Bug 1774390 part 1 - Use separate ExitFrameType for EnsureBareExitFrame. r=iain

This will be used by a later patch, but it's also nice for assertions to use a different type. Differential Revision: https://phabricator.services.mozilla.com/D149376
2022-06-16 12:59:16 +00:00 · 2022-06-16 12:59:16 +00:00 · dea42a526c
--- a/js/src/jit/JSJitFrameIter.cpp
+++ b/js/src/jit/JSJitFrameIter.cpp
@ -98,6 +98,13 @@ bool JSJitFrameIter::isBareExit() const {
  return exitFrame()->isBareExit();
 }

+bool JSJitFrameIter::isUnwoundJitExit() const {
+  if (type_ != FrameType::Exit) {
+    return false;
+  }
+  return exitFrame()->isUnwoundJitExit();
+}
+
 bool JSJitFrameIter::isFunctionFrame() const {
  return CalleeTokenIsFunction(calleeToken());
 }
--- a/js/src/jit/JSJitFrameIter.h
+++ b/js/src/jit/JSJitFrameIter.h
@ -169,6 +169,7 @@ class JSJitFrameIter {
  bool isBaselineStub() const { return type_ == FrameType::BaselineStub; }
  bool isRectifier() const { return type_ == FrameType::Rectifier; }
  bool isBareExit() const;
+  bool isUnwoundJitExit() const;
  template <typename T>
  bool isExitFrameLayout() const;

--- a/js/src/jit/JitFrames.cpp
+++ b/js/src/jit/JitFrames.cpp
@ -805,15 +805,14 @@ void HandleException(ResumeFromException* rfe) {
  }
 }

-// Turns a JitFrameLayout into an ExitFrameLayout. Note that it has to be a
-// bare exit frame so it's ignored by TraceJitExitFrame.
-void EnsureBareExitFrame(JitActivation* act, JitFrameLayout* frame) {
+// Turns a JitFrameLayout into an UnwoundJit ExitFrameLayout.
+void EnsureUnwoundJitExitFrame(JitActivation* act, JitFrameLayout* frame) {
  ExitFrameLayout* exitFrame = reinterpret_cast<ExitFrameLayout*>(frame);

  if (act->jsExitFP() == (uint8_t*)frame) {
    // If we already called this function for the current frame, do
    // nothing.
-    MOZ_ASSERT(exitFrame->isBareExit());
+    MOZ_ASSERT(exitFrame->isUnwoundJitExit());
    return;
  }

@ -830,8 +829,8 @@ void EnsureBareExitFrame(JitActivation* act, JitFrameLayout* frame) {
 #endif

  act->setJSExitFP((uint8_t*)frame);
-  exitFrame->footer()->setBareExitFrame();
-  MOZ_ASSERT(exitFrame->isBareExit());
+  exitFrame->footer()->setUnwoundJitExitFrame();
+  MOZ_ASSERT(exitFrame->isUnwoundJitExit());
 }

 JSScript* MaybeForwardedScriptFromCalleeToken(CalleeToken token) {
@ -1225,9 +1224,9 @@ static void TraceJitExitFrame(JSTracer* trc, const JSJitFrameIter& frame) {
    return;
  }

-  if (frame.isBareExit()) {
+  if (frame.isBareExit() || frame.isUnwoundJitExit()) {
    // Nothing to trace. Fake exit frame pushed for VM functions with
-    // nothing to trace on the stack.
+    // nothing to trace on the stack or unwound JitFrameLayout.
    return;
  }

--- a/js/src/jit/JitFrames.h
+++ b/js/src/jit/JitFrames.h
@ -175,7 +175,7 @@ static_assert(sizeof(ResumeFromException) % 16 == 0,

 void HandleException(ResumeFromException* rfe);

-void EnsureBareExitFrame(JitActivation* act, JitFrameLayout* frame);
+void EnsureUnwoundJitExitFrame(JitActivation* act, JitFrameLayout* frame);

 void TraceJitActivations(JSContext* cx, JSTracer* trc);

@ -328,6 +328,7 @@ enum class ExitFrameType : uint8_t {
  IonOOLProxy = 0x6,
  WasmGenericJitEntry = 0x7,
  DirectWasmJitCall = 0x8,
+  UnwoundJit = 0xFB,
  InterpreterStub = 0xFC,
  VMFunction = 0xFD,
  LazyLink = 0xFE,
@ -348,7 +349,9 @@ class ExitFooterFrame {

 public:
  static inline size_t Size() { return sizeof(ExitFooterFrame); }
-  void setBareExitFrame() { data_ = uintptr_t(ExitFrameType::Bare); }
+  void setUnwoundJitExitFrame() {
+    data_ = uintptr_t(ExitFrameType::UnwoundJit);
+  }
  ExitFrameType type() const {
    static_assert(sizeof(ExitFrameType) == sizeof(uint8_t),
                  "Code assumes ExitFrameType fits in a byte");
@ -422,6 +425,9 @@ class ExitFrameLayout : public CommonFrameLayout {
    return footer()->type() == ExitFrameType::VMFunction;
  }
  inline bool isBareExit() { return footer()->type() == ExitFrameType::Bare; }
+  inline bool isUnwoundJitExit() {
+    return footer()->type() == ExitFrameType::UnwoundJit;
+  }

  // See the various exit frame layouts below.
  template <typename T>
--- a/js/src/jit/VMFunctions.cpp
+++ b/js/src/jit/VMFunctions.cpp
@ -1027,7 +1027,7 @@ bool DebugEpilogue(JSContext* cx, BaselineFrame* frame, const jsbytecode* pc,
    // Pop this frame by updating packedExitFP, so that the exception
    // handling code will start at the previous frame.
    JitFrameLayout* prefix = frame->framePrefix();
-    EnsureBareExitFrame(cx->activation()->asJit(), prefix);
+    EnsureUnwoundJitExitFrame(cx->activation()->asJit(), prefix);
    return false;
  }

--- a/js/src/vm/FrameIter.cpp
+++ b/js/src/vm/FrameIter.cpp
@ -14,7 +14,7 @@
 #include <stdlib.h>  // getenv

 #include "jit/BaselineFrame.h"   // js::jit::BaselineFrame
-#include "jit/JitFrames.h"       // js::jit::EnsureBareExitFrame
+#include "jit/JitFrames.h"       // js::jit::EnsureUnwoundJitExitFrame
 #include "jit/JSJitFrameIter.h"  // js::jit::{FrameType,InlineFrameIterator,JSJitFrameIter,MaybeReadFallback,SnapshotIterator}
 #include "js/GCAPI.h"            // JS::AutoSuppressGCAnalysis
 #include "js/Principals.h"       // JSSubsumesOp
@ -227,7 +227,7 @@ void JitFrameIter::operator++() {
      // don't see this frame when they use ScriptFrameIter, and (2)
      // ScriptFrameIter does not crash when accessing an IonScript
      // that's destroyed by the ionScript->decref call.
-      EnsureBareExitFrame(act_, prevFrame);
+      EnsureUnwoundJitExitFrame(act_, prevFrame);
    }
  } else if (isWasm()) {
    ++asWasm();