source: webkit/trunk/Source/JavaScriptCore/jit/CachedRecovery.cpp

Last change on this file was 284923, checked in by [email protected], 4 years ago

[JSC][32bit] Fix CSR restore on DFG tail calls, add extra register on ARMv7
https://bugs.webkit.org/show_bug.cgi?id=230622

Patch by Geza Lore <Geza Lore> on 2021-10-27
Reviewed by Keith Miller.

This re-introduces the patch reverted by
https://trac.webkit.org/changeset/284911/webkit
with the C_LOOP interpreter now fixed.

The only difference between the original patch and this version is in
LowLevelInterpreter32_64.asm and LowLevelInterpreter64.asm, which
need the PC base (PB) register restored on C_LOOP on return from a
call, as C_LOOP does not seem to handle this as a proper callee save
register (CSR). On non C_LOOP builds, the CSR restore mechanism takes
care of this, so removed the superfluous instructions.

--- Original ChangeLog ---

This patch does two things:

  1. Adds an extra callee save register (CSR) to be available to DFG on

ARMv7. To do this properly required the following:

  1. Implements the necessary shuffling in CallFrameShuffler on 32-bit

architectures that is required to restore CSRs properly after a tail
call on these architectures. This also fixes the remaining failures in
the 32-bit build of the unlinked baseline JIT.

  • bytecode/ValueRecovery.cpp:

(JSC::ValueRecovery::dumpInContext const):

  • bytecode/ValueRecovery.h:

(JSC::ValueRecovery::calleeSaveRegDisplacedInJSStack):
(JSC::ValueRecovery::isInJSStack const):
(JSC::ValueRecovery::dataFormat const):
(JSC::ValueRecovery::withLocalsOffset const):

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::emitCall):

  • jit/CachedRecovery.cpp:

(JSC::CachedRecovery::loadsIntoGPR const):

  • jit/CallFrameShuffleData.cpp:

(JSC::CallFrameShuffleData::setupCalleeSaveRegisters):

  • jit/CallFrameShuffleData.h:
  • jit/CallFrameShuffler.cpp:

(JSC::CallFrameShuffler::CallFrameShuffler):

  • jit/CallFrameShuffler.h:

(JSC::CallFrameShuffler::snapshot const):
(JSC::CallFrameShuffler::addNew):

  • jit/CallFrameShuffler32_64.cpp:

(JSC::CallFrameShuffler::emitLoad):
(JSC::CallFrameShuffler::emitDisplace):

  • jit/GPRInfo.h:

(JSC::GPRInfo::toRegister):
(JSC::GPRInfo::toIndex):

  • jit/RegisterSet.cpp:

(JSC::RegisterSet::dfgCalleeSaveRegisters):

  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:
File size: 2.3 KB
Line 
1/*
2 * Copyright (C) 2015 Apple Inc. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26#include "config.h"
27#include "CachedRecovery.h"
28
29#if ENABLE(JIT)
30
31namespace JSC {
32
33// We prefer loading doubles and undetermined JSValues into FPRs
34// because it would otherwise use up GPRs. Two in JSVALUE32_64.
35bool CachedRecovery::loadsIntoFPR() const
36{
37 switch (recovery().technique()) {
38 case DoubleDisplacedInJSStack:
39 case DisplacedInJSStack:
40#if USE(JSVALUE64)
41 case CellDisplacedInJSStack:
42#endif
43 return true;
44
45 default:
46 return false;
47 }
48}
49
50// Integers, booleans and cells can be loaded into GPRs
51bool CachedRecovery::loadsIntoGPR() const
52{
53 switch (recovery().technique()) {
54 case Int32DisplacedInJSStack:
55#if USE(JSVALUE32_64)
56 case Int32TagDisplacedInJSStack:
57#elif USE(JSVALUE64)
58 case Int52DisplacedInJSStack:
59 case StrictInt52DisplacedInJSStack:
60 case DisplacedInJSStack:
61#endif
62 case BooleanDisplacedInJSStack:
63 case CellDisplacedInJSStack:
64 return true;
65
66 default:
67 return false;
68 }
69}
70
71} // namespace JSC
72
73#endif // ENABLE(JIT)
Note: See TracBrowser for help on using the repository browser.