Bug 147988 - DFG callOperations should not implicitly emit an exception check. At callOperation call sites, we should explicitly emit exception checks
Summary: DFG callOperations should not implicitly emit an exception check. At callOper...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Saam Barati
URL:
Keywords:
Depends on:
Blocks: 147374
  Show dependency treegraph
 
Reported: 2015-08-13 13:35 PDT by Saam Barati
Modified: 2015-08-21 12:12 PDT (History)
10 users (show)

See Also:

Attachments
patch (113.45 KB, patch)
2015-08-14 19:24 PDT, Saam Barati 		no flags Details | Formatted Diff | Diff
patch (113.45 KB, patch)
2015-08-14 19:27 PDT, Saam Barati 		no flags Details | Formatted Diff | Diff
patch (117.29 KB, patch)
2015-08-15 01:37 PDT, Saam Barati 		no flags Details | Formatted Diff | Diff
patch (117.77 KB, patch)
2015-08-15 16:14 PDT, Saam Barati 		no flags Details | Formatted Diff | Diff
patch (113.21 KB, patch)
2015-08-21 01:41 PDT, Saam Barati 		no flags Details | Formatted Diff | Diff
patch (115.93 KB, patch)
2015-08-21 02:01 PDT, Saam Barati 		no flags Details | Formatted Diff | Diff
patch (116.46 KB, patch)
2015-08-21 02:05 PDT, Saam Barati 		ggaren: review+
ggaren: commit-queue-
Details | Formatted Diff | Diff
Show Obsolete (6) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Saam Barati 2015-08-13 13:35:46 PDT 
...
Comment 1 Saam Barati 2015-08-14 19:24:39 PDT 
Created attachment 259073 [details]
patch

I still am failing 3d-cube under exception fuzzing.
I need to see why this is. I can't reproduce this under
the same exception fire target as the exception-fuzzing perl
script is using. Once I figure this out, this patch is ready
to go. It passes the other tests.

Also, this patch includes comments for where we aren't
emitting exception checks. This will not necessarily be
in the landed patch (though we could add some variant of it
if it's helpful). Those comments exist to let the reviewer of
this patch know which callOperations aren't emitting exception
checks.
Comment 2 Saam Barati 2015-08-14 19:27:04 PDT 
Created attachment 259074 [details]
patch

rebased, same patch as before .
Comment 3 WebKit Commit Bot 2015-08-14 19:30:10 PDT 
Attachment 259074 [details] did not pass style-queue:


ERROR: Source/JavaScriptCore/dfg/DFGSlowPathGenerator.h:100:  Wrong number of spaces before statement. (expected: 12)  [whitespace/indent] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:3685:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:3748:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:3807:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:3840:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:3852:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:5978:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:5993:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:6430:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:1693:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:1694:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:1697:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:575:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:612:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:624:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:2263:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:1852:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:2181:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:2383:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:2396:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:4882:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:4915:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/jit/AssemblyHelpers.cpp:205:  Tests for true/false, null/non-null, and zero/non-zero should all be done without equality comparisons.  [readability/comparison_to_zero] [5]
ERROR: Source/JavaScriptCore/jit/AssemblyHelpers.cpp:207:  Tests for true/false, null/non-null, and zero/non-zero should all be done without equality comparisons.  [readability/comparison_to_zero] [5]
Total errors found: 24 in 11 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 4 Saam Barati 2015-08-15 01:37:34 PDT 
Created attachment 259086 [details]
patch

fixed exception fuzzing issues.
I'm just making operationExceptionFuzz an almost
normal operation that takes an ExecState.
Comment 5 WebKit Commit Bot 2015-08-15 01:38:44 PDT 
Attachment 259086 [details] did not pass style-queue:


ERROR: Source/JavaScriptCore/dfg/DFGSlowPathGenerator.h:100:  Wrong number of spaces before statement. (expected: 12)  [whitespace/indent] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:3685:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:3748:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:3807:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:3840:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:3852:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:5978:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:5993:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:6430:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:1693:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:1694:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:1697:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:575:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:612:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:624:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:2263:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:1852:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:2181:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:2383:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:2396:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:4882:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:4915:  Should have a space between // and comment  [whitespace/comments] [4]
Total errors found: 22 in 16 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 6 Saam Barati 2015-08-15 16:14:43 PDT 
Created attachment 259107 [details]
patch

free buffer used for exception fuzzing on VM destruction.
Comment 7 WebKit Commit Bot 2015-08-15 16:16:34 PDT 
Attachment 259107 [details] did not pass style-queue:


ERROR: Source/JavaScriptCore/dfg/DFGSlowPathGenerator.h:100:  Wrong number of spaces before statement. (expected: 12)  [whitespace/indent] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:3685:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:3748:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:3807:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:3840:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:3852:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:5978:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:5993:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:6430:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:1693:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:1694:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:1697:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:575:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:612:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:624:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:2263:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:1852:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:2181:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:2383:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:2396:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:4882:  Should have a space between // and comment  [whitespace/comments] [4]
ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:4915:  Should have a space between // and comment  [whitespace/comments] [4]
Total errors found: 22 in 17 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 8 Saam Barati 2015-08-15 17:31:33 PDT 
Comment on attachment 259107 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=259107&action=review

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:1887
> +    void checkException()

I want to switch this name to checkExceptionAfterCall().
Comment 9 Mark Lam 2015-08-18 14:46:20 PDT 
Comment on attachment 259107 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=259107&action=review

> Source/JavaScriptCore/dfg/DFGSlowPathGenerator.h:96
> +        SpillRegistersMode spillMode, bool needsExceptionCheck, ResultType result)

Instead of using a boolean, can you use an enum type like:

enum class ExceptionCheckRequirement {
    CheckNotNeeded,
    CheckNeeded
};

Ditto for all other places where you pass the needsExceptionCheck param.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:565
>          callOperation(operationCompareStrictEqCell, resultPayloadGPR, arg1TagGPR, arg1PayloadGPR, arg2TagGPR, arg2PayloadGPR);

For cases like these where you expect the operation to not throw an exception, you could assert in the operation function that no exception was thrown.  Alternatively, Fil's idea to generate an assertion at each node boundary that you told me about sounds good too.  Even if the assertion check is not needed right now, I think it would be good to have some form of an assertion in case someone modifies the operation function later in such a way that can throw an exception.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:566
> +        // checkException(); // Maybe not needed?

operationCompareStrictEqCell() can throw OutOfMemoryError due to JSRopeString::resolveRope() called from JSString::value(), called from JSValue::strictEqualSlowCaseInline().

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:574
> -        callOperation(operationCompareStrictEq, resultPayloadGPR, arg1TagGPR, arg1PayloadGPR, arg2TagGPR, arg2PayloadGPR);
> +        callOperation(operationCompareStrictEq, resultPayloadGPR, arg1TagGPR, arg1PayloadGPR, arg2TagGPR, arg2PayloadGPR); // Maybe not needed?

I don't think you intended to add the "// Maybe not needed?" comment at the end of the callOperation line.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:575
> +        //checkException(); // Maybe not needed?

Ditto.  operationCompareStrictEq() can throw OutOfMemoryError.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:612
> +        //checkException(); // Maybe not needed?

Ditto.  operationCompareStrictEqCell can throw OutOfMemoryError.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:624
> +        //checkException(); // Maybe not needed?

Ditto.  operationCompareStrictEq() can throw OutOfMemoryError.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:1693
> +        // checkException(); // Not needed.

Yes, exception check not needed.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:2250
> +        // checkException(); // Not needed.

Yes, check not needed.  sin() has no knowledge of the VM and cannot throw.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:2263
> +        //checkException(); // Not needed.

Yes, check not needed.  cos() has no knowledge of the VM and cannot throw.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:516
> +        checkException(); // Maybe not needed?

Exception check needed.  operationCompareStrictEqCell can throw OutOfMemoryError.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:543
> +        checkException(); // Maybe not needed?

Exception check needed.  operationCompareStrictEq can throw OutOfMemoryError.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:579
> +        checkException(); // Maybe not needed?

Exception check needed.  operationCompareStrictEqCell can throw OutOfMemoryError.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:1698
> +            slowPathCall(slowCase, this, operationConvertJSValueToBoolean, resultGPR, arg1GPR, NeedToSpill, false)); // Does not need exception check.

Yes, operationConvertJSValueToBoolean does not need an exception check.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:1852
> +            //checkException(); // Maybe not needed?

Yes, operationConvertJSValueToBoolean does not need an exception check.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:2181
> +            //checkException(); // Not needed.

Yes, operationConvertDoubleToInt52 does not need an exception check.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:2383
> +        //checkException(); // Not needed. 

Yes, check not needed.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:2396
> +        //checkException(); // Not needed.

Yes, check not needed.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:4882
> +    //checkException(); // Not needed.

Yes, operationConvertBoxedDoubleToInt52 does not need an exception check.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:4915
>      callOperation(operationConvertDoubleToInt52, resultGPR, valueFPR);
> +    //checkException(); // Not needed.

Yes, check not needed.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:3685
>          callOperation(fmodAsDFGOperation, result.fpr(), op1FPR, op2FPR);
> +        //checkException(); // Not needed.

Yes, check not needed.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:3748
>          callOperation(sqrt, result.fpr(), op1FPR);
> +        //checkException(); // Not needed.

Yes, check not needed.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:3807
>          callOperation(operationMathPow, resultFpr, xOperandfpr, yOperandfpr.fpr());
> +        //checkException(); // Not needed.

Yes, check not needed.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:3840
>      callOperation(operationMathPow, resultFpr, xOperandfpr, yOperandfpr);
> +    //checkException(); // Not Needed.

Yes, check not needed.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:3852
>      callOperation(log, result.fpr(), op1FPR);
> +    //checkException(); // Not needed.

Yes, check not needed.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:5052
> +        slowPathCall(slowCase, this, operationNotifyWrite, NoResult, set, NeedToSpill, false)); // Does not need exception check.

Yes, check not needed.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:5978
> +        //checkException(); // Not needed.

Yes, check not needed.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:5993
> +        //checkException(); // Not needed.

Yes, check not needed.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:6430
> +    //checkException(); // Not needed.

Yes, check not needed.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:1697
> +    //JITCompiler::Call callOperation(S_JITOperation_J operation, GPRReg result, GPRReg arg1Tag, GPRReg arg1Payload)
> +    //{
> +    //    m_jit.setupArguments(arg1Payload, arg1Tag);
> +    //    return appendCallSetResult(operation, result);
> +    //}

Have you done a 32-bit build to verify that this is not needed?  If so, let's remove it.

>> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:1887
>> +    void checkException()
> 
> I want to switch this name to checkExceptionAfterCall().

Sounds good.
Comment 10 Saam Barati 2015-08-21 01:41:17 PDT 
Created attachment 259591 [details]
patch

addressed Mark's feedback.
Comment 11 Saam Barati 2015-08-21 02:01:28 PDT 
Created attachment 259593 [details]
patch
Comment 12 WebKit Commit Bot 2015-08-21 02:02:28 PDT 
Attachment 259593 [details] did not pass style-queue:


ERROR: Source/JavaScriptCore/dfg/DFGSlowPathGenerator.h:105:  Wrong number of spaces before statement. (expected: 12)  [whitespace/indent] [4]
Total errors found: 1 in 19 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 13 Saam Barati 2015-08-21 02:05:36 PDT 
Created attachment 259594 [details]
patch
Comment 14 WebKit Commit Bot 2015-08-21 02:07:15 PDT 
Attachment 259594 [details] did not pass style-queue:


ERROR: Source/JavaScriptCore/dfg/DFGSlowPathGenerator.h:105:  Wrong number of spaces before statement. (expected: 12)  [whitespace/indent] [4]
Total errors found: 1 in 19 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 15 Geoffrey Garen 2015-08-21 11:07:48 PDT 
Comment on attachment 259594 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=259594&action=review

r=me with some suggestions

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:1505
> +        m_jit.jitAssertNoException();

Can we do something to avoid paying the cost of this check in release builds?

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:1897
> +    void checkExceptionAfterCall()

It looks like this function can be used not after a call too. I would name this function "exceptionCheck", or name it "checkException" and rename JIT::exceptionCheck to checkException, or eliminate this function because it's not onerous to call "m_jit.exceptionCheck()".

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:1901
> +    // These methods add call instructions, with optional exception checks & setting results.

, optionally emitting exception checks and/or setting results.

> Source/JavaScriptCore/runtime/VM.h:623
> +    EncodedJSValue* m_exceptionFuzzBuffer { nullptr };

Let's use MallocPtr here, to avoid the need for manual destruction.
Comment 16 Saam Barati 2015-08-21 12:12:32 PDT 
landed in:
http://trac.webkit.org/changeset/188764