Bug 1032869 - Part 4: Add an auto-updated DebugModeOSRVolatileJitFrameIterator. (r=jandem)

2024-09-13 09:24:08 -07:00 · 2014-11-13 14:39:41 -08:00 · 2014-11-13 14:39:41 -08:00 · 8c9139fd69
commit 8c9139fd69
parent f1b25ae39e
5 changed files with 53 additions and 1 deletions
--- a/js/src/jit/BaselineDebugModeOSR.cpp
+++ b/js/src/jit/BaselineDebugModeOSR.cpp
@ -380,6 +380,8 @@ PatchBaselineFramesForDebugMode(JSContext *cx, const Debugger::ExecutionObservab
                // directly to the IC resume address.
                uint8_t *retAddr = bl->returnAddressForIC(bl->icEntryFromPCOffset(pcOffset));
                SpewPatchBaselineFrame(prev->returnAddress(), retAddr, script, kind, pc);
+                DebugModeOSRVolatileJitFrameIterator::forwardLiveIterators(
+                    cx, prev->returnAddress(), retAddr);
                prev->setReturnAddress(retAddr);
                entryIndex++;
                break;
@ -995,3 +997,14 @@ JitRuntime::generateBaselineDebugModeOSRHandler(JSContext *cx, uint32_t *noFrame

    return code;
 }
+
+/* static */ void
+DebugModeOSRVolatileJitFrameIterator::forwardLiveIterators(JSContext *cx,
+                                                           uint8_t *oldAddr, uint8_t *newAddr)
+{
+    DebugModeOSRVolatileJitFrameIterator *iter;
+    for (iter = cx->liveVolatileJitFrameIterators_; iter; iter = iter->prev) {
+        if (iter->returnAddressToFp_ == oldAddr)
+            iter->returnAddressToFp_ = newAddr;
+    }
+}
--- a/js/src/jit/BaselineDebugModeOSR.h
+++ b/js/src/jit/BaselineDebugModeOSR.h
@ -10,6 +10,7 @@
 #include "jit/BaselineFrame.h"
 #include "jit/BaselineIC.h"
 #include "jit/BaselineJIT.h"
+#include "jit/JitFrameIterator.h"

 #include "vm/Debugger.h"

@ -67,6 +68,31 @@ class DebugModeOSRVolatileStub
    bool operator==(const T &other) const { MOZ_ASSERT(!invalid()); return stub_ == other; }
 };

+//
+// A JitFrameIterator that updates itself in case of recompilation of an
+// on-stack baseline script.
+//
+class DebugModeOSRVolatileJitFrameIterator : public JitFrameIterator
+{
+    DebugModeOSRVolatileJitFrameIterator **stack, *prev;
+
+  public:
+    explicit DebugModeOSRVolatileJitFrameIterator(JSContext *cx)
+      : JitFrameIterator(cx)
+    {
+        stack = &cx->liveVolatileJitFrameIterators_;
+        prev = *stack;
+        *stack = this;
+    }
+
+    ~DebugModeOSRVolatileJitFrameIterator() {
+        MOZ_ASSERT(*stack == this);
+        *stack = prev;
+    }
+
+    static void forwardLiveIterators(JSContext *cx, uint8_t *oldAddr, uint8_t *newAddr);
+};
+
 //
 // Auxiliary info to help the DebugModeOSRHandler fix up state.
 //
--- a/js/src/jit/IonFrames.cpp
+++ b/js/src/jit/IonFrames.cpp
@ -708,7 +708,13 @@ HandleException(ResumeFromException *rfe)
    if (cx->runtime()->jitRuntime()->hasIonReturnOverride())
        cx->runtime()->jitRuntime()->takeIonReturnOverride();

-    JitFrameIterator iter(cx);
+    // The Debugger onExceptionUnwind hook (reachable via
+    // HandleExceptionBaseline below) may cause on-stack recompilation of
+    // baseline scripts, which may patch return addresses on the stack. Since
+    // JitFrameIterators cache the previous frame's return address when
+    // iterating, we need a variant here that is automatically updated should
+    // on-stack recompilation occur.
+    DebugModeOSRVolatileJitFrameIterator iter(cx);
    while (!iter.isEntry()) {
        bool overrecursed = false;
        if (iter.isIonJS()) {
--- a/js/src/jscntxt.cpp
+++ b/js/src/jscntxt.cpp
@ -1011,6 +1011,7 @@ JSContext::JSContext(JSRuntime *rt)
    unwrappedException_(UndefinedValue()),
    options_(),
    propagatingForcedReturn_(false),
+    liveVolatileJitFrameIterators_(nullptr),
    reportGranularity(JS_DEFAULT_JITREPORT_GRANULARITY),
    resolvingList(nullptr),
    generatingError(false),
--- a/js/src/jscntxt.h
+++ b/js/src/jscntxt.h
@ -35,6 +35,7 @@ namespace js {
 namespace jit {
 class IonContext;
 class CompileCompartment;
+class DebugModeOSRVolatileJitFrameIterator;
 }

 struct CallsiteCloneKey {
@ -421,6 +422,7 @@ struct JSContext : public js::ExclusiveContext,

    friend class js::ExclusiveContext;
    friend class JS::AutoSaveExceptionState;
+    friend class js::jit::DebugModeOSRVolatileJitFrameIterator;

  private:
    /* Exception state -- the exception member is a GC root by definition. */
@ -434,6 +436,10 @@ struct JSContext : public js::ExclusiveContext,
    // debug mode.
    bool                propagatingForcedReturn_;

+    // A stack of live iterators that need to be updated in case of debug mode
+    // OSR.
+    js::jit::DebugModeOSRVolatileJitFrameIterator *liveVolatileJitFrameIterators_;
+
  public:
    int32_t             reportGranularity;  /* see vm/Probes.h */