[webkit-reviews] review granted: [Bug 235382] [JSC] move function wrapping logic to a new Function type : [Attachment 449569] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jan 24 14:43:16 PST 2022
Yusuke Suzuki <ysuzuki at apple.com> has granted Caitlin Potter (:caitp)
<caitp at igalia.com>'s request for review:
Bug 235382: [JSC] move function wrapping logic to a new Function type
https://bugs.webkit.org/show_bug.cgi?id=235382
Attachment 449569: Patch
https://bugs.webkit.org/attachment.cgi?id=449569&action=review
--- Comment #8 from Yusuke Suzuki <ysuzuki at apple.com> ---
Comment on attachment 449569
--> https://bugs.webkit.org/attachment.cgi?id=449569
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=449569&action=review
r=me with comments.
> Source/JavaScriptCore/builtins/ShadowRealmPrototype.js:37
> delete wrapped['name'];
> delete wrapped['length'];
Is it possible to remove them and integrate these changes into C++
JSRemoteFunction?
> Source/JavaScriptCore/jit/JITOperations.cpp:150
> + JSValue result = getWrappedValue(globalObject, targetGlobalObject,
JSValue::decode(encodedValue));
> + RETURN_IF_EXCEPTION(scope, JSValue::encode(result));
> +
> + scope.release();
> + return JSValue::encode(result);
Let's use
RELEASE_AND_RETURN(scope, JSValue::encode(getWrappedValue(globalObject,
targetGlobalObject, JSValue::decode(encodedValue))));
> Source/JavaScriptCore/jit/JITOperations.cpp:167
> + JSValue result = getWrappedValue(globalObject, globalObject,
JSValue::decode(encodedValue));
> + RETURN_IF_EXCEPTION(scope, JSValue::encode(result));
> + scope.release();
> + return JSValue::encode(result);
Let's use
RELEASE_AND_RETURN(scope, JSValue::encode(getWrappedValue(globalObject,
globalObject, JSValue::decode(encodedValue))));
> Source/JavaScriptCore/jit/JITOperations.cpp:183
> + JSValue exceptionValue = scope.exception()->value();
> + scope.clearException();
Let's return if it is terminated exception.
So,
Exception* exception = scope.exception();
if (UNLIKELY(vm.isTerminationException(exception))) {
scope.release();
return { };
}
JSValue exceptionValue = exception->value()
> Source/JavaScriptCore/jit/JITOperations.cpp:186
> + scope.clearException();
Ditto.
Exception* toStringException = scope.exception();
if (ULIKELY(..._))
...
> Source/JavaScriptCore/jit/JITOperations.cpp:189
> + throwTypeError(globalObject, scope, exceptionString);
You can use
return throwVMTypeError(...);
> Source/JavaScriptCore/jit/JITOperations.cpp:191
> + throwTypeError(globalObject, scope);
Ditto.
> Source/JavaScriptCore/jit/JITOperations.cpp:193
> + return encodedJSValue();
So, this line is not necessary.
> Source/JavaScriptCore/jit/JITOperations.h:98
> + Jrf: JSRemoteFunction*
We do not need this since CCallHelpers can automatically handle them. So this
is not necessary :)
> Source/JavaScriptCore/jit/JITOperations.h:151
> +using J_JITOperation_JrfJ = EncodedJSValue(JIT_OPERATION_ATTRIBUTES
*)(JSRemoteFunction*, EncodedJSValue);
Ditto.
> Source/JavaScriptCore/jit/ThunkGenerators.cpp:1515
> + // For each argument (order should not be observable):
> + // if the value is a Primitive, copy it into the new call frame
arguments, otherwise
> + // perform wrapping logic. If the wrapping logic results in a new
JSRemoteFunction,
> + // copy it into the new call frame's arguments, otherwise it must
have thrown a TypeError.
In the current code, we are copying right-to-left.
Is it possible that operationGetWrappedValueForTarget's exception reveals this
ordering?
> Source/JavaScriptCore/jit/ThunkGenerators.cpp:1517
> + jit.sub32(CCallHelpers::TrustedImm32(1), GPRInfo::regT1);
> + CCallHelpers::Jump done = jit.branchTest32(CCallHelpers::Zero,
GPRInfo::regT1);
We can use branchSub32 here.
> Source/JavaScriptCore/jit/ThunkGenerators.cpp:1544
> + jit.sub32(CCallHelpers::TrustedImm32(1), GPRInfo::regT1);
> + jit.branchTest32(CCallHelpers::NonZero, GPRInfo::regT1).linkTo(loop,
&jit);
We can use branchSub32 here.
> Source/JavaScriptCore/jit/ThunkGenerators.cpp:1563
> +#if ENABLE(ASSERT) && !CPU(ARM64E)
Use ASSERT_ENABLED
> Source/JavaScriptCore/jit/ThunkGenerators.cpp:1574
> + // rethrow logic won't occur here. Need to set up an
Looks like comment is trunced.
> Source/JavaScriptCore/jit/ThunkGenerators.cpp:1579
> + JSValueRegs resultRegs(GPRInfo::regT0);
Let's use GPRInfo::returnValueGPR.
> Source/JavaScriptCore/jit/ThunkGenerators.cpp:1614
> + targetFunctionException.link(&jit);
> + jit.loadCell(CCallHelpers::addressFor(CallFrameSlot::callee),
GPRInfo::regT2);
> +
jit.setupArguments<decltype(operationThrowRemoteFunctionException)>(GPRInfo::re
gT2);
> + jit.prepareCallOperation(vm);
> + jit.call(GPRInfo::nonArgGPR0, OperationPtrTag);
> + // Fall through to jump to handler
> +
> + exceptionChecks.link(&jit);
> + jit.copyCalleeSavesToEntryFrameCalleeSavesBuffer(vm.topEntryFrame);
> +
jit.setupArguments<decltype(operationLookupExceptionHandler)>(CCallHelpers::Tru
stedImmPtr(&vm));
> + jit.prepareCallOperation(vm);
> +
jit.move(CCallHelpers::TrustedImmPtr(tagCFunction<OperationPtrTag>(operationLoo
kupExceptionHandler)), GPRInfo::nonArgGPR0);
> + emitPointerValidation(jit, GPRInfo::nonArgGPR0, OperationPtrTag);
> + jit.call(GPRInfo::nonArgGPR0, OperationPtrTag);
Can we have a test using this path?
> Source/JavaScriptCore/runtime/JSFunctionInlines.h:84
> + return static_cast<bool>(jsDynamicCast<const
JSRemoteFunction*>(globalObject()->vm(), this));
You can use,
return inherits<JSRemoteFunction>(vm)
> Source/JavaScriptCore/runtime/JSRemoteFunction.cpp:55
> + return JSValue(JSRemoteFunction::create(vm, targetGlobalObject,
target));
JSValue(...) is not necessary.
> Source/JavaScriptCore/runtime/JSRemoteFunction.cpp:66
> + if (result.isEmpty())
We can use if (!result)
> Source/JavaScriptCore/runtime/JSRemoteFunction.cpp:76
> + if (result.isEmpty())
Ditto.
> Source/JavaScriptCore/runtime/JSRemoteFunction.cpp:81
> +JSC_DEFINE_HOST_FUNCTION(remoteJSFunctionCall, (JSGlobalObject*
globalObject, CallFrame* callFrame))
Let's rename it to remoteFunctionCallForJSFunction to make it more explicit.
> Source/JavaScriptCore/runtime/JSRemoteFunction.cpp:87
> + JSFunction* target = remoteFunction->targetFunction();
Let's do,
JSFunction* target = jsCast<JSFunction*>(remoteFunction->targetFunction());
> Source/JavaScriptCore/runtime/JSRemoteFunction.cpp:123
> +JSC_DEFINE_HOST_FUNCTION(remoteFunctionCall, (JSGlobalObject* globalObject,
CallFrame* callFrame))
Let's rename remoteFunctionCall to remoteFunctionCallGeneric to make it more
explicit.
> Source/JavaScriptCore/runtime/JSRemoteFunction.h:56
> + JSCell* target() { return m_target.get(); }
Let's rename it to targetFunction().
> Source/JavaScriptCore/runtime/JSRemoteFunction.h:57
> + JSFunction* targetFunction() { return
static_cast<JSFunction*>(getJSFunction(target())); }
Let's drop it.
> Source/JavaScriptCore/runtime/JSRemoteFunction.h:76
> + WriteBarrier<JSCell> m_target;
Let's rename it to m_targetFunction to align it to JSBoundFunction.
And let's hold JSObject
More information about the webkit-reviews
mailing list