<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[162046] branches/jsCStack/Source/JavaScriptCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/162046">162046</a></dd>
<dt>Author</dt> <dd>fpizlo@apple.com</dd>
<dt>Date</dt> <dd>2014-01-14 22:21:52 -0800 (Tue, 14 Jan 2014)</dd>
</dl>
<h3>Log Message</h3>
<pre>FTL slow path calls in inline caches should be down with exceptions
https://bugs.webkit.org/show_bug.cgi?id=127020
Not yet reviewed.
This just adds the relatively straight-forward glue code for emitting an exception
check on FTL IC slow paths and then jumping to the exception handling path.
Note that half of the attached tests failed before this change, often in very
funny ways, since the FTL IC slow paths previously just ignored exceptions. The
other half of the tests were some combination of accidental passes (because if you
ignore the exception but someone else along some path checks it then it will be
thrown and things will seem OK) and inadequate FTL coverage (so they would have
failed if the FTL supported GetByIdFlush for example).
Also updated some copyright notices that I previously forgot about.
* ftl/FTLCompile.cpp:
(JSC::FTL::fixFunctionBasedOnStackMaps):
* ftl/FTLJITFinalizer.cpp:
* ftl/FTLSlowPathCall.cpp:
(JSC::FTL::storeCodeOrigin):
(JSC::FTL::callOperation):
* ftl/FTLSlowPathCall.h:
* ftl/FTLState.h:
* tests/stress/get-by-id-throw-from-getter-through-optimized-code.js: Added.
(foo):
(makeWithGetter.return):
(makeWithGetter):
* tests/stress/get-by-id-throw-from-unexpected-getter-through-optimized-code-that-does-not-exit.js: Added.
(foo):
(makeWithGetter.return):
(makeWithGetter):
* tests/stress/get-by-id-throw-from-unexpected-getter-through-optimized-code.js: Added.
(foo):
(makeWithGetter.return):
(makeWithGetter):
* tests/stress/ic-throw-through-optimized-code.js: Added.
(foo):
* tests/stress/put-by-id-throw-through-optimized-code.js: Added.
(foo):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#branchesjsCStackSourceJavaScriptCoreChangeLog">branches/jsCStack/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCoreftlFTLCompilecpp">branches/jsCStack/Source/JavaScriptCore/ftl/FTLCompile.cpp</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCoreftlFTLJITFinalizercpp">branches/jsCStack/Source/JavaScriptCore/ftl/FTLJITFinalizer.cpp</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCoreftlFTLSlowPathCallcpp">branches/jsCStack/Source/JavaScriptCore/ftl/FTLSlowPathCall.cpp</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCoreftlFTLSlowPathCallh">branches/jsCStack/Source/JavaScriptCore/ftl/FTLSlowPathCall.h</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCoreftlFTLStateh">branches/jsCStack/Source/JavaScriptCore/ftl/FTLState.h</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#branchesjsCStackSourceJavaScriptCoretestsstressgetbyidthrowfromgetterthroughoptimizedcodejs">branches/jsCStack/Source/JavaScriptCore/tests/stress/get-by-id-throw-from-getter-through-optimized-code.js</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCoretestsstressgetbyidthrowfromunexpectedgetterthroughoptimizedcodethatdoesnotexitjs">branches/jsCStack/Source/JavaScriptCore/tests/stress/get-by-id-throw-from-unexpected-getter-through-optimized-code-that-does-not-exit.js</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCoretestsstressgetbyidthrowfromunexpectedgetterthroughoptimizedcodejs">branches/jsCStack/Source/JavaScriptCore/tests/stress/get-by-id-throw-from-unexpected-getter-through-optimized-code.js</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCoretestsstressicthrowthroughoptimizedcodejs">branches/jsCStack/Source/JavaScriptCore/tests/stress/ic-throw-through-optimized-code.js</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCoretestsstressputbyidthrowthroughoptimizedcodejs">branches/jsCStack/Source/JavaScriptCore/tests/stress/put-by-id-throw-through-optimized-code.js</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="branchesjsCStackSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/ChangeLog (162045 => 162046)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/ChangeLog 2014-01-15 06:10:54 UTC (rev 162045)
+++ branches/jsCStack/Source/JavaScriptCore/ChangeLog 2014-01-15 06:21:52 UTC (rev 162046)
</span><span class="lines">@@ -1,5 +1,49 @@
</span><span class="cx"> 2014-01-14 Filip Pizlo <fpizlo@apple.com>
</span><span class="cx">
</span><ins>+ FTL slow path calls in inline caches should be down with exceptions
+ https://bugs.webkit.org/show_bug.cgi?id=127020
+
+ Not yet reviewed.
+
+ This just adds the relatively straight-forward glue code for emitting an exception
+ check on FTL IC slow paths and then jumping to the exception handling path.
+
+ Note that half of the attached tests failed before this change, often in very
+ funny ways, since the FTL IC slow paths previously just ignored exceptions. The
+ other half of the tests were some combination of accidental passes (because if you
+ ignore the exception but someone else along some path checks it then it will be
+ thrown and things will seem OK) and inadequate FTL coverage (so they would have
+ failed if the FTL supported GetByIdFlush for example).
+
+ Also updated some copyright notices that I previously forgot about.
+
+ * ftl/FTLCompile.cpp:
+ (JSC::FTL::fixFunctionBasedOnStackMaps):
+ * ftl/FTLJITFinalizer.cpp:
+ * ftl/FTLSlowPathCall.cpp:
+ (JSC::FTL::storeCodeOrigin):
+ (JSC::FTL::callOperation):
+ * ftl/FTLSlowPathCall.h:
+ * ftl/FTLState.h:
+ * tests/stress/get-by-id-throw-from-getter-through-optimized-code.js: Added.
+ (foo):
+ (makeWithGetter.return):
+ (makeWithGetter):
+ * tests/stress/get-by-id-throw-from-unexpected-getter-through-optimized-code-that-does-not-exit.js: Added.
+ (foo):
+ (makeWithGetter.return):
+ (makeWithGetter):
+ * tests/stress/get-by-id-throw-from-unexpected-getter-through-optimized-code.js: Added.
+ (foo):
+ (makeWithGetter.return):
+ (makeWithGetter):
+ * tests/stress/ic-throw-through-optimized-code.js: Added.
+ (foo):
+ * tests/stress/put-by-id-throw-through-optimized-code.js: Added.
+ (foo):
+
+2014-01-14 Filip Pizlo <fpizlo@apple.com>
+
</ins><span class="cx"> FTL should be cool with runtime functions throwing exceptions
</span><span class="cx"> https://bugs.webkit.org/show_bug.cgi?id=127018
</span><span class="cx">
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCoreftlFTLCompilecpp"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/ftl/FTLCompile.cpp (162045 => 162046)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/ftl/FTLCompile.cpp 2014-01-15 06:10:54 UTC (rev 162045)
+++ branches/jsCStack/Source/JavaScriptCore/ftl/FTLCompile.cpp 2014-01-15 06:21:52 UTC (rev 162046)
</span><span class="lines">@@ -170,14 +170,8 @@
</span><span class="cx">
</span><span class="cx"> // FIXME: Need to update all machine virtual registers in runtime meta-data.
</span><span class="cx"> // https://bugs.webkit.org/show_bug.cgi?id=125725
</span><del>-
- iter = recordMap.find(state.handleExceptionStackmapID);
- // It's sort of remotely possible that we won't have an exception handling path, for
- // some kinds of functions. That's not an optimization per se; it just fell out that
- // way.
- if (iter != recordMap.end()) {
- RELEASE_ASSERT(!iter->value.locations.size());
-
</del><ins>+
+ {
</ins><span class="cx"> CCallHelpers checkJIT(&vm, codeBlock);
</span><span class="cx">
</span><span class="cx"> // At this point it's perfectly fair to just blow away all state and restore the
</span><span class="lines">@@ -242,6 +236,8 @@
</span><span class="cx"> if (!state.getByIds.isEmpty() || !state.putByIds.isEmpty()) {
</span><span class="cx"> CCallHelpers slowPathJIT(&vm, codeBlock);
</span><span class="cx">
</span><ins>+ CCallHelpers::JumpList exceptionTarget;
+
</ins><span class="cx"> for (unsigned i = state.getByIds.size(); i--;) {
</span><span class="cx"> GetByIdDescriptor& getById = state.getByIds[i];
</span><span class="cx">
</span><span class="lines">@@ -269,8 +265,8 @@
</span><span class="cx"> MacroAssembler::Label begin = slowPathJIT.label();
</span><span class="cx">
</span><span class="cx"> MacroAssembler::Call call = callOperation(
</span><del>- state, usedRegisters, slowPathJIT, operationGetByIdOptimize, result,
- gen.stubInfo(), base, getById.uid());
</del><ins>+ state, usedRegisters, slowPathJIT, getById.codeOrigin(), &exceptionTarget,
+ operationGetByIdOptimize, result, gen.stubInfo(), base, getById.uid());
</ins><span class="cx">
</span><span class="cx"> gen.reportSlowPathCall(begin, call);
</span><span class="cx">
</span><span class="lines">@@ -306,8 +302,8 @@
</span><span class="cx"> MacroAssembler::Label begin = slowPathJIT.label();
</span><span class="cx">
</span><span class="cx"> MacroAssembler::Call call = callOperation(
</span><del>- state, usedRegisters, slowPathJIT, gen.slowPathFunction(), gen.stubInfo(),
- value, base, putById.uid());
</del><ins>+ state, usedRegisters, slowPathJIT, putById.codeOrigin(), &exceptionTarget,
+ gen.slowPathFunction(), gen.stubInfo(), value, base, putById.uid());
</ins><span class="cx">
</span><span class="cx"> gen.reportSlowPathCall(begin, call);
</span><span class="cx">
</span><span class="lines">@@ -315,8 +311,13 @@
</span><span class="cx"> putById.m_generator = gen;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ exceptionTarget.link(&slowPathJIT);
+ MacroAssembler::Jump exceptionJump = slowPathJIT.jump();
+
</ins><span class="cx"> state.finalizer->sideCodeLinkBuffer = adoptPtr(
</span><span class="cx"> new LinkBuffer(vm, &slowPathJIT, codeBlock, JITCompilationMustSucceed));
</span><ins>+ state.finalizer->sideCodeLinkBuffer->link(
+ exceptionJump, state.finalizer->handleExceptionsLinkBuffer->entrypoint());
</ins><span class="cx">
</span><span class="cx"> for (unsigned i = state.getByIds.size(); i--;) {
</span><span class="cx"> generateICFastPath(
</span><span class="lines">@@ -370,10 +371,10 @@
</span><span class="cx">
</span><span class="cx"> RepatchBuffer repatchBuffer(codeBlock);
</span><span class="cx">
</span><del>- if (state.finalizer->handleExceptionsLinkBuffer) {
- iter = recordMap.find(state.handleExceptionStackmapID);
- RELEASE_ASSERT(iter != recordMap.end());
-
</del><ins>+ iter = recordMap.find(state.handleExceptionStackmapID);
+ // It's sort of remotely possible that we won't have an in-band exception handling
+ // path, for some kinds of functions.
+ if (iter != recordMap.end()) {
</ins><span class="cx"> StackMaps::Record& record = iter->value;
</span><span class="cx">
</span><span class="cx"> CodeLocationLabel source = CodeLocationLabel(
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCoreftlFTLJITFinalizercpp"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/ftl/FTLJITFinalizer.cpp (162045 => 162046)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/ftl/FTLJITFinalizer.cpp 2014-01-15 06:10:54 UTC (rev 162045)
+++ branches/jsCStack/Source/JavaScriptCore/ftl/FTLJITFinalizer.cpp 2014-01-15 06:21:52 UTC (rev 162046)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013, 2014 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCoreftlFTLSlowPathCallcpp"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/ftl/FTLSlowPathCall.cpp (162045 => 162046)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/ftl/FTLSlowPathCall.cpp 2014-01-15 06:10:54 UTC (rev 162045)
+++ branches/jsCStack/Source/JavaScriptCore/ftl/FTLSlowPathCall.cpp 2014-01-15 06:21:52 UTC (rev 162046)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013, 2014 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -29,6 +29,7 @@
</span><span class="cx"> #if ENABLE(FTL_JIT)
</span><span class="cx">
</span><span class="cx"> #include "CCallHelpers.h"
</span><ins>+#include "CallFrameInlines.h"
</ins><span class="cx"> #include "FTLState.h"
</span><span class="cx"> #include "GPRInfo.h"
</span><span class="cx">
</span><span class="lines">@@ -134,11 +135,13 @@
</span><span class="cx"> return SlowPathCallKey(usedRegisters(), callTarget, offset());
</span><span class="cx"> }
</span><span class="cx">
</span><del>- MacroAssembler::Call makeCall(void* callTarget)
</del><ins>+ MacroAssembler::Call makeCall(void* callTarget, MacroAssembler::JumpList* exceptionTarget)
</ins><span class="cx"> {
</span><span class="cx"> MacroAssembler::Call result = m_jit.call();
</span><span class="cx"> m_state.finalizer->slowPathCalls.append(SlowPathCall(
</span><span class="cx"> result, keyWithTarget(callTarget)));
</span><ins>+ if (exceptionTarget)
+ exceptionTarget->append(m_jit.emitExceptionCheck());
</ins><span class="cx"> return result;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -157,32 +160,44 @@
</span><span class="cx">
</span><span class="cx"> } // anonymous namespace
</span><span class="cx">
</span><ins>+void storeCodeOrigin(State& state, CCallHelpers& jit, CodeOrigin codeOrigin)
+{
+ if (!codeOrigin.isSet())
+ return;
+
+ unsigned index = state.jitCode->common.addCodeOrigin(codeOrigin);
+ unsigned locationBits = CallFrame::Location::encodeAsCodeOriginIndex(index);
+ jit.store32(
+ CCallHelpers::TrustedImm32(locationBits),
+ CCallHelpers::tagFor(static_cast<VirtualRegister>(JSStack::ArgumentCount)));
+}
+
</ins><span class="cx"> MacroAssembler::Call callOperation(
</span><span class="cx"> State& state, const RegisterSet& usedRegisters, CCallHelpers& jit,
</span><del>- J_JITOperation_ESsiJI operation, GPRReg result, StructureStubInfo* stubInfo, GPRReg object,
- StringImpl* uid)
</del><ins>+ CodeOrigin codeOrigin, MacroAssembler::JumpList* exceptionTarget,
+ J_JITOperation_ESsiJI operation, GPRReg result, StructureStubInfo* stubInfo,
+ GPRReg object, StringImpl* uid)
</ins><span class="cx"> {
</span><ins>+ storeCodeOrigin(state, jit, codeOrigin);
</ins><span class="cx"> CallContext context(state, usedRegisters, jit, 4, result);
</span><span class="cx"> jit.setupArgumentsWithExecState(
</span><span class="cx"> CCallHelpers::TrustedImmPtr(stubInfo), object,
</span><span class="cx"> CCallHelpers::TrustedImmPtr(uid));
</span><del>- return context.makeCall(bitwise_cast<void*>(operation));
- // FIXME: FTL should support exceptions.
- // https://bugs.webkit.org/show_bug.cgi?id=113622
</del><ins>+ return context.makeCall(bitwise_cast<void*>(operation), exceptionTarget);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> MacroAssembler::Call callOperation(
</span><span class="cx"> State& state, const RegisterSet& usedRegisters, CCallHelpers& jit,
</span><del>- V_JITOperation_ESsiJJI operation, StructureStubInfo* stubInfo, GPRReg value, GPRReg object,
- StringImpl* uid)
</del><ins>+ CodeOrigin codeOrigin, MacroAssembler::JumpList* exceptionTarget,
+ V_JITOperation_ESsiJJI operation, StructureStubInfo* stubInfo, GPRReg value,
+ GPRReg object, StringImpl* uid)
</ins><span class="cx"> {
</span><ins>+ storeCodeOrigin(state, jit, codeOrigin);
</ins><span class="cx"> CallContext context(state, usedRegisters, jit, 5, InvalidGPRReg);
</span><span class="cx"> jit.setupArgumentsWithExecState(
</span><span class="cx"> CCallHelpers::TrustedImmPtr(stubInfo), value, object,
</span><span class="cx"> CCallHelpers::TrustedImmPtr(uid));
</span><del>- return context.makeCall(bitwise_cast<void*>(operation));
- // FIXME: FTL should support exceptions.
- // https://bugs.webkit.org/show_bug.cgi?id=113622
</del><ins>+ return context.makeCall(bitwise_cast<void*>(operation), exceptionTarget);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> } } // namespace JSC::FTL
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCoreftlFTLSlowPathCallh"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/ftl/FTLSlowPathCall.h (162045 => 162046)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/ftl/FTLSlowPathCall.h 2014-01-15 06:10:54 UTC (rev 162045)
+++ branches/jsCStack/Source/JavaScriptCore/ftl/FTLSlowPathCall.h 2014-01-15 06:21:52 UTC (rev 162046)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013, 2014 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -55,12 +55,16 @@
</span><span class="cx"> SlowPathCallKey m_key;
</span><span class="cx"> };
</span><span class="cx">
</span><ins>+void storeCodeOrigin(State&, CCallHelpers&, CodeOrigin);
+
</ins><span class="cx"> MacroAssembler::Call callOperation(
</span><del>- State&, const RegisterSet&, CCallHelpers&, J_JITOperation_ESsiJI,
- GPRReg result, StructureStubInfo*, GPRReg object, StringImpl* uid);
</del><ins>+ State&, const RegisterSet&, CCallHelpers&, CodeOrigin, CCallHelpers::JumpList*,
+ J_JITOperation_ESsiJI, GPRReg result, StructureStubInfo*, GPRReg object,
+ StringImpl* uid);
</ins><span class="cx"> MacroAssembler::Call callOperation(
</span><del>- State&, const RegisterSet&, CCallHelpers&, V_JITOperation_ESsiJJI,
- StructureStubInfo*, GPRReg value, GPRReg object, StringImpl* uid);
</del><ins>+ State&, const RegisterSet&, CCallHelpers&, CodeOrigin, CCallHelpers::JumpList*,
+ V_JITOperation_ESsiJJI, StructureStubInfo*, GPRReg value, GPRReg object,
+ StringImpl* uid);
</ins><span class="cx">
</span><span class="cx"> } } // namespace JSC::FTL
</span><span class="cx">
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCoreftlFTLStateh"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/ftl/FTLState.h (162045 => 162046)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/ftl/FTLState.h 2014-01-15 06:10:54 UTC (rev 162045)
+++ branches/jsCStack/Source/JavaScriptCore/ftl/FTLState.h 2014-01-15 06:21:52 UTC (rev 162046)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013, 2014 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCoretestsstressgetbyidthrowfromgetterthroughoptimizedcodejs"></a>
<div class="addfile"><h4>Added: branches/jsCStack/Source/JavaScriptCore/tests/stress/get-by-id-throw-from-getter-through-optimized-code.js (0 => 162046)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/tests/stress/get-by-id-throw-from-getter-through-optimized-code.js (rev 0)
+++ branches/jsCStack/Source/JavaScriptCore/tests/stress/get-by-id-throw-from-getter-through-optimized-code.js 2014-01-15 06:21:52 UTC (rev 162046)
</span><span class="lines">@@ -0,0 +1,37 @@
</span><ins>+function foo(o) {
+ return o.f + 1;
+}
+
+noInline(foo);
+
+var shouldThrow = false;
+
+function makeWithGetter() {
+ var o = {};
+ o.__defineGetter__("f", function() {
+ if (shouldThrow)
+ throw "hello";
+ return 42;
+ });
+ return o;
+}
+
+for (var i = 0; i < 100000; ++i) {
+ var result = foo({f:23});
+ if (result != 24)
+ throw "Error: bad result: " + result;
+ result = foo(makeWithGetter());
+ if (result != 43)
+ throw "Error: bad result: " + result;
+}
+
+var didThrow;
+try {
+ shouldThrow = true;
+ foo(makeWithGetter());
+} catch (e) {
+ didThrow = e;
+}
+
+if (didThrow != "hello")
+ throw "Error: didn't throw or threw wrong exception: " + didThrow;
</ins></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCoretestsstressgetbyidthrowfromunexpectedgetterthroughoptimizedcodethatdoesnotexitjs"></a>
<div class="addfile"><h4>Added: branches/jsCStack/Source/JavaScriptCore/tests/stress/get-by-id-throw-from-unexpected-getter-through-optimized-code-that-does-not-exit.js (0 => 162046)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/tests/stress/get-by-id-throw-from-unexpected-getter-through-optimized-code-that-does-not-exit.js (rev 0)
+++ branches/jsCStack/Source/JavaScriptCore/tests/stress/get-by-id-throw-from-unexpected-getter-through-optimized-code-that-does-not-exit.js 2014-01-15 06:21:52 UTC (rev 162046)
</span><span class="lines">@@ -0,0 +1,35 @@
</span><ins>+function foo(o) {
+ return o.f;
+}
+
+noInline(foo);
+
+function makeWithGetter() {
+ var o = {};
+ o.__defineGetter__("f", function() {
+ throw "hello";
+ });
+ return o;
+}
+
+for (var i = 0; i < 100000; ++i) {
+ var result = foo({f:23});
+ if (result != 23)
+ throw "Error: bad result: " + result;
+ result = foo({g:12, f:13});
+ if (result != 13)
+ throw "Error: bad result: " + result;
+ result = foo({g:12, h:13, f:14});
+ if (result != 14)
+ throw "Error: bad result: " + result;
+}
+
+var didThrow;
+try {
+ foo(makeWithGetter());
+} catch (e) {
+ didThrow = e;
+}
+
+if (didThrow != "hello")
+ throw "Error: didn't throw or threw wrong exception: " + didThrow;
</ins></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCoretestsstressgetbyidthrowfromunexpectedgetterthroughoptimizedcodejs"></a>
<div class="addfile"><h4>Added: branches/jsCStack/Source/JavaScriptCore/tests/stress/get-by-id-throw-from-unexpected-getter-through-optimized-code.js (0 => 162046)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/tests/stress/get-by-id-throw-from-unexpected-getter-through-optimized-code.js (rev 0)
+++ branches/jsCStack/Source/JavaScriptCore/tests/stress/get-by-id-throw-from-unexpected-getter-through-optimized-code.js 2014-01-15 06:21:52 UTC (rev 162046)
</span><span class="lines">@@ -0,0 +1,35 @@
</span><ins>+function foo(o) {
+ return o.f + 1;
+}
+
+noInline(foo);
+
+function makeWithGetter() {
+ var o = {};
+ o.__defineGetter__("f", function() {
+ throw "hello";
+ });
+ return o;
+}
+
+for (var i = 0; i < 100000; ++i) {
+ var result = foo({f:23});
+ if (result != 24)
+ throw "Error: bad result: " + result;
+ result = foo({g:12, f:13});
+ if (result != 14)
+ throw "Error: bad result: " + result;
+ result = foo({g:12, h:13, f:14});
+ if (result != 15)
+ throw "Error: bad result: " + result;
+}
+
+var didThrow;
+try {
+ foo(makeWithGetter());
+} catch (e) {
+ didThrow = e;
+}
+
+if (didThrow != "hello")
+ throw "Error: didn't throw or threw wrong exception: " + didThrow;
</ins></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCoretestsstressicthrowthroughoptimizedcodejs"></a>
<div class="addfile"><h4>Added: branches/jsCStack/Source/JavaScriptCore/tests/stress/ic-throw-through-optimized-code.js (0 => 162046)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/tests/stress/ic-throw-through-optimized-code.js (rev 0)
+++ branches/jsCStack/Source/JavaScriptCore/tests/stress/ic-throw-through-optimized-code.js 2014-01-15 06:21:52 UTC (rev 162046)
</span><span class="lines">@@ -0,0 +1,29 @@
</span><ins>+function foo(o) {
+ return o.f + 1;
+}
+
+Number.prototype.f = 42;
+
+noInline(foo);
+
+for (var i = 0; i < 100000; ++i) {
+ var result = foo(23);
+ if (result != 43)
+ throw "Error: bad result: " + result;
+ result = foo({f:25});
+ if (result != 26)
+ throw "Error: bad result: " + result;
+ result = foo({g:12, f:13});
+ if (result != 14)
+ throw "Error: bad result: " + result;
+}
+
+var didThrow;
+try {
+ foo(void 0);
+} catch (e) {
+ didThrow = e;
+}
+
+if (!didThrow || didThrow.toString().indexOf("TypeError:") != 0)
+ throw "Error: didn't throw or threw wrong exception: " + didThrow;
</ins></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCoretestsstressputbyidthrowthroughoptimizedcodejs"></a>
<div class="addfile"><h4>Added: branches/jsCStack/Source/JavaScriptCore/tests/stress/put-by-id-throw-through-optimized-code.js (0 => 162046)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/tests/stress/put-by-id-throw-through-optimized-code.js (rev 0)
+++ branches/jsCStack/Source/JavaScriptCore/tests/stress/put-by-id-throw-through-optimized-code.js 2014-01-15 06:21:52 UTC (rev 162046)
</span><span class="lines">@@ -0,0 +1,33 @@
</span><ins>+function foo(o) {
+ "use strict";
+ o.f = 42;
+}
+
+noInline(foo);
+
+for (var i = 0; i < 100000; ++i) {
+ var o = {};
+ foo(o);
+ if (o.f != 42)
+ throw "Error: bad result: " + o.f;
+ o = {f:23};
+ foo(o);
+ if (o.f != 42)
+ throw "Error: bad result: " + o.f;
+ o = {g:12};
+ foo(o);
+ if (o.f != 42)
+ throw "Error: bad result: " + o.f;
+}
+
+var didThrow;
+try {
+ var o = {};
+ Object.freeze(o);
+ foo(o);
+} catch (e) {
+ didThrow = e;
+}
+
+if (!didThrow || didThrow.toString().indexOf("TypeError:") != 0)
+ throw "Error: didn't throw or threw wrong exception: " + didThrow;
</ins></span></pre>
</div>
</div>
</body>
</html>