source: webkit/trunk/Source/JavaScriptCore/jit/SpecializedThunkJIT.h

Last change on this file was 294180, checked in by [email protected], 3 years ago

Enhance the ARM64Disassembler to print pc indices and better branch target labels.
https://bugs.webkit.org/show_bug.cgi?id=240370

Reviewed by Saam Barati.

Disassemblies used to look like this:

0x10e480ff8: ldurb w17, [x0, #7]
0x10e480ffc: cmp w17, #0
0x10e481000: b.hi 0x10e48103c
0x10e481004: stur x0, [fp, #-72]
...
0x10e481040: movk x3, #0xfffe, lsl #48
0x10e481044: b 0x10e4814f4
0x10e481048: nop

With this patch, it will now look like this:

<748> 0x10e120aec: ldurb w17, [x0, #7]
<752> 0x10e120af0: cmp w17, #0
<756> 0x10e120af4: b.hi 0x10e120b30 -> <816>
<760> 0x10e120af8: stur x0, [fp, #-80]
...
<820> 0x10e120b34: movk x3, #0xfffe, lsl #48
<824> 0x10e120b38: b 0x10e120fc8 -> <1992>
<828> 0x10e120b3c: nop

  1. Each instruction pc is now prefixed with a pc index i.e. the offset of the pc address from the start of the compilation unit e.g. <756>.
  1. Relative branches now show the branch target as a pc index (effectively, an internal label in this compilation unit) in addition to the pc address e.g. the "-> <816>" in:

<756> 0x10e120af4: b.hi 0x10e120b30 -> <816>

Also fixed a formatting bug where the space between relative branch instructions
and their target pc was short 2 spaces.

  1. If the relative branch target is a known thunk, the disassembler will now print the thunk label e.g.

<828> 0x10e12033c: bl 0x10e0f0a00 -> <thunk: get_from_scope thunk>

<1476> 0x10e120dc4: cbnz x16, 0x10e104100 -> <thunk: handleExceptionWithCallFrameRollback>
<2368> 0x10e121140: b 0x10e10c000 -> <thunk: DFG OSR exit generation thunk>

Introduced a FINALIZE_THUNK macro that will be used instead of FINALIZE_CODE in
thunk generators. By doing so, thunk labels will automatically be registered
with the disassembler, and will be used for the above look up.

Thunk label registration is only done if disassembly is enabled.

  1. If the branch target is neither an internal label nor a thunk, then the disassembler will print some useful info about it to the best of its knowledge e.g.

<168> 0x10e1002e8: b 0x10e120b60 -> <JIT PC>
<168> 0x10e1002e8: b 0x10e120b60 -> <LLInt PC>
<168> 0x10e1002e8: b 0x10e120b60 -> <unknown>

  1. The disassemble() function now takes 2 additional arguments: codeStart, and codeEnd. These are needed so that the disassembler can compute the pc index for each instruction, as well as determine if a branch target is internal to this compilation unit, or pointing out of it.

This feature is currently only supported for the ARM64 disassembler.

Printing of JIT operation labels (via movz + movk + indirect branch) is not yet
supported.

  • assembler/LinkBuffer.cpp:

(JSC::LinkBuffer::finalizeCodeWithDisassemblyImpl):

  • assembler/LinkBuffer.h:

(JSC::LinkBuffer::setIsThunk):

  • b3/air/AirDisassembler.cpp:

(JSC::B3::Air::Disassembler::dump):

  • dfg/DFGDisassembler.cpp:

(JSC::DFG::Disassembler::dumpDisassembly):

  • dfg/DFGThunks.cpp:

(JSC::DFG::osrExitGenerationThunkGenerator):
(JSC::DFG::osrEntryThunkGenerator):

  • disassembler/ARM64/A64DOpcode.cpp:

(JSC::ARM64Disassembler::A64DOpcode::appendPCRelativeOffset):
(JSC::ARM64Disassembler::A64DOpcodeConditionalBranchImmediate::format):

  • disassembler/ARM64/A64DOpcode.h:

(JSC::ARM64Disassembler::A64DOpcode::A64DOpcode):
(JSC::ARM64Disassembler::A64DOpcode::appendPCRelativeOffset): Deleted.

  • disassembler/ARM64Disassembler.cpp:

(JSC::tryToDisassemble):

  • disassembler/CapstoneDisassembler.cpp:

(JSC::tryToDisassemble):

  • disassembler/Disassembler.cpp:

(JSC::disassemble):
(JSC::disassembleAsynchronously):
(JSC::ensureThunkLabelMap):
(JSC::registerThunkLabel):
(JSC::labelForThunk):

  • disassembler/Disassembler.h:

(JSC::tryToDisassemble):

  • disassembler/RISCV64Disassembler.cpp:

(JSC::tryToDisassemble):

  • disassembler/X86Disassembler.cpp:

(JSC::tryToDisassemble):

  • ftl/FTLThunks.cpp:

(JSC::FTL::genericGenerationThunkGenerator):
(JSC::FTL::slowPathCallThunkGenerator):

  • jit/JIT.cpp:

(JSC::JIT::consistencyCheckGenerator):

  • jit/JITCall.cpp:

(JSC::JIT::returnFromBaselineGenerator):

  • jit/JITDisassembler.cpp:

(JSC::JITDisassembler::dump):
(JSC::JITDisassembler::dumpDisassembly):

  • jit/JITDisassembler.h:
  • jit/JITOpcodes.cpp:

(JSC::JIT::valueIsFalseyGenerator):
(JSC::JIT::valueIsTruthyGenerator):
(JSC::JIT::op_throw_handlerGenerator):
(JSC::JIT::op_enter_handlerGenerator):
(JSC::JIT::op_check_traps_handlerGenerator):

  • jit/JITPropertyAccess.cpp:

(JSC::JIT::slow_op_get_by_val_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::slow_op_get_private_name_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::slow_op_put_by_val_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::slow_op_put_private_name_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::slow_op_del_by_id_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::slow_op_del_by_val_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::slow_op_get_by_id_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::slow_op_get_by_id_with_this_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::slow_op_put_by_id_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::generateOpResolveScopeThunk):
(JSC::JIT::slow_op_resolve_scopeGenerator):
(JSC::JIT::generateOpGetFromScopeThunk):
(JSC::JIT::slow_op_get_from_scopeGenerator):
(JSC::JIT::slow_op_put_to_scopeGenerator):

  • jit/SlowPathCall.cpp:

(JSC::JITSlowPathCall::generateThunk):

  • jit/SpecializedThunkJIT.h:

(JSC::SpecializedThunkJIT::finalize):

  • jit/ThunkGenerator.h:
  • jit/ThunkGenerators.cpp:

(JSC::handleExceptionGenerator):
(JSC::handleExceptionWithCallFrameRollbackGenerator):
(JSC::popThunkStackPreservesAndHandleExceptionGenerator):
(JSC::checkExceptionGenerator):
(JSC::throwExceptionFromCallSlowPathGenerator):
(JSC::linkCallThunkGenerator):
(JSC::linkPolymorphicCallThunkGenerator):
(JSC::virtualThunkFor):
(JSC::nativeForGenerator):
(JSC::arityFixupGenerator):
(JSC::unreachableGenerator):
(JSC::stringGetByValGenerator):
(JSC::boundFunctionCallGenerator):
(JSC::remoteFunctionCallGenerator):

  • llint/LLIntThunks.cpp:

(JSC::LLInt::generateThunkWithJumpTo):
(JSC::LLInt::generateThunkWithJumpToPrologue):
(JSC::LLInt::generateThunkWithJumpToLLIntReturnPoint):
(JSC::LLInt::createJSGateThunk):
(JSC::LLInt::createWasmGateThunk):
(JSC::LLInt::createTailCallGate):
(JSC::LLInt::tagGateThunk):
(JSC::LLInt::untagGateThunk):

  • yarr/YarrDisassembler.cpp:

(JSC::Yarr::YarrDisassembler::dump):
(JSC::Yarr::YarrDisassembler::dumpDisassembly):

  • yarr/YarrDisassembler.h:
  • Property svn:eol-style set to native
File size: 7.0 KB
Line 
1/*
2 * Copyright (C) 2010-2022 Apple Inc. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
14 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
15 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
17 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
18 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
19 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
20 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
21 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
22 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
23 * THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26#pragma once
27
28#if ENABLE(JIT)
29
30#include "JIT.h"
31#include "JITInlines.h"
32#include "JSInterfaceJIT.h"
33#include "LinkBuffer.h"
34
35namespace JSC {
36
37 class SpecializedThunkJIT : public JSInterfaceJIT {
38 public:
39 static constexpr int ThisArgument = -1;
40 SpecializedThunkJIT(VM& vm, int expectedArgCount)
41 : JSInterfaceJIT(&vm)
42 {
43 emitFunctionPrologue();
44 emitSaveThenMaterializeTagRegisters();
45 // Check that we have the expected number of arguments
46 m_failures.append(branch32(NotEqual, payloadFor(CallFrameSlot::argumentCountIncludingThis), TrustedImm32(expectedArgCount + 1)));
47 }
48
49 explicit SpecializedThunkJIT(VM& vm)
50 : JSInterfaceJIT(&vm)
51 {
52 emitFunctionPrologue();
53 emitSaveThenMaterializeTagRegisters();
54 }
55
56 void loadDoubleArgument(int argument, FPRegisterID dst, RegisterID scratch)
57 {
58 VirtualRegister src = virtualRegisterForArgumentIncludingThis(argument + 1);
59 m_failures.append(emitLoadDouble(src, dst, scratch));
60 }
61
62 void loadCellArgument(int argument, RegisterID dst)
63 {
64 VirtualRegister src = virtualRegisterForArgumentIncludingThis(argument + 1);
65 m_failures.append(emitLoadJSCell(src, dst));
66 }
67
68 void loadJSStringArgument(int argument, RegisterID dst)
69 {
70 loadCellArgument(argument, dst);
71 m_failures.append(branchIfNotString(dst));
72 }
73
74 void loadInt32Argument(int argument, RegisterID dst, Jump& failTarget)
75 {
76 VirtualRegister src = virtualRegisterForArgumentIncludingThis(argument + 1);
77 failTarget = emitLoadInt32(src, dst);
78 }
79
80 void loadInt32Argument(int argument, RegisterID dst)
81 {
82 Jump conversionFailed;
83 loadInt32Argument(argument, dst, conversionFailed);
84 m_failures.append(conversionFailed);
85 }
86
87 void appendFailure(const Jump& failure)
88 {
89 m_failures.append(failure);
90 }
91#if USE(JSVALUE64)
92 void returnJSValue(RegisterID src)
93 {
94 if (src != regT0)
95 move(src, regT0);
96
97 emitRestoreSavedTagRegisters();
98 emitFunctionEpilogue();
99 ret();
100 }
101#else
102 void returnJSValue(RegisterID payload, RegisterID tag)
103 {
104 ASSERT_UNUSED(payload, payload == regT0);
105 ASSERT_UNUSED(tag, tag == regT1);
106 emitRestoreSavedTagRegisters();
107 emitFunctionEpilogue();
108 ret();
109 }
110#endif
111
112 void returnDouble(FPRegisterID src)
113 {
114#if USE(JSVALUE64)
115 moveDoubleTo64(src, regT0);
116 Jump zero = branchTest64(Zero, regT0);
117 sub64(numberTagRegister, regT0);
118 Jump done = jump();
119 zero.link(this);
120 move(numberTagRegister, regT0);
121 done.link(this);
122#else
123 moveDoubleToInts(src, regT0, regT1);
124 Jump lowNonZero = branchTestPtr(NonZero, regT1);
125 Jump highNonZero = branchTestPtr(NonZero, regT0);
126 move(TrustedImm32(0), regT0);
127 move(TrustedImm32(JSValue::Int32Tag), regT1);
128 lowNonZero.link(this);
129 highNonZero.link(this);
130#endif
131 emitRestoreSavedTagRegisters();
132 emitFunctionEpilogue();
133 ret();
134 }
135
136 void returnInt32(RegisterID src)
137 {
138 if (src != regT0)
139 move(src, regT0);
140 tagReturnAsInt32();
141 emitRestoreSavedTagRegisters();
142 emitFunctionEpilogue();
143 ret();
144 }
145
146 void returnJSCell(RegisterID src)
147 {
148 if (src != regT0)
149 move(src, regT0);
150 tagReturnAsJSCell();
151 emitRestoreSavedTagRegisters();
152 emitFunctionEpilogue();
153 ret();
154 }
155
156 MacroAssemblerCodeRef<JITThunkPtrTag> finalize(MacroAssemblerCodePtr<JITThunkPtrTag> fallback, const char* thunkKind)
157 {
158 LinkBuffer patchBuffer(*this, GLOBAL_THUNK_ID, LinkBuffer::Profile::SpecializedThunk);
159 patchBuffer.link(m_failures, CodeLocationLabel<JITThunkPtrTag>(fallback));
160 for (unsigned i = 0; i < m_calls.size(); i++)
161 patchBuffer.link(m_calls[i].first, m_calls[i].second);
162 return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "Specialized thunk for %s", thunkKind);
163 }
164
165 // Assumes that the target function uses fpRegister0 as the first argument
166 // and return value. Like any sensible architecture would.
167 void callDoubleToDouble(FunctionPtr<CFunctionPtrTag> function)
168 {
169 m_calls.append(std::make_pair(call(OperationPtrTag), function.retagged<OperationPtrTag>()));
170 }
171
172 void callDoubleToDoublePreservingReturn(FunctionPtr<CFunctionPtrTag> function)
173 {
174 if (!isX86())
175 preserveReturnAddressAfterCall(regT3);
176 callDoubleToDouble(function);
177 if (!isX86())
178 restoreReturnAddressBeforeReturn(regT3);
179 }
180
181 private:
182 void tagReturnAsInt32()
183 {
184#if USE(JSVALUE64)
185 or64(numberTagRegister, regT0);
186#else
187 move(TrustedImm32(JSValue::Int32Tag), regT1);
188#endif
189 }
190
191 void tagReturnAsJSCell()
192 {
193#if USE(JSVALUE32_64)
194 move(TrustedImm32(JSValue::CellTag), regT1);
195#endif
196 }
197
198 MacroAssembler::JumpList m_failures;
199 Vector<std::pair<Call, FunctionPtr<OperationPtrTag>>> m_calls;
200 };
201
202}
203
204#endif // ENABLE(JIT)
Note: See TracBrowser for help on using the repository browser.