Changeset 292540 in webkit for trunk/Source/JavaScriptCore/assembler/ARMv7Assembler.h

Timestamp:

Apr 7, 2022, 10:03:19 AM (3 years ago)

Author:

[email protected]

Message:

[JSC][ARMv7] Support proper near calls and JUMP_ISLANDS
​https://bugs.webkit.org/show_bug.cgi?id=238143

Patch by Geza Lore <Geza Lore> on 2022-04-07
Reviewed by Yusuke Suzuki.

JSTests:

• microbenchmarks/let-const-tdz-environment-parsing-and-hash-consing-speed.js:

Source/JavaScriptCore:

Implement nearCall and nearTailCall as single instruction direct
branches on ARMv7/Thumb-2. (Will need to support these for Wasm JITs,
to implement threadSafePatchableNearcall.) To make this possible while
also having an executable pool size larger than the branch range, I
also ported JUMP_ISLANDS.

To port JUMP_ISLANDS, a reformulation of the region allocations was
necessary, which is now done in terms of the range of the
nearCall/nearTailCall macroassembler macros. For ARM64, the behaviour
should be identical.

The jump islad reservation on ARMv7 is set to 5% of executable memory
size, which is approximately the same as the baseline JIT code size
saving provided by using short branches for near calls, so the change
should be neutral overall with respect to executable memory
consumption.

Also made it possible for the --jitMemoryReservationSize option to
request JIT memory that is larger than the default hardcoded size
while using JUMP_ISLANDS (we need this for testing on ARMv7, which has
a smaller default executable pool size). To do this the region
allocators are no longer statically allocated but are held in a
FixedVector.

Also removed the unused repatchCompact methods from assemblers.

• assembler/ARM64Assembler.h:
• assembler/ARMv7Assembler.h:

(JSC::ARMv7Assembler::isEven):
(JSC::ARMv7Assembler::makeEven):
(JSC::ARMv7Assembler::bl):
(JSC::ARMv7Assembler::link):
(JSC::ARMv7Assembler::linkTailCall):
(JSC::ARMv7Assembler::linkCall):
(JSC::ARMv7Assembler::relinkCall):
(JSC::ARMv7Assembler::relinkTailCall):
(JSC::ARMv7Assembler::prepareForAtomicRelinkJumpConcurrently):
(JSC::ARMv7Assembler::prepareForAtomicRelinkCallConcurrently):
(JSC::ARMv7Assembler::replaceWithJump):
(JSC::ARMv7Assembler::canEmitJump):
(JSC::ARMv7Assembler::isBL):
(JSC::ARMv7Assembler::linkJumpT4):
(JSC::ARMv7Assembler::linkConditionalJumpT4):
(JSC::ARMv7Assembler::linkJumpAbsolute):
(JSC::ARMv7Assembler::linkBranch):

• assembler/AbstractMacroAssembler.h:

(JSC::AbstractMacroAssembler::repatchNearCall):

• assembler/AssemblerCommon.h:

(JSC::isInt):

• assembler/MIPSAssembler.h:
• assembler/MacroAssemblerARM64.h:
• assembler/MacroAssemblerARMv7.h:

(JSC::MacroAssemblerARMv7::nearCall):
(JSC::MacroAssemblerARMv7::nearTailCall):
(JSC::MacroAssemblerARMv7::linkCall):

• assembler/MacroAssemblerMIPS.h:
• assembler/MacroAssemblerRISCV64.h:
• assembler/MacroAssemblerX86Common.h:
• assembler/X86Assembler.h:
• bytecode/Repatch.cpp:

(JSC::linkPolymorphicCall):

• jit/ExecutableAllocator.cpp:

(JSC::initializeJITPageReservation):

Source/WTF:

Support constructor arguments for FixedVector element initialization.

• wtf/EmbeddedFixedVector.h:
• wtf/FixedVector.h:

(WTF::FixedVector::FixedVector):

• wtf/PlatformEnable.h:
• wtf/TrailingArray.h:

(WTF::TrailingArray::TrailingArray):

• wtf/Vector.h:

(WTF::VectorTypeOperations::initializeWithArgs):

File:

• trunk/Source/JavaScriptCore/assembler/ARMv7Assembler.h (modified) (18 diffs)

trunk/Source/JavaScriptCore/assembler/ARMv7Assembler.h

@@ -491 +491 @@
 
 private:
+
+    // In the ARMv7 ISA, the LSB of a code pointer indicates whether the target uses Thumb vs ARM
+    // encoding. These utility functions are there for when we need to deal with this.
+    static bool isEven(const void* ptr) { return !(reinterpret_cast<uintptr_t>(ptr) & 1); }
+    static bool isEven(AssemblerLabel &label) { return !(label.offset() & 1); }
+    static void* makeEven(const void* ptr)
+    {
+        ASSERT(!isEven(ptr));
+        return reinterpret_cast<void*>(reinterpret_cast<uintptr_t>(ptr) & ~1);
+    }
 
     // ARMv7, Appx-A.6.3
@@ -610 +620 @@
         OP_B_T3a        = 0xF000,
         OP_B_T4a        = 0xF000,
+        OP_BL_T4a       = 0xF000,
         OP_AND_imm_T1   = 0xF000,
         OP_TST_imm      = 0xF010,
@@ -698 +709 @@
         OP_B_T3b         = 0x8000,
         OP_B_T4b         = 0x9000,
+        OP_BL_T4b        = 0xD000,
     } OpcodeID2;
 
@@ -718 +730 @@
             };
         } m_u;
+    };
+
+    enum class BranchWithLink : bool {
+        No = false,
+        Yes = true
     };
 
@@ -920 +937 @@
     {
         m_formatter.twoWordOp16Op16(OP_B_T4a, OP_B_T4b);
+        return m_formatter.label();
+    }
+
+    // Only allowed in IT (if then) block if last instruction.
+    ALWAYS_INLINE AssemblerLabel bl()
+    {
+        m_formatter.twoWordOp16Op16(OP_BL_T4a, OP_BL_T4b);
         return m_formatter.label();
     }
@@ -2274 +2298 @@
             break;
         case LinkJumpT4:
-            linkJumpT4<copy>(reinterpret_cast_ptr<uint16_t*>(from), fromInstruction, to);
+            linkJumpT4<copy>(reinterpret_cast_ptr<uint16_t*>(from), fromInstruction, to, BranchWithLink::No);
             break;
         case LinkConditionalJumpT4:
@@ -2322 +2346 @@
     }
 
+    static void linkTailCall(void* code, AssemblerLabel from, void* to)
+    {
+        ASSERT(from.isSet());
+
+        uint16_t* location = reinterpret_cast<uint16_t*>(reinterpret_cast<intptr_t>(code) + from.offset());
+        linkBranch(location, location, makeEven(to), BranchWithLink::No);
+    }
+
     static void linkCall(void* code, AssemblerLabel from, void* to)
     {
-        ASSERT(!(reinterpret_cast<intptr_t>(code) & 1));
         ASSERT(from.isSet());
 
-        setPointer(reinterpret_cast<uint16_t*>(reinterpret_cast<intptr_t>(code) + from.offset()) - 1, to, false);
+        uint16_t* location = reinterpret_cast<uint16_t*>(reinterpret_cast<intptr_t>(code) + from.offset());
+        linkBranch(location, location, makeEven(to), BranchWithLink::Yes);
     }
 
@@ -2351 +2383 @@
     static void relinkCall(void* from, void* to)
     {
-        ASSERT(!(reinterpret_cast<intptr_t>(from) & 1));
-
-        setPointer(reinterpret_cast<uint16_t*>(from) - 1, to, true);
-    }
-    
+        ASSERT(isEven(from));
+
+        uint16_t* location = reinterpret_cast<uint16_t*>(from);
+        if (isBL(location - 2)) {
+            linkBranch(location, location, makeEven(to), BranchWithLink::Yes);
+            cacheFlush(location - 2, 2 * sizeof(uint16_t));
+            return;
+        }
+
+        setPointer(location - 1, to, true);
+    }
+
+    static void relinkTailCall(void* from, void* to)
+    {
+        ASSERT(isEven(from));
+
+        uint16_t* location = reinterpret_cast<uint16_t*>(from);
+        linkBranch(location, location, to, BranchWithLink::No);
+        cacheFlush(location - 2, 2 * sizeof(uint16_t));
+    }
+
+#if ENABLE(JUMP_ISLANDS)
+    static void* prepareForAtomicRelinkJumpConcurrently(void* from, void* to)
+    {
+        ASSERT(isEven(from));
+        ASSERT(isEven(to));
+
+        intptr_t offset = bitwise_cast<intptr_t>(to) - bitwise_cast<intptr_t>(from);
+        ASSERT(static_cast<int>(offset) == offset);
+
+        if (isInt<25>(offset))
+            return to;
+
+        return ExecutableAllocator::singleton().getJumpIslandToConcurrently(from, to);
+    }
+
+    static void* prepareForAtomicRelinkCallConcurrently(void* from, void* to)
+    {
+        ASSERT(isEven(from));
+
+        return prepareForAtomicRelinkJumpConcurrently(from, makeEven(to));
+    }
+#endif
+
     static void* readCallTarget(void* from)
     {
@@ -2368 +2439 @@
     }
     
-    static void repatchCompact(void* where, int32_t offset)
-    {
-        ASSERT(offset >= -255 && offset <= 255);
-
-        bool add = true;
-        if (offset < 0) {
-            add = false;
-            offset = -offset;
-        }
-        
-        offset |= (add << 9);
-        offset |= (1 << 10);
-        offset |= (1 << 11);
-
-        uint16_t* location = reinterpret_cast<uint16_t*>(where);
-        uint16_t instruction = location[1] & ~((1 << 12) - 1);
-        instruction |= offset;
-        performJITMemcpy(location + 1, &instruction, sizeof(uint16_t));
-        cacheFlush(location, sizeof(uint16_t) * 2);
-    }
-
     static void repatchPointer(void* where, void* value)
     {
@@ -2409 +2459 @@
         if (canBeJumpT4(reinterpret_cast<uint16_t*>(instructionStart), to)) {
             uint16_t* ptr = reinterpret_cast<uint16_t*>(instructionStart) + 2;
-            linkJumpT4(ptr, ptr, to);
+            linkJumpT4(ptr, ptr, to, BranchWithLink::No);
             cacheFlush(ptr - 2, sizeof(uint16_t) * 2);
         } else {
@@ -2418 +2468 @@
 #else
         uint16_t* ptr = reinterpret_cast<uint16_t*>(instructionStart) + 2;
-        linkJumpT4(ptr, ptr, to);
+        linkJumpT4(ptr, ptr, to, BranchWithLink::No);
         cacheFlush(ptr - 2, sizeof(uint16_t) * 2);
 #endif
@@ -2529 +2579 @@
     }
 
+    static ALWAYS_INLINE bool canEmitJump(void* from, void* to)
+    {
+        // 'from' holds the address of the branch instruction. The branch range however is relative
+        // to the architectural value of the PC which is 4 larger than the address of the branch.
+        intptr_t offset = bitwise_cast<intptr_t>(to) - (bitwise_cast<intptr_t>(from) + 4);
+        return isInt<25>(offset);
+    }
+
 private:
     // VFP operations commonly take one or more 5-bit operands, typically representing a
-    // floating point register number.  This will commonly be encoded in the instruction
-    // in two parts, with one single bit field, and one 4-bit field.  In the case of
+    // floating point register number. This will commonly be encoded in the instruction
+    // in two parts, with one single bit field, and one 4-bit field. In the case of
     // double precision operands the high bit of the register number will be encoded
     // separately, and for single precision operands the high bit of the register number
@@ -2655 +2713 @@
     }
 
+    static bool isBL(const void* address)
+    {
+        const uint16_t* instruction = static_cast<const uint16_t*>(address);
+        return ((instruction[0] & 0xf800) == OP_BL_T4a) && ((instruction[1] & 0xd000) == OP_BL_T4b);
+    }
+
     static bool isBX(const void* address)
     {
@@ -2788 +2852 @@
     
     template<CopyFunction copy = performJITMemcpy>
-    static void linkJumpT4(uint16_t* writeTarget, const uint16_t* instruction, void* target)
+    static void linkJumpT4(uint16_t* writeTarget, const uint16_t* instruction, void* target, BranchWithLink link)
     {
         // FIMXE: this should be up in the MacroAssembler layer. :-(        
@@ -2804 +2868 @@
         uint16_t instructions[2];
         instructions[0] = OP_B_T4a | ((relative & 0x1000000) >> 14) | ((relative & 0x3ff000) >> 12);
-        instructions[1] = OP_B_T4b | ((relative & 0x800000) >> 10) | ((relative & 0x400000) >> 11) | ((relative & 0xffe) >> 1);
+        instructions[1] = OP_B_T4b | (static_cast<uint16_t>(link) << 14) | ((relative & 0x800000) >> 10) | ((relative & 0x400000) >> 11) | ((relative & 0xffe) >> 1);
         copy(writeTarget - 2, instructions, 2 * sizeof(uint16_t));
     }
@@ -2817 +2881 @@
         uint16_t newInstruction = ifThenElse(cond) | OP_IT;
         copy(writeTarget - 3, &newInstruction, sizeof(uint16_t));
-        linkJumpT4<copy>(writeTarget, instruction, target);
+        linkJumpT4<copy>(writeTarget, instruction, target, BranchWithLink::No);
     }
 
@@ -2873 +2937 @@
             instructions[2] = OP_NOP_T2b;
             performJITMemcpy(writeTarget - 5, instructions, 3 * sizeof(uint16_t));
-            linkJumpT4(writeTarget, instruction, target);
+            linkJumpT4(writeTarget, instruction, target, BranchWithLink::No);
         } else {
             const uint16_t JUMP_TEMPORARY_REGISTER = ARMRegisters::ip;
@@ -2888 +2952 @@
         }
     }
-    
+
+    static void linkBranch(uint16_t* from, const uint16_t* fromInstruction, void* to, BranchWithLink link)
+    {
+        ASSERT(isEven(fromInstruction));
+        ASSERT(isEven(from));
+        ASSERT(isEven(to));
+        ASSERT(link == BranchWithLink::Yes ? isBL(from - 2) : isB(from - 2));
+
+        intptr_t offset = bitwise_cast<intptr_t>(to) - bitwise_cast<intptr_t>(fromInstruction);
+#if ENABLE(JUMP_ISLANDS)
+        if (!isInt<25>(offset)) {
+            to = ExecutableAllocator::singleton().getJumpIslandTo(bitwise_cast<void*>(fromInstruction), to);
+            offset = bitwise_cast<intptr_t>(to) - bitwise_cast<intptr_t>(fromInstruction);
+        }
+#endif
+        RELEASE_ASSERT(isInt<25>(offset));
+
+        linkJumpT4(from, fromInstruction, to, link);
+    }
+
     static uint16_t twoWordOp5i6Imm4Reg4EncodedImmFirst(uint16_t op, ARMThumbImmediate imm)
     {