[webkit-changes] [WebKit/WebKit] fc1560: JIT operations should return the current exception...

Keith Miller Fri, 03 May 2024 22:04:05 -0700

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: fc1560bbe0bacc088faf2b65876379f39a324979
      
https://github.com/WebKit/WebKit/commit/fc1560bbe0bacc088faf2b65876379f39a324979
  Author: Keith Miller <keith_mil...@apple.com>
  Date:   2024-05-03 (Fri, 03 May 2024)


  Changed paths:
    M Source/JavaScriptCore/CMakeLists.txt
    M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
    M Source/JavaScriptCore/assembler/MacroAssembler.h
    M Source/JavaScriptCore/assembler/MacroAssemblerARM64.cpp
    M Source/JavaScriptCore/assembler/MacroAssemblerARMv7.cpp
    M Source/JavaScriptCore/assembler/MacroAssemblerRISCV64.cpp
    M Source/JavaScriptCore/assembler/MacroAssemblerX86Common.cpp
    M Source/JavaScriptCore/b3/B3Type.h
    M Source/JavaScriptCore/b3/B3Validate.cpp
    M Source/JavaScriptCore/b3/air/AirCCallingConvention.cpp
    M Source/JavaScriptCore/b3/testb3.h
    M Source/JavaScriptCore/b3/testb3_5.cpp
    M Source/JavaScriptCore/b3/testb3_6.cpp
    M Source/JavaScriptCore/b3/testb3_7.cpp
    M Source/JavaScriptCore/dfg/DFGAbstractInterpreter.h
    M Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
    M Source/JavaScriptCore/dfg/DFGArithMode.h
    M Source/JavaScriptCore/dfg/DFGArrayifySlowPathGenerator.h
    M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
    M Source/JavaScriptCore/dfg/DFGCallArrayAllocatorSlowPathGenerator.h
    M Source/JavaScriptCore/dfg/DFGCallCreateDirectArgumentsSlowPathGenerator.h
    M Source/JavaScriptCore/dfg/DFGJITCompiler.h
    M Source/JavaScriptCore/dfg/DFGOSRExit.cpp
    M Source/JavaScriptCore/dfg/DFGOSRExit.h
    M Source/JavaScriptCore/dfg/DFGOperations.cpp
    M Source/JavaScriptCore/dfg/DFGOperations.h
    M Source/JavaScriptCore/dfg/DFGSaneStringGetByValSlowPathGenerator.h
    M Source/JavaScriptCore/dfg/DFGSlowPathGenerator.h
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
    M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
    M Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp
    M Source/JavaScriptCore/ftl/FTLOSRExitCompiler.h
    M Source/JavaScriptCore/ftl/FTLOperations.cpp
    M Source/JavaScriptCore/ftl/FTLOperations.h
    M Source/JavaScriptCore/ftl/FTLOutput.cpp
    M Source/JavaScriptCore/ftl/FTLOutput.h
    M Source/JavaScriptCore/jit/AssemblyHelpers.cpp
    M Source/JavaScriptCore/jit/AssemblyHelpers.h
    M Source/JavaScriptCore/jit/CCallHelpers.h
    M Source/JavaScriptCore/jit/JIT.h
    M Source/JavaScriptCore/jit/JITCall.cpp
    M Source/JavaScriptCore/jit/JITInlines.h
    M Source/JavaScriptCore/jit/JITOperations.cpp
    M Source/JavaScriptCore/jit/JITOperations.h
    A Source/JavaScriptCore/jit/OperationResult.h
    M Source/JavaScriptCore/llint/LLIntThunks.h
    M Source/JavaScriptCore/runtime/AtomicsObject.cpp
    M Source/JavaScriptCore/runtime/CommonSlowPaths.h
    M Source/JavaScriptCore/runtime/ExceptionScope.h
    M Source/JavaScriptCore/runtime/HashMapImplInlines.h
    M Source/JavaScriptCore/runtime/MathCommon.cpp
    M Source/JavaScriptCore/runtime/MathCommon.h
    M Source/JavaScriptCore/runtime/StringPrototype.cpp
    M Source/JavaScriptCore/tools/JSDollarVM.cpp
    M Source/JavaScriptCore/wasm/WasmOperations.cpp
    M Source/JavaScriptCore/wasm/WasmOperations.h
    M Source/JavaScriptCore/yarr/YarrJIT.cpp
    M Source/WTF/wtf/PlatformCallingConventions.h
    M Source/WTF/wtf/Threading.cpp
    M Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
    M Source/WebCore/bindings/scripts/test/JS/JSTestDOMJIT.cpp
    M Source/WebCore/cssjit/SelectorCompiler.cpp
    M Source/WebCore/domjit/JSDocumentDOMJIT.cpp

  Log Message:
  -----------
  JIT operations should return the current exception in a return GPR when it's 
free.
https://bugs.webkit.org/show_bug.cgi?id=273264
rdar://127065985

Reviewed by Yusuke Suzuki.

This patch makes a lot of changes so that we can pass the current exception in 
a return register.

1) There's now a new set of macros for JIT_OPERATIONS that wrap the return type 
in a templated
   struct containing the true result and a pointer to the current exception if 
there's an extra
   return register in the C++ calling convention (and returning a `struct` 
won't push everything
   to the stack... armv7...).

2) Exception checking macro assembler functions take an optional register 
parameter, which is
   the register the exception is in, typically returnGPR2 but sometimes 
returnGPR.

3) Started moving FTL towards the same templated operation signature deduction 
of arguments used
   in the other JITs.

4) exception checks have been pushed into callOperation in DFG since that has 
the signature
   of the operation being called already.

5) We don't support exceptions in registers for double on ARM64 since that 
causes the double to
   be returned in x0 rather than d0. Also, FTL doesn't support 
`FastOperationResult<double/float>`
   since B3 can't handle that yet.

6) Add FTL::Output::verify which behaves like an assert by using a Check node.

7) FTL has a list of tuples for operation returns since we only use pairs this 
is just an LType[].

* Source/JavaScriptCore/CMakeLists.txt:
* Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj:
* Source/JavaScriptCore/b3/B3Type.h:
* Source/JavaScriptCore/b3/B3Validate.cpp:
* Source/JavaScriptCore/b3/air/AirCCallingConvention.cpp:
(JSC::B3::Air::cCallResultCount):
(JSC::B3::Air::cCallResult):
* Source/JavaScriptCore/dfg/DFGAbstractInterpreter.h:
* Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeDoubleUnaryOpEffects):
* Source/JavaScriptCore/dfg/DFGArithMode.h:
* Source/JavaScriptCore/dfg/DFGArrayifySlowPathGenerator.h:
* Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleDOMJITGetter):
(JSC::DFG::ByteCodeParser::handleGetById):
* Source/JavaScriptCore/dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
* Source/JavaScriptCore/dfg/DFGCallCreateDirectArgumentsSlowPathGenerator.h:
* Source/JavaScriptCore/dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::appendCall):
(JSC::DFG::JITCompiler::appendCallWithUGPRPair):
* Source/JavaScriptCore/dfg/DFGOperations.cpp:
(JSC::DFG::JSC_DEFINE_FAST_JIT_OPERATION):
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):
* Source/JavaScriptCore/dfg/DFGOperations.h:
* Source/JavaScriptCore/dfg/DFGSaneStringGetByValSlowPathGenerator.h:
* Source/JavaScriptCore/dfg/DFGSlowPathGenerator.h:
(JSC::DFG::slowPathMove):
(JSC::DFG::CallSlowPathGenerator::tearDown):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::exceptionCheck):
(JSC::DFG::SpeculativeJIT::compileDeleteById):
(JSC::DFG::SpeculativeJIT::compileDeleteByVal):
(JSC::DFG::SpeculativeJIT::compilePushWithScope):
(JSC::DFG::SpeculativeJIT::compileStringSubstring):
(JSC::DFG::SpeculativeJIT::compileToLowerCase):
(JSC::DFG::SpeculativeJIT::compilePutByVal):
(JSC::DFG::SpeculativeJIT::compileFromCharCode):
(JSC::DFG::SpeculativeJIT::compileValueToInt32):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::operationExceptionCheck):
(JSC::DFG::SpeculativeJIT::callOperation):
(JSC::DFG::SpeculativeJIT::callOperationWithoutExceptionCheck):
(JSC::DFG::SpeculativeJIT::appendCall):
(JSC::DFG::SpeculativeJIT::appendCallWithUGPRPair):
(JSC::DFG::SpeculativeJIT::appendCallSetResult):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
(JSC::DFG::SpeculativeJIT::genericJSValueNonPeepholeStrictEq):
(JSC::DFG::SpeculativeJIT::emitCall):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::compileGetByValWithThis):
(JSC::DFG::SpeculativeJIT::compileCreateClonedArguments):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
(JSC::DFG::SpeculativeJIT::genericJSValueNonPeepholeStrictEq):
(JSC::DFG::SpeculativeJIT::emitCall):
(JSC::DFG::SpeculativeJIT::compileGetByVal):
(JSC::DFG::SpeculativeJIT::compileRegExpTestInline):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::compileFunctionBind):
(JSC::DFG::SpeculativeJIT::compileCreateClonedArguments):
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileArrayify):
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
* Source/JavaScriptCore/ftl/FTLOutput.cpp:
(JSC::FTL::Output::verify):
* Source/JavaScriptCore/ftl/FTLOutput.h:
* Source/JavaScriptCore/jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::emitExceptionCheck):
(JSC::AssemblyHelpers::emitNonPatchableExceptionCheck):
* Source/JavaScriptCore/jit/AssemblyHelpers.h:
* Source/JavaScriptCore/jit/CCallHelpers.h:
(JSC::CCallHelpers::setupResults):
* Source/JavaScriptCore/jit/JIT.h:
* Source/JavaScriptCore/jit/JITCall.cpp:
(JSC::JIT::compileSetupFrame):
* Source/JavaScriptCore/jit/JITInlines.h:
(JSC::JIT::appendCallWithExceptionCheck):
(JSC::JIT::appendCallSetJSValueResult):
(JSC::JIT::appendCallWithExceptionCheckSetJSValueResult):
(JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
* Source/JavaScriptCore/jit/JITOperations.cpp:
(JSC::JSC_DEFINE_FAST_JIT_OPERATION):
(JSC::JSC_DEFINE_JIT_OPERATION):
* Source/JavaScriptCore/jit/JITOperations.h:
* Source/JavaScriptCore/jit/OperationResult.h: Added.
(JSC::fastOperationExceptionRegister):
(JSC::FastOperationImplicitResult::operator FastOperationResult<To>):
(JSC::FastOperationImplicitResult::operator To):
(JSC::FastOperationImplicitResult<void>::operator FastOperationResult<void>):
(JSC::makeOperationResult):
* Source/JavaScriptCore/llint/LLIntThunks.h:
* Source/JavaScriptCore/runtime/ExceptionScope.h:
(JSC::ExceptionScope::exception const):
* Source/JavaScriptCore/runtime/HashMapImplInlines.h:
(JSC::HashMapImpl<HashMapBucketType>::addNormalized):
* Source/JavaScriptCore/tools/JSDollarVM.cpp:
* Source/WTF/wtf/Threading.cpp:
(WTF::Thread::mayBeGCThread):
* Source/WebCore/bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation):
(GenerateOperationDefinition):
* Source/WebCore/bindings/scripts/test/JS/JSTestDOMJIT.cpp:
(WebCore::JSTestDOMJITDOMConstructor::prototypeForStructure):
(WebCore::JSC_DEFINE_FAST_JIT_OPERATION):
(WebCore::JSC_DEFINE_JIT_OPERATION): Deleted.
* Source/WebCore/domjit/DOMJITHelpers.h:
* Source/WebCore/domjit/JSDocumentDOMJIT.cpp:
(WebCore::DOMJIT::JSC_DEFINE_FAST_JIT_OPERATION):
(WebCore::DOMJIT::JSC_DEFINE_JIT_OPERATION): Deleted.

Canonical link: https://commits.webkit.org/278366@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [WebKit/WebKit] fc1560: JIT operations should return the current exception...

Reply via email to