Skip to content
Permalink
Browse files
FTL should handle exceptions in operationInOptimize
https://bugs.webkit.org/show_bug.cgi?id=156885

Reviewed by Michael Saboff.

For some reasone we didn't handle any exceptions in "in" when we called
operationInOptimize in the FTL.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpAssumingJITType):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileIn):
* ftl/FTLPatchpointExceptionHandle.h: Add comments explaining which
function to use for different exception types.

* jsc.cpp:
(GlobalObject::finishCreation):
(functionNoFTL):
* runtime/Executable.cpp:
(JSC::ScriptExecutable::ScriptExecutable):
* runtime/Executable.h:
(JSC::ScriptExecutable::setNeverFTLOptimize):
(JSC::ScriptExecutable::neverFTLOptimize):
* tests/stress/in-ftl-exception-check.js: Added.
(foo):
(bar):
(catch):


Canonical link: https://commits.webkit.org/174993@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199863 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  • Loading branch information
kmiller68 committed Apr 22, 2016
1 parent 1f7dab7 commit 6ce0e020d0a3f138e45ddd067d623c1cdb391065
@@ -1,3 +1,35 @@
2016-04-21 Keith Miller <keith_miller@apple.com>

FTL should handle exceptions in operationInOptimize
https://bugs.webkit.org/show_bug.cgi?id=156885

Reviewed by Michael Saboff.

For some reasone we didn't handle any exceptions in "in" when we called
operationInOptimize in the FTL.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpAssumingJITType):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileIn):
* ftl/FTLPatchpointExceptionHandle.h: Add comments explaining which
function to use for different exception types.

* jsc.cpp:
(GlobalObject::finishCreation):
(functionNoFTL):
* runtime/Executable.cpp:
(JSC::ScriptExecutable::ScriptExecutable):
* runtime/Executable.h:
(JSC::ScriptExecutable::setNeverFTLOptimize):
(JSC::ScriptExecutable::neverFTLOptimize):
* tests/stress/in-ftl-exception-check.js: Added.
(foo):
(bar):
(catch):

2016-04-21 Filip Pizlo <fpizlo@apple.com>

JSC virtual call thunk shouldn't do a structure->classInfo lookup
@@ -1996,13 +1996,13 @@
DC17E8181C9C91D9008A6AB3 /* ShadowChicken.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17E8141C9C7FD4008A6AB3 /* ShadowChicken.h */; };
DC17E8191C9C91DB008A6AB3 /* ShadowChickenInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17E8151C9C7FD4008A6AB3 /* ShadowChickenInlines.h */; };
DC17E81A1C9C91E9008A6AB3 /* CCallHelpers.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC17E8161C9C802B008A6AB3 /* CCallHelpers.cpp */; };
DC2143071CA32E55000A8869 /* ICStats.h in Headers */ = {isa = PBXBuildFile; fileRef = DC2143061CA32E52000A8869 /* ICStats.h */; };
DC2143081CA32E58000A8869 /* ICStats.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC2143051CA32E52000A8869 /* ICStats.cpp */; };
DE26E9031CB5DD0500D2BE82 /* BuiltinExecutableCreator.h in Headers */ = {isa = PBXBuildFile; fileRef = DE26E9021CB5DD0500D2BE82 /* BuiltinExecutableCreator.h */; };
DE26E9071CB5DEFB00D2BE82 /* BuiltinExecutableCreator.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DE26E9061CB5DD9600D2BE82 /* BuiltinExecutableCreator.cpp */; };
DE5A0A001BA3AC3E003D4424 /* IntrinsicEmitter.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DE5A09FF1BA3AC3E003D4424 /* IntrinsicEmitter.cpp */; };
DEA7E2441BBC677200D78440 /* JSTypedArrayViewPrototype.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 53F256E11B87E28000B4B768 /* JSTypedArrayViewPrototype.cpp */; };
DEA7E2451BBC677F00D78440 /* JSTypedArrayViewPrototype.h in Headers */ = {isa = PBXBuildFile; fileRef = 53917E7C1B791106000EBD33 /* JSTypedArrayViewPrototype.h */; settings = {ATTRIBUTES = (Private, ); }; };
DC2143071CA32E55000A8869 /* ICStats.h in Headers */ = {isa = PBXBuildFile; fileRef = DC2143061CA32E52000A8869 /* ICStats.h */; };
DC2143081CA32E58000A8869 /* ICStats.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC2143051CA32E52000A8869 /* ICStats.cpp */; };
E124A8F70E555775003091F1 /* OpaqueJSString.h in Headers */ = {isa = PBXBuildFile; fileRef = E124A8F50E555775003091F1 /* OpaqueJSString.h */; settings = {ATTRIBUTES = (Private, ); }; };
E124A8F80E555775003091F1 /* OpaqueJSString.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E124A8F60E555775003091F1 /* OpaqueJSString.cpp */; };
E18E3A590DF9278C00D90B34 /* VM.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E18E3A570DF9278C00D90B34 /* VM.cpp */; };
@@ -4204,12 +4204,12 @@
D21202280AD4310C00ED79B6 /* DateConversion.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = DateConversion.cpp; sourceTree = "<group>"; };
D21202290AD4310C00ED79B6 /* DateConversion.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = DateConversion.h; sourceTree = "<group>"; };
DC00039019D8BE6F00023EB0 /* DFGPreciseLocalClobberize.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGPreciseLocalClobberize.h; path = dfg/DFGPreciseLocalClobberize.h; sourceTree = "<group>"; };
DC2143051CA32E52000A8869 /* ICStats.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ICStats.cpp; sourceTree = "<group>"; };
DC2143061CA32E52000A8869 /* ICStats.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ICStats.h; sourceTree = "<group>"; };
DC17E8131C9C7FD4008A6AB3 /* ShadowChicken.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ShadowChicken.cpp; sourceTree = "<group>"; };
DC17E8141C9C7FD4008A6AB3 /* ShadowChicken.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ShadowChicken.h; sourceTree = "<group>"; };
DC17E8151C9C7FD4008A6AB3 /* ShadowChickenInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ShadowChickenInlines.h; sourceTree = "<group>"; };
DC17E8161C9C802B008A6AB3 /* CCallHelpers.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CCallHelpers.cpp; sourceTree = "<group>"; };
DC2143051CA32E52000A8869 /* ICStats.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ICStats.cpp; sourceTree = "<group>"; };
DC2143061CA32E52000A8869 /* ICStats.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ICStats.h; sourceTree = "<group>"; };
DE26E9021CB5DD0500D2BE82 /* BuiltinExecutableCreator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BuiltinExecutableCreator.h; sourceTree = "<group>"; };
DE26E9061CB5DD9600D2BE82 /* BuiltinExecutableCreator.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = BuiltinExecutableCreator.cpp; sourceTree = "<group>"; };
DE5A09FF1BA3AC3E003D4424 /* IntrinsicEmitter.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = IntrinsicEmitter.cpp; sourceTree = "<group>"; };
@@ -230,6 +230,8 @@ void CodeBlock::dumpAssumingJITType(PrintStream& out, JITCode::JITType jitType)
out.print(" (NeverInline)");
if (ownerScriptExecutable()->neverOptimize())
out.print(" (NeverOptimize)");
else if (ownerScriptExecutable()->neverFTLOptimize())
out.print(" (NeverFTLOptimize)");
if (ownerScriptExecutable()->didTryToEnterInLoop())
out.print(" (DidTryToEnterInLoop)");
if (ownerScriptExecutable()->isStrictMode())
@@ -439,6 +439,12 @@ CapabilityLevel canCompile(Graph& graph)
dataLog("FTL rejecting ", *graph.m_codeBlock, " because it doesn't belong to a function.\n");
return CannotCompile;
}

if (UNLIKELY(graph.m_codeBlock->ownerScriptExecutable()->neverFTLOptimize())) {
if (verboseCapabilities())
dataLog("FTL rejecting ", *graph.m_codeBlock, " because it is marked as never FTL compile.\n");
return CannotCompile;
}

CapabilityLevel result = CanCompileAndOSREnter;

@@ -5983,11 +5983,17 @@ class LowerDFGToB3 {
patchpoint->append(m_tagTypeNumber, ValueRep::reg(GPRInfo::tagTypeNumberRegister));
patchpoint->clobber(RegisterSet::macroScratchRegisters());

RefPtr<PatchpointExceptionHandle> exceptionHandle = preparePatchpointForExceptions(patchpoint);

State* state = &m_ftlState;
patchpoint->setGenerator(
[=] (CCallHelpers& jit, const StackmapGenerationParams& params) {
AllowMacroScratchRegisterUsage allowScratch(jit);

// This is the direct exit target for operation calls. We don't need a JS exceptionHandle because we don't
// cache Proxy objects.
Box<CCallHelpers::JumpList> exceptions = exceptionHandle->scheduleExitCreation(params)->jumps(jit);

GPRReg baseGPR = params[1].gpr();
GPRReg resultGPR = params[0].gpr();

@@ -6011,7 +6017,7 @@ class LowerDFGToB3 {
CCallHelpers::Label slowPathBegin = jit.label();
CCallHelpers::Call slowPathCall = callOperation(
*state, params.unavailableRegisters(), jit,
node->origin.semantic, nullptr, operationInOptimize,
node->origin.semantic, exceptions.get(), operationInOptimize,
resultGPR, CCallHelpers::TrustedImmPtr(stubInfo), baseGPR,
CCallHelpers::TrustedImmPtr(str)).call();
jit.jump().linkTo(done, &jit);
@@ -78,11 +78,11 @@ class PatchpointExceptionHandle : public ThreadSafeRefCounted<PatchpointExceptio
// Schedules the creation of an OSR exit jump destination. You don't know when this will be
// created, but it will happen before linking. You can link jumps to it during link time. That's
// why this returns an ExceptionTarget. That will contain the jump destination (target->label())
// at link time.
// at link time. This function should be used for exceptions from C calls.
RefPtr<ExceptionTarget> scheduleExitCreation(const B3::StackmapGenerationParams&);

// Schedules the creation of an OSR exit jump destination, and ensures that it gets associated
// with the handler for some callsite index.
// with the handler for some callsite index. This function should be used for exceptions from JS.
void scheduleExitCreationForUnwind(const B3::StackmapGenerationParams&, CallSiteIndex);

private:
@@ -590,6 +590,7 @@ static EncodedJSValue JSC_HOST_CALL functionReadline(ExecState*);
static EncodedJSValue JSC_HOST_CALL functionPreciseTime(ExecState*);
static EncodedJSValue JSC_HOST_CALL functionNeverInlineFunction(ExecState*);
static EncodedJSValue JSC_HOST_CALL functionNoDFG(ExecState*);
static EncodedJSValue JSC_HOST_CALL functionNoFTL(ExecState*);
static EncodedJSValue JSC_HOST_CALL functionOptimizeNextInvocation(ExecState*);
static EncodedJSValue JSC_HOST_CALL functionNumberOfDFGCompiles(ExecState*);
static EncodedJSValue JSC_HOST_CALL functionReoptimizationRetryCount(ExecState*);
@@ -766,6 +767,7 @@ class GlobalObject : public JSGlobalObject {
addFunction(vm, "neverInlineFunction", functionNeverInlineFunction, 1);
addFunction(vm, "noInline", functionNeverInlineFunction, 1);
addFunction(vm, "noDFG", functionNoDFG, 1);
addFunction(vm, "noFTL", functionNoFTL, 1);
addFunction(vm, "numberOfDFGCompiles", functionNumberOfDFGCompiles, 1);
addFunction(vm, "optimizeNextInvocation", functionOptimizeNextInvocation, 1);
addFunction(vm, "reoptimizationRetryCount", functionReoptimizationRetryCount, 1);
@@ -1521,6 +1523,16 @@ EncodedJSValue JSC_HOST_CALL functionNoDFG(ExecState* exec)
return JSValue::encode(setNeverOptimize(exec));
}

EncodedJSValue JSC_HOST_CALL functionNoFTL(ExecState* exec)
{
if (JSFunction* function = jsDynamicCast<JSFunction*>(exec->argument(0))) {
FunctionExecutable* executable = function->jsExecutable();
executable->setNeverFTLOptimize(true);
}

return JSValue::encode(jsUndefined());
}

EncodedJSValue JSC_HOST_CALL functionOptimizeNextInvocation(ExecState* exec)
{
return JSValue::encode(optimizeNextInvocation(exec));
@@ -117,6 +117,7 @@ ScriptExecutable::ScriptExecutable(Structure* structure, VM& vm, const SourceCod
, m_hasCapturedVariables(false)
, m_neverInline(false)
, m_neverOptimize(false)
, m_neverFTLOptimize(false)
, m_isArrowFunctionContext(isInArrowFunctionContext)
, m_derivedContextType(static_cast<unsigned>(derivedContextType))
, m_evalContextType(static_cast<unsigned>(evalContextType))
@@ -357,9 +357,11 @@ class ScriptExecutable : public ExecutableBase {

void setNeverInline(bool value) { m_neverInline = value; }
void setNeverOptimize(bool value) { m_neverOptimize = value; }
void setNeverFTLOptimize(bool value) { m_neverFTLOptimize = value; }
void setDidTryToEnterInLoop(bool value) { m_didTryToEnterInLoop = value; }
bool neverInline() const { return m_neverInline; }
bool neverOptimize() const { return m_neverOptimize; }
bool neverFTLOptimize() const { return m_neverFTLOptimize; }
bool didTryToEnterInLoop() const { return m_didTryToEnterInLoop; }
bool isInliningCandidate() const { return !neverInline(); }
bool isOkToOptimize() const { return !neverOptimize(); }
@@ -419,6 +421,7 @@ class ScriptExecutable : public ExecutableBase {
bool m_hasCapturedVariables : 1;
bool m_neverInline : 1;
bool m_neverOptimize : 1;
bool m_neverFTLOptimize : 1;
bool m_isArrowFunctionContext : 1;
unsigned m_derivedContextType : 2; // DerivedContextType
unsigned m_evalContextType : 2; // EvalContextType
@@ -0,0 +1,19 @@
function foo(a) {
return bar(a);
}
noFTL(foo);
noInline(foo);

function bar(a) {
return "bar" in a;
}
noInline(bar);

for (let i = 0; i < 1000000; i++) {
if (foo({}))
throw new Error("bad");
}

try {
foo("");
} catch (e) { }

0 comments on commit 6ce0e02

Please sign in to comment.