コード例 #1
0
void
StackSpace::markFrameSlots(JSTracer *trc, StackFrame *fp, Value *slotsEnd, jsbytecode *pc)
{
    Value *slotsBegin = fp->slots();

    if (!fp->isScriptFrame()) {
        JS_ASSERT(fp->isDummyFrame());
        gc::MarkValueRootRange(trc, slotsBegin, slotsEnd, "vm_stack");
        return;
    }

    /* If it's a scripted frame, we should have a pc. */
    JS_ASSERT(pc);

    JSScript *script = fp->script();
    if (!script->hasAnalysis() || !script->analysis()->ranLifetimes()) {
        gc::MarkValueRootRange(trc, slotsBegin, slotsEnd, "vm_stack");
        return;
    }

    /*
     * If the JIT ran a lifetime analysis, then it may have left garbage in the
     * slots considered not live. We need to avoid marking them. Additionally,
     * in case the analysis information is thrown out later, we overwrite these
     * dead slots with valid values so that future GCs won't crash. Analysis
     * results are thrown away during the sweeping phase, so we always have at
     * least one GC to do this.
     */
    analyze::AutoEnterAnalysis aea(script->compartment());
    analyze::ScriptAnalysis *analysis = script->analysis();
    uint32_t offset = pc - script->code;
    Value *fixedEnd = slotsBegin + script->nfixed;
    for (Value *vp = slotsBegin; vp < fixedEnd; vp++) {
        uint32_t slot = analyze::LocalSlot(script, vp - slotsBegin);

        /*
         * Will this slot be synced by the JIT? If not, replace with a dummy
         * value with the same type tag.
         */
        if (!analysis->trackSlot(slot) || analysis->liveness(slot).live(offset))
            gc::MarkValueRoot(trc, vp, "vm_stack");
        else if (vp->isObject())
            *vp = ObjectValue(fp->scopeChain()->global());
        else if (vp->isString())
            *vp = StringValue(trc->runtime->atomState.nullAtom);
    }

    gc::MarkValueRootRange(trc, fixedEnd, slotsEnd, "vm_stack");
}
コード例 #2
0
bool
TypeInferenceOracle::canEnterInlinedFunction(JSFunction *target)
{
    JSScript *script = target->script();
    if (!script->hasAnalysis() || !script->analysis()->ranInference())
        return false;

    if (!script->analysis()->inlineable())
        return false;

    if (script->analysis()->usesScopeChain())
        return false;

    if (target->getType(cx)->unknownProperties())
        return false;

    // TI calls ObjectStateChange to trigger invalidation of the caller.
    HeapTypeSet::WatchObjectStateChange(cx, target->getType(cx));
    return true;
}
コード例 #3
0
void
StackSpace::markFrameValues(JSTracer *trc, StackFrame *fp, Value *slotsEnd, jsbytecode *pc)
{
    Value *slotsBegin = fp->slots();

    if (!fp->isScriptFrame()) {
        JS_ASSERT(fp->isDummyFrame());
        gc::MarkValueRootRange(trc, slotsBegin, slotsEnd, "vm_stack");
        return;
    }

    /* If it's a scripted frame, we should have a pc. */
    JS_ASSERT(pc);

    JSScript *script = fp->script();
    if (!script->hasAnalysis() || !script->analysis()->ranLifetimes()) {
        gc::MarkValueRootRange(trc, slotsBegin, slotsEnd, "vm_stack");
        return;
    }

    /*
     * If the JIT ran a lifetime analysis, then it may have left garbage in the
     * slots considered not live. We need to avoid marking them. Additionally,
     * in case the analysis information is thrown out later, we overwrite these
     * dead slots with valid values so that future GCs won't crash. Analysis
     * results are thrown away during the sweeping phase, so we always have at
     * least one GC to do this.
     */
    analyze::AutoEnterAnalysis aea(script->compartment());
    analyze::ScriptAnalysis *analysis = script->analysis();
    uint32_t offset = pc - script->code;
    Value *fixedEnd = slotsBegin + script->nfixed;
    for (Value *vp = slotsBegin; vp < fixedEnd; vp++) {
        uint32_t slot = analyze::LocalSlot(script, vp - slotsBegin);

        /*
         * Will this slot be synced by the JIT? If not, replace with a dummy
         * value with the same type tag.
         */
        if (!analysis->trackSlot(slot) || analysis->liveness(slot).live(offset)) {
            gc::MarkValueRoot(trc, vp, "vm_stack");
        } else if (vp->isDouble()) {
            *vp = DoubleValue(0.0);
        } else {
            /*
             * It's possible that *vp may not be a valid Value. For example, it
             * may be tagged as a NullValue but the low bits may be nonzero so
             * that isNull() returns false. This can cause problems later on
             * when marking the value. Extracting the type in this way and then
             * overwriting the value circumvents the problem.
             */
            JSValueType type = vp->extractNonDoubleType();
            if (type == JSVAL_TYPE_INT32)
                *vp = Int32Value(0);
            else if (type == JSVAL_TYPE_UNDEFINED)
                *vp = UndefinedValue();
            else if (type == JSVAL_TYPE_BOOLEAN)
                *vp = BooleanValue(false);
            else if (type == JSVAL_TYPE_STRING)
                *vp = StringValue(trc->runtime->atomState.nullAtom);
            else if (type == JSVAL_TYPE_NULL)
                *vp = NullValue();
            else if (type == JSVAL_TYPE_OBJECT)
                *vp = ObjectValue(fp->scopeChain()->global());
        }
    }

    gc::MarkValueRootRange(trc, fixedEnd, slotsEnd, "vm_stack");
}
コード例 #4
0
extern "C" void *
js_InternalThrow(VMFrame &f)
{
    JSContext *cx = f.cx;

    ExpandInlineFrames(cx->compartment);

    // The current frame may have an associated orphaned native, if the native
    // or SplatApplyArgs threw an exception.
    RemoveOrphanedNative(cx, f.fp());

    JS_ASSERT(!f.fp()->finishedInInterpreter());

    // Make sure sp is up to date.
    JS_ASSERT(&cx->regs() == &f.regs);

    jsbytecode *pc = NULL;
    for (;;) {
        if (cx->isExceptionPending()) {
            // Call the throw hook if necessary
            JSThrowHook handler = cx->debugHooks->throwHook;
            if (handler || !cx->compartment->getDebuggees().empty()) {
                Value rval;
                JSTrapStatus st = Debugger::onExceptionUnwind(cx, &rval);
                if (st == JSTRAP_CONTINUE && handler) {
                    st = handler(cx, cx->fp()->script(), cx->regs().pc, &rval,
                                 cx->debugHooks->throwHookData);
                }

                switch (st) {
                case JSTRAP_ERROR:
                    cx->clearPendingException();
                    return NULL;

                case JSTRAP_CONTINUE:
                  break;

                case JSTRAP_RETURN:
                    cx->clearPendingException();
                    cx->fp()->setReturnValue(rval);
                    return cx->jaegerCompartment()->forceReturnFromExternC();

                case JSTRAP_THROW:
                    cx->setPendingException(rval);
                    break;

                default:
                    JS_NOT_REACHED("bad onExceptionUnwind status");
                }
            }
        }

        pc = FindExceptionHandler(cx);
        if (pc)
            break;

        // The JIT guarantees that ScriptEpilogue() has always been run
        // upon exiting to its caller. This is important for consistency,
        // where execution modes make similar guarantees about prologues
        // and epilogues. RunTracer(), Interpret(), and Invoke() all
        // rely on this property.
        JS_ASSERT(!f.fp()->finishedInInterpreter());
        UnwindScope(cx, 0);
        f.regs.sp = f.fp()->base();

        if (cx->compartment->debugMode())
            js::ScriptDebugEpilogue(cx, f.fp(), false);

        ScriptEpilogue(f.cx, f.fp(), false);

        // Don't remove the last frame, this is the responsibility of
        // JaegerShot()'s caller. We only guarantee that ScriptEpilogue()
        // has been run.
        if (f.entryfp == f.fp())
            break;

        JS_ASSERT(f.regs.sp == cx->regs().sp);
        InlineReturn(f);
    }

    JS_ASSERT(f.regs.sp == cx->regs().sp);

    if (!pc)
        return NULL;

    StackFrame *fp = cx->fp();
    JSScript *script = fp->script();

    /*
     * Fall back to EnterMethodJIT and finish the frame in the interpreter.
     * With type inference enabled, we may wipe out all JIT code on the
     * stack without patching ncode values to jump to the interpreter, and
     * thus can only enter JIT code via EnterMethodJIT (which overwrites
     * its entry frame's ncode). See ClearAllFrames.
     */
    cx->compartment->jaegerCompartment()->setLastUnfinished(Jaeger_Unfinished);

    if (!script->ensureRanAnalysis(cx, NULL)) {
        js_ReportOutOfMemory(cx);
        return NULL;
    }

    analyze::AutoEnterAnalysis enter(cx);

    cx->regs().pc = pc;
    cx->regs().sp = fp->base() + script->analysis()->getCode(pc).stackDepth;

    /*
     * Interpret the ENTERBLOCK and EXCEPTION opcodes, so that we don't go
     * back into the interpreter with a pending exception. This will cause
     * it to immediately rethrow.
     */
    if (cx->isExceptionPending()) {
        JS_ASSERT(JSOp(*pc) == JSOP_ENTERBLOCK);
        StaticBlockObject &blockObj = script->getObject(GET_SLOTNO(pc))->asStaticBlock();
        Value *vp = cx->regs().sp + blockObj.slotCount();
        SetValueRangeToUndefined(cx->regs().sp, vp);
        cx->regs().sp = vp;
        JS_ASSERT(JSOp(pc[JSOP_ENTERBLOCK_LENGTH]) == JSOP_EXCEPTION);
        cx->regs().sp[0] = cx->getPendingException();
        cx->clearPendingException();
        cx->regs().sp++;
        cx->regs().pc = pc + JSOP_ENTERBLOCK_LENGTH + JSOP_EXCEPTION_LENGTH;
        cx->regs().fp()->setBlockChain(&blockObj);
    }

    *f.oldregs = f.regs;

    return NULL;
}