Changeset 135330 in webkit

Timestamp:

Nov 20, 2012, 4:22:08 PM (12 years ago)

Author:

fpizlo@apple.com

Message:

DFG should be able to cache closure calls (part 1/2)
​https://bugs.webkit.org/show_bug.cgi?id=102662

Reviewed by Gavin Barraclough.

Add ability to revert a jump replacement back to
branchPtrWithPatch(Condition, RegisterID, TrustedImmPtr). This is meant to be
a mandatory piece of functionality for all assemblers. I also renamed some of
the functions for reverting jump replacements back to
patchableBranchPtrWithPatch(Condition, Address, TrustedImmPtr), so as to avoid
confusion.

• assembler/ARMv7Assembler.h:

(JSC::ARMv7Assembler::BadReg):
(ARMv7Assembler):
(JSC::ARMv7Assembler::revertJumpTo_movT3):

• assembler/LinkBuffer.h:

(JSC):

• assembler/MacroAssemblerARMv7.h:

(JSC::MacroAssemblerARMv7::startOfBranchPtrWithPatchOnRegister):
(MacroAssemblerARMv7):
(JSC::MacroAssemblerARMv7::revertJumpReplacementToBranchPtrWithPatch):
(JSC::MacroAssemblerARMv7::startOfPatchableBranchPtrWithPatchOnAddress):

• assembler/MacroAssemblerX86.h:

(JSC::MacroAssemblerX86::startOfBranchPtrWithPatchOnRegister):
(MacroAssemblerX86):
(JSC::MacroAssemblerX86::startOfPatchableBranchPtrWithPatchOnAddress):
(JSC::MacroAssemblerX86::revertJumpReplacementToBranchPtrWithPatch):

• assembler/MacroAssemblerX86_64.h:

(JSC::MacroAssemblerX86_64::startOfBranchPtrWithPatchOnRegister):
(JSC::MacroAssemblerX86_64::startOfPatchableBranchPtrWithPatchOnAddress):
(MacroAssemblerX86_64):
(JSC::MacroAssemblerX86_64::revertJumpReplacementToBranchPtrWithPatch):

• assembler/RepatchBuffer.h:

(JSC::RepatchBuffer::startOfBranchPtrWithPatchOnRegister):
(RepatchBuffer):
(JSC::RepatchBuffer::startOfPatchableBranchPtrWithPatchOnAddress):
(JSC::RepatchBuffer::revertJumpReplacementToBranchPtrWithPatch):

• assembler/X86Assembler.h:

(JSC::X86Assembler::revertJumpTo_cmpl_ir_force32):
(X86Assembler):

• dfg/DFGRepatch.cpp:

(JSC::DFG::replaceWithJump):
(JSC::DFG::dfgResetGetByID):
(JSC::DFG::dfgResetPutByID):

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• assembler/ARMv7Assembler.h (modified) (3 diffs)
• assembler/LinkBuffer.h (modified) (1 diff)
• assembler/MacroAssemblerARMv7.h (modified) (1 diff)
• assembler/MacroAssemblerX86.h (modified) (2 diffs)
• assembler/MacroAssemblerX86_64.h (modified) (2 diffs)
• assembler/RepatchBuffer.h (modified) (2 diffs)
• assembler/X86Assembler.h (modified) (1 diff)
• dfg/DFGRepatch.cpp (modified) (3 diffs)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2012-11-20  Filip Pizlo  <fpizlo@apple.com>
+
+        DFG should be able to cache closure calls (part 1/2)
+        https://bugs.webkit.org/show_bug.cgi?id=102662
+
+        Reviewed by Gavin Barraclough.
+
+        Add ability to revert a jump replacement back to
+        branchPtrWithPatch(Condition, RegisterID, TrustedImmPtr). This is meant to be
+        a mandatory piece of functionality for all assemblers. I also renamed some of
+        the functions for reverting jump replacements back to
+        patchableBranchPtrWithPatch(Condition, Address, TrustedImmPtr), so as to avoid
+        confusion.
+
+        * assembler/ARMv7Assembler.h:
+        (JSC::ARMv7Assembler::BadReg):
+        (ARMv7Assembler):
+        (JSC::ARMv7Assembler::revertJumpTo_movT3):
+        * assembler/LinkBuffer.h:
+        (JSC):
+        * assembler/MacroAssemblerARMv7.h:
+        (JSC::MacroAssemblerARMv7::startOfBranchPtrWithPatchOnRegister):
+        (MacroAssemblerARMv7):
+        (JSC::MacroAssemblerARMv7::revertJumpReplacementToBranchPtrWithPatch):
+        (JSC::MacroAssemblerARMv7::startOfPatchableBranchPtrWithPatchOnAddress):
+        * assembler/MacroAssemblerX86.h:
+        (JSC::MacroAssemblerX86::startOfBranchPtrWithPatchOnRegister):
+        (MacroAssemblerX86):
+        (JSC::MacroAssemblerX86::startOfPatchableBranchPtrWithPatchOnAddress):
+        (JSC::MacroAssemblerX86::revertJumpReplacementToBranchPtrWithPatch):
+        * assembler/MacroAssemblerX86_64.h:
+        (JSC::MacroAssemblerX86_64::startOfBranchPtrWithPatchOnRegister):
+        (JSC::MacroAssemblerX86_64::startOfPatchableBranchPtrWithPatchOnAddress):
+        (MacroAssemblerX86_64):
+        (JSC::MacroAssemblerX86_64::revertJumpReplacementToBranchPtrWithPatch):
+        * assembler/RepatchBuffer.h:
+        (JSC::RepatchBuffer::startOfBranchPtrWithPatchOnRegister):
+        (RepatchBuffer):
+        (JSC::RepatchBuffer::startOfPatchableBranchPtrWithPatchOnAddress):
+        (JSC::RepatchBuffer::revertJumpReplacementToBranchPtrWithPatch):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::revertJumpTo_cmpl_ir_force32):
+        (X86Assembler):
+        * dfg/DFGRepatch.cpp:
+        (JSC::DFG::replaceWithJump):
+        (JSC::DFG::dfgResetGetByID):
+        (JSC::DFG::dfgResetPutByID):
+
 2012-11-20  Yong Li  <yoli@rim.com>
 

trunk/Source/JavaScriptCore/assembler/ARMv7Assembler.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2009, 2010 Apple Inc. All rights reserved.
+ * Copyright (C) 2009, 2010, 2012 Apple Inc. All rights reserved.
  * Copyright (C) 2010 University of Szeged
  *
@@ -508 +508 @@
 
     // ARMv7, Appx-A.6.3
-    bool BadReg(RegisterID reg)
+    static bool BadReg(RegisterID reg)
     {
         return (reg == ARMRegisters::sp) || (reg == ARMRegisters::pc);
@@ -1262 +1262 @@
         m_formatter.twoWordOp5i6Imm4Reg4EncodedImm(OP_MOV_imm_T3, imm.m_value.imm4, rd, imm);
     }
+    
+    static void revertJumpTo_movT3(void* instructionStart, RegisterID rd, ARMThumbImmediate imm)
+    {
+        ASSERT(imm.isValid());
+        ASSERT(!imm.isEncodedImm());
+        ASSERT(!BadReg(rd));
+        
+        uint16_t* address = static_cast<uint16_t*>(instructionStart);
+        address[0] = twoWordOp5i6Imm4Reg4EncodedImmFirst(OP_MOV_imm_T3, imm);
+        address[1] = twoWordOp5i6Imm4Reg4EncodedImmSecond(rd, imm);
+        cacheFlush(address, sizeof(uint16_t) * 2);
+    }
 
     ALWAYS_INLINE void mov(RegisterID rd, ARMThumbImmediate imm)

trunk/Source/JavaScriptCore/assembler/LinkBuffer.h

@@ -289 +289 @@
 
 #define FINALIZE_DFG_CODE(linkBufferReference, dataLogArgumentsForHeading)  \
-    FINALIZE_CODE_IF(Options::showDFGDisassembly(), linkBufferReference, dataLogArgumentsForHeading)
+    FINALIZE_CODE_IF((Options::showDisassembly() || Options::showDFGDisassembly()), linkBufferReference, dataLogArgumentsForHeading)
 
 } // namespace JSC

trunk/Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h

@@ -1762 +1762 @@
     static bool canJumpReplacePatchableBranchPtrWithPatch() { return false; }
     
-    static CodeLocationLabel startOfPatchableBranchPtrWithPatch(CodeLocationDataLabelPtr)
+    static CodeLocationLabel startOfBranchPtrWithPatchOnRegister(CodeLocationDataLabelPtr label)
+    {
+        const unsigned twoWordOpSize = 4;
+        return label.labelAtOffset(-twoWordOpSize * 2);
+    }
+    
+    static void revertJumpReplacementToBranchPtrWithPatch(CodeLocationLabel instructionStart, RegisterID, void* initialValue)
+    {
+        ARMv7Assembler::revertJumpTo_movT3(instructionStart.dataLocation(), dataTempRegister, ARMThumbImmediate::makeUInt16(reinterpret_cast<uintptr_t>(initialValue) & 0xffff));
+    }
+    
+    static CodeLocationLabel startOfPatchableBranchPtrWithPatchOnAddress(CodeLocationDataLabelPtr)
     {
         UNREACHABLE_FOR_PLATFORM();

trunk/Source/JavaScriptCore/assembler/MacroAssemblerX86.h

@@ -256 +256 @@
     static bool canJumpReplacePatchableBranchPtrWithPatch() { return true; }
     
-    static CodeLocationLabel startOfPatchableBranchPtrWithPatch(CodeLocationDataLabelPtr label)
+    static CodeLocationLabel startOfBranchPtrWithPatchOnRegister(CodeLocationDataLabelPtr label)
+    {
+        const int opcodeBytes = 1;
+        const int modRMBytes = 1;
+        const int immediateBytes = 4;
+        const int totalBytes = opcodeBytes + modRMBytes + immediateBytes;
+        ASSERT(totalBytes >= maxJumpReplacementSize());
+        return label.labelAtOffset(-totalBytes);
+    }
+    
+    static CodeLocationLabel startOfPatchableBranchPtrWithPatchOnAddress(CodeLocationDataLabelPtr label)
     {
         const int opcodeBytes = 1;
@@ -267 +277 @@
     }
     
+    static void revertJumpReplacementToBranchPtrWithPatch(CodeLocationLabel instructionStart, RegisterID reg, void* initialValue)
+    {
+        X86Assembler::revertJumpTo_cmpl_ir_force32(instructionStart.executableAddress(), reinterpret_cast<intptr_t>(initialValue), reg);
+    }
+
     static void revertJumpReplacementToPatchableBranchPtrWithPatch(CodeLocationLabel instructionStart, Address address, void* initialValue)
     {

trunk/Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h

@@ -588 +588 @@
     static bool canJumpReplacePatchableBranchPtrWithPatch() { return true; }
     
-    static CodeLocationLabel startOfPatchableBranchPtrWithPatch(CodeLocationDataLabelPtr label)
+    static CodeLocationLabel startOfBranchPtrWithPatchOnRegister(CodeLocationDataLabelPtr label)
     {
         const int rexBytes = 1;
@@ -598 +598 @@
     }
     
+    static CodeLocationLabel startOfPatchableBranchPtrWithPatchOnAddress(CodeLocationDataLabelPtr label)
+    {
+        return startOfBranchPtrWithPatchOnRegister(label);
+    }
+    
     static void revertJumpReplacementToPatchableBranchPtrWithPatch(CodeLocationLabel instructionStart, Address, void* initialValue)
+    {
+        X86Assembler::revertJumpTo_movq_i64r(instructionStart.executableAddress(), reinterpret_cast<intptr_t>(initialValue), scratchRegister);
+    }
+
+    static void revertJumpReplacementToBranchPtrWithPatch(CodeLocationLabel instructionStart, RegisterID, void* initialValue)
     {
         X86Assembler::revertJumpTo_movq_i64r(instructionStart.executableAddress(), reinterpret_cast<intptr_t>(initialValue), scratchRegister);

trunk/Source/JavaScriptCore/assembler/RepatchBuffer.h

@@ -142 +142 @@
     }
 
-    static CodeLocationLabel startOfPatchableBranchPtrWithPatch(CodeLocationDataLabelPtr label)
+    static CodeLocationLabel startOfBranchPtrWithPatchOnRegister(CodeLocationDataLabelPtr label)
     {
-        return MacroAssembler::startOfPatchableBranchPtrWithPatch(label);
+        return MacroAssembler::startOfBranchPtrWithPatchOnRegister(label);
+    }
+    
+    static CodeLocationLabel startOfPatchableBranchPtrWithPatchOnAddress(CodeLocationDataLabelPtr label)
+    {
+        return MacroAssembler::startOfPatchableBranchPtrWithPatchOnAddress(label);
     }
     
@@ -155 +160 @@
     // immediate after calling this. But I'm fine with that, since this just feels
     // less yucky.
+    void revertJumpReplacementToBranchPtrWithPatch(CodeLocationLabel instructionStart, MacroAssembler::RegisterID reg, void* value)
+    {
+        MacroAssembler::revertJumpReplacementToBranchPtrWithPatch(instructionStart, reg, value);
+    }
+
     void revertJumpReplacementToPatchableBranchPtrWithPatch(CodeLocationLabel instructionStart, MacroAssembler::Address address, void* value)
     {

trunk/Source/JavaScriptCore/assembler/X86Assembler.h

@@ -1904 +1904 @@
 #endif
     
+    static void revertJumpTo_cmpl_ir_force32(void* instructionStart, int32_t imm, RegisterID dst)
+    {
+        const int opcodeBytes = 1;
+        const int modRMBytes = 1;
+        ASSERT(opcodeBytes + modRMBytes <= maxJumpReplacementSize());
+        uint8_t* ptr = reinterpret_cast<uint8_t*>(instructionStart);
+        ptr[0] = OP_GROUP1_EvIz;
+        ptr[1] = (X86InstructionFormatter::ModRmRegister << 6) | (GROUP1_OP_CMP << 3) | dst;
+        union {
+            uint32_t asWord;
+            uint8_t asBytes[4];
+        } u;
+        u.asWord = imm;
+        for (unsigned i = opcodeBytes + modRMBytes; i < static_cast<unsigned>(maxJumpReplacementSize()); ++i)
+            ptr[i] = u.asBytes[i - opcodeBytes - modRMBytes];
+    }
+    
     static void revertJumpTo_cmpl_im_force32(void* instructionStart, int32_t imm, int offset, RegisterID dst)
     {

trunk/Source/JavaScriptCore/dfg/DFGRepatch.cpp

@@ -119 +119 @@
     if (MacroAssembler::canJumpReplacePatchableBranchPtrWithPatch()) {
         repatchBuffer.replaceWithJump(
-            RepatchBuffer::startOfPatchableBranchPtrWithPatch(
+            RepatchBuffer::startOfPatchableBranchPtrWithPatchOnAddress(
                 stubInfo.callReturnLocation.dataLabelPtrAtOffset(
                     -(intptr_t)stubInfo.patch.dfg.deltaCheckImmToCall)),
@@ -1143 +1143 @@
     if (MacroAssembler::canJumpReplacePatchableBranchPtrWithPatch()) {
         repatchBuffer.revertJumpReplacementToPatchableBranchPtrWithPatch(
-            RepatchBuffer::startOfPatchableBranchPtrWithPatch(structureLabel),
+            RepatchBuffer::startOfPatchableBranchPtrWithPatchOnAddress(structureLabel),
             MacroAssembler::Address(
                 static_cast<MacroAssembler::RegisterID>(stubInfo.patch.dfg.baseGPR),
@@ -1177 +1177 @@
     if (MacroAssembler::canJumpReplacePatchableBranchPtrWithPatch()) {
         repatchBuffer.revertJumpReplacementToPatchableBranchPtrWithPatch(
-            RepatchBuffer::startOfPatchableBranchPtrWithPatch(structureLabel),
+            RepatchBuffer::startOfPatchableBranchPtrWithPatchOnAddress(structureLabel),
             MacroAssembler::Address(
                 static_cast<MacroAssembler::RegisterID>(stubInfo.patch.dfg.baseGPR),