-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
exceptions can't always be checked under silent spill in DFG #28709
exceptions can't always be checked under silent spill in DFG #28709
Conversation
e26f77b
to
69bd390
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
r=me
EWS run on previous version of this PR (hash 69bd390) |
69bd390
to
c50b46c
Compare
EWS run on current version of this PR (hash c50b46c) |
EWS run on previous version of this PR (hash e26f77b) |
c50b46c
to
caea0dc
Compare
https://bugs.webkit.org/show_bug.cgi?id=274291 rdar://128067350 Reviewed by Yusuke Suzuki. If we're catching an exception in the same DFG frame it's potentially not safe to check for exceptions under a silent spill. This is because the OSR exit ramp does not know about the silent spill. So values will not be restored. There were a couple of possible fixes: 1) teach the DFGVariableEventStream about exceptions under silent spill. 2) add extra metadata about the fact we’re under a silent spill and silent fill before hitting the OSR exit ramp. 3) move the exception to an unused gpr until we can silent fill if needed. I went with option 3. 1. has the problem that it's complicated and might be a memory regression. 2. could bloat code size. I also noticed that my `requires (!OperationHasResult<T>)` checks were not properly eliminating overloads. This is because when you do e.g. `requires (!OperationHasResult<int>)` the `OperationHasResult<int>` will fail SFINAE but that just makes the concept false which then becomes true in the requirement. Instead we now have a new `OperationIsVoid<T>` concept. * JSTests/stress/stack-overflow-in-scope-with-catch.js: Added. (foo.catch.Set.Symbol.hasInstance): (foo.finally.bar): (foo.goo.baz): (foo.goo): (foo): * Source/JavaScriptCore/dfg/DFGArrayifySlowPathGenerator.h: * Source/JavaScriptCore/dfg/DFGCallArrayAllocatorSlowPathGenerator.h: * Source/JavaScriptCore/dfg/DFGCallCreateDirectArgumentsSlowPathGenerator.h: * Source/JavaScriptCore/dfg/DFGSaneStringGetByValSlowPathGenerator.h: * Source/JavaScriptCore/dfg/DFGSilentRegisterSavePlan.h: (JSC::DFG::SilentRegisterSavePlan::SilentRegisterSavePlan): (JSC::DFG::SilentRegisterSavePlan::reg const): (JSC::DFG::SilentRegisterSavePlan::gpr const): (JSC::DFG::SilentRegisterSavePlan::fpr const): * Source/JavaScriptCore/dfg/DFGSlowPathGenerator.h: (JSC::DFG::CallSlowPathGenerator::setUp): (JSC::DFG::CallSlowPathGenerator::tearDown): * Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::exceptionCheck): (JSC::DFG::SpeculativeJIT::silentSpillImpl): (JSC::DFG::SpeculativeJIT::silentFillImpl): (JSC::DFG::SpeculativeJIT::compileToLowerCase): (JSC::DFG::SpeculativeJIT::silentSpill): Deleted. (JSC::DFG::SpeculativeJIT::silentFill): Deleted. * Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h: (JSC::DFG::SpeculativeJIT::spillPlanInterferesWithReg): (JSC::DFG::SpeculativeJIT::silentSpill): (JSC::DFG::SpeculativeJIT::silentFill): (JSC::DFG::SpeculativeJIT::silentSpillAllRegistersImpl): (JSC::DFG::SpeculativeJIT::silentFillAllRegisters): (JSC::DFG::SpeculativeJIT::operationExceptionCheck): (JSC::DFG::SpeculativeJIT::callOperation): (JSC::DFG::SpeculativeJIT::tryHandleOrGetExceptionUnderSilentSpill): (JSC::DFG::SpeculativeJIT::callOperationWithSilentSpill): * Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): (JSC::DFG::SpeculativeJIT::genericJSValueNonPeepholeStrictEq): (JSC::DFG::SpeculativeJIT::emitCall): (JSC::DFG::SpeculativeJIT::compileGetByVal): (JSC::DFG::SpeculativeJIT::compile): * Source/JavaScriptCore/jit/GPRInfo.h: (JSC::NoOverlapImpl::noOverlapImpl): * Source/JavaScriptCore/jit/OperationResult.h: * Source/JavaScriptCore/jit/Reg.h: Canonical link: https://commits.webkit.org/279031@main
caea0dc
to
d1282e0
Compare
Committed 279031@main (d1282e0): https://commits.webkit.org/279031@main Reviewed commits have been landed. Closing PR #28709 and removing active labels. |
d1282e0
c50b46c
🧪 wpe-wk2🧪 wincairo-tests🧪 ios-wk2-wpt🧪 api-ios🧪 gtk-wk2🛠 tv-sim🛠 watch