Changeset 217127 in webkit for trunk/Source/JavaScriptCore/b3/B3LowerToAir.cpp

Timestamp:

May 19, 2017, 8:48:40 AM (8 years ago)

Author:

[email protected]

Message:

B3::Value::effects() says that having a fence range implies the fence bit, but on x86_64 we lower loadAcq/storeRel to load/store so the store-before-load fence bit orderings won't be honored
​https://bugs.webkit.org/show_bug.cgi?id=172306

Reviewed by Michael Saboff.

This changes B3 to emit xchg and its variants for fenced stores on x86. This ensures that
fenced stores cannot be reordered around other fenced instructions. Previously, B3 emitted
normal store instructions for fenced stores. That's wrong because then you get reorderings
that are possible in TSO but impossible in SC. Fenced instructions are supposed to be SC
with respect for each other.

This is imprecise. If you really just wanted a store-release, then every X86 store does this.
But, in B3, fenced stores are ARM-style store-release, meaning that they are fenced with
respect to all other fences. If we ever did want to say that something is a store release in
the traditional sense, then we'd want MemoryValue to have a fence flag. Then, having a fence
range without the fence flag would mean the traditional store-release, which lowers to a
normal store on x86. But to my knowledge, that traditional store-release is only useful for
unlocking spinlocks. We don't use spinlocks in JSC. Adaptive locks require CAS for unlock,
and B3 CAS is plenty fast. I think it's OK to have this small imprecision of giving clients
an ARM-style store-release on x86 using xchg.

The implication of this change is that the FTL no longer violates the SAB memory model.

• assembler/MacroAssemblerX86Common.h:

(JSC::MacroAssemblerX86Common::xchg8):
(JSC::MacroAssemblerX86Common::xchg16):
(JSC::MacroAssemblerX86Common::xchg32):
(JSC::MacroAssemblerX86Common::loadAcq8): Deleted.
(JSC::MacroAssemblerX86Common::loadAcq8SignedExtendTo32): Deleted.
(JSC::MacroAssemblerX86Common::loadAcq16): Deleted.
(JSC::MacroAssemblerX86Common::loadAcq16SignedExtendTo32): Deleted.
(JSC::MacroAssemblerX86Common::loadAcq32): Deleted.
(JSC::MacroAssemblerX86Common::storeRel8): Deleted.
(JSC::MacroAssemblerX86Common::storeRel16): Deleted.
(JSC::MacroAssemblerX86Common::storeRel32): Deleted.

• assembler/MacroAssemblerX86_64.h:

(JSC::MacroAssemblerX86_64::xchg64):
(JSC::MacroAssemblerX86_64::loadAcq64): Deleted.
(JSC::MacroAssemblerX86_64::storeRel64): Deleted.

• b3/B3LowerToAir.cpp:

(JSC::B3::Air::LowerToAir::ArgPromise::inst):
(JSC::B3::Air::LowerToAir::trappingInst):
(JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
(JSC::B3::Air::LowerToAir::createStore):
(JSC::B3::Air::LowerToAir::storeOpcode):
(JSC::B3::Air::LowerToAir::appendStore):
(JSC::B3::Air::LowerToAir::append):
(JSC::B3::Air::LowerToAir::appendTrapping):
(JSC::B3::Air::LowerToAir::fillStackmap):
(JSC::B3::Air::LowerToAir::lower):

• b3/air/AirKind.cpp:

(JSC::B3::Air::Kind::dump):

• b3/air/AirKind.h:

(JSC::B3::Air::Kind::Kind):
(JSC::B3::Air::Kind::operator==):
(JSC::B3::Air::Kind::hash):

• b3/air/AirLowerAfterRegAlloc.cpp:

(JSC::B3::Air::lowerAfterRegAlloc):

• b3/air/AirLowerMacros.cpp:

(JSC::B3::Air::lowerMacros):

• b3/air/AirOpcode.opcodes:
• b3/air/AirValidate.cpp:
• b3/air/opcode_generator.rb:
• b3/testb3.cpp:

(JSC::B3::correctSqrt):
(JSC::B3::testSqrtArg):
(JSC::B3::testSqrtImm):
(JSC::B3::testSqrtMem):
(JSC::B3::testSqrtArgWithUselessDoubleConversion):
(JSC::B3::testSqrtArgWithEffectfulDoubleConversion):
(JSC::B3::testStoreRelAddLoadAcq32):
(JSC::B3::testTrappingLoad):
(JSC::B3::testTrappingStore):
(JSC::B3::testTrappingLoadAddStore):
(JSC::B3::testTrappingLoadDCE):

File:

• trunk/Source/JavaScriptCore/b3/B3LowerToAir.cpp (modified) (10 diffs)

trunk/Source/JavaScriptCore/b3/B3LowerToAir.cpp

@@ -273 +273 @@
         {
             Inst result(std::forward<Args>(args)...);
-            result.kind.traps |= m_traps;
+            result.kind.effects |= m_traps;
             m_wasWrapped = true;
             return result;
@@ -569 +569 @@
     {
         Inst result(std::forward<Args>(args)...);
-        result.kind.traps |= traps;
+        result.kind.effects |= traps;
         return result;
     }
@@ -962 +962 @@
             return false;
         
-        // On x86, all stores have fences, and this isn't reordering the store itself.
-        if (!isX86() && m_value->as<MemoryValue>()->hasFence())
+        if (m_value->as<MemoryValue>()->hasFence())
             return false;
         
@@ -1018 +1017 @@
     }
 
-    Inst createStore(Air::Opcode move, Value* value, const Arg& dest)
-    {
-        if (imm(value) && isValidForm(move, Arg::Imm, dest.kind()))
+    Inst createStore(Air::Kind move, Value* value, const Arg& dest)
+    {
+        if (imm(value) && isValidForm(move.opcode, Arg::Imm, dest.kind()))
             return Inst(move, m_value, imm(value), dest);
 
@@ -1026 +1025 @@
     }
     
-    Air::Opcode storeOpcode(Width width, Bank bank, bool release)
+    Air::Opcode storeOpcode(Width width, Bank bank)
     {
         switch (width) {
         case Width8:
             RELEASE_ASSERT(bank == GP);
-            return release ? StoreRel8 : Air::Store8;
+            return Air::Store8;
         case Width16:
             RELEASE_ASSERT(bank == GP);
-            return release ? StoreRel16 : Air::Store16;
+            return Air::Store16;
         case Width32:
             switch (bank) {
             case GP:
-                return release ? StoreRel32 : Move32;
+                return Move32;
             case FP:
-                RELEASE_ASSERT(!release);
                 return MoveFloat;
             }
@@ -1048 +1046 @@
             switch (bank) {
             case GP:
-                return release ? StoreRel64 : Move;
+                return Move;
             case FP:
-                RELEASE_ASSERT(!release);
                 return MoveDouble;
             }
@@ -1058 +1055 @@
     }
     
-    Air::Opcode storeOpcode(Value* value)
+    void appendStore(Value* value, const Arg& dest)
     {
         MemoryValue* memory = value->as<MemoryValue>();
         RELEASE_ASSERT(memory->isStore());
-        return storeOpcode(memory->accessWidth(), memory->accessBank(), memory->hasFence());
-    }
-
-    Inst createStore(Value* value, const Arg& dest)
-    {
-        Air::Opcode moveOpcode = storeOpcode(value);
-        return createStore(moveOpcode, value->child(0), dest);
-    }
-
-    template<typename... Args>
-    void appendStore(Args&&... args)
-    {
-        append(trappingInst(m_value, createStore(std::forward<Args>(args)...)));
-    }
-    
+
+        Air::Kind kind;
+        if (memory->hasFence()) {
+            RELEASE_ASSERT(memory->accessBank() == GP);
+            
+            if (isX86()) {
+                kind = OPCODE_FOR_WIDTH(Xchg, memory->accessWidth());
+                kind.effects = true;
+                Tmp swapTmp = m_code.newTmp(GP);
+                append(relaxedMoveForType(memory->accessType()), tmp(memory->child(0)), swapTmp);
+                append(kind, swapTmp, dest);
+                return;
+            }
+            
+            kind = OPCODE_FOR_WIDTH(StoreRel, memory->accessWidth());
+        } else
+            kind = storeOpcode(memory->accessWidth(), memory->accessBank());
+        
+        kind.effects |= memory->traps();
+        
+        append(createStore(kind, memory->child(0), dest));
+    }
+
     Air::Opcode moveForType(Type type)
     {
@@ -1152 +1157 @@
 
     template<typename... Arguments>
-    void append(Air::Opcode opcode, Arguments&&... arguments)
-    {
-        m_insts.last().append(Inst(opcode, m_value, std::forward<Arguments>(arguments)...));
+    void append(Air::Kind kind, Arguments&&... arguments)
+    {
+        m_insts.last().append(Inst(kind, m_value, std::forward<Arguments>(arguments)...));
     }
     
     template<typename... Arguments>
-    void appendTrapping(Air::Opcode opcode, Arguments&&... arguments)
-    {
-        m_insts.last().append(trappingInst(m_value, opcode, m_value, std::forward<Arguments>(arguments)...));
+    void appendTrapping(Air::Kind kind, Arguments&&... arguments)
+    {
+        m_insts.last().append(trappingInst(m_value, kind, m_value, std::forward<Arguments>(arguments)...));
     }
     
@@ -1255 +1260 @@
             case ValueRep::StackArgument:
                 arg = Arg::callArg(value.rep().offsetFromSP());
-                appendStore(moveForType(value.value()->type()), value.value(), arg);
+                append(trappingInst(m_value, createStore(moveForType(value.value()->type()), value.value(), arg)));
                 break;
             default:
@@ -2415 +2420 @@
         case Load: {
             MemoryValue* memory = m_value->as<MemoryValue>();
-            Air::Opcode opcode = Air::Oops;
+            Air::Kind kind = moveForType(memory->type());
             if (memory->hasFence()) {
-                switch (memory->type()) {
-                case Int32:
-                    opcode = LoadAcq32;
-                    break;
-                case Int64:
-                    opcode = LoadAcq64;
-                    break;
-                default:
-                    RELEASE_ASSERT_NOT_REACHED();
-                    break;
-                }
-            } else
-                opcode = moveForType(memory->type());
-            append(trappingInst(m_value, opcode, m_value, addr(m_value), tmp(m_value)));
+                if (isX86())
+                    kind.effects = true;
+                else {
+                    switch (memory->type()) {
+                    case Int32:
+                        kind = LoadAcq32;
+                        break;
+                    case Int64:
+                        kind = LoadAcq64;
+                        break;
+                    default:
+                        RELEASE_ASSERT_NOT_REACHED();
+                        break;
+                    }
+                }
+            }
+            append(trappingInst(m_value, kind, m_value, addr(m_value), tmp(m_value)));
             return;
         }
             
         case Load8S: {
-            Air::Opcode opcode = m_value->as<MemoryValue>()->hasFence() ? LoadAcq8SignedExtendTo32 : Load8SignedExtendTo32;
-            append(trappingInst(m_value, opcode, m_value, addr(m_value), tmp(m_value)));
+            Air::Kind kind = Load8SignedExtendTo32;
+            if (m_value->as<MemoryValue>()->hasFence()) {
+                if (isX86())
+                    kind.effects = true;
+                else
+                    kind = LoadAcq8SignedExtendTo32;
+            }
+            append(trappingInst(m_value, kind, m_value, addr(m_value), tmp(m_value)));
             return;
         }
 
         case Load8Z: {
-            Air::Opcode opcode = m_value->as<MemoryValue>()->hasFence() ? LoadAcq8 : Load8;
-            append(trappingInst(m_value, opcode, m_value, addr(m_value), tmp(m_value)));
+            Air::Kind kind = Load8;
+            if (m_value->as<MemoryValue>()->hasFence()) {
+                if (isX86())
+                    kind.effects = true;
+                else
+                    kind = LoadAcq8;
+            }
+            append(trappingInst(m_value, kind, m_value, addr(m_value), tmp(m_value)));
             return;
         }
 
         case Load16S: {
-            Air::Opcode opcode = m_value->as<MemoryValue>()->hasFence() ? LoadAcq16SignedExtendTo32 : Load16SignedExtendTo32;
-            append(trappingInst(m_value, opcode, m_value, addr(m_value), tmp(m_value)));
+            Air::Kind kind = Load16SignedExtendTo32;
+            if (m_value->as<MemoryValue>()->hasFence()) {
+                if (isX86())
+                    kind.effects = true;
+                else
+                    kind = LoadAcq16SignedExtendTo32;
+            }
+            append(trappingInst(m_value, kind, m_value, addr(m_value), tmp(m_value)));
             return;
         }
 
         case Load16Z: {
-            Air::Opcode opcode = m_value->as<MemoryValue>()->hasFence() ? LoadAcq16 : Load16;
-            append(trappingInst(m_value, opcode, m_value, addr(m_value), tmp(m_value)));
+            Air::Kind kind = Load16;
+            if (m_value->as<MemoryValue>()->hasFence()) {
+                if (isX86())
+                    kind.effects = true;
+                else
+                    kind = LoadAcq16;
+            }
+            append(trappingInst(m_value, kind, m_value, addr(m_value), tmp(m_value)));
             return;
         }