<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[190765] branches/safari-601-branch/Source/JavaScriptCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/190765">190765</a></dd>
<dt>Author</dt> <dd>lforschler@apple.com</dd>
<dt>Date</dt> <dd>2015-10-08 18:13:55 -0700 (Thu, 08 Oct 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>Merged <a href="http://trac.webkit.org/projects/webkit/changeset/189454">r189454</a>. rdar://problem/22802036</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#branchessafari601branchSourceJavaScriptCoreAPIteststestapic">branches/safari-601-branch/Source/JavaScriptCore/API/tests/testapi.c</a></li>
<li><a href="#branchessafari601branchSourceJavaScriptCoreChangeLog">branches/safari-601-branch/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#branchessafari601branchSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj">branches/safari-601-branch/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj</a></li>
<li><a href="#branchessafari601branchSourceJavaScriptCoreinterpreterCallFrameh">branches/safari-601-branch/Source/JavaScriptCore/interpreter/CallFrame.h</a></li>
<li><a href="#branchessafari601branchSourceJavaScriptCoreinterpreterInterpretercpp">branches/safari-601-branch/Source/JavaScriptCore/interpreter/Interpreter.cpp</a></li>
<li><a href="#branchessafari601branchSourceJavaScriptCoreinterpreterInterpreterh">branches/safari-601-branch/Source/JavaScriptCore/interpreter/Interpreter.h</a></li>
<li><a href="#branchessafari601branchSourceJavaScriptCorejitCCallHelpersh">branches/safari-601-branch/Source/JavaScriptCore/jit/CCallHelpers.h</a></li>
<li><a href="#branchessafari601branchSourceJavaScriptCorejitJITExceptionscpp">branches/safari-601-branch/Source/JavaScriptCore/jit/JITExceptions.cpp</a></li>
<li><a href="#branchessafari601branchSourceJavaScriptCorejitJITExceptionsh">branches/safari-601-branch/Source/JavaScriptCore/jit/JITExceptions.h</a></li>
<li><a href="#branchessafari601branchSourceJavaScriptCorejitJITOpcodescpp">branches/safari-601-branch/Source/JavaScriptCore/jit/JITOpcodes.cpp</a></li>
<li><a href="#branchessafari601branchSourceJavaScriptCorejitJITOpcodes32_64cpp">branches/safari-601-branch/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp</a></li>
<li><a href="#branchessafari601branchSourceJavaScriptCorejitJITOperationscpp">branches/safari-601-branch/Source/JavaScriptCore/jit/JITOperations.cpp</a></li>
<li><a href="#branchessafari601branchSourceJavaScriptCorellintLowLevelInterpreter32_64asm">branches/safari-601-branch/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm</a></li>
<li><a href="#branchessafari601branchSourceJavaScriptCorellintLowLevelInterpreter64asm">branches/safari-601-branch/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm</a></li>
<li><a href="#branchessafari601branchSourceJavaScriptCoreruntimeVMh">branches/safari-601-branch/Source/JavaScriptCore/runtime/VM.h</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#branchessafari601branchSourceJavaScriptCoreAPItestsPingPongStackOverflowTestcpp">branches/safari-601-branch/Source/JavaScriptCore/API/tests/PingPongStackOverflowTest.cpp</a></li>
<li><a href="#branchessafari601branchSourceJavaScriptCoreAPItestsPingPongStackOverflowTesth">branches/safari-601-branch/Source/JavaScriptCore/API/tests/PingPongStackOverflowTest.h</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="branchessafari601branchSourceJavaScriptCoreAPItestsPingPongStackOverflowTestcppfromrev189454trunkSourceJavaScriptCoreAPItestsPingPongStackOverflowTestcpp"></a>
<div class="copfile"><h4>Copied: branches/safari-601-branch/Source/JavaScriptCore/API/tests/PingPongStackOverflowTest.cpp (from rev 189454, trunk/Source/JavaScriptCore/API/tests/PingPongStackOverflowTest.cpp) (0 => 190765)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-601-branch/Source/JavaScriptCore/API/tests/PingPongStackOverflowTest.cpp (rev 0)
+++ branches/safari-601-branch/Source/JavaScriptCore/API/tests/PingPongStackOverflowTest.cpp 2015-10-09 01:13:55 UTC (rev 190765)
</span><span class="lines">@@ -0,0 +1,182 @@
</span><ins>+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "PingPongStackOverflowTest.h"
+
+#include "InitializeThreading.h"
+#include "JSContextRefPrivate.h"
+#include "JavaScriptCore.h"
+#include "Options.h"
+#include <wtf/text/StringBuilder.h>
+
+using JSC::Options;
+
+static JSGlobalContextRef context = nullptr;
+static int nativeRecursionCount = 0;
+
+static bool PingPongStackOverflowObject_hasInstance(JSContextRef context, JSObjectRef constructor, JSValueRef possibleValue, JSValueRef* exception)
+{
+ UNUSED_PARAM(context);
+ UNUSED_PARAM(constructor);
+
+ JSStringRef hasInstanceName = JSStringCreateWithUTF8CString("hasInstance");
+ JSValueRef hasInstance = JSObjectGetProperty(context, constructor, hasInstanceName, exception);
+ JSStringRelease(hasInstanceName);
+ if (!hasInstance)
+ return false;
+
+ int countAtEntry = nativeRecursionCount++;
+
+ JSValueRef result = 0;
+ if (nativeRecursionCount < 100) {
+ JSObjectRef function = JSValueToObject(context, hasInstance, exception);
+ result = JSObjectCallAsFunction(context, function, constructor, 1, &possibleValue, exception);
+ } else {
+ StringBuilder builder;
+ builder.append("dummy.valueOf([0]");
+ for (int i = 1; i < 35000; i++) {
+ builder.append(", [");
+ builder.appendNumber(i);
+ builder.append("]");
+ }
+ builder.append(");");
+
+ JSStringRef script = JSStringCreateWithUTF8CString(builder.toString().utf8().data());
+ result = JSEvaluateScript(context, script, NULL, NULL, 1, exception);
+ JSStringRelease(script);
+ }
+
+ --nativeRecursionCount;
+ if (nativeRecursionCount != countAtEntry)
+ printf(" ERROR: PingPongStackOverflow test saw a recursion count mismatch\n");
+
+ return result && JSValueToBoolean(context, result);
+}
+
+JSClassDefinition PingPongStackOverflowObject_definition = {
+ 0,
+ kJSClassAttributeNone,
+
+ "PingPongStackOverflowObject",
+ NULL,
+
+ NULL,
+ NULL,
+
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ PingPongStackOverflowObject_hasInstance,
+ NULL,
+};
+
+static JSClassRef PingPongStackOverflowObject_class(JSContextRef context)
+{
+ UNUSED_PARAM(context);
+
+ static JSClassRef jsClass;
+ if (!jsClass)
+ jsClass = JSClassCreate(&PingPongStackOverflowObject_definition);
+
+ return jsClass;
+}
+
+// This tests tests a stack overflow on VM reentry into a JS function from a native function
+// after ping-pong'ing back and forth between JS and native functions multiple times.
+// This test should not hang or crash.
+int testPingPongStackOverflow()
+{
+ bool failed = false;
+
+ JSC::initializeThreading();
+ Options::initialize(); // Ensure options is initialized first.
+
+ auto origReservedZoneSize = Options::reservedZoneSize();
+ auto origErrorModeReservedZoneSize = Options::errorModeReservedZoneSize();
+ auto origUseLLInt = Options::useLLInt();
+ auto origMaxPerThreadStackUsage = Options::maxPerThreadStackUsage();
+
+ Options::reservedZoneSize() = 128 * KB;
+ Options::errorModeReservedZoneSize() = 64 * KB;
+#if ENABLE(JIT)
+ // Normally, we want to disable the LLINT to force the use of JITted code which is necessary for
+ // reproducing the regression in https://bugs.webkit.org/show_bug.cgi?id=148749. However, we only
+ // want to do this if the LLINT isn't the only available execution engine.
+ Options::useLLInt() = false;
+#endif
+
+ const char* scriptString =
+ "var count = 0;" \
+ "PingPongStackOverflowObject.hasInstance = function f() {" \
+ " return (undefined instanceof PingPongStackOverflowObject);" \
+ "};" \
+ "PingPongStackOverflowObject.__proto__ = undefined;" \
+ "undefined instanceof PingPongStackOverflowObject;";
+
+ JSValueRef scriptResult = nullptr;
+ JSValueRef exception = nullptr;
+ JSStringRef script = JSStringCreateWithUTF8CString(scriptString);
+
+ nativeRecursionCount = 0;
+ context = JSGlobalContextCreateInGroup(nullptr, nullptr);
+
+ JSObjectRef globalObject = JSContextGetGlobalObject(context);
+ ASSERT(JSValueIsObject(context, globalObject));
+
+ JSObjectRef PingPongStackOverflowObject = JSObjectMake(context, PingPongStackOverflowObject_class(context), NULL);
+ JSStringRef PingPongStackOverflowObjectString = JSStringCreateWithUTF8CString("PingPongStackOverflowObject");
+ JSObjectSetProperty(context, globalObject, PingPongStackOverflowObjectString, PingPongStackOverflowObject, kJSPropertyAttributeNone, NULL);
+ JSStringRelease(PingPongStackOverflowObjectString);
+
+ unsigned stackSize = 32 * KB;
+ Options::maxPerThreadStackUsage() = stackSize + Options::reservedZoneSize();
+
+ exception = nullptr;
+ scriptResult = JSEvaluateScript(context, script, nullptr, nullptr, 1, &exception);
+
+ if (!exception) {
+ printf("FAIL: PingPongStackOverflowError not thrown in PingPongStackOverflow test\n");
+ failed = true;
+ } else if (nativeRecursionCount) {
+ printf("FAIL: Unbalanced native recursion count: %d in PingPongStackOverflow test\n", nativeRecursionCount);
+ failed = true;
+ } else {
+ printf("PASS: PingPongStackOverflow test.\n");
+ }
+
+ Options::reservedZoneSize() = origReservedZoneSize;
+ Options::errorModeReservedZoneSize() = origErrorModeReservedZoneSize;
+ Options::useLLInt() = origUseLLInt;
+ Options::maxPerThreadStackUsage() = origMaxPerThreadStackUsage;
+
+ return failed;
+}
</ins></span></pre></div>
<a id="branchessafari601branchSourceJavaScriptCoreAPItestsPingPongStackOverflowTesthfromrev189454trunkSourceJavaScriptCoreAPItestsPingPongStackOverflowTesth"></a>
<div class="copfile"><h4>Copied: branches/safari-601-branch/Source/JavaScriptCore/API/tests/PingPongStackOverflowTest.h (from rev 189454, trunk/Source/JavaScriptCore/API/tests/PingPongStackOverflowTest.h) (0 => 190765)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-601-branch/Source/JavaScriptCore/API/tests/PingPongStackOverflowTest.h (rev 0)
+++ branches/safari-601-branch/Source/JavaScriptCore/API/tests/PingPongStackOverflowTest.h 2015-10-09 01:13:55 UTC (rev 190765)
</span><span class="lines">@@ -0,0 +1,39 @@
</span><ins>+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef PingPongStackOverflowTest_h
+#define PingPongStackOverflowTest_h
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int testPingPongStackOverflow();
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* PingPongStackOverflowTest_h */
</ins></span></pre></div>
<a id="branchessafari601branchSourceJavaScriptCoreAPIteststestapic"></a>
<div class="modfile"><h4>Modified: branches/safari-601-branch/Source/JavaScriptCore/API/tests/testapi.c (190764 => 190765)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-601-branch/Source/JavaScriptCore/API/tests/testapi.c 2015-10-09 01:13:26 UTC (rev 190764)
+++ branches/safari-601-branch/Source/JavaScriptCore/API/tests/testapi.c 2015-10-09 01:13:55 UTC (rev 190765)
</span><span class="lines">@@ -42,6 +42,7 @@
</span><span class="cx"> #include "CompareAndSwapTest.h"
</span><span class="cx"> #include "CustomGlobalObjectClassTest.h"
</span><span class="cx"> #include "GlobalContextWithFinalizerTest.h"
</span><ins>+#include "PingPongStackOverflowTest.h"
</ins><span class="cx">
</span><span class="cx"> #if OS(DARWIN)
</span><span class="cx"> #include "ExecutionTimeLimitTest.h"
</span><span class="lines">@@ -1875,6 +1876,7 @@
</span><span class="cx"> failed = testExecutionTimeLimit() || failed;
</span><span class="cx"> #endif /* OS(DARWIN) */
</span><span class="cx"> failed = testGlobalContextWithFinalizer() || failed;
</span><ins>+ failed = testPingPongStackOverflow() || failed;
</ins><span class="cx">
</span><span class="cx"> // Clear out local variables pointing at JSObjectRefs to allow their values to be collected
</span><span class="cx"> function = NULL;
</span></span></pre></div>
<a id="branchessafari601branchSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: branches/safari-601-branch/Source/JavaScriptCore/ChangeLog (190764 => 190765)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-601-branch/Source/JavaScriptCore/ChangeLog 2015-10-09 01:13:26 UTC (rev 190764)
+++ branches/safari-601-branch/Source/JavaScriptCore/ChangeLog 2015-10-09 01:13:55 UTC (rev 190765)
</span><span class="lines">@@ -1,3 +1,74 @@
</span><ins>+2015-10-08 Lucas Forschler <lforschler@apple.com>
+
+ Merge r189454. rdar://problem/22802036
+
+ 2015-09-06 Mark Lam <mark.lam@apple.com>
+
+ StackOverflow stack unwinding should stop at native frames.
+ https://bugs.webkit.org/show_bug.cgi?id=148749
+
+ Reviewed by Michael Saboff.
+
+ In the present code, after ping-pong'ing back and forth between native and JS
+ code a few times, if we have a stack overflow on re-entry into the VM to run
+ JS code's whose stack frame would overflow the JS stack, the code will end up
+ unwinding past the native function that is making the call to re-enter the VM.
+ As a result, any clean up code (e.g. destructors for stack variables) in the
+ skipped native function frame (and its chain of native function callers) will
+ not be called.
+
+ This patch is based on the Michael Saboff's fix of this issue landed on the
+ jsc-tailcall branch: http://trac.webkit.org/changeset/188555
+
+ We now check for the case where there are no JS frames to unwind since the
+ last native frame, and treat the exception as an unhandled exception. The
+ native function is responsible for further propagating the exception if needed.
+
+ Other supporting work:
+ 1. Remove vm->vmEntryFrameForThrow. It should always be the same as
+ vm->topVMEntryFrame.
+ 2. Change operationThrowStackOverflowError() to use the throwStackOverflowError()
+ helper function instead of rolling its own.
+ 3. Added a test that exercises this edge case. The test should not hang or crash.
+
+ * API/tests/PingPongStackOverflowTest.cpp: Added.
+ (PingPongStackOverflowObject_hasInstance):
+ (testPingPongStackOverflow):
+ * API/tests/PingPongStackOverflowTest.h: Added.
+ * API/tests/testapi.c:
+ (main):
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::operator=):
+ (JSC::ExecState::callerFrame):
+ (JSC::ExecState::callerFrameOrVMEntryFrame):
+ (JSC::ExecState::argIndexForRegister):
+ (JSC::ExecState::callerFrameAndPC):
+ * interpreter/Interpreter.cpp:
+ (JSC::UnwindFunctor::UnwindFunctor):
+ (JSC::UnwindFunctor::operator()):
+ (JSC::Interpreter::unwind):
+ * interpreter/Interpreter.h:
+ (JSC::NativeCallFrameTracer::NativeCallFrameTracer):
+ (JSC::Interpreter::sampler):
+ * jit/CCallHelpers.h:
+ (JSC::CCallHelpers::jumpToExceptionHandler):
+ * jit/JITExceptions.cpp:
+ (JSC::genericUnwind):
+ * jit/JITExceptions.h:
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_catch):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_catch):
+ * jit/JITOperations.cpp:
+ * llint/LowLevelInterpreter32_64.asm:
+ * llint/LowLevelInterpreter64.asm:
+ * runtime/VM.h:
+ (JSC::VM::exceptionOffset):
+ (JSC::VM::callFrameForThrowOffset):
+ (JSC::VM::vmEntryFrameForThrowOffset): Deleted.
+ (JSC::VM::topVMEntryFrameOffset): Deleted.
+
</ins><span class="cx"> 2015-10-02 Matthew Hanson <matthew_hanson@apple.com>
</span><span class="cx">
</span><span class="cx"> Merge r189460. rdar://problem/22802036
</span></span></pre></div>
<a id="branchessafari601branchSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj"></a>
<div class="modfile"><h4>Modified: branches/safari-601-branch/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj (190764 => 190765)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-601-branch/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj 2015-10-09 01:13:26 UTC (rev 190764)
+++ branches/safari-601-branch/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj 2015-10-09 01:13:55 UTC (rev 190765)
</span><span class="lines">@@ -1677,6 +1677,7 @@
</span><span class="cx"> FE5932A8183C5A2600A1ECCC /* VMEntryScope.h in Headers */ = {isa = PBXBuildFile; fileRef = FE5932A6183C5A2600A1ECCC /* VMEntryScope.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> FE7BA60F1A1A7CEC00F1F7B4 /* HeapVerifier.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE7BA60D1A1A7CEC00F1F7B4 /* HeapVerifier.cpp */; };
</span><span class="cx"> FE7BA6101A1A7CEC00F1F7B4 /* HeapVerifier.h in Headers */ = {isa = PBXBuildFile; fileRef = FE7BA60E1A1A7CEC00F1F7B4 /* HeapVerifier.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><ins>+ FE7C41961B97FC4B00F4D598 /* PingPongStackOverflowTest.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FEDA50D41B97F442009A3B4F /* PingPongStackOverflowTest.cpp */; };
</ins><span class="cx"> FEA08620182B7A0400F6D851 /* Breakpoint.h in Headers */ = {isa = PBXBuildFile; fileRef = FEA0861E182B7A0400F6D851 /* Breakpoint.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> FEA08621182B7A0400F6D851 /* DebuggerPrimitives.h in Headers */ = {isa = PBXBuildFile; fileRef = FEA0861F182B7A0400F6D851 /* DebuggerPrimitives.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> FEB51F6C1A97B688001F921C /* Regress141809.mm in Sources */ = {isa = PBXBuildFile; fileRef = FEB51F6B1A97B688001F921C /* Regress141809.mm */; };
</span><span class="lines">@@ -3492,6 +3493,8 @@
</span><span class="cx"> FED94F2B171E3E2300BE77A4 /* Watchdog.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Watchdog.cpp; sourceTree = "<group>"; };
</span><span class="cx"> FED94F2C171E3E2300BE77A4 /* Watchdog.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Watchdog.h; sourceTree = "<group>"; };
</span><span class="cx"> FED94F2D171E3E2300BE77A4 /* WatchdogMac.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WatchdogMac.cpp; sourceTree = "<group>"; };
</span><ins>+ FEDA50D41B97F442009A3B4F /* PingPongStackOverflowTest.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = PingPongStackOverflowTest.cpp; path = API/tests/PingPongStackOverflowTest.cpp; sourceTree = "<group>"; };
+ FEDA50D51B97F4D9009A3B4F /* PingPongStackOverflowTest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = PingPongStackOverflowTest.h; path = API/tests/PingPongStackOverflowTest.h; sourceTree = "<group>"; };
</ins><span class="cx"> FEF040501AAE662D00BD28B0 /* CompareAndSwapTest.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = CompareAndSwapTest.cpp; path = API/tests/CompareAndSwapTest.cpp; sourceTree = "<group>"; };
</span><span class="cx"> FEF040521AAEC4ED00BD28B0 /* CompareAndSwapTest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = CompareAndSwapTest.h; path = API/tests/CompareAndSwapTest.h; sourceTree = "<group>"; };
</span><span class="cx"> FEF6835A174343CC00A32E25 /* JITStubsARM.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JITStubsARM.h; sourceTree = "<group>"; };
</span><span class="lines">@@ -3864,6 +3867,8 @@
</span><span class="cx"> FE0D4A081ABA2437002F54BF /* GlobalContextWithFinalizerTest.h */,
</span><span class="cx"> C2181FC018A948FB0025A235 /* JSExportTests.h */,
</span><span class="cx"> C2181FC118A948FB0025A235 /* JSExportTests.mm */,
</span><ins>+ FEDA50D41B97F442009A3B4F /* PingPongStackOverflowTest.cpp */,
+ FEDA50D51B97F4D9009A3B4F /* PingPongStackOverflowTest.h */,
</ins><span class="cx"> 65570F581AA4C00A009B3C23 /* Regress141275.h */,
</span><span class="cx"> 65570F591AA4C00A009B3C23 /* Regress141275.mm */,
</span><span class="cx"> FEB51F6A1A97B688001F921C /* Regress141809.h */,
</span><span class="lines">@@ -7003,6 +7008,7 @@
</span><span class="cx"> isa = PBXSourcesBuildPhase;
</span><span class="cx"> buildActionMask = 2147483647;
</span><span class="cx"> files = (
</span><ins>+ FE7C41961B97FC4B00F4D598 /* PingPongStackOverflowTest.cpp in Sources */,
</ins><span class="cx"> FE0D4A091ABA2437002F54BF /* GlobalContextWithFinalizerTest.cpp in Sources */,
</span><span class="cx"> 65570F5A1AA4C3EA009B3C23 /* Regress141275.mm in Sources */,
</span><span class="cx"> C29ECB031804D0ED00D2CBB4 /* CurrentThisInsideBlockGetterTest.mm in Sources */,
</span></span></pre></div>
<a id="branchessafari601branchSourceJavaScriptCoreinterpreterCallFrameh"></a>
<div class="modfile"><h4>Modified: branches/safari-601-branch/Source/JavaScriptCore/interpreter/CallFrame.h (190764 => 190765)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-601-branch/Source/JavaScriptCore/interpreter/CallFrame.h 2015-10-09 01:13:26 UTC (rev 190764)
+++ branches/safari-601-branch/Source/JavaScriptCore/interpreter/CallFrame.h 2015-10-09 01:13:55 UTC (rev 190765)
</span><span class="lines">@@ -96,6 +96,7 @@
</span><span class="cx"> CallFrame& operator=(const Register& r) { *static_cast<Register*>(this) = r; return *this; }
</span><span class="cx">
</span><span class="cx"> CallFrame* callerFrame() const { return static_cast<CallFrame*>(callerFrameOrVMEntryFrame()); }
</span><ins>+ void* callerFrameOrVMEntryFrame() const { return callerFrameAndPC().callerFrame; }
</ins><span class="cx">
</span><span class="cx"> JS_EXPORT_PRIVATE CallFrame* callerFrame(VMEntryFrame*&);
</span><span class="cx">
</span><span class="lines">@@ -303,8 +304,6 @@
</span><span class="cx"> return argIndex;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- void* callerFrameOrVMEntryFrame() const { return callerFrameAndPC().callerFrame; }
-
</del><span class="cx"> CallerFrameAndPC& callerFrameAndPC() { return *reinterpret_cast<CallerFrameAndPC*>(this); }
</span><span class="cx"> const CallerFrameAndPC& callerFrameAndPC() const { return *reinterpret_cast<const CallerFrameAndPC*>(this); }
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari601branchSourceJavaScriptCoreinterpreterInterpretercpp"></a>
<div class="modfile"><h4>Modified: branches/safari-601-branch/Source/JavaScriptCore/interpreter/Interpreter.cpp (190764 => 190765)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-601-branch/Source/JavaScriptCore/interpreter/Interpreter.cpp 2015-10-09 01:13:26 UTC (rev 190764)
+++ branches/safari-601-branch/Source/JavaScriptCore/interpreter/Interpreter.cpp 2015-10-09 01:13:55 UTC (rev 190765)
</span><span class="lines">@@ -613,9 +613,8 @@
</span><span class="cx">
</span><span class="cx"> class UnwindFunctor {
</span><span class="cx"> public:
</span><del>- UnwindFunctor(VMEntryFrame*& vmEntryFrame, CallFrame*& callFrame, bool isTermination, CodeBlock*& codeBlock, HandlerInfo*& handler)
- : m_vmEntryFrame(vmEntryFrame)
- , m_callFrame(callFrame)
</del><ins>+ UnwindFunctor(CallFrame*& callFrame, bool isTermination, CodeBlock*& codeBlock, HandlerInfo*& handler)
+ : m_callFrame(callFrame)
</ins><span class="cx"> , m_isTermination(isTermination)
</span><span class="cx"> , m_codeBlock(codeBlock)
</span><span class="cx"> , m_handler(handler)
</span><span class="lines">@@ -625,7 +624,6 @@
</span><span class="cx"> StackVisitor::Status operator()(StackVisitor& visitor)
</span><span class="cx"> {
</span><span class="cx"> VM& vm = m_callFrame->vm();
</span><del>- m_vmEntryFrame = visitor->vmEntryFrame();
</del><span class="cx"> m_callFrame = visitor->callFrame();
</span><span class="cx"> m_codeBlock = visitor->codeBlock();
</span><span class="cx"> unsigned bytecodeOffset = visitor->bytecodeOffset();
</span><span class="lines">@@ -643,15 +641,22 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> private:
</span><del>- VMEntryFrame*& m_vmEntryFrame;
</del><span class="cx"> CallFrame*& m_callFrame;
</span><span class="cx"> bool m_isTermination;
</span><span class="cx"> CodeBlock*& m_codeBlock;
</span><span class="cx"> HandlerInfo*& m_handler;
</span><span class="cx"> };
</span><span class="cx">
</span><del>-NEVER_INLINE HandlerInfo* Interpreter::unwind(VMEntryFrame*& vmEntryFrame, CallFrame*& callFrame, Exception* exception)
</del><ins>+NEVER_INLINE HandlerInfo* Interpreter::unwind(VM& vm, CallFrame*& callFrame, Exception* exception, UnwindStart unwindStart)
</ins><span class="cx"> {
</span><ins>+ if (unwindStart == UnwindFromCallerFrame) {
+ if (callFrame->callerFrameOrVMEntryFrame() == vm.topVMEntryFrame)
+ return nullptr;
+
+ callFrame = callFrame->callerFrame();
+ vm.topCallFrame = callFrame;
+ }
+
</ins><span class="cx"> CodeBlock* codeBlock = callFrame->codeBlock();
</span><span class="cx"> bool isTermination = false;
</span><span class="cx">
</span><span class="lines">@@ -666,13 +671,13 @@
</span><span class="cx"> if (exceptionValue.isObject())
</span><span class="cx"> isTermination = isTerminatedExecutionException(exception);
</span><span class="cx">
</span><del>- ASSERT(callFrame->vm().exception() && callFrame->vm().exception()->stack().size());
</del><ins>+ ASSERT(vm.exception() && vm.exception()->stack().size());
</ins><span class="cx">
</span><span class="cx"> Debugger* debugger = callFrame->vmEntryGlobalObject()->debugger();
</span><span class="cx"> if (debugger && debugger->needsExceptionCallbacks() && !exception->didNotifyInspectorOfThrow()) {
</span><span class="cx"> // We need to clear the exception here in order to see if a new exception happens.
</span><span class="cx"> // Afterwards, the values are put back to continue processing this error.
</span><del>- SuspendExceptionScope scope(&callFrame->vm());
</del><ins>+ SuspendExceptionScope scope(&vm);
</ins><span class="cx"> // This code assumes that if the debugger is enabled then there is no inlining.
</span><span class="cx"> // If that assumption turns out to be false then we'll ignore the inlined call
</span><span class="cx"> // frames.
</span><span class="lines">@@ -695,13 +700,11 @@
</span><span class="cx"> exception->setDidNotifyInspectorOfThrow();
</span><span class="cx">
</span><span class="cx"> // Calculate an exception handler vPC, unwinding call frames as necessary.
</span><del>- HandlerInfo* handler = 0;
- VM& vm = callFrame->vm();
- ASSERT(callFrame == vm.topCallFrame);
- UnwindFunctor functor(vmEntryFrame, callFrame, isTermination, codeBlock, handler);
</del><ins>+ HandlerInfo* handler = nullptr;
+ UnwindFunctor functor(callFrame, isTermination, codeBlock, handler);
</ins><span class="cx"> callFrame->iterate(functor);
</span><span class="cx"> if (!handler)
</span><del>- return 0;
</del><ins>+ return nullptr;
</ins><span class="cx">
</span><span class="cx"> if (LegacyProfiler* profiler = vm.enabledProfiler())
</span><span class="cx"> profiler->exceptionUnwind(callFrame);
</span></span></pre></div>
<a id="branchessafari601branchSourceJavaScriptCoreinterpreterInterpreterh"></a>
<div class="modfile"><h4>Modified: branches/safari-601-branch/Source/JavaScriptCore/interpreter/Interpreter.h (190764 => 190765)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-601-branch/Source/JavaScriptCore/interpreter/Interpreter.h 2015-10-09 01:13:26 UTC (rev 190764)
+++ branches/safari-601-branch/Source/JavaScriptCore/interpreter/Interpreter.h 2015-10-09 01:13:55 UTC (rev 190765)
</span><span class="lines">@@ -62,6 +62,8 @@
</span><span class="cx"> struct Instruction;
</span><span class="cx"> struct ProtoCallFrame;
</span><span class="cx">
</span><ins>+ enum UnwindStart { UnwindFromCurrentFrame, UnwindFromCallerFrame };
+
</ins><span class="cx"> enum DebugHookID {
</span><span class="cx"> WillExecuteProgram,
</span><span class="cx"> DidExecuteProgram,
</span><span class="lines">@@ -139,6 +141,7 @@
</span><span class="cx"> {
</span><span class="cx"> ASSERT(vm);
</span><span class="cx"> ASSERT(callFrame);
</span><ins>+ ASSERT(callFrame < vm->topVMEntryFrame);
</ins><span class="cx"> vm->topCallFrame = callFrame;
</span><span class="cx"> }
</span><span class="cx"> };
</span><span class="lines">@@ -215,7 +218,7 @@
</span><span class="cx">
</span><span class="cx"> SamplingTool* sampler() { return m_sampler.get(); }
</span><span class="cx">
</span><del>- NEVER_INLINE HandlerInfo* unwind(VMEntryFrame*&, CallFrame*&, Exception*);
</del><ins>+ NEVER_INLINE HandlerInfo* unwind(VM&, CallFrame*&, Exception*, UnwindStart);
</ins><span class="cx"> NEVER_INLINE void debug(CallFrame*, DebugHookID);
</span><span class="cx"> JSString* stackTraceAsString(ExecState*, Vector<StackFrame>);
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari601branchSourceJavaScriptCorejitCCallHelpersh"></a>
<div class="modfile"><h4>Modified: branches/safari-601-branch/Source/JavaScriptCore/jit/CCallHelpers.h (190764 => 190765)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-601-branch/Source/JavaScriptCore/jit/CCallHelpers.h 2015-10-09 01:13:26 UTC (rev 190764)
+++ branches/safari-601-branch/Source/JavaScriptCore/jit/CCallHelpers.h 2015-10-09 01:13:55 UTC (rev 190765)
</span><span class="lines">@@ -2015,7 +2015,6 @@
</span><span class="cx"> void jumpToExceptionHandler()
</span><span class="cx"> {
</span><span class="cx"> // genericUnwind() leaves the handler CallFrame* in vm->callFrameForThrow,
</span><del>- // the topVMEntryFrame for the handler in vm->vmEntryFrameForThrow,
</del><span class="cx"> // and the address of the handler in vm->targetMachinePCForThrow.
</span><span class="cx"> loadPtr(&vm()->targetMachinePCForThrow, GPRInfo::regT1);
</span><span class="cx"> jump(GPRInfo::regT1);
</span></span></pre></div>
<a id="branchessafari601branchSourceJavaScriptCorejitJITExceptionscpp"></a>
<div class="modfile"><h4>Modified: branches/safari-601-branch/Source/JavaScriptCore/jit/JITExceptions.cpp (190764 => 190765)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-601-branch/Source/JavaScriptCore/jit/JITExceptions.cpp 2015-10-09 01:13:26 UTC (rev 190764)
+++ branches/safari-601-branch/Source/JavaScriptCore/jit/JITExceptions.cpp 2015-10-09 01:13:55 UTC (rev 190765)
</span><span class="lines">@@ -40,7 +40,7 @@
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><del>-void genericUnwind(VM* vm, ExecState* callFrame)
</del><ins>+void genericUnwind(VM* vm, ExecState* callFrame, UnwindStart unwindStart)
</ins><span class="cx"> {
</span><span class="cx"> if (Options::breakOnThrow()) {
</span><span class="cx"> dataLog("In call frame ", RawPointer(callFrame), " for code block ", *callFrame->codeBlock(), "\n");
</span><span class="lines">@@ -49,8 +49,7 @@
</span><span class="cx">
</span><span class="cx"> Exception* exception = vm->exception();
</span><span class="cx"> RELEASE_ASSERT(exception);
</span><del>- VMEntryFrame* vmEntryFrame = vm->topVMEntryFrame;
- HandlerInfo* handler = vm->interpreter->unwind(vmEntryFrame, callFrame, exception); // This may update vmEntryFrame and callFrame.
</del><ins>+ HandlerInfo* handler = vm->interpreter->unwind(*vm, callFrame, exception, unwindStart); // This may update callFrame.
</ins><span class="cx">
</span><span class="cx"> void* catchRoutine;
</span><span class="cx"> Instruction* catchPCForInterpreter = 0;
</span><span class="lines">@@ -64,7 +63,6 @@
</span><span class="cx"> } else
</span><span class="cx"> catchRoutine = LLInt::getCodePtr(handleUncaughtException);
</span><span class="cx">
</span><del>- vm->vmEntryFrameForThrow = vmEntryFrame;
</del><span class="cx"> vm->callFrameForThrow = callFrame;
</span><span class="cx"> vm->targetMachinePCForThrow = catchRoutine;
</span><span class="cx"> vm->targetInterpreterPCForThrow = catchPCForInterpreter;
</span></span></pre></div>
<a id="branchessafari601branchSourceJavaScriptCorejitJITExceptionsh"></a>
<div class="modfile"><h4>Modified: branches/safari-601-branch/Source/JavaScriptCore/jit/JITExceptions.h (190764 => 190765)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-601-branch/Source/JavaScriptCore/jit/JITExceptions.h 2015-10-09 01:13:26 UTC (rev 190764)
+++ branches/safari-601-branch/Source/JavaScriptCore/jit/JITExceptions.h 2015-10-09 01:13:55 UTC (rev 190765)
</span><span class="lines">@@ -26,6 +26,7 @@
</span><span class="cx"> #ifndef JITExceptions_h
</span><span class="cx"> #define JITExceptions_h
</span><span class="cx">
</span><ins>+#include "Interpreter.h"
</ins><span class="cx"> #include "JSCJSValue.h"
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="lines">@@ -33,7 +34,7 @@
</span><span class="cx"> class ExecState;
</span><span class="cx"> class VM;
</span><span class="cx">
</span><del>-void genericUnwind(VM*, ExecState*);
</del><ins>+void genericUnwind(VM*, ExecState*, UnwindStart = UnwindFromCurrentFrame);
</ins><span class="cx">
</span><span class="cx"> } // namespace JSC
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari601branchSourceJavaScriptCorejitJITOpcodescpp"></a>
<div class="modfile"><h4>Modified: branches/safari-601-branch/Source/JavaScriptCore/jit/JITOpcodes.cpp (190764 => 190765)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-601-branch/Source/JavaScriptCore/jit/JITOpcodes.cpp 2015-10-09 01:13:26 UTC (rev 190764)
+++ branches/safari-601-branch/Source/JavaScriptCore/jit/JITOpcodes.cpp 2015-10-09 01:13:55 UTC (rev 190765)
</span><span class="lines">@@ -522,8 +522,6 @@
</span><span class="cx">
</span><span class="cx"> move(TrustedImmPtr(m_vm), regT3);
</span><span class="cx"> load64(Address(regT3, VM::callFrameForThrowOffset()), callFrameRegister);
</span><del>- load64(Address(regT3, VM::vmEntryFrameForThrowOffset()), regT0);
- store64(regT0, Address(regT3, VM::topVMEntryFrameOffset()));
</del><span class="cx">
</span><span class="cx"> addPtr(TrustedImm32(stackPointerOffsetFor(codeBlock()) * sizeof(Register)), callFrameRegister, stackPointerRegister);
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari601branchSourceJavaScriptCorejitJITOpcodes32_64cpp"></a>
<div class="modfile"><h4>Modified: branches/safari-601-branch/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp (190764 => 190765)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-601-branch/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp 2015-10-09 01:13:26 UTC (rev 190764)
+++ branches/safari-601-branch/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp 2015-10-09 01:13:55 UTC (rev 190765)
</span><span class="lines">@@ -824,8 +824,6 @@
</span><span class="cx"> move(TrustedImmPtr(m_vm), regT3);
</span><span class="cx"> // operationThrow returns the callFrame for the handler.
</span><span class="cx"> load32(Address(regT3, VM::callFrameForThrowOffset()), callFrameRegister);
</span><del>- load32(Address(regT3, VM::vmEntryFrameForThrowOffset()), regT0);
- store32(regT0, Address(regT3, VM::topVMEntryFrameOffset()));
</del><span class="cx">
</span><span class="cx"> addPtr(TrustedImm32(stackPointerOffsetFor(codeBlock()) * sizeof(Register)), callFrameRegister, stackPointerRegister);
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari601branchSourceJavaScriptCorejitJITOperationscpp"></a>
<div class="modfile"><h4>Modified: branches/safari-601-branch/Source/JavaScriptCore/jit/JITOperations.cpp (190764 => 190765)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-601-branch/Source/JavaScriptCore/jit/JITOperations.cpp 2015-10-09 01:13:26 UTC (rev 190764)
+++ branches/safari-601-branch/Source/JavaScriptCore/jit/JITOperations.cpp 2015-10-09 01:13:55 UTC (rev 190765)
</span><span class="lines">@@ -111,20 +111,18 @@
</span><span class="cx"> callerFrame = exec;
</span><span class="cx">
</span><span class="cx"> NativeCallFrameTracerWithRestore tracer(vm, vmEntryFrame, callerFrame);
</span><del>- ErrorHandlingScope errorScope(*vm);
- vm->throwException(callerFrame, createStackOverflowError(callerFrame));
</del><ins>+ throwStackOverflowError(callerFrame);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> int32_t JIT_OPERATION operationCallArityCheck(ExecState* exec)
</span><span class="cx"> {
</span><span class="cx"> VM* vm = &exec->vm();
</span><del>- VMEntryFrame* vmEntryFrame = vm->topVMEntryFrame;
- CallFrame* callerFrame = exec->callerFrame(vmEntryFrame);
-
</del><span class="cx"> JSStack& stack = vm->interpreter->stack();
</span><span class="cx">
</span><span class="cx"> int32_t missingArgCount = CommonSlowPaths::arityCheckFor(exec, &stack, CodeForCall);
</span><span class="cx"> if (missingArgCount < 0) {
</span><ins>+ VMEntryFrame* vmEntryFrame = vm->topVMEntryFrame;
+ CallFrame* callerFrame = exec->callerFrame(vmEntryFrame);
</ins><span class="cx"> NativeCallFrameTracerWithRestore tracer(vm, vmEntryFrame, callerFrame);
</span><span class="cx"> throwStackOverflowError(callerFrame);
</span><span class="cx"> }
</span><span class="lines">@@ -135,13 +133,12 @@
</span><span class="cx"> int32_t JIT_OPERATION operationConstructArityCheck(ExecState* exec)
</span><span class="cx"> {
</span><span class="cx"> VM* vm = &exec->vm();
</span><del>- VMEntryFrame* vmEntryFrame = vm->topVMEntryFrame;
- CallFrame* callerFrame = exec->callerFrame(vmEntryFrame);
-
</del><span class="cx"> JSStack& stack = vm->interpreter->stack();
</span><span class="cx">
</span><span class="cx"> int32_t missingArgCount = CommonSlowPaths::arityCheckFor(exec, &stack, CodeForConstruct);
</span><span class="cx"> if (missingArgCount < 0) {
</span><ins>+ VMEntryFrame* vmEntryFrame = vm->topVMEntryFrame;
+ CallFrame* callerFrame = exec->callerFrame(vmEntryFrame);
</ins><span class="cx"> NativeCallFrameTracerWithRestore tracer(vm, vmEntryFrame, callerFrame);
</span><span class="cx"> throwStackOverflowError(callerFrame);
</span><span class="cx"> }
</span><span class="lines">@@ -1917,7 +1914,7 @@
</span><span class="cx"> JSValue exceptionValue = JSValue::decode(encodedExceptionValue);
</span><span class="cx"> vm->throwException(exec, exceptionValue);
</span><span class="cx">
</span><del>- // Results stored out-of-band in vm.targetMachinePCForThrow, vm.callFrameForThrow & vm.vmEntryFrameForThrow
</del><ins>+ // Results stored out-of-band in vm.targetMachinePCForThrow & vm.callFrameForThrow
</ins><span class="cx"> genericUnwind(vm, exec);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -1963,12 +1960,8 @@
</span><span class="cx">
</span><span class="cx"> void JIT_OPERATION lookupExceptionHandlerFromCallerFrame(VM* vm, ExecState* exec)
</span><span class="cx"> {
</span><del>- VMEntryFrame* vmEntryFrame = vm->topVMEntryFrame;
- CallFrame* callerFrame = exec->callerFrame(vmEntryFrame);
- ASSERT(callerFrame);
-
- NativeCallFrameTracerWithRestore tracer(vm, vmEntryFrame, callerFrame);
- genericUnwind(vm, callerFrame);
</del><ins>+ NativeCallFrameTracer tracer(vm, exec);
+ genericUnwind(vm, exec, UnwindFromCallerFrame);
</ins><span class="cx"> ASSERT(vm->targetMachinePCForThrow);
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari601branchSourceJavaScriptCorellintLowLevelInterpreter32_64asm"></a>
<div class="modfile"><h4>Modified: branches/safari-601-branch/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm (190764 => 190765)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-601-branch/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm 2015-10-09 01:13:26 UTC (rev 190764)
+++ branches/safari-601-branch/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm 2015-10-09 01:13:55 UTC (rev 190765)
</span><span class="lines">@@ -1947,8 +1947,6 @@
</span><span class="cx"> andp MarkedBlockMask, t3
</span><span class="cx"> loadp MarkedBlock::m_weakSet + WeakSet::m_vm[t3], t3
</span><span class="cx"> loadp VM::callFrameForThrow[t3], cfr
</span><del>- loadp VM::vmEntryFrameForThrow[t3], t0
- storep t0, VM::topVMEntryFrame[t3]
</del><span class="cx"> restoreStackPointerAfterCall()
</span><span class="cx">
</span><span class="cx"> loadi VM::targetInterpreterPCForThrow[t3], PC
</span></span></pre></div>
<a id="branchessafari601branchSourceJavaScriptCorellintLowLevelInterpreter64asm"></a>
<div class="modfile"><h4>Modified: branches/safari-601-branch/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm (190764 => 190765)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-601-branch/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm 2015-10-09 01:13:26 UTC (rev 190764)
+++ branches/safari-601-branch/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm 2015-10-09 01:13:55 UTC (rev 190765)
</span><span class="lines">@@ -1811,8 +1811,6 @@
</span><span class="cx"> andp MarkedBlockMask, t3
</span><span class="cx"> loadp MarkedBlock::m_weakSet + WeakSet::m_vm[t3], t3
</span><span class="cx"> loadp VM::callFrameForThrow[t3], cfr
</span><del>- loadp VM::vmEntryFrameForThrow[t3], t0
- storep t0, VM::topVMEntryFrame[t3]
</del><span class="cx"> restoreStackPointerAfterCall()
</span><span class="cx">
</span><span class="cx"> loadp CodeBlock[cfr], PB
</span></span></pre></div>
<a id="branchessafari601branchSourceJavaScriptCoreruntimeVMh"></a>
<div class="modfile"><h4>Modified: branches/safari-601-branch/Source/JavaScriptCore/runtime/VM.h (190764 => 190765)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-601-branch/Source/JavaScriptCore/runtime/VM.h 2015-10-09 01:13:26 UTC (rev 190764)
+++ branches/safari-601-branch/Source/JavaScriptCore/runtime/VM.h 2015-10-09 01:13:55 UTC (rev 190765)
</span><span class="lines">@@ -352,16 +352,6 @@
</span><span class="cx"> return OBJECT_OFFSETOF(VM, m_exception);
</span><span class="cx"> }
</span><span class="cx">
</span><del>- static ptrdiff_t vmEntryFrameForThrowOffset()
- {
- return OBJECT_OFFSETOF(VM, vmEntryFrameForThrow);
- }
-
- static ptrdiff_t topVMEntryFrameOffset()
- {
- return OBJECT_OFFSETOF(VM, topVMEntryFrame);
- }
-
</del><span class="cx"> static ptrdiff_t callFrameForThrowOffset()
</span><span class="cx"> {
</span><span class="cx"> return OBJECT_OFFSETOF(VM, callFrameForThrow);
</span><span class="lines">@@ -426,7 +416,6 @@
</span><span class="cx"> JSValue hostCallReturnValue;
</span><span class="cx"> unsigned varargsLength;
</span><span class="cx"> ExecState* newCallFrameReturnValue;
</span><del>- VMEntryFrame* vmEntryFrameForThrow;
</del><span class="cx"> ExecState* callFrameForThrow;
</span><span class="cx"> void* targetMachinePCForThrow;
</span><span class="cx"> Instruction* targetInterpreterPCForThrow;
</span></span></pre>
</div>
</div>
</body>
</html>