Context Navigation

← Previous Change
Next Change →

assembler

Timestamp:

Jul 24, 2013, 9:00:16 PM (12 years ago)

Author:

Message:

fourthTier: Implement a probe mechanism for JIT generated code.
https://bugs.webkit.org/show_bug.cgi?id=115705.

Reviewed by Geoffrey Garen.

The probe is in the form of a MacroAssembler pseudo instruction.
It takes 3 arguments: a ProbeFunction, and 2 void* args.

When inserted into the JIT at some code generation site, the probe
pseudo "instruction" will emit a minimal amount of code to save the
stack pointer, 1 (or more) scratch register(s), and the probe
arguments into a ProbeContext record on the stack. The emitted code
will then call a probe trampoline to do the rest of the work, which
consists of:

saving the remaining registers into the ProbeContext.
calling the ProbeFunction, and passing it the ProbeContext pointer.
restoring the registers from the ProbeContext after the ProbeFunction returns, and then returning to the JIT generated code.

The ProbeContext is stack allocated and is only valid for the duration
that the ProbeFunction is executing.

If the user supplied ProbeFunction alters the register values in the
ProbeContext, the new values will be installed into the registers upon
returning from the probe. This can be useful for some debugging or
testing purposes.

The probe mechanism is built conditional on USE(MASM_PROBE) which is
defined in config.h. USE(MASM_PROBE) will off by default.

This changeset only implements the probe mechanism for X86 and X86_64.

CMakeLists.txt:
GNUmakefile.list.am:
JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
JavaScriptCore.xcodeproj/project.pbxproj:
Target.pri:
assembler/MacroAssembler.h:

(MacroAssembler):
(JSC::MacroAssembler::shouldBlind):
(JSC::MacroAssembler::store32):

assembler/MacroAssemblerX86.h:

(MacroAssemblerX86):
(JSC::MacroAssemblerX86::trustedImm32FromPtr):
(JSC::MacroAssemblerX86::probe):

assembler/MacroAssemblerX86Common.cpp: Added.

(JSC::MacroAssemblerX86Common::ProbeContext::dumpCPURegisters):

CPU specific register dumper called by ProbeContext::dump().

(JSC::MacroAssemblerX86Common::ProbeContext::dump):

Prints the ProbeContext to the DataLog.
assembler/MacroAssemblerX86Common.h:

(MacroAssemblerX86Common):
(CPUState): Added.
(ProbeContext): Added.

assembler/MacroAssemblerX86_64.h:

(MacroAssemblerX86_64):
(JSC::MacroAssemblerX86_64::trustedImm64FromPtr):
(JSC::MacroAssemblerX86_64::probe):

assembler/X86Assembler.h:
config.h: Added WTF_USE_MASM_PROBE flag.
jit/JITStubs.cpp:
jit/JITStubs.h:
jit/JITStubsX86.h:
jit/JITStubsX86Common.h: Added.
jit/JITStubsX86_64.h:

Location:

trunk/Source/JavaScriptCore/assembler

Files:

: 1 added
: 5 edited

MacroAssembler.h (modified) (9 diffs)
MacroAssemblerX86.h (modified) (3 diffs)
MacroAssemblerX86Common.cpp (added)
MacroAssemblerX86Common.h (modified) (2 diffs)
MacroAssemblerX86_64.h (modified) (3 diffs)
X86Assembler.h (modified) (3 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/Source/JavaScriptCore/assembler/MacroAssembler.h

-              r143408
+              r153162
 /*
  * Copyright (C) 2008, 2012 Apple Inc. All rights reserved.
+ * Copyright (C) 2008, 2012, 2013 Apple Inc. All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
 …
         return MacroAssemblerBase::branchTest8(cond, Address(address.base, address.offset), mask);
+    }
+#else
+#else // !CPU(X86_64)
     void addPtr(RegisterID src, RegisterID dest)
+    {
 …
+    }
 #endif
+#endif // ENABLE(JIT_CONSTANT_BLINDING)
 #endif // !CPU(X86_64)
 …
         // if we've broken blinding during patch development.
         return true;
 #else
+#else // ENABLE(FORCED_JIT_BLINDING)
         // First off we'll special case common, "safe" values to avoid hurting
 …
         return shouldBlindForSpecificArch(value);
 #endif
+#endif // ENABLE(FORCED_JIT_BLINDING)
+    }
 …
         store64(value, addressForPoke(index));
+    }
 #endif
+#endif // CPU(X86_64)
     void store32(Imm32 imm, Address dest)
 …
             store32(blind.value1, dest);
             xor32(blind.value2, dest);
 #else
+#else // CPU(X86) || CPU(X86_64)
             if (RegisterID scratchRegister = (RegisterID)scratchRegisterForBlinding()) {
                 loadXorBlindedConstant(xorBlindConstant(imm), scratchRegister);
 …
                 store32(imm.asTrustedImm32(), dest);
+            }
 #endif
+#endif // CPU(X86) || CPU(X86_64)
         } else
             store32(imm.asTrustedImm32(), dest);
 …
         urshift32(src, trustedImm32ForShift(amount), dest);
+    }
 #endif
+#endif // ENABLE(JIT_CONSTANT_BLINDING)
 };

trunk/Source/JavaScriptCore/assembler/MacroAssemblerX86.h

-              r135330
+              r153162
 #include "MacroAssemblerX86Common.h"
+#if USE(MASM_PROBE)
+#include <wtf/StdLibExtras.h>
+#endif
 namespace JSC {
 …
+    }
+#if USE(MASM_PROBE)
+    // This function emits code to preserve the CPUState (e.g. registers),
+    // call a user supplied probe function, and restore the CPUState before
+    // continuing with other JIT generated code.
+    //
+    // The user supplied probe function will be called with a single pointer to
+    // a ProbeContext struct (defined above) which contains, among other things,
+    // the preserved CPUState. This allows the user probe function to inspect
+    // the CPUState at that point in the JIT generated code.
+    //
+    // If the user probe function alters the register values in the ProbeContext,
+    // the altered values will be loaded into the CPU registers when the probe
+    // returns.
+    //
+    // The ProbeContext is stack allocated and is only valid for the duration
+    // of the call to the user probe function.
+    void probe(ProbeFunction, void* arg1 = 0, void* arg2 = 0);
+#endif // USE(MASM_PROBE)
 private:
     friend class LinkBuffer;
 …
         X86Assembler::relinkCall(call.dataLocation(), destination.executableAddress());
+    }
+#if USE(MASM_PROBE)
+    inline TrustedImm32 trustedImm32FromPtr(void* ptr)
+    {
+        return TrustedImm32(TrustedImmPtr(ptr));
+    }
+    inline TrustedImm32 trustedImm32FromPtr(ProbeFunction function)
+    {
+        return TrustedImm32(TrustedImmPtr(reinterpret_cast<void*>(function)));
+    }
+    inline TrustedImm32 trustedImm32FromPtr(void (*function)())
+    {
+        return TrustedImm32(TrustedImmPtr(reinterpret_cast<void*>(function)));
+    }
+#endif
 };
+#if USE(MASM_PROBE)
+extern "C" void ctiMasmProbeTrampoline();
+// What code is emitted for the probe?
+// ==================================
+// We want to keep the size of the emitted probe invocation code as compact as
+// possible to minimize the perturbation to the JIT generated code. However,
+// we also need to preserve the CPU registers and set up the ProbeContext to be
+// passed to the user probe function.
+//
+// Hence, we do only the minimum here to preserve the eax (to be used as a
+// scratch register) and esp registers, and pass the probe arguments. We'll let
+// the ctiMasmProbeTrampoline handle the rest of the probe invocation work
+// i.e. saving the CPUState (and setting up the ProbeContext), calling the user
+// probe function, and restoring the CPUState before returning to JIT generated
+// code.
+//
+// What values are in the saved registers?
+// ======================================
+// Conceptually, the saved registers should contain values as if the probe
+// is not present in the JIT generated code. Hence, they should contain values
+// that are expected at the start of the instruction immediately following the
+// probe.
+//
+// Specifcally, the saved esp will point to the stack position before we
+// push the ProbeContext frame. The saved eip will point to the address of
+// the instruction immediately following the probe.
+inline void MacroAssemblerX86::probe(MacroAssemblerX86::ProbeFunction function, void* arg1, void* arg2)
+{
+    RegisterID esp = RegisterID::esp;
+    #define probeContextField(field) Address(esp, offsetof(ProbeContext, field))
+    // The X86_64 ABI specifies that the worse case stack alignment requirement
+    // is 32 bytes.
+    const int probeFrameSize = WTF::roundUpToMultipleOf(32, sizeof(ProbeContext));
+    sub32(TrustedImm32(probeFrameSize), esp);
+    store32(RegisterID::eax, probeContextField(cpu.eax));
+    move(TrustedImm32(probeFrameSize), RegisterID::eax);
+    add32(esp, RegisterID::eax);
+    store32(RegisterID::eax, probeContextField(cpu.esp));
+    store32(trustedImm32FromPtr(function), probeContextField(probeFunction));
+    store32(trustedImm32FromPtr(arg1), probeContextField(arg1));
+    store32(trustedImm32FromPtr(arg2), probeContextField(arg2));
+    move(trustedImm32FromPtr(ctiMasmProbeTrampoline), RegisterID::eax);
+    call(RegisterID::eax);
+    #undef probeContextField
+}
+#endif // USE(MASM_PROBE)
 } // namespace JSC

trunk/Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h

-              r153121
+              r153162
 namespace JSC {
+struct JITStackFrame;
 class MacroAssemblerX86Common : public AbstractMacroAssembler<X86Assembler> {
 protected:
 …
         return X86Assembler::maxJumpReplacementSize();
+    }
+#if USE(MASM_PROBE)
+    struct CPUState {
+        #define DECLARE_REGISTER(_type, _regName) \
+            _type _regName;
+        FOR_EACH_CPU_REGISTER(DECLARE_REGISTER)
+        #undef DECLARE_REGISTER
+    };
+    struct ProbeContext;
+    typedef void (*ProbeFunction)(struct ProbeContext*);
+    struct ProbeContext {
+        ProbeFunction probeFunction;
+        void* arg1;
+        void* arg2;
+        JITStackFrame* jitStackFrame;
+        CPUState cpu;
+        void dump(const char* indentation = 0);
+    private:
+        void dumpCPURegisters(const char* indentation);
+    };
+#endif // USE(MASM_PROBE)
 protected:

trunk/Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h

-              r135330
+              r153162
 #include "MacroAssemblerX86Common.h"
+#if USE(MASM_PROBE)
+#include <wtf/StdLibExtras.h>
+#endif
 #define REPTACH_OFFSET_CALL_R11 3
 …
+    }
+#if USE(MASM_PROBE)
+    // This function emits code to preserve the CPUState (e.g. registers),
+    // call a user supplied probe function, and restore the CPUState before
+    // continuing with other JIT generated code.
+    //
+    // The user supplied probe function will be called with a single pointer to
+    // a ProbeContext struct (defined above) which contains, among other things,
+    // the preserved CPUState. This allows the user probe function to inspect
+    // the CPUState at that point in the JIT generated code.
+    //
+    // If the user probe function alters the register values in the ProbeContext,
+    // the altered values will be loaded into the CPU registers when the probe
+    // returns.
+    //
+    // The ProbeContext is stack allocated and is only valid for the duration
+    // of the call to the user probe function.
+    void probe(ProbeFunction, void* arg1 = 0, void* arg2 = 0);
+#endif // USE(MASM_PROBE)
 private:
     friend class LinkBuffer;
 …
+    }
+#if USE(MASM_PROBE)
+    inline TrustedImm64 trustedImm64FromPtr(void* ptr)
+    {
+        return TrustedImm64(TrustedImmPtr(ptr));
+    }
+    inline TrustedImm64 trustedImm64FromPtr(ProbeFunction function)
+    {
+        return TrustedImm64(TrustedImmPtr(reinterpret_cast<void*>(function)));
+    }
+    inline TrustedImm64 trustedImm64FromPtr(void (*function)())
+    {
+        return TrustedImm64(TrustedImmPtr(reinterpret_cast<void*>(function)));
+    }
+#endif
 };
+#if USE(MASM_PROBE)
+extern "C" void ctiMasmProbeTrampoline();
+// What code is emitted for the probe?
+// ==================================
+// We want to keep the size of the emitted probe invocation code as compact as
+// possible to minimize the perturbation to the JIT generated code. However,
+// we also need to preserve the CPU registers and set up the ProbeContext to be
+// passed to the user probe function.
+//
+// Hence, we do only the minimum here to preserve the rax (to be used as a
+// scratch register) and rsp registers, and pass the probe arguments. We'll let
+// the ctiMasmProbeTrampoline handle the rest of the probe invocation work
+// i.e. saving the CPUState (and setting up the ProbeContext), calling the user
+// probe function, and restoring the CPUState before returning to JIT generated
+// code.
+//
+// What values are in the saved registers?
+// ======================================
+// Conceptually, the saved registers should contain values as if the probe
+// is not present in the JIT generated code. Hence, they should contain values
+// that are expected at the start of the instruction immediately following the
+// probe.
+//
+// Specifcally, the saved rsp will point to the stack position before we
+// push the ProbeContext frame. The saved rip will point to the address of
+// the instruction immediately following the probe.
+inline void MacroAssemblerX86_64::probe(MacroAssemblerX86_64::ProbeFunction function, void* arg1, void* arg2)
+{
+    RegisterID esp = RegisterID::esp;
+    #define probeContextField(field) Address(esp, offsetof(ProbeContext, field))
+    // The X86_64 ABI specifies that the worse case stack alignment requirement
+    // is 32 bytes.
+    const int probeFrameSize = WTF::roundUpToMultipleOf(32, sizeof(ProbeContext));
+    sub64(TrustedImm32(probeFrameSize), esp);
+    store64(RegisterID::eax, probeContextField(cpu.eax));
+    move(TrustedImm32(probeFrameSize), RegisterID::eax);
+    add64(esp, RegisterID::eax);
+    store64(RegisterID::eax, probeContextField(cpu.esp));
+    store64(trustedImm64FromPtr(function), probeContextField(probeFunction));
+    store64(trustedImm64FromPtr(arg1), probeContextField(arg1));
+    store64(trustedImm64FromPtr(arg2), probeContextField(arg2));
+    move(trustedImm64FromPtr(ctiMasmProbeTrampoline), RegisterID::eax);
+    call(RegisterID::eax);
+    #undef probeContextField
+}
+#endif // USE(MASM_PROBE)
 } // namespace JSC

trunk/Source/JavaScriptCore/assembler/X86Assembler.h

-              r148696
+              r153162
 /*
  * Copyright (C) 2008, 2012 Apple Inc. All rights reserved.
+ * Copyright (C) 2008, 2012, 2013 Apple Inc. All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
 …
 #include <wtf/Vector.h>
+#if USE(MASM_PROBE)
+#include <xmmintrin.h>
+#endif
 namespace JSC {
 …
         xmm7,
     } XMMRegisterID;
+#if USE(MASM_PROBE)
+    #define FOR_EACH_CPU_REGISTER(V) \
+        FOR_EACH_CPU_GPREGISTER(V) \
+        FOR_EACH_CPU_FPREGISTER(V)
+    #define FOR_EACH_CPU_GPREGISTER(V) \
+        V(void*, eax) \
+        V(void*, ecx) \
+        V(void*, edx) \
+        V(void*, ebx) \
+        V(void*, esp) \
+        V(void*, ebp) \
+        V(void*, esi) \
+        V(void*, edi) \
+        FOR_EACH_X86_64_CPU_GPREGISTER(V) \
+        V(void*, eip)
+    #define FOR_EACH_CPU_FPREGISTER(V) \
+        V(__m128, xmm0) \
+        V(__m128, xmm1) \
+        V(__m128, xmm2) \
+        V(__m128, xmm3) \
+        V(__m128, xmm4) \
+        V(__m128, xmm5) \
+        V(__m128, xmm6) \
+        V(__m128, xmm7)
+#if CPU(X86)
+    #define FOR_EACH_X86_64_CPU_GPREGISTER(V) // Nothing to add.
+#elif CPU(X86_64)
+    #define FOR_EACH_X86_64_CPU_GPREGISTER(V) \
+        V(void*, r8) \
+        V(void*, r9) \
+        V(void*, r10) \
+        V(void*, r11) \
+        V(void*, r12) \
+        V(void*, r13) \
+        V(void*, r14) \
+        V(void*, r15)
+#endif // CPU(X86_64)
+#endif // USE(MASM_PROBE)
+}

Note: See TracChangeset for help on using the changeset viewer.