Moving RS4 changes to master

This change includes the following fixes
-	Added a new mechanism to mark reentrancy. When a helper calls into user code we will have to explicitly either set the implicit call flags or mark that call as reentrancy safe
-	Added checks in lowerer to confirm that we emit an implicit call bailout check after a helper call
-	Added failfasts, under a config flag, to validate the int range assumptions made in Globopt
-	Added check to make sure an opcode that can't have implicit call do not lower a helper call that can have implicit calls
-	Moved the reentrancy lock assert to Recycler right before dispose
-	Fixed an issue where during expression evaluation we were not restoring the updated block id in case of a parenthesis in destructed params
-	Along with ignoring null valuetype bit, also ignore undefined bit in the IsSimilar function as ToDefinite() strips out the undefined bit
-	Assert that we don't have a reentrancy lock when calling Dispose in a deterministic way.

Author: aneeshdk

Build/Common.Build.ProjectConfiguration.props

@@ -42,6 +42,20 @@
       <Platform>ARM</Platform>
     </ProjectConfiguration>
   </ItemGroup>
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|CHPE">
+      <Configuration>Debug</Configuration>
+      <Platform>CHPE</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Test|CHPE">
+      <Configuration>Test</Configuration>
+      <Platform>CHPE</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|CHPE">
+      <Configuration>Release</Configuration>
+      <Platform>CHPE</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|ARM64">
       <Configuration>Debug</Configuration>

bin/NativeTests/JsRTApiTest.cpp

@@ -2488,9 +2488,12 @@ namespace JsRTApiTest
         {
             errorCode = JsInitializeModuleRecord(referencingModule, specifier, &moduleRecord);
             REQUIRE(errorCode == JsNoError);
+            *dependentModuleRecord = moduleRecord;
+        }
+        else
+        {
+            *dependentModuleRecord = nullptr;
         }
-
-        *dependentModuleRecord = moduleRecord;
         return JsNoError;
     }
 

lib/Backend/BailOut.cpp

@@ -2645,6 +2645,7 @@ void BailOutRecord::CheckPreemptiveRejit(Js::FunctionBody* executeFunction, IR::
 
 Js::Var BailOutRecord::BailOutForElidedYield(void * framePointer)
 {
+    JIT_HELPER_REENTRANT_HEADER(NoSaveRegistersBailOutForElidedYield);
     Js::JavascriptCallStackLayout * const layout = Js::JavascriptCallStackLayout::FromFramePointer(framePointer);
     Js::ScriptFunction ** functionRef = (Js::ScriptFunction **)&layout->functionObject;
     Js::ScriptFunction * function = *functionRef;
@@ -2689,6 +2690,7 @@ Js::Var BailOutRecord::BailOutForElidedYield(void * framePointer)
     }
 
     return aReturn;
+    JIT_HELPER_END(NoSaveRegistersBailOutForElidedYield);
 }
 
 BranchBailOutRecord::BranchBailOutRecord(uint32 trueBailOutOffset, uint32 falseBailOutOffset, Js::RegSlot resultByteCodeReg, IR::BailOutKind kind, Func * bailOutFunc)
@@ -2875,3 +2877,4 @@ void  GlobalBailOutRecordDataTable::AddOrUpdateRow(JitArenaAllocator *allocator,
     rowToInsert->regSlot = regSlot;
     *lastUpdatedRowIndex = length++;
 }
+

lib/Backend/Chakra.Backend.vcxproj

@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <Import Condition="'$(ChakraBuildPathImported)'!='true'" Project="$(SolutionDir)Chakra.Build.Paths.props" />
   <Import Project="$(BuildConfigPropsPath)Chakra.Build.ProjectConfiguration.props" />
@@ -40,8 +40,6 @@
       </AdditionalIncludeDirectories>
       <PrecompiledHeader>Use</PrecompiledHeader>
       <PrecompiledHeaderFile>BackEnd.h</PrecompiledHeaderFile>
-      <!-- # Check out https://osgwiki.com/wiki/Dev_14_Migration for more details about -Zc:implicitNoexcept- -->
-      <AdditionalOptions>-Zc:implicitNoexcept- %(AdditionalOptions)</AdditionalOptions>
     </ClCompile>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(OptimizedBuild)'!='true'">

lib/Backend/Chakra.Backend.vcxproj.filters

@@ -148,6 +148,7 @@
     <ClCompile Include="$(MSBuildThisFileDirectory)IntConstMath.cpp" />
     <ClCompile Include="$(MSBuildThisFileDirectory)JavascriptNativeOperators.cpp" />
     <ClCompile Include="$(MSBuildThisFileDirectory)EquivalentTypeSet.cpp" />
+    <ClCompile Include="$(MSBuildThisFileDirectory)IntConstMath.cpp" />
     <ClCompile Include="$(MSBuildThisFileDirectory)arm64\ARM64UnwindEncoder.cpp">
       <Filter>arm64</Filter>
     </ClCompile>
@@ -374,6 +375,7 @@
     <ClInclude Include="IntConstMath.h" />
     <ClInclude Include="JavascriptNativeOperators.h" />
     <ClInclude Include="EquivalentTypeSet.h" />
+    <ClInclude Include="IntConstMath.h" />
     <ClInclude Include="arm64\MdOpCodes.h">
       <Filter>arm64</Filter>
     </ClInclude>

lib/Backend/CodeGenWorkItem.cpp

@@ -218,7 +218,7 @@ void CodeGenWorkItem::OnWorkItemProcessFail(NativeCodeGenerator* codeGen)
                 {
                     if (!DelayDeletingFunctionTable::AddEntry(functionTable))
                     {
-                        PHASE_PRINT_TESTTRACE1(Js::XDataPhase, _u("OnWorkItemProcessFail: Failed to add to slist, table: %llx\n"), functionTable);
+                        PHASE_PRINT_TESTTRACE1(Js::XDataPhase, _u("[%d]OnWorkItemProcessFail: Failed to add to slist, table: %llx\n"), GetCurrentThreadId(), functionTable);
                         DelayDeletingFunctionTable::DeleteFunctionTable(functionTable);
                     }
                 }

lib/Backend/Func.cpp

@@ -1572,6 +1572,7 @@ Func::GetOrCreateSingleTypeGuard(intptr_t typeAddr)
 void
 Func::EnsureEquivalentTypeGuards()
 {
+    AssertMsg(!PHASE_OFF(Js::EquivObjTypeSpecPhase, this), "Why do we have equivalent type guards if we don't do equivalent object type spec?");
     if (this->equivalentTypeGuards == nullptr)
     {
         this->equivalentTypeGuards = JitAnew(this->m_alloc, EquivalentTypeGuardList, this->m_alloc);

lib/Backend/GlobOpt.cpp

@@ -2710,6 +2710,15 @@ GlobOpt::OptInstr(IR::Instr *&instr, bool* isInstrRemoved)
         this->CommitCapturedValuesCandidate();
     }
 
+#if DBG
+    if (CONFIG_FLAG(ValidateIntRanges) && !IsLoopPrePass())
+    {
+        if (instr->ShouldEmitIntRangeCheck())
+        {
+            this->EmitIntRangeChecks(instr);
+        }
+    }
+#endif
     return instrNext;
 }
 

lib/Backend/GlobOpt.h

@@ -921,6 +921,8 @@ class GlobOpt
     bool                    IsPropertySymId(SymID symId) const;
 
     static void             AssertCanCopyPropOrCSEFieldLoad(IR::Instr * instr);
+    void                    EmitIntRangeChecks(IR::Instr* instr);
+    void                    EmitIntRangeChecks(IR::Instr* instr, IR::Opnd* opnd);
 #endif
 
     StackSym *              EnsureObjectTypeSym(StackSym * objectSym);

lib/Backend/GlobOptIntBounds.cpp

@@ -3164,3 +3164,82 @@ void GlobOpt::DetermineArrayBoundCheckHoistability(
         upperHoistInfo.SetLoopCount(loopCount, maxMagnitudeChange);
     }
 }
+
+#if DBG
+void
+GlobOpt::EmitIntRangeChecks(IR::Instr* instr, IR::Opnd* opnd)
+{
+    if (!opnd || 
+        (!opnd->IsRegOpnd() && !opnd->IsIndirOpnd()) ||
+        (opnd->IsIndirOpnd() && !opnd->AsIndirOpnd()->GetIndexOpnd()))
+    {
+        return;
+    }
+
+    IR::RegOpnd * regOpnd = opnd->IsRegOpnd() ? opnd->AsRegOpnd() : opnd->AsIndirOpnd()->GetIndexOpnd();
+    if (!(regOpnd->IsInt32() || regOpnd->IsUInt32()))
+    {
+        return;
+    }
+    
+    StackSym * sym = regOpnd->GetStackSym();
+    if (sym->IsTypeSpec())
+    {
+        sym = sym->GetVarEquivSym_NoCreate();
+    }
+    
+    Value * value = CurrentBlockData()->FindValue(sym);
+
+    if (!value)
+    {
+        return;
+    }
+
+    int32 lowerBound = INT_MIN;
+    int32 upperBound = INT_MAX;
+    
+    if (value->GetValueInfo()->IsIntBounded())
+    {
+        lowerBound = value->GetValueInfo()->AsIntBounded()->Bounds()->ConstantLowerBound();
+        upperBound = value->GetValueInfo()->AsIntBounded()->Bounds()->ConstantUpperBound();
+    }
+    else if (value->GetValueInfo()->IsIntRange())
+    {
+        lowerBound = value->GetValueInfo()->AsIntRange()->LowerBound();
+        upperBound = value->GetValueInfo()->AsIntRange()->UpperBound();
+    }
+    else
+    {
+        return;
+    }
+
+    const auto EmitBoundCheck = [&](Js::OpCode opcode, int32 bound)
+    {
+        IR::Opnd * boundOpnd = IR::IntConstOpnd::New(bound, TyInt32, instr->m_func, true /*dontEncode*/);
+        IR::Instr * boundCheckInstr = IR::Instr::New(opcode, instr->m_func);
+        boundCheckInstr->SetSrc1(regOpnd);
+        boundCheckInstr->SetSrc2(boundOpnd);
+        instr->InsertBefore(boundCheckInstr);
+    };
+
+    if (lowerBound > INT_MIN)
+    {
+        EmitBoundCheck(Js::OpCode::CheckLowerIntBound, lowerBound);
+    }
+    if (upperBound < INT_MAX)
+    {
+        EmitBoundCheck(Js::OpCode::CheckUpperIntBound, upperBound);
+    }
+}
+
+void
+GlobOpt::EmitIntRangeChecks(IR::Instr* instr)
+{
+    // currently validating for dst only if its IndirOpnd
+    EmitIntRangeChecks(instr, instr->GetSrc1());
+    if (instr->GetDst()->IsIndirOpnd())
+    {
+        EmitIntRangeChecks(instr, instr->GetDst());
+    }
+}
+#endif

lib/Backend/IR.cpp

@@ -2649,6 +2649,10 @@ Instr::IsRealInstr() const
     case Js::OpCode::StatementBoundary:
     case Js::OpCode::NoImplicitCallUses:
     case Js::OpCode::NoIntOverflowBoundary:
+#if DBG
+    case Js::OpCode::CheckLowerIntBound:
+    case Js::OpCode::CheckUpperIntBound:
+#endif
         return false;
 
     default:
@@ -3526,7 +3530,7 @@ uint Instr::GetAsmJsArgOutSize()
         Assert(UNREACHED);
         return 0;
     }
-}
+    }
 
 uint Instr::GetArgOutSize(bool getInterpreterArgOutCount)
 {
@@ -4593,6 +4597,19 @@ Instr::Dump(IRDumpFlags flags)
     }
 }
 
+#if DBG
+bool
+Instr::ShouldEmitIntRangeCheck()
+{
+    // currently only emitting int range check for opnds of instructions with following opcodes:
+    return m_opcode == Js::OpCode::ToVar ||
+        m_opcode == Js::OpCode::LdElemI_A ||
+        m_opcode == Js::OpCode::LdMethodElem ||
+        m_opcode == Js::OpCode::StElemI_A ||
+        m_opcode == Js::OpCode::StElemI_A_Strict ||
+        m_opcode == Js::OpCode::StElemC;
+}
+#endif
 ///----------------------------------------------------------------------------
 ///
 /// LabelInstr::Dump

lib/Backend/IR.h

@@ -367,7 +367,9 @@ class Instr
     bool            BinaryCalculatorT(T src1Const, T src2Const, int64 *pResult, bool checkWouldTrap);
     bool            UnaryCalculator(IntConstType src1Const, IntConstType *pResult, IRType type);
     IR::Instr*      GetNextArg();
-
+#if DBG
+    bool            ShouldEmitIntRangeCheck();
+#endif
     // Iterates argument chain
     template<class Fn>
     bool IterateArgInstrs(Fn callback)

lib/Backend/Inline.cpp

@@ -405,7 +405,7 @@ Inline::Optimize(Func *func, __in_ecount_opt(callerArgOutCount) IR::Instr *calle
                         instrNext = builtInInlineCandidateOpCode != 0 ?
                             this->InlineBuiltInFunction(instr, inlineeData, builtInInlineCandidateOpCode, inlinerData, symThis, &isInlined, profileId, recursiveInlineDepth) :
                             this->InlineScriptFunction(instr, inlineeData, symThis, profileId, &isInlined, callbackDefInstr, recursiveInlineDepth);
-                         if (!isInlined && hasDstUsedBuiltInReturnType)
+                        if (!isInlined && hasDstUsedBuiltInReturnType)
                         {
                             // We haven't actually inlined the builtin, we need to revert the value type to likely
                             instr->GetDst()->UnsetValueTypeFixed();