Diff
Modified: releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/ChangeLog (293151 => 293152)
--- releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/ChangeLog 2022-04-21 09:51:02 UTC (rev 293151)
+++ releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/ChangeLog 2022-04-21 09:51:10 UTC (rev 293152)
@@ -1,3 +1,46 @@
+2022-03-03 Saam Barati <sbar...@apple.com>
+
+ Add a DeferTraps scope
+ https://bugs.webkit.org/show_bug.cgi?id=237306
+ <rdar://83494949>
+
+ Reviewed by Mark Lam.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::CodeBlock):
+ (JSC::CodeBlock::jettison):
+ (JSC::CodeBlock::noticeIncomingCall):
+ * bytecode/CodeBlock.h:
+ * bytecode/RepatchInlines.h:
+ (JSC::linkFor):
+ (JSC::virtualForWithFunction):
+ * dfg/DFGOperations.cpp:
+ (JSC::DFG::JSC_DEFINE_JIT_OPERATION):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::executeProgram):
+ (JSC::Interpreter::executeCall):
+ (JSC::Interpreter::executeConstruct):
+ (JSC::Interpreter::execute):
+ (JSC::Interpreter::executeModuleProgram):
+ * interpreter/InterpreterInlines.h:
+ (JSC::Interpreter::execute):
+ * llint/LLIntSlowPaths.cpp:
+ (JSC::LLInt::setUpCall):
+ * runtime/ExceptionScope.h:
+ * runtime/ScriptExecutable.cpp:
+ (JSC::ScriptExecutable::installCode):
+ * runtime/VMTraps.cpp:
+ (JSC::VMTraps::handleTraps):
+ (JSC::VMTraps::takeTopPriorityTrap):
+ * runtime/VMTraps.h:
+ (JSC::VMTraps::needHandling const):
+ (JSC::VMTraps::maybeNeedHandling const):
+ (JSC::VMTraps::hasTrapBit):
+ (JSC::VMTraps::setTrapBit):
+ * runtime/VMTrapsInlines.h:
+ (JSC::DeferTraps::DeferTraps):
+ (JSC::DeferTraps::~DeferTraps):
+
2022-03-01 Michael Catanzaro <mcatanz...@gnome.org>
Misc compiler warnings, late Feb 2022 edition
Modified: releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/bytecode/CodeBlock.cpp (293151 => 293152)
--- releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/bytecode/CodeBlock.cpp 2022-04-21 09:51:02 UTC (rev 293151)
+++ releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/bytecode/CodeBlock.cpp 2022-04-21 09:51:10 UTC (rev 293152)
@@ -279,6 +279,7 @@
, m_didFailJITCompilation(false)
, m_didFailFTLCompilation(false)
, m_hasBeenCompiledWithFTL(false)
+ , m_isJettisoned(false)
, m_numCalleeLocals(other.m_numCalleeLocals)
, m_numVars(other.m_numVars)
, m_numberOfArgumentsToSkip(other.m_numberOfArgumentsToSkip)
@@ -330,6 +331,7 @@
, m_didFailJITCompilation(false)
, m_didFailFTLCompilation(false)
, m_hasBeenCompiledWithFTL(false)
+ , m_isJettisoned(false)
, m_numCalleeLocals(unlinkedCodeBlock->numCalleeLocals())
, m_numVars(unlinkedCodeBlock->numVars())
, m_hasDebuggerStatement(false)
@@ -2190,6 +2192,8 @@
VM& vm = *m_vm;
+ m_isJettisoned = true;
+
CodeBlock* codeBlock = this; // Placate GCC for use in CODEBLOCK_LOG_EVENT (does not like this).
CODEBLOCK_LOG_EVENT(codeBlock, "jettison", ("due to ", reason, ", counting = ", mode == CountReoptimization, ", detail = ", pointerDump(detail)));
@@ -2356,6 +2360,8 @@
void CodeBlock::noticeIncomingCall(CallFrame* callerFrame)
{
+ RELEASE_ASSERT(!m_isJettisoned);
+
CodeBlock* callerCodeBlock = callerFrame->codeBlock();
dataLogLnIf(Options::verboseCallLink(), "Noticing call link from ", pointerDump(callerCodeBlock), " to ", *this);
Modified: releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/bytecode/CodeBlock.h (293151 => 293152)
--- releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/bytecode/CodeBlock.h 2022-04-21 09:51:02 UTC (rev 293151)
+++ releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/bytecode/CodeBlock.h 2022-04-21 09:51:10 UTC (rev 293152)
@@ -774,6 +774,7 @@
bool m_didFailJITCompilation : 1;
bool m_didFailFTLCompilation : 1;
bool m_hasBeenCompiledWithFTL : 1;
+ bool m_isJettisoned : 1;
bool m_visitChildrenSkippedDueToOldAge { false };
Modified: releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/bytecode/RepatchInlines.h (293151 => 293152)
--- releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/bytecode/RepatchInlines.h 2022-04-21 09:51:02 UTC (rev 293151)
+++ releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/bytecode/RepatchInlines.h 2022-04-21 09:51:10 UTC (rev 293152)
@@ -27,6 +27,8 @@
#include "Repatch.h"
+#include "VMTrapsInlines.h"
+
namespace JSC {
inline SlowPathReturnType handleHostCall(JSGlobalObject* globalObject, CallFrame* calleeFrame, JSValue callee, CallLinkInfo* callLinkInfo)
@@ -124,6 +126,9 @@
MacroAssemblerCodePtr<JSEntryPtrTag> codePtr;
CodeBlock* codeBlock = nullptr;
+
+ DeferTraps deferTraps(vm); // We can't jettison any code until after we link the call.
+
if (executable->isHostFunction()) {
codePtr = jsToWasmICCodePtr(vm, kind, callee);
if (!codePtr)
@@ -187,6 +192,9 @@
JSFunction* function = jsCast<JSFunction*>(calleeAsFunctionCell);
JSScope* scope = function->scopeUnchecked();
ExecutableBase* executable = function->executable();
+
+ DeferTraps deferTraps(vm); // We can't jettison if we're going to call this CodeBlock.
+
if (UNLIKELY(!executable->hasJITCodeFor(kind))) {
FunctionExecutable* functionExecutable = static_cast<FunctionExecutable*>(executable);
Modified: releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/dfg/DFGOperations.cpp (293151 => 293152)
--- releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/dfg/DFGOperations.cpp 2022-04-21 09:51:02 UTC (rev 293151)
+++ releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/dfg/DFGOperations.cpp 2022-04-21 09:51:10 UTC (rev 293152)
@@ -78,6 +78,7 @@
#include "Symbol.h"
#include "TypeProfilerLog.h"
#include "VMInlines.h"
+#include "VMTrapsInlines.h"
#if ENABLE(JIT)
#if ENABLE(DFG_JIT)
@@ -3712,6 +3713,8 @@
// https://bugs.webkit.org/show_bug.cgi?id=220339
MacroAssemblerCodePtr<JSEntryPtrTag> codePtr;
CodeBlock* codeBlock = nullptr;
+ DeferTraps deferTraps(vm); // We can't jettison this code if we're about to link to it.
+
if (executable->isHostFunction())
codePtr = executable->entrypointFor(kind, MustCheckArity);
else {
Modified: releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/interpreter/Interpreter.cpp (293151 => 293152)
--- releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/interpreter/Interpreter.cpp 2022-04-21 09:51:02 UTC (rev 293151)
+++ releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/interpreter/Interpreter.cpp 2022-04-21 09:51:10 UTC (rev 293152)
@@ -923,22 +923,26 @@
if (scope->structure(vm)->isUncacheableDictionary())
scope->flattenDictionaryObject(vm);
- ProgramCodeBlock* codeBlock;
+ RefPtr<JITCode> jitCode;
+ ProtoCallFrame protoCallFrame;
{
- CodeBlock* tempCodeBlock;
- program->prepareForExecution<ProgramExecutable>(vm, nullptr, scope, CodeForCall, tempCodeBlock);
- RETURN_IF_EXCEPTION(throwScope, checkedReturn(throwScope.exception()));
+ DeferTraps deferTraps(vm); // We can't jettison this code if we're about to run it.
- codeBlock = jsCast<ProgramCodeBlock*>(tempCodeBlock);
- ASSERT(codeBlock && codeBlock->numParameters() == 1); // 1 parameter for 'this'.
- }
+ ProgramCodeBlock* codeBlock;
+ {
+ CodeBlock* tempCodeBlock;
+ program->prepareForExecution<ProgramExecutable>(vm, nullptr, scope, CodeForCall, tempCodeBlock);
+ RETURN_IF_EXCEPTION(throwScope, checkedReturn(throwScope.exception()));
- RefPtr<JITCode> jitCode;
- ProtoCallFrame protoCallFrame;
- {
- DisallowGC disallowGC; // Ensure no GC happens. GC can replace CodeBlock in Executable.
- jitCode = program->generatedJITCode();
- protoCallFrame.init(codeBlock, globalObject, globalCallee, thisObj, 1);
+ codeBlock = jsCast<ProgramCodeBlock*>(tempCodeBlock);
+ ASSERT(codeBlock && codeBlock->numParameters() == 1); // 1 parameter for 'this'.
+ }
+
+ {
+ DisallowGC disallowGC; // Ensure no GC happens. GC can replace CodeBlock in Executable.
+ jitCode = program->generatedJITCode();
+ protoCallFrame.init(codeBlock, globalObject, globalCallee, thisObj, 1);
+ }
}
// Execute the code:
@@ -985,23 +989,27 @@
return throwScope.exception();
}
- CodeBlock* newCodeBlock = nullptr;
- if (isJSCall) {
- // Compile the callee:
- callData.js.functionExecutable->prepareForExecution<FunctionExecutable>(vm, jsCast<JSFunction*>(function), scope, CodeForCall, newCodeBlock);
- RETURN_IF_EXCEPTION(throwScope, checkedReturn(throwScope.exception()));
-
- ASSERT(newCodeBlock);
- newCodeBlock->m_shouldAlwaysBeInlined = false;
- }
-
RefPtr<JITCode> jitCode;
ProtoCallFrame protoCallFrame;
{
- DisallowGC disallowGC; // Ensure no GC happens. GC can replace CodeBlock in Executable.
- if (isJSCall)
- jitCode = callData.js.functionExecutable->generatedJITCodeForCall();
- protoCallFrame.init(newCodeBlock, globalObject, function, thisValue, argsCount, args.data());
+ DeferTraps deferTraps(vm); // We can't jettison this code if we're about to run it.
+
+ CodeBlock* newCodeBlock = nullptr;
+ if (isJSCall) {
+ // Compile the callee:
+ callData.js.functionExecutable->prepareForExecution<FunctionExecutable>(vm, jsCast<JSFunction*>(function), scope, CodeForCall, newCodeBlock);
+ RETURN_IF_EXCEPTION(throwScope, checkedReturn(throwScope.exception()));
+
+ ASSERT(newCodeBlock);
+ newCodeBlock->m_shouldAlwaysBeInlined = false;
+ }
+
+ {
+ DisallowGC disallowGC; // Ensure no GC happens. GC can replace CodeBlock in Executable.
+ if (isJSCall)
+ jitCode = callData.js.functionExecutable->generatedJITCodeForCall();
+ protoCallFrame.init(newCodeBlock, globalObject, function, thisValue, argsCount, args.data());
+ }
}
JSValue result;
@@ -1061,23 +1069,27 @@
return nullptr;
}
- CodeBlock* newCodeBlock = nullptr;
- if (isJSConstruct) {
- // Compile the callee:
- constructData.js.functionExecutable->prepareForExecution<FunctionExecutable>(vm, jsCast<JSFunction*>(constructor), scope, CodeForConstruct, newCodeBlock);
- RETURN_IF_EXCEPTION(throwScope, nullptr);
-
- ASSERT(newCodeBlock);
- newCodeBlock->m_shouldAlwaysBeInlined = false;
- }
-
RefPtr<JITCode> jitCode;
ProtoCallFrame protoCallFrame;
{
- DisallowGC disallowGC; // Ensure no GC happens. GC can replace CodeBlock in Executable.
- if (isJSConstruct)
- jitCode = constructData.js.functionExecutable->generatedJITCodeForConstruct();
- protoCallFrame.init(newCodeBlock, globalObject, constructor, newTarget, argsCount, args.data());
+ DeferTraps deferTraps(vm); // We can't jettison this code if we're about to run it.
+
+ CodeBlock* newCodeBlock = nullptr;
+ if (isJSConstruct) {
+ // Compile the callee:
+ constructData.js.functionExecutable->prepareForExecution<FunctionExecutable>(vm, jsCast<JSFunction*>(constructor), scope, CodeForConstruct, newCodeBlock);
+ RETURN_IF_EXCEPTION(throwScope, nullptr);
+
+ ASSERT(newCodeBlock);
+ newCodeBlock->m_shouldAlwaysBeInlined = false;
+ }
+
+ {
+ DisallowGC disallowGC; // Ensure no GC happens. GC can replace CodeBlock in Executable.
+ if (isJSConstruct)
+ jitCode = constructData.js.functionExecutable->generatedJITCodeForConstruct();
+ protoCallFrame.init(newCodeBlock, globalObject, constructor, newTarget, argsCount, args.data());
+ }
}
JSValue result;
@@ -1269,22 +1281,26 @@
else
callee = JSCallee::create(vm, globalObject, scope);
- // Reload CodeBlock. It is possible that we replaced CodeBlock while setting up the environment.
+ RefPtr<JITCode> jitCode;
+ ProtoCallFrame protoCallFrame;
{
- CodeBlock* tempCodeBlock;
- eval->prepareForExecution<EvalExecutable>(vm, nullptr, scope, CodeForCall, tempCodeBlock);
- RETURN_IF_EXCEPTION(throwScope, checkedReturn(throwScope.exception()));
+ DeferTraps deferTraps(vm); // We can't jettison this code if we're about to run it.
- codeBlock = jsCast<EvalCodeBlock*>(tempCodeBlock);
- ASSERT(codeBlock && codeBlock->numParameters() == 1); // 1 parameter for 'this'.
- }
+ // Reload CodeBlock. It is possible that we replaced CodeBlock while setting up the environment.
+ {
+ CodeBlock* tempCodeBlock;
+ eval->prepareForExecution<EvalExecutable>(vm, nullptr, scope, CodeForCall, tempCodeBlock);
+ RETURN_IF_EXCEPTION(throwScope, checkedReturn(throwScope.exception()));
- RefPtr<JITCode> jitCode;
- ProtoCallFrame protoCallFrame;
- {
- DisallowGC disallowGC; // Ensure no GC happens. GC can replace CodeBlock in Executable.
- jitCode = eval->generatedJITCode();
- protoCallFrame.init(codeBlock, globalObject, callee, thisValue, 1);
+ codeBlock = jsCast<EvalCodeBlock*>(tempCodeBlock);
+ ASSERT(codeBlock && codeBlock->numParameters() == 1); // 1 parameter for 'this'.
+ }
+
+ {
+ DisallowGC disallowGC; // Ensure no GC happens. GC can replace CodeBlock in Executable.
+ jitCode = eval->generatedJITCode();
+ protoCallFrame.init(codeBlock, globalObject, callee, thisValue, 1);
+ }
}
// Execute the code:
@@ -1326,17 +1342,8 @@
const unsigned numberOfArguments = static_cast<unsigned>(AbstractModuleRecord::Argument::NumberOfArguments);
JSCallee* callee = JSCallee::create(vm, globalObject, scope);
- ModuleProgramCodeBlock* codeBlock;
- {
- CodeBlock* tempCodeBlock;
- executable->prepareForExecution<ModuleProgramExecutable>(vm, nullptr, scope, CodeForCall, tempCodeBlock);
- RETURN_IF_EXCEPTION(throwScope, checkedReturn(throwScope.exception()));
+ RefPtr<JITCode> jitCode;
- codeBlock = jsCast<ModuleProgramCodeBlock*>(tempCodeBlock);
- ASSERT(codeBlock && codeBlock->numParameters() == numberOfArguments + 1);
- }
-
- RefPtr<JITCode> jitCode;
ProtoCallFrame protoCallFrame;
JSValue args[numberOfArguments] = {
record,
@@ -1347,17 +1354,32 @@
};
{
- DisallowGC disallowGC; // Ensure no GC happens. GC can replace CodeBlock in Executable.
- jitCode = executable->generatedJITCode();
+ DeferTraps deferTraps(vm); // We can't jettison this code if we're about to run it.
- // The |this| of the module is always `undefined`.
- // http://www.ecma-international.org/ecma-262/6.0/#sec-module-environment-records-hasthisbinding
- // http://www.ecma-international.org/ecma-262/6.0/#sec-module-environment-records-getthisbinding
- protoCallFrame.init(codeBlock, globalObject, callee, jsUndefined(), numberOfArguments + 1, args);
+ ModuleProgramCodeBlock* codeBlock;
+ {
+ CodeBlock* tempCodeBlock;
+ executable->prepareForExecution<ModuleProgramExecutable>(vm, nullptr, scope, CodeForCall, tempCodeBlock);
+ RETURN_IF_EXCEPTION(throwScope, checkedReturn(throwScope.exception()));
+
+ codeBlock = jsCast<ModuleProgramCodeBlock*>(tempCodeBlock);
+ ASSERT(codeBlock && codeBlock->numParameters() == numberOfArguments + 1);
+ }
+
+
+ {
+ DisallowGC disallowGC; // Ensure no GC happens. GC can replace CodeBlock in Executable.
+ jitCode = executable->generatedJITCode();
+
+ // The |this| of the module is always `undefined`.
+ // http://www.ecma-international.org/ecma-262/6.0/#sec-module-environment-records-hasthisbinding
+ // http://www.ecma-international.org/ecma-262/6.0/#sec-module-environment-records-getthisbinding
+ protoCallFrame.init(codeBlock, globalObject, callee, jsUndefined(), numberOfArguments + 1, args);
+ }
+
+ record->internalField(JSModuleRecord::Field::State).set(vm, record, jsNumber(static_cast<int>(JSModuleRecord::State::Executing)));
}
- record->internalField(JSModuleRecord::Field::State).set(vm, record, jsNumber(static_cast<int>(JSModuleRecord::State::Executing)));
-
// Execute the code:
throwScope.release();
ASSERT(jitCode == executable->generatedJITCode().ptr());
Modified: releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/interpreter/InterpreterInlines.h (293151 => 293152)
--- releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/interpreter/InterpreterInlines.h 2022-04-21 09:51:02 UTC (rev 293151)
+++ releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/interpreter/InterpreterInlines.h 2022-04-21 09:51:10 UTC (rev 293152)
@@ -36,6 +36,7 @@
#include "LLIntData.h"
#include "ProtoCallFrameInlines.h"
#include "UnlinkedCodeBlock.h"
+#include "VMTrapsInlines.h"
#include <wtf/UnalignedAccess.h>
namespace JSC {
@@ -86,21 +87,25 @@
return throwScope.exception();
}
- // Reload CodeBlock since GC can replace CodeBlock owned by Executable.
- CodeBlock* codeBlock;
- closure.functionExecutable->prepareForExecution<FunctionExecutable>(vm, closure.function, closure.scope, CodeForCall, codeBlock);
- RETURN_IF_EXCEPTION(throwScope, checkedReturn(throwScope.exception()));
+ {
+ DeferTraps deferTraps(vm); // We can't jettison this code if we're about to run it.
- ASSERT(codeBlock);
- codeBlock->m_shouldAlwaysBeInlined = false;
- {
- DisallowGC disallowGC; // Ensure no GC happens. GC can replace CodeBlock in Executable.
- closure.protoCallFrame->setCodeBlock(codeBlock);
+ // Reload CodeBlock since GC can replace CodeBlock owned by Executable.
+ CodeBlock* codeBlock;
+ closure.functionExecutable->prepareForExecution<FunctionExecutable>(vm, closure.function, closure.scope, CodeForCall, codeBlock);
+ RETURN_IF_EXCEPTION(throwScope, checkedReturn(throwScope.exception()));
+
+ ASSERT(codeBlock);
+ codeBlock->m_shouldAlwaysBeInlined = false;
+ {
+ DisallowGC disallowGC; // Ensure no GC happens. GC can replace CodeBlock in Executable.
+ closure.protoCallFrame->setCodeBlock(codeBlock);
+ }
}
+
// Execute the code:
throwScope.release();
JSValue result = closure.functionExecutable->generatedJITCodeForCall()->execute(&vm, closure.protoCallFrame);
-
return checkedReturn(result);
}
Modified: releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/llint/LLIntSlowPaths.cpp (293151 => 293152)
--- releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/llint/LLIntSlowPaths.cpp 2022-04-21 09:51:02 UTC (rev 293151)
+++ releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/llint/LLIntSlowPaths.cpp 2022-04-21 09:51:10 UTC (rev 293152)
@@ -66,6 +66,7 @@
#include "ShadowChicken.h"
#include "SuperSampler.h"
#include "VMInlines.h"
+#include "VMTrapsInlines.h"
#include <wtf/NeverDestroyed.h>
#include <wtf/StringPrintStream.h>
@@ -1904,8 +1905,9 @@
JSScope* scope = callee->scopeUnchecked();
ExecutableBase* executable = callee->executable();
+ DeferTraps deferTraps(vm); // We can't jettison this code if we're about to run it.
+
MacroAssemblerCodePtr<JSEntryPtrTag> codePtr;
- CodeBlock* codeBlock = nullptr;
// FIXME: Support wasm IC.
// https://bugs.webkit.org/show_bug.cgi?id=220339
if (executable->isHostFunction())
@@ -1919,7 +1921,7 @@
functionExecutable->prepareForExecution<FunctionExecutable>(vm, callee, scope, kind, *codeBlockSlot);
LLINT_CALL_CHECK_EXCEPTION(globalObject);
- codeBlock = *codeBlockSlot;
+ CodeBlock* codeBlock = *codeBlockSlot;
ASSERT(codeBlock);
ArityCheckMode arity;
Modified: releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/runtime/ExceptionScope.h (293151 => 293152)
--- releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/runtime/ExceptionScope.h 2022-04-21 09:51:02 UTC (rev 293151)
+++ releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/runtime/ExceptionScope.h 2022-04-21 09:51:10 UTC (rev 293152)
@@ -110,7 +110,7 @@
#define RETURN_IF_EXCEPTION(scope__, value__) do { \
JSC::VM& vm = (scope__).vm(); \
ASSERT(!!(scope__).exception() == vm.traps().needHandling(JSC::VMTraps::NeedExceptionHandling)); \
- if (UNLIKELY(vm.traps().needHandling(JSC::VMTraps::NonDebuggerEvents))) { \
+ if (UNLIKELY(vm.traps().maybeNeedHandling(JSC::VMTraps::NonDebuggerEvents))) { \
if (vm.hasExceptionsAfterHandlingTraps()) \
return value__; \
} \
Modified: releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/runtime/ScriptExecutable.cpp (293151 => 293152)
--- releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/runtime/ScriptExecutable.cpp 2022-04-21 09:51:02 UTC (rev 293151)
+++ releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/runtime/ScriptExecutable.cpp 2022-04-21 09:51:10 UTC (rev 293152)
@@ -196,6 +196,8 @@
if (genericCodeBlock) {
RELEASE_ASSERT(genericCodeBlock->ownerExecutable() == this);
RELEASE_ASSERT(JITCode::isExecutableScript(genericCodeBlock->jitType()));
+
+ genericCodeBlock->m_isJettisoned = false;
dataLogLnIf(Options::verboseOSR(), "Installing ", *genericCodeBlock);
Modified: releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/runtime/VMTraps.cpp (293151 => 293152)
--- releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/runtime/VMTraps.cpp 2022-04-21 09:51:02 UTC (rev 293151)
+++ releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/runtime/VMTraps.cpp 2022-04-21 09:51:10 UTC (rev 293152)
@@ -349,6 +349,7 @@
auto scope = DECLARE_THROW_SCOPE(vm);
ASSERT(onlyContainsAsyncEvents(mask));
ASSERT(needHandling(mask));
+ ASSERT(!hasTrapBit(DeferTrapHandling));
if (isDeferringTermination())
mask &= ~NeedTermination;
@@ -390,6 +391,7 @@
return;
case NeedExceptionHandling:
+ case DeferTrapHandling:
default:
RELEASE_ASSERT_NOT_REACHED();
}
@@ -402,7 +404,7 @@
// Note: the EventBitShift is already sorted in highest to lowest priority
// i.e. a bit shift of 0 is highest priority, etc.
- for (int i = 0; i < NumberOfEvents; ++i) {
+ for (unsigned i = 0; i < NumberOfEvents; ++i) {
Event event = static_cast<Event>(1 << i);
if (hasTrapBit(event, mask)) {
clearTrapBit(event);
Modified: releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/runtime/VMTraps.h (293151 => 293152)
--- releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/runtime/VMTraps.h 2022-04-21 09:51:02 UTC (rev 293151)
+++ releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/runtime/VMTraps.h 2022-04-21 09:51:10 UTC (rev 293152)
@@ -149,15 +149,21 @@
v(NeedTermination) \
v(NeedWatchdogCheck) \
v(NeedDebuggerBreak) \
- v(NeedExceptionHandling)
+ v(NeedExceptionHandling) \
+ v(DeferTrapHandling) // Must come last in the enum. This defers all events except NeedExceptionHandling.
#define DECLARE_VMTRAPS_EVENT_BIT_SHIFT(event__) event__##BitShift,
enum EventBitShift {
FOR_EACH_VMTRAPS_EVENTS(DECLARE_VMTRAPS_EVENT_BIT_SHIFT)
- NumberOfEvents, // This entry must be last in this list.
};
#undef DECLARE_VMTRAPS_EVENT_BIT_SHIFT
+
+#define COUNT_EVENT(event) + 1
+ static constexpr BitField NumberOfEvents = FOR_EACH_VMTRAPS_EVENTS(COUNT_EVENT) - 1; // Don't count DeferTrapHandling.
+ static constexpr BitField NumberOfEventsIncludingDefer = FOR_EACH_VMTRAPS_EVENTS(COUNT_EVENT);
+#undef COUNT_EVENT
+
using Event = BitField;
#define DECLARE_VMTRAPS_EVENT(event__) \
@@ -170,8 +176,9 @@
static constexpr Event NoEvent = 0;
- static_assert(NumberOfEvents <= bitsInBitField);
+ static_assert(NumberOfEventsIncludingDefer <= bitsInBitField);
static constexpr BitField AllEvents = (1ull << NumberOfEvents) - 1;
+ static constexpr BitField AllEventsIncludingDefer = (1ull << NumberOfEventsIncludingDefer) - 1;
static constexpr BitField AsyncEvents = AllEvents & ~NeedExceptionHandling;
static constexpr BitField NonDebuggerEvents = AllEvents & ~NeedDebuggerBreak;
static constexpr BitField NonDebuggerAsyncEvents = AsyncEvents & ~NeedDebuggerBreak;
@@ -188,7 +195,15 @@
void willDestroyVM();
- bool needHandling(BitField mask) const { return m_trapBits.loadRelaxed() & mask; }
+ ALWAYS_INLINE bool needHandling(BitField mask) const
+ {
+ auto maskedValue = m_trapBits.loadRelaxed() & (mask | DeferTrapHandling);
+ if (UNLIKELY(maskedValue))
+ return (maskedValue & NeedExceptionHandling) || !(maskedValue & DeferTrapHandling);
+ return false;
+ }
+ // Designed to be a fast check to rule out if we might need handling, and we need to ensure needHandling on the slow path.
+ ALWAYS_INLINE bool maybeNeedHandling(BitField mask) const { return m_trapBits.loadRelaxed() & mask; }
void* trapBitsAddress() { return &m_trapBits; }
enum class DeferAction {
@@ -206,6 +221,10 @@
invalidateCodeBlocksOnStack();
}
+ bool hasTrapBit(Event event)
+ {
+ return m_trapBits.loadRelaxed() & event;
+ }
bool hasTrapBit(Event event, BitField mask)
{
BitField maskedBits = event & mask;
@@ -214,7 +233,7 @@
void clearTrapBit(Event event) { m_trapBits.exchangeAnd(~event); }
void setTrapBit(Event event)
{
- ASSERT((event & ~AllEvents) == 0);
+ ASSERT((event & ~AllEventsIncludingDefer) == 0);
m_trapBits.exchangeOr(event);
}
@@ -266,4 +285,13 @@
friend class SignalSender;
};
+class DeferTraps {
+public:
+ DeferTraps(VM&);
+ ~DeferTraps();
+private:
+ VMTraps& m_traps;
+ bool m_isActive;
+};
+
} // namespace JSC
Modified: releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/runtime/VMTrapsInlines.h (293151 => 293152)
--- releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/runtime/VMTrapsInlines.h 2022-04-21 09:51:02 UTC (rev 293151)
+++ releases/WebKitGTK/webkit-2.36/Source/_javascript_Core/runtime/VMTrapsInlines.h 2022-04-21 09:51:10 UTC (rev 293152)
@@ -50,4 +50,18 @@
undoDeferTerminationSlow(deferAction);
}
+ALWAYS_INLINE DeferTraps::DeferTraps(VM& vm)
+ : m_traps(vm.traps())
+ , m_isActive(!m_traps.hasTrapBit(VMTraps::DeferTrapHandling))
+{
+ if (m_isActive)
+ m_traps.setTrapBit(VMTraps::DeferTrapHandling);
+}
+
+ALWAYS_INLINE DeferTraps::~DeferTraps()
+{
+ if (m_isActive)
+ m_traps.clearTrapBit(VMTraps::DeferTrapHandling);
+}
+
} // namespace JSC
