Changeset 220807 in webkit for trunk/Source/JavaScriptCore/assembler/testmasm.cpp

Timestamp:

Aug 16, 2017, 1:38:57 PM (8 years ago)

Author:

[email protected]

Message:

Enhance MacroAssembler::probe() to support an initializeStackFunction callback.
​https://bugs.webkit.org/show_bug.cgi?id=175617
<rdar://problem/33912104>

Reviewed by JF Bastien.

This patch adds a new feature to MacroAssembler::probe() where the probe function
can provide a ProbeFunction callback to fill in stack values after the stack
pointer has been adjusted. The probe function can use this feature as follows:

1. Set the new sp value in the ProbeContext's CPUState.

2. Set the ProbeContext's initializeStackFunction to a ProbeFunction callback which will do the work of filling in the stack values after the probe trampoline has adjusted the machine stack pointer.

3. Set the ProbeContext's initializeStackArgs to any value that the client wants to pass to the initializeStackFunction callback.

4. Return from the probe function.

Upon returning from the probe function, the probe trampoline will adjust the
the stack pointer based on the sp value in CPUState. If initializeStackFunction
is not set, the probe trampoline will restore registers and return to its caller.

If initializeStackFunction is set, the trampoline will move the ProbeContext
beyond the range of the stack pointer i.e. it will place the new ProbeContext at
an address lower than where CPUState.sp() points. This ensures that the
ProbeContext will not be trashed by the initializeStackFunction when it writes to
the stack. Then, the trampoline will call back to the initializeStackFunction
ProbeFunction to let it fill in the stack values as desired. The
initializeStackFunction ProbeFunction will be passed the moved ProbeContext at
the new location.

initializeStackFunction may now write to the stack at addresses greater or
equal to CPUState.sp(), but not below that. initializeStackFunction is also
not allowed to change CPUState.sp(). If the initializeStackFunction does not
abide by these rules, then behavior is undefined, and bad things may happen.

For future reference, some implementation details that this patch needed to
be mindful of:

1. When the probe trampoline allocates stack space for the ProbeContext, it should include OUT_SIZE as well. This ensures that it doesn't have to move the ProbeContext on exit if the probe function didn't change the sp.

2. If the trampoline has to move the ProbeContext, it needs to point the machine sp to new ProbeContext first before copying over the ProbeContext data. This protects the new ProbeContext from possibly being trashed by interrupts.

3. When computing the new address of ProbeContext to move to, we need to make sure that it is properly aligned in accordance with stack ABI requirements (just like we did when we allocated the ProbeContext on entry to the probe trampoline).

4. When copying the ProbeContext to its new location, the trampoline should always copy words from low addresses to high addresses. This is because if we're moving the ProbeContext, we'll always be moving it to a lower address.

• assembler/MacroAssembler.h:
• assembler/MacroAssemblerARM.cpp:
• assembler/MacroAssemblerARM64.cpp:
• assembler/MacroAssemblerARMv7.cpp:
• assembler/MacroAssemblerX86Common.cpp:
• assembler/testmasm.cpp:

(JSC::testProbePreservesGPRS):
(JSC::testProbeModifiesStackPointer):
(JSC::fillStack):
(JSC::testProbeModifiesStackWithCallback):
(JSC::run):

File:

• trunk/Source/JavaScriptCore/assembler/testmasm.cpp (modified) (5 diffs)

trunk/Source/JavaScriptCore/assembler/testmasm.cpp

@@ -64 +64 @@
 namespace {
 
+using CPUState = MacroAssembler::CPUState;
+
 StaticLock crashLock;
 
@@ -268 +270 @@
     // to validate that the probe preserves register values.
     unsigned probeCallCount = 0;
-    MacroAssembler::CPUState originalState;
+    CPUState originalState;
 
     compileAndRun<void>([&] (CCallHelpers& jit) {
@@ -348 +350 @@
 {
     unsigned probeCallCount = 0;
-    MacroAssembler::CPUState originalState;
+    CPUState originalState;
     void* originalSP { nullptr };
     void* modifiedSP { nullptr };
@@ -509 +511 @@
 }
 
+struct FillStackData {
+    CPUState originalState;
+    void* originalSP { nullptr };
+    void* newSP { nullptr };
+    uintptr_t modifiedFlags { 0 };
+    MacroAssembler::SPRegisterID flagsSPR;
+};
+
+static void fillStack(ProbeContext* context)
+{
+    auto& cpu = context->cpu;
+
+    FillStackData& data = *reinterpret_cast<FillStackData*>(context->initializeStackArg);
+    CPUState& originalState = data.originalState;
+    void*& originalSP = data.originalSP;
+    void*& newSP = data.newSP;
+    uintptr_t& modifiedFlags = data.modifiedFlags;
+    MacroAssembler::SPRegisterID& flagsSPR = data.flagsSPR;
+
+    CHECK_EQ(reinterpret_cast<void*>(context->initializeStackFunction), reinterpret_cast<void*>(fillStack));
+    CHECK_EQ(cpu.sp(), newSP);
+
+    // Verify that the probe has put the ProbeContext out of harm's way.
+    CHECK_EQ((reinterpret_cast<void*>(context + 1) <= cpu.sp()), true);
+
+    // Verify the CPU state.
+    for (auto id = CCallHelpers::firstRegister(); id <= CCallHelpers::lastRegister(); id = nextID(id)) {
+        if (isFP(id)) {
+            CHECK_EQ(cpu.gpr(id), originalState.gpr(id));
+            continue;
+        }
+        if (isSpecialGPR(id))
+            continue;
+        CHECK_EQ(cpu.gpr(id), testWord(id));
+    }
+    for (auto id = CCallHelpers::firstFPRegister(); id <= CCallHelpers::lastFPRegister(); id = nextID(id))
+        CHECK_EQ(cpu.fpr<uint64_t>(id), testWord64(id));
+    CHECK_EQ(cpu.spr(flagsSPR), modifiedFlags);
+
+    // Fill the stack with values.
+    uintptr_t* p = reinterpret_cast<uintptr_t*>(newSP);
+    int count = 0;
+    while (p < reinterpret_cast<uintptr_t*>(originalSP))
+        *p++ = testWord(count++);
+};
+
+void testProbeModifiesStackWithCallback()
+{
+    unsigned probeCallCount = 0;
+    FillStackData data;
+    CPUState& originalState = data.originalState;
+    void*& originalSP = data.originalSP;
+    void*& newSP = data.newSP;
+    uintptr_t& modifiedFlags = data.modifiedFlags;
+    size_t numberOfExtraEntriesToWrite = 10; // ARM64 requires that this be 2 word aligned.
+    MacroAssembler::SPRegisterID& flagsSPR = data.flagsSPR;
+
+#if CPU(X86) || CPU(X86_64)
+    flagsSPR = X86Registers::eflags;
+    uintptr_t flagsMask = 0xc5;
+#elif CPU(ARM_THUMB2) || CPU(ARM_TRADITIONAL)
+    flagsSPR = ARMRegisters::apsr;
+    uintptr_t flagsMask = 0xf0000000;
+#elif CPU(ARM64)
+    flagsSPR = ARM64Registers::nzcv;
+    uintptr_t flagsMask = 0xf0000000;
+#endif
+
+    compileAndRun<void>([&] (CCallHelpers& jit) {
+        jit.emitFunctionPrologue();
+
+        // Write expected values into the registers.
+        jit.probe([&] (ProbeContext* context) {
+            auto& cpu = context->cpu;
+            probeCallCount++;
+
+            // Preserve the original CPU state.
+            for (auto id = CCallHelpers::firstRegister(); id <= CCallHelpers::lastRegister(); id = nextID(id)) {
+                originalState.gpr(id) = cpu.gpr(id);
+                if (isSpecialGPR(id))
+                    continue;
+                cpu.gpr(id) = testWord(static_cast<int>(id));
+            }
+            for (auto id = CCallHelpers::firstFPRegister(); id <= CCallHelpers::lastFPRegister(); id = nextID(id)) {
+                originalState.fpr(id) = cpu.fpr(id);
+                cpu.fpr(id) = bitwise_cast<double>(testWord64(id));
+            }
+            originalState.spr(flagsSPR) = cpu.spr(flagsSPR);
+            modifiedFlags = originalState.spr(flagsSPR) ^ flagsMask;
+            cpu.spr(flagsSPR) = modifiedFlags;
+
+            CHECK_EQ(reinterpret_cast<void*>(context->initializeStackFunction), 0);
+
+            // Prepare for initializeStack callback.
+            context->initializeStackFunction = fillStack;
+            context->initializeStackArg = &data;
+
+            // Ensure that we'll be writing over the regions of the stack where the ProbeContext is.
+            originalSP = cpu.sp();
+            newSP = reinterpret_cast<uintptr_t*>(context) - numberOfExtraEntriesToWrite;
+            cpu.sp() = newSP;
+        });
+
+        // Validate that the registers and stack have the expected values.
+        jit.probe([&] (ProbeContext* context) {
+            auto& cpu = context->cpu;
+            probeCallCount++;
+
+            // Validate the register values.
+            for (auto id = CCallHelpers::firstRegister(); id <= CCallHelpers::lastRegister(); id = nextID(id)) {
+                if (isFP(id)) {
+                    CHECK_EQ(cpu.gpr(id), originalState.gpr(id));
+                    continue;
+                }
+                if (isSpecialGPR(id))
+                    continue;
+                CHECK_EQ(cpu.gpr(id), testWord(id));
+            }
+            for (auto id = CCallHelpers::firstFPRegister(); id <= CCallHelpers::lastFPRegister(); id = nextID(id))
+                CHECK_EQ(cpu.fpr<uint64_t>(id), testWord64(id));
+            CHECK_EQ(cpu.spr(flagsSPR), modifiedFlags);
+            CHECK_EQ(cpu.sp(), newSP);
+
+            // Validate the stack with values.
+            uintptr_t* p = reinterpret_cast<uintptr_t*>(newSP);
+            int count = 0;
+            while (p < reinterpret_cast<uintptr_t*>(originalSP))
+                CHECK_EQ(*p++, testWord(count++));
+        });
+
+        // Restore the original state.
+        jit.probe([&] (ProbeContext* context) {
+            auto& cpu = context->cpu;
+            probeCallCount++;
+            for (auto id = CCallHelpers::firstRegister(); id <= CCallHelpers::lastRegister(); id = nextID(id)) {
+                if (isSpecialGPR(id))
+                    continue;
+                cpu.gpr(id) = originalState.gpr(id);
+            }
+            for (auto id = CCallHelpers::firstFPRegister(); id <= CCallHelpers::lastFPRegister(); id = nextID(id))
+                cpu.fpr(id) = originalState.fpr(id);
+            cpu.spr(flagsSPR) = originalState.spr(flagsSPR);
+            cpu.sp() = originalSP;
+        });
+
+        jit.emitFunctionEpilogue();
+        jit.ret();
+    });
+
+    CHECK_EQ(probeCallCount, 3);
+}
+
 #define RUN(test) do {                          \
         if (!shouldRun(#test))                  \
@@ -541 +695 @@
     RUN(testProbeModifiesStackPointerToNBytesBelowSP());
     RUN(testProbeModifiesProgramCounter());
+    RUN(testProbeModifiesStackWithCallback());
 
     if (tasks.isEmpty())