Skip to content
This repository was archived by the owner on Jun 24, 2022. It is now read-only.

Commit 724cfc1

Browse files
author
[email protected]
committed
JIT thunks should work on arm64_32
https://bugs.webkit.org/show_bug.cgi?id=213103 Reviewed by Saam Barati. JSTests: skip test on memory limited since it breaks on watch with JIT. * stress/array-buffer-view-watchpoint-can-be-fired-in-really-add-in-dfg.js: Source/JavaScriptCore: This patch fixes various issues when running JSC on arm64_32 with useJIT=1 and useBaselineJIT=0. In particular this patch makes the following changes: 1) ScalePtr is now just part of the Scale enum and is set based on the size of the address space. 2) MacroAssembler::*Ptr functions call 32/64 bit variants based on Address space size rather than cpu architecture. Vetting of callsites using Ptr as 64 will happen in future patches since it's hard to comprehensively vet. 3) Add some missing variants of functions for when pointers are 32-bit. 4) Add a load/storeReg function that stores a full register regardless of pointer size for storing/loading callee saves. 5) numberOfDFGCompiles should report a big number for useBaselineJIT=0 as some tests fail by default if useBaselineJIT=0 but useJIT=1. 6) Assert BaseIndex has a scale of PtrSize or TimesOne (for pre-scaled values) when passed to a load/storePtr function. * assembler/AbstractMacroAssembler.h: (JSC::AbstractMacroAssembler::timesPtr): Deleted. * assembler/MacroAssembler.h: (JSC::MacroAssembler::rotateRightPtr): (JSC::MacroAssembler::loadPtr): (JSC::MacroAssembler::loadPtrWithCompactAddressOffsetPatch): (JSC::MacroAssembler::branchPtr): (JSC::MacroAssembler::storePtr): (JSC::MacroAssembler::shouldBlindDouble): (JSC::MacroAssembler::moveDouble): (JSC::MacroAssembler::store64): * assembler/MacroAssemblerARM64.h: (JSC::MacroAssemblerARM64::add32): (JSC::MacroAssemblerARM64::signExtend32ToPtr): (JSC::MacroAssemblerARM64::loadPtr): (JSC::MacroAssemblerARM64::call): (JSC::MacroAssemblerARM64::farJump): * assembler/MacroAssemblerARMv7.h: (JSC::MacroAssemblerARMv7::rotateRight32): * assembler/MacroAssemblerMIPS.h: (JSC::MacroAssemblerMIPS::rotateRight32): * assembler/MacroAssemblerX86.h: * assembler/MacroAssemblerX86_64.h: * b3/B3LowerMacros.cpp: * b3/testb3_6.cpp: (testInterpreter): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::emitSwitchIntJump): * jit/AssemblyHelpers.cpp: (JSC::AssemblyHelpers::emitLoadStructure): (JSC::AssemblyHelpers::emitAllocateVariableSized): (JSC::AssemblyHelpers::restoreCalleeSavesFromEntryFrameCalleeSavesBuffer): (JSC::AssemblyHelpers::copyCalleeSavesToEntryFrameCalleeSavesBufferImpl): * jit/AssemblyHelpers.h: (JSC::AssemblyHelpers::storeReg): (JSC::AssemblyHelpers::loadReg): (JSC::AssemblyHelpers::emitMaterializeTagCheckRegisters): (JSC::AssemblyHelpers::emitGetFromCallFrameHeaderPtr): (JSC::AssemblyHelpers::emitGetFromCallFrameHeader32): (JSC::AssemblyHelpers::emitGetFromCallFrameHeader64): (JSC::AssemblyHelpers::emitPutToCallFrameHeader): * jit/JITOpcodes32_64.cpp: (JSC::JIT::emit_op_enumerator_structure_pname): (JSC::JIT::emit_op_enumerator_generic_pname): * jit/ThunkGenerators.cpp: (JSC::nativeForGenerator): * runtime/TestRunnerUtils.cpp: (JSC::numberOfDFGCompiles): Source/WebCore: Refactor timesPtr() to ScalePtr. * cssjit/SelectorCompiler.cpp: (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementHasClasses): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@263049 268f45cc-cd09-0410-ab3c-d52691b4dbfc
1 parent d47adb0 commit 724cfc1

20 files changed

+246
-93
lines changed

JSTests/ChangeLog

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,14 @@
1+
2020-06-15 Keith Miller <[email protected]>
2+
3+
JIT thunks should work on arm64_32
4+
https://bugs.webkit.org/show_bug.cgi?id=213103
5+
6+
Reviewed by Saam Barati.
7+
8+
skip test on memory limited since it breaks on watch with JIT.
9+
10+
* stress/array-buffer-view-watchpoint-can-be-fired-in-really-add-in-dfg.js:
11+
112
2020-06-15 Caitlin Potter <[email protected]>
213

314
[JSC] add machinery to disable JIT tiers when experimental features are enabled

JSTests/stress/array-buffer-view-watchpoint-can-be-fired-in-really-add-in-dfg.js

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
//@ skip if $memoryLimited
12
//@ skip if ["arm", "powerpc", "powerpc64", "s390"].include?($architecture) and $hostOS == "linux"
23
//@ requireOptions("-e", "let iterations=40000") if ["mips"].include?($architecture)
34
//@ runDefault("--jitPolicyScale=0")

Source/JavaScriptCore/ChangeLog

Lines changed: 80 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,83 @@
1+
2020-06-15 Keith Miller <[email protected]>
2+
3+
JIT thunks should work on arm64_32
4+
https://bugs.webkit.org/show_bug.cgi?id=213103
5+
6+
Reviewed by Saam Barati.
7+
8+
This patch fixes various issues when running JSC on arm64_32 with
9+
useJIT=1 and useBaselineJIT=0. In particular this patch makes the
10+
following changes:
11+
12+
1) ScalePtr is now just part of the Scale enum and is set based on
13+
the size of the address space.
14+
15+
2) MacroAssembler::*Ptr functions call 32/64 bit variants based on
16+
Address space size rather than cpu architecture. Vetting of callsites
17+
using Ptr as 64 will happen in future patches since it's hard to
18+
comprehensively vet.
19+
20+
3) Add some missing variants of functions for when pointers are 32-bit.
21+
22+
4) Add a load/storeReg function that stores a full register regardless
23+
of pointer size for storing/loading callee saves.
24+
25+
5) numberOfDFGCompiles should report a big number for
26+
useBaselineJIT=0 as some tests fail by default if useBaselineJIT=0
27+
but useJIT=1.
28+
29+
6) Assert BaseIndex has a scale of PtrSize or TimesOne (for pre-scaled
30+
values) when passed to a load/storePtr function.
31+
32+
* assembler/AbstractMacroAssembler.h:
33+
(JSC::AbstractMacroAssembler::timesPtr): Deleted.
34+
* assembler/MacroAssembler.h:
35+
(JSC::MacroAssembler::rotateRightPtr):
36+
(JSC::MacroAssembler::loadPtr):
37+
(JSC::MacroAssembler::loadPtrWithCompactAddressOffsetPatch):
38+
(JSC::MacroAssembler::branchPtr):
39+
(JSC::MacroAssembler::storePtr):
40+
(JSC::MacroAssembler::shouldBlindDouble):
41+
(JSC::MacroAssembler::moveDouble):
42+
(JSC::MacroAssembler::store64):
43+
* assembler/MacroAssemblerARM64.h:
44+
(JSC::MacroAssemblerARM64::add32):
45+
(JSC::MacroAssemblerARM64::signExtend32ToPtr):
46+
(JSC::MacroAssemblerARM64::loadPtr):
47+
(JSC::MacroAssemblerARM64::call):
48+
(JSC::MacroAssemblerARM64::farJump):
49+
* assembler/MacroAssemblerARMv7.h:
50+
(JSC::MacroAssemblerARMv7::rotateRight32):
51+
* assembler/MacroAssemblerMIPS.h:
52+
(JSC::MacroAssemblerMIPS::rotateRight32):
53+
* assembler/MacroAssemblerX86.h:
54+
* assembler/MacroAssemblerX86_64.h:
55+
* b3/B3LowerMacros.cpp:
56+
* b3/testb3_6.cpp:
57+
(testInterpreter):
58+
* dfg/DFGSpeculativeJIT.cpp:
59+
(JSC::DFG::SpeculativeJIT::emitSwitchIntJump):
60+
* jit/AssemblyHelpers.cpp:
61+
(JSC::AssemblyHelpers::emitLoadStructure):
62+
(JSC::AssemblyHelpers::emitAllocateVariableSized):
63+
(JSC::AssemblyHelpers::restoreCalleeSavesFromEntryFrameCalleeSavesBuffer):
64+
(JSC::AssemblyHelpers::copyCalleeSavesToEntryFrameCalleeSavesBufferImpl):
65+
* jit/AssemblyHelpers.h:
66+
(JSC::AssemblyHelpers::storeReg):
67+
(JSC::AssemblyHelpers::loadReg):
68+
(JSC::AssemblyHelpers::emitMaterializeTagCheckRegisters):
69+
(JSC::AssemblyHelpers::emitGetFromCallFrameHeaderPtr):
70+
(JSC::AssemblyHelpers::emitGetFromCallFrameHeader32):
71+
(JSC::AssemblyHelpers::emitGetFromCallFrameHeader64):
72+
(JSC::AssemblyHelpers::emitPutToCallFrameHeader):
73+
* jit/JITOpcodes32_64.cpp:
74+
(JSC::JIT::emit_op_enumerator_structure_pname):
75+
(JSC::JIT::emit_op_enumerator_generic_pname):
76+
* jit/ThunkGenerators.cpp:
77+
(JSC::nativeForGenerator):
78+
* runtime/TestRunnerUtils.cpp:
79+
(JSC::numberOfDFGCompiles):
80+
181
2020-06-15 Caitlin Potter <[email protected]>
282

383
[JSC] add machinery to disable JIT tiers when experimental features are enabled

Source/JavaScriptCore/assembler/AbstractMacroAssembler.h

Lines changed: 1 addition & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -120,15 +120,9 @@ class AbstractMacroAssembler : public AbstractMacroAssemblerBase {
120120
TimesTwo,
121121
TimesFour,
122122
TimesEight,
123+
ScalePtr = isAddress64Bit() ? TimesEight : TimesFour,
123124
};
124125

125-
static Scale timesPtr()
126-
{
127-
if (sizeof(void*) == 4)
128-
return TimesFour;
129-
return TimesEight;
130-
}
131-
132126
struct BaseIndex;
133127

134128
static RegisterID withSwappedRegister(RegisterID original, RegisterID left, RegisterID right)

Source/JavaScriptCore/assembler/MacroAssembler.h

Lines changed: 52 additions & 46 deletions
Original file line numberDiff line numberDiff line change
@@ -95,6 +95,7 @@ using MacroAssemblerBase = TARGET_MACROASSEMBLER;
9595

9696
class MacroAssembler : public MacroAssemblerBase {
9797
public:
98+
using Base = MacroAssemblerBase;
9899

99100
static constexpr RegisterID nextRegister(RegisterID reg)
100101
{
@@ -150,6 +151,12 @@ class MacroAssembler : public MacroAssemblerBase {
150151
using MacroAssemblerBase::urshift32;
151152
using MacroAssemblerBase::xor32;
152153

154+
#if CPU(ARM64) || CPU(X86_64)
155+
using MacroAssemblerBase::and64;
156+
using MacroAssemblerBase::convertInt32ToDouble;
157+
using MacroAssemblerBase::store64;
158+
#endif
159+
153160
static bool isPtrAlignedAddressOffset(ptrdiff_t value)
154161
{
155162
return value == static_cast<int32_t>(value);
@@ -541,8 +548,7 @@ class MacroAssembler : public MacroAssemblerBase {
541548

542549
// Ptr methods
543550
// On 32-bit platforms (i.e. x86), these methods directly map onto their 32-bit equivalents.
544-
// FIXME: should this use a test for 32-bitness instead of this specific exception?
545-
#if !CPU(X86_64) && !CPU(ARM64)
551+
#if !CPU(ADDRESS64)
546552
void addPtr(Address src, RegisterID dest)
547553
{
548554
add32(src, dest);
@@ -658,6 +664,11 @@ class MacroAssembler : public MacroAssemblerBase {
658664
or32(imm, dest);
659665
}
660666

667+
void rotateRightPtr(TrustedImm32 imm, RegisterID srcDst)
668+
{
669+
rotateRight32(imm, srcDst);
670+
}
671+
661672
void subPtr(RegisterID src, RegisterID dest)
662673
{
663674
sub32(src, dest);
@@ -700,6 +711,7 @@ class MacroAssembler : public MacroAssemblerBase {
700711

701712
void loadPtr(BaseIndex address, RegisterID dest)
702713
{
714+
ASSERT(address.scale == ScalePtr || address.scale == TimesOne);
703715
load32(address, dest);
704716
}
705717

@@ -729,11 +741,6 @@ class MacroAssembler : public MacroAssemblerBase {
729741
{
730742
return load32WithCompactAddressOffsetPatch(address, dest);
731743
}
732-
733-
void move(ImmPtr imm, RegisterID dest)
734-
{
735-
move(Imm32(imm.asTrustedImmPtr()), dest);
736-
}
737744

738745
void comparePtr(RelationalCondition cond, RegisterID left, TrustedImm32 right, RegisterID dest)
739746
{
@@ -870,7 +877,7 @@ class MacroAssembler : public MacroAssemblerBase {
870877
return MacroAssemblerBase::branchTest8(cond, Address(address.base, address.offset), mask);
871878
}
872879

873-
#else // !CPU(X86_64) && !CPU(ARM64)
880+
#else // !CPU(ADDRESS64)
874881

875882
void addPtr(RegisterID src, RegisterID dest)
876883
{
@@ -1050,6 +1057,7 @@ class MacroAssembler : public MacroAssemblerBase {
10501057

10511058
void loadPtr(BaseIndex address, RegisterID dest)
10521059
{
1060+
ASSERT(address.scale == ScalePtr || address.scale == TimesOne);
10531061
load64(address, dest);
10541062
}
10551063

@@ -1219,9 +1227,29 @@ class MacroAssembler : public MacroAssemblerBase {
12191227
return branchSub64(cond, src1, src2, dest);
12201228
}
12211229

1222-
using MacroAssemblerBase::and64;
1223-
using MacroAssemblerBase::convertInt32ToDouble;
1224-
using MacroAssemblerBase::store64;
1230+
Jump branchPtr(RelationalCondition cond, RegisterID left, ImmPtr right)
1231+
{
1232+
if (shouldBlind(right) && haveScratchRegisterForBlinding()) {
1233+
RegisterID scratchRegister = scratchRegisterForBlinding();
1234+
loadRotationBlindedConstant(rotationBlindConstant(right), scratchRegister);
1235+
return branchPtr(cond, left, scratchRegister);
1236+
}
1237+
return branchPtr(cond, left, right.asTrustedImmPtr());
1238+
}
1239+
1240+
void storePtr(ImmPtr imm, Address dest)
1241+
{
1242+
if (shouldBlind(imm) && haveScratchRegisterForBlinding()) {
1243+
RegisterID scratchRegister = scratchRegisterForBlinding();
1244+
loadRotationBlindedConstant(rotationBlindConstant(imm), scratchRegister);
1245+
storePtr(scratchRegister, dest);
1246+
} else
1247+
storePtr(imm.asTrustedImmPtr(), dest);
1248+
}
1249+
1250+
#endif // !CPU(ADDRESS64)
1251+
1252+
#if USE(JSVALUE64)
12251253
bool shouldBlindDouble(double value)
12261254
{
12271255
// Don't trust NaN or +/-Infinity
@@ -1415,13 +1443,11 @@ class MacroAssembler : public MacroAssemblerBase {
14151443
move(imm.asTrustedImm64(), dest);
14161444
}
14171445

1418-
#if CPU(X86_64) || CPU(ARM64)
14191446
void moveDouble(Imm64 imm, FPRegisterID dest)
14201447
{
14211448
move(imm, scratchRegister());
14221449
move64ToDouble(scratchRegister(), dest);
14231450
}
1424-
#endif
14251451

14261452
void and64(Imm32 imm, RegisterID dest)
14271453
{
@@ -1432,38 +1458,7 @@ class MacroAssembler : public MacroAssemblerBase {
14321458
} else
14331459
and64(imm.asTrustedImm32(), dest);
14341460
}
1435-
1436-
Jump branchPtr(RelationalCondition cond, RegisterID left, ImmPtr right)
1437-
{
1438-
if (shouldBlind(right) && haveScratchRegisterForBlinding()) {
1439-
RegisterID scratchRegister = scratchRegisterForBlinding();
1440-
loadRotationBlindedConstant(rotationBlindConstant(right), scratchRegister);
1441-
return branchPtr(cond, left, scratchRegister);
1442-
}
1443-
return branchPtr(cond, left, right.asTrustedImmPtr());
1444-
}
1445-
1446-
void storePtr(ImmPtr imm, Address dest)
1447-
{
1448-
if (shouldBlind(imm) && haveScratchRegisterForBlinding()) {
1449-
RegisterID scratchRegister = scratchRegisterForBlinding();
1450-
loadRotationBlindedConstant(rotationBlindConstant(imm), scratchRegister);
1451-
storePtr(scratchRegister, dest);
1452-
} else
1453-
storePtr(imm.asTrustedImmPtr(), dest);
1454-
}
1455-
1456-
void store64(Imm64 imm, Address dest)
1457-
{
1458-
if (shouldBlind(imm) && haveScratchRegisterForBlinding()) {
1459-
RegisterID scratchRegister = scratchRegisterForBlinding();
1460-
loadRotationBlindedConstant(rotationBlindConstant(imm), scratchRegister);
1461-
store64(scratchRegister, dest);
1462-
} else
1463-
store64(imm.asTrustedImm64(), dest);
1464-
}
1465-
1466-
#endif // !CPU(X86_64)
1461+
#endif // USE(JSVALUE64)
14671462

14681463
#if !CPU(X86) && !CPU(X86_64) && !CPU(ARM64)
14691464
// We should implement this the right way eventually, but for now, it's fine because it arises so
@@ -1719,7 +1714,18 @@ class MacroAssembler : public MacroAssemblerBase {
17191714
{
17201715
store64(value, addressForPoke(index));
17211716
}
1722-
#endif // CPU(X86_64)
1717+
1718+
void store64(Imm64 imm, Address dest)
1719+
{
1720+
if (shouldBlind(imm) && haveScratchRegisterForBlinding()) {
1721+
RegisterID scratchRegister = scratchRegisterForBlinding();
1722+
loadRotationBlindedConstant(rotationBlindConstant(imm), scratchRegister);
1723+
store64(scratchRegister, dest);
1724+
} else
1725+
store64(imm.asTrustedImm64(), dest);
1726+
}
1727+
1728+
#endif // CPU(X86_64) || CPU(ARM64)
17231729

17241730
void store32(Imm32 imm, Address dest)
17251731
{

0 commit comments

Comments
 (0)