallSetResult):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
(JSC::DFG::SpeculativeJIT::genericJSValueNonPeepholeStrictEq):
(JSC::DFG::SpeculativeJIT::emitCall):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::compileGetByValWithThis):
(JSC::DFG::SpeculativeJIT::compileCreateClonedArguments):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
(JSC::DFG::SpeculativeJIT::genericJSValueNonPeepholeStrictEq):
(JSC::DFG::SpeculativeJIT::emitCall):
(JSC::DFG::SpeculativeJIT::compileGetByVal):
(JSC::DFG::SpeculativeJIT::compileRegExpTestInline):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::compileFunctionBind):
(JSC::DFG::SpeculativeJIT::compileCreateClonedArguments):
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileArrayify):
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
* Source/JavaScriptCore/ftl/FTLOutput.cpp:
(JSC::FTL::Output::verify):
* Source/JavaScriptCore/ftl/FTLOutput.h:
* Source/JavaScriptCore/jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::emitExceptionCheck):
(JSC::AssemblyHelpers::emitNonPatchableExceptionCheck):
* Source/JavaScriptCore/jit/AssemblyHelpers.h:
* Source/JavaScriptCore/jit/CCallHelpers.h:
(JSC::CCallHelpers::setupResults):
* Source/JavaScriptCore/jit/JIT.h:
* Source/JavaScriptCore/jit/JITCall.cpp:
(JSC::JIT::compileSetupFrame):
* Source/JavaScriptCore/jit/JITInlines.h:
(JSC::JIT::appendCallWithExceptionCheck):
(JSC::JIT::appendCallSetJSValueResult):
(JSC::JIT::appendCallWithExceptionCheckSetJSValueResult):
(JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
* Source/JavaScriptCore/jit/JITOperations.cpp:
(JSC::JSC_DEFINE_FAST_JIT_OPERATION):
(JSC::JSC_DEFINE_JIT_OPERATION):
* Source/JavaScriptCore/jit/JITOperations.h:
* Source/JavaScriptCore/jit/OperationResult.h: Added.
(JSC::fastOperationExceptionRegister):
(JSC::FastOperationImplicitResult::operator FastOperationResult<To>):
(JSC::FastOperationImplicitResult::operator To):
(JSC::FastOperationImplicitResult<void>::operator FastOperationResult<void>):
(JSC::makeOperationResult):
* Source/JavaScriptCore/llint/LLIntThunks.h:
* Source/JavaScriptCore/runtime/ExceptionScope.h:
(JSC::ExceptionScope::exception const):
* Source/JavaScriptCore/runtime/HashMapImplInlines.h:
(JSC::HashMapImpl<HashMapBucketType>::addNormalized):
* Source/JavaScriptCore/tools/JSDollarVM.cpp:
* Source/WTF/wtf/Threading.cpp:
(WTF::Thread::mayBeGCThread):
* Source/WebCore/bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation):
(GenerateOperationDefinition):
* Source/WebCore/bindings/scripts/test/JS/JSTestDOMJIT.cpp:
(WebCore::JSTestDOMJITDOMConstructor::prototypeForStructure):
(WebCore::JSC_DEFINE_FAST_JIT_OPERATION):
(WebCore::JSC_DEFINE_JIT_OPERATION): Deleted.
* Source/WebCore/domjit/DOMJITHelpers.h:
* Source/WebCore/domjit/JSDocumentDOMJIT.cpp:
(WebCore::DOMJIT::JSC_DEFINE_FAST_JIT_OPERATION):
(WebCore::DOMJIT::JSC_DEFINE_JIT_OPERATION): Deleted.

Canonical link: https://commits.webkit.org/278366@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list