Changeset 284923 in webkit for trunk/Source/JavaScriptCore/jit/CallFrameShuffler.cpp

Timestamp:

Oct 27, 2021, 8:34:42 AM (4 years ago)

Author:

[email protected]

Message:

[JSC][32bit] Fix CSR restore on DFG tail calls, add extra register on ARMv7
​https://bugs.webkit.org/show_bug.cgi?id=230622

Patch by Geza Lore <Geza Lore> on 2021-10-27
Reviewed by Keith Miller.

This re-introduces the patch reverted by
​https://trac.webkit.org/changeset/284911/webkit
with the C_LOOP interpreter now fixed.

The only difference between the original patch and this version is in
LowLevelInterpreter32_64.asm and LowLevelInterpreter64.asm, which
need the PC base (PB) register restored on C_LOOP on return from a
call, as C_LOOP does not seem to handle this as a proper callee save
register (CSR). On non C_LOOP builds, the CSR restore mechanism takes
care of this, so removed the superfluous instructions.

--- Original ChangeLog ---

This patch does two things:

1. Adds an extra callee save register (CSR) to be available to DFG on

ARMv7. To do this properly required the following:

2. Implements the necessary shuffling in CallFrameShuffler on 32-bit

architectures that is required to restore CSRs properly after a tail
call on these architectures. This also fixes the remaining failures in
the 32-bit build of the unlinked baseline JIT.

• bytecode/ValueRecovery.cpp:

(JSC::ValueRecovery::dumpInContext const):

• bytecode/ValueRecovery.h:

(JSC::ValueRecovery::calleeSaveRegDisplacedInJSStack):
(JSC::ValueRecovery::isInJSStack const):
(JSC::ValueRecovery::dataFormat const):
(JSC::ValueRecovery::withLocalsOffset const):

• dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::emitCall):

• jit/CachedRecovery.cpp:

(JSC::CachedRecovery::loadsIntoGPR const):

• jit/CallFrameShuffleData.cpp:

(JSC::CallFrameShuffleData::setupCalleeSaveRegisters):

• jit/CallFrameShuffleData.h:
• jit/CallFrameShuffler.cpp:

(JSC::CallFrameShuffler::CallFrameShuffler):

• jit/CallFrameShuffler.h:

(JSC::CallFrameShuffler::snapshot const):
(JSC::CallFrameShuffler::addNew):

• jit/CallFrameShuffler32_64.cpp:

(JSC::CallFrameShuffler::emitLoad):
(JSC::CallFrameShuffler::emitDisplace):

• jit/GPRInfo.h:

(JSC::GPRInfo::toRegister):
(JSC::GPRInfo::toIndex):

• jit/RegisterSet.cpp:

(JSC::RegisterSet::dfgCalleeSaveRegisters):

• llint/LowLevelInterpreter32_64.asm:
• llint/LowLevelInterpreter64.asm:

File:

• trunk/Source/JavaScriptCore/jit/CallFrameShuffler.cpp (modified) (2 diffs)

trunk/Source/JavaScriptCore/jit/CallFrameShuffler.cpp

@@ -53 +53 @@
         m_lockedRegisters.clear(FPRInfo::toRegister(i));
 
-#if USE(JSVALUE64)
-    // ... as well as the runtime registers on 64-bit architectures.
-    // However do not use these registers on 32-bit architectures since
-    // saving and restoring callee-saved registers in CallFrameShuffler isn't supported
-    // on 32-bit architectures yet.
+    // ... as well as the callee saved registers
     m_lockedRegisters.exclude(RegisterSet::vmCalleeSaveRegisters());
-#endif
 
     ASSERT(!data.callee.isInJSStack() || data.callee.virtualRegister().isLocal());
@@ -69 +64 @@
     }
 
-#if USE(JSVALUE64)
     for (Reg reg = Reg::first(); reg <= Reg::last(); reg = reg.next()) {
         if (!data.registers[reg].isSet())
             continue;
 
-        if (reg.isGPR())
+        if (reg.isGPR()) {
+#if USE(JSVALUE64)
             addNew(JSValueRegs(reg.gpr()), data.registers[reg]);
-        else
+#elif USE(JSVALUE32_64)
+            addNew(reg.gpr(), data.registers[reg]);
+#endif
+        } else
             addNew(reg.fpr(), data.registers[reg]);
     }
 
+#if USE(JSVALUE64)
     m_numberTagRegister = data.numberTagRegister;
     if (m_numberTagRegister != InvalidGPRReg)