Changeset 294794 in webkit

Timestamp:

May 25, 2022 6:32:59 AM (2 years ago)

Author:

commit-queue@webkit.org

Message:

[JSC][ARMv7] Support callee save FPRs

Patch by Geza Lore <Geza Lore> on 2022-05-25
​https://bugs.webkit.org/show_bug.cgi?id=240376

Reviewed by Yusuke Suzuki.

ARMv7 FPRs d8-d15 (also referenced as s16-s32 and q4-q7) are callee save
in the host ABI, but currently JSC is unaware of this. This does not
currently cause problems as they are not used, but will be used by the
Wasm JITs.

In preparation for the 32-bit ports of the Wasm JITs, this patch:

• Teaches JSC about callee save FPRs on ARMv7. d8-d15 are host ABI callee save, but only d8-d14 are VM callee save, i.e.: we treat d15 as a volatile register in JIT code. This is so we can use d15 as a macro assembler scratch register.
• Changes offlineasm and MacroAssemblerARMv7 to use d15 as the FP scratch register. We do this so we can use the full range of d0-d7 as temporary, and in particular as Wasm argument/return registers.
• To achieve the above, we need to modify RegisterAtOffsetList as GPRs and FPRs have different sizes on JSVALUE32_64 platforms
• Adds the ARMv7 specific registers to RegisterSet::macroScratchRegisters()

• assembler/ARMv7Registers.h:
• assembler/MacroAssemblerARMv7.h:
• b3/air/AirCode.cpp:

(JSC::B3::Air::Code::calleeSaveRegisterAtOffsetList const):
(JSC::B3::Air::Code::dump const):

• b3/testb3_7.cpp:

(testInfiniteLoopDoesntCauseBadHoisting):

• bytecode/CodeBlock.cpp:

(JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
(JSC::CodeBlock::calleeSaveSpaceAsVirtualRegisters):
(JSC::roundCalleeSaveSpaceAsVirtualRegisters): Deleted.

• bytecode/ValueRecovery.h:

(JSC::ValueRecovery::calleeSaveGPRDisplacedInJSStack):
(JSC::ValueRecovery::calleeSaveRegDisplacedInJSStack): Deleted.

• dfg/DFGOSREntry.cpp:

(JSC::DFG::prepareOSREntry):

• dfg/DFGOSRExitCompilerCommon.cpp:

(JSC::DFG::calleeSaveSlot):

• ftl/FTLOSRExitCompiler.cpp:

(JSC::FTL::compileStub):

• interpreter/Interpreter.cpp:

(JSC::UnwindFunctor::copyCalleeSavesToEntryFrameCalleeSavesBuffer const):

• jit/AssemblyHelpers.cpp:

(JSC::AssemblyHelpers::restoreCalleeSavesFromEntryFrameCalleeSavesBuffer):
(JSC::AssemblyHelpers::restoreCalleeSavesFromVMEntryFrameCalleeSavesBufferImpl):
(JSC::AssemblyHelpers::copyCalleeSavesToEntryFrameCalleeSavesBufferImpl):
(JSC::AssemblyHelpers::emitSave):
(JSC::AssemblyHelpers::emitRestore):
(JSC::AssemblyHelpers::emitSaveCalleeSavesFor):
(JSC::AssemblyHelpers::emitRestoreCalleeSavesFor):
(JSC::AssemblyHelpers::copyLLIntBaselineCalleeSavesFromFrameOrRegisterToEntryFrameCalleeSavesBuffer):
(JSC::AssemblyHelpers::emitSaveOrCopyLLIntBaselineCalleeSavesFor):

• jit/CallFrameShuffleData.cpp:

(JSC::CallFrameShuffleData::setupCalleeSaveRegisters):

• jit/CallFrameShuffler.h:

(JSC::CallFrameShuffler::snapshot const):

• jit/CallFrameShuffler32_64.cpp:

(JSC::CallFrameShuffler::emitDisplace):

• jit/FPRInfo.h:
• jit/GPRInfo.h:
• jit/RegisterAtOffsetList.cpp:

(JSC::RegisterAtOffsetList::RegisterAtOffsetList):

• jit/RegisterAtOffsetList.h:

(JSC::RegisterAtOffsetList::registerCount const):
(JSC::RegisterAtOffsetList::sizeOfAreaInBytes const):
(JSC::RegisterAtOffsetList::adjustOffsets):
(JSC::RegisterAtOffsetList::size const): Deleted.
(JSC::RegisterAtOffsetList::at): Deleted.

• jit/RegisterSet.cpp:

(JSC::RegisterSet::macroScratchRegisters):
(JSC::RegisterSet::vmCalleeSaveRegisters):

• llint/LowLevelInterpreter.asm:
• offlineasm/arm.rb:
• wasm/js/JSToWasm.cpp:

(JSC::Wasm::createJSToWasmWrapper):

• wasm/js/WasmToJS.cpp:

(JSC::Wasm::wasmToJS):

• wasm/js/WebAssemblyFunction.cpp:

(JSC::WebAssemblyFunction::jsCallEntrypointSlow):

Canonical link: ​https://commits.webkit.org/250952@main

Location:

trunk/Source/JavaScriptCore

Files:

• assembler/ARMv7Registers.h (modified) (4 diffs)
• assembler/MacroAssemblerARMv7.h (modified) (1 diff)
• b3/air/AirCode.cpp (modified) (2 diffs)
• b3/testb3_7.cpp (modified) (1 diff)
• bytecode/CodeBlock.cpp (modified) (1 diff)
• bytecode/ValueRecovery.h (modified) (1 diff)
• dfg/DFGOSREntry.cpp (modified) (1 diff)
• dfg/DFGOSRExitCompilerCommon.cpp (modified) (1 diff)
• ftl/FTLOSRExitCompiler.cpp (modified) (2 diffs)
• interpreter/Interpreter.cpp (modified) (1 diff)
• jit/AssemblyHelpers.cpp (modified) (11 diffs)
• jit/CallFrameShuffleData.cpp (modified) (3 diffs)
• jit/CallFrameShuffler.h (modified) (1 diff)
• jit/CallFrameShuffler32_64.cpp (modified) (3 diffs)
• jit/FPRInfo.h (modified) (4 diffs)
• jit/GPRInfo.h (modified) (1 diff)
• jit/RegisterAtOffsetList.cpp (modified) (1 diff)
• jit/RegisterAtOffsetList.h (modified) (4 diffs)
• jit/RegisterSet.cpp (modified) (2 diffs)
• llint/LowLevelInterpreter.asm (modified) (5 diffs)
• offlineasm/arm.rb (modified) (3 diffs)
• wasm/js/JSToWasm.cpp (modified) (1 diff)
• wasm/js/WasmToJS.cpp (modified) (1 diff)
• wasm/js/WebAssemblyFunction.cpp (modified) (1 diff)

trunk/Source/JavaScriptCore/assembler/ARMv7Registers.h

@@ -105 +105 @@
     macro(s14, "s14", 0, 0)                     \
     macro(s15, "s15", 0, 0)                     \
-    macro(s16, "s16", 0, 0)                     \
-    macro(s17, "s17", 0, 0)                     \
-    macro(s18, "s18", 0, 0)                     \
-    macro(s19, "s19", 0, 0)                     \
-    macro(s20, "s20", 0, 0)                     \
-    macro(s21, "s21", 0, 0)                     \
-    macro(s22, "s22", 0, 0)                     \
-    macro(s23, "s23", 0, 0)                     \
-    macro(s24, "s24", 0, 0)                     \
-    macro(s25, "s25", 0, 0)                     \
-    macro(s26, "s26", 0, 0)                     \
-    macro(s27, "s27", 0, 0)                     \
-    macro(s28, "s28", 0, 0)                     \
-    macro(s29, "s29", 0, 0)                     \
-    macro(s30, "s30", 0, 0)                     \
-    macro(s31, "s31", 0, 0)
+    macro(s16, "s16", 0, 1)                     \
+    macro(s17, "s17", 0, 1)                     \
+    macro(s18, "s18", 0, 1)                     \
+    macro(s19, "s19", 0, 1)                     \
+    macro(s20, "s20", 0, 1)                     \
+    macro(s21, "s21", 0, 1)                     \
+    macro(s22, "s22", 0, 1)                     \
+    macro(s23, "s23", 0, 1)                     \
+    macro(s24, "s24", 0, 1)                     \
+    macro(s25, "s25", 0, 1)                     \
+    macro(s26, "s26", 0, 1)                     \
+    macro(s27, "s27", 0, 1)                     \
+    macro(s28, "s28", 0, 1)                     \
+    macro(s29, "s29", 0, 1)                     \
+    macro(s30, "s30", 0, 1)                     \
+    macro(s31, "s31", 0, 1)
 
 #if CPU(ARM_NEON) || CPU(ARM_VFP_V3_D32)
@@ -132 +132 @@
     macro(d6,  "d6",  0, 0)                     \
     macro(d7,  "d7",  0, 0)                     \
-    macro(d8,  "d8",  0, 0)                     \
-    macro(d9,  "d9",  0, 0)                     \
-    macro(d10, "d10", 0, 0)                     \
-    macro(d11, "d11", 0, 0)                     \
-    macro(d12, "d12", 0, 0)                     \
-    macro(d13, "d13", 0, 0)                     \
-    macro(d14, "d14", 0, 0)                     \
-    macro(d15, "d15", 0, 0)                     \
+    macro(d8,  "d8",  0, 1)                     \
+    macro(d9,  "d9",  0, 1)                     \
+    macro(d10, "d10", 0, 1)                     \
+    macro(d11, "d11", 0, 1)                     \
+    macro(d12, "d12", 0, 1)                     \
+    macro(d13, "d13", 0, 1)                     \
+    macro(d14, "d14", 0, 1)                     \
+    macro(d15, "d15", 0, 1)                     \
     macro(d16, "d16", 0, 0)                     \
     macro(d17, "d17", 0, 0)                     \
@@ -166 +166 @@
     macro(d6,  "d6",  0, 0)                     \
     macro(d7,  "d7",  0, 0)                     \
-    macro(d8,  "d8",  0, 0)                     \
-    macro(d9,  "d9",  0, 0)                     \
-    macro(d10, "d10", 0, 0)                     \
-    macro(d11, "d11", 0, 0)                     \
-    macro(d12, "d12", 0, 0)                     \
-    macro(d13, "d13", 0, 0)                     \
-    macro(d14, "d14", 0, 0)                     \
-    macro(d15, "d15", 0, 0)
+    macro(d8,  "d8",  0, 1)                     \
+    macro(d9,  "d9",  0, 1)                     \
+    macro(d10, "d10", 0, 1)                     \
+    macro(d11, "d11", 0, 1)                     \
+    macro(d12, "d12", 0, 1)                     \
+    macro(d13, "d13", 0, 1)                     \
+    macro(d14, "d14", 0, 1)                     \
+    macro(d15, "d15", 0, 1)
 #endif
 
@@ -182 +182 @@
     macro(q2, "q2", 0, 0)                       \
     macro(q3, "q3", 0, 0)                       \
-    macro(q4, "q4", 0, 0)                       \
-    macro(q5, "q5", 0, 0)                       \
-    macro(q6, "q6", 0, 0)                       \
-    macro(q7, "q7", 0, 0)                       \
+    macro(q4, "q4", 0, 1)                       \
+    macro(q5, "q5", 0, 1)                       \
+    macro(q6, "q6", 0, 1)                       \
+    macro(q7, "q7", 0, 1)                       \
     macro(q8, "q8", 0, 0)                       \
     macro(q9, "q9", 0, 0)                       \

trunk/Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h

@@ -42 +42 @@
     static constexpr size_t nearJumpRange = 16 * MB;
 
-private:
     static constexpr RegisterID dataTempRegister = ARMRegisters::ip;
     static constexpr RegisterID addressTempRegister = ARMRegisters::r6;
 
-    static constexpr ARMRegisters::FPDoubleRegisterID fpTempRegister = ARMRegisters::d7;
+    // d15 is host/C ABI callee save, but is volatile in the VM/JS ABI. We use
+    // this as scratch register so we can use the full range of d0-d7 as
+    // temporary, and in particular as Wasm argument/return register.
+    static constexpr ARMRegisters::FPDoubleRegisterID fpTempRegister = ARMRegisters::d15;
+private:
     inline ARMRegisters::FPSingleRegisterID fpTempRegisterAsSingle() { return ARMRegisters::asSingle(fpTempRegister); }
 

trunk/Source/JavaScriptCore/b3/air/AirCode.cpp

@@ -230 +230 @@
 {
     RegisterAtOffsetList result = m_uncorrectedCalleeSaveRegisterAtOffsetList;
-    if (StackSlot* slot = m_calleeSaveStackSlot) {
-        ptrdiff_t offset = slot->byteSize() + slot->offsetFromFP();
-        for (size_t i = result.size(); i--;) {
-            result.at(i) = RegisterAtOffset(
-                result.at(i).reg(),
-                result.at(i).offset() + offset);
-        }
-    }
+    if (StackSlot* slot = m_calleeSaveStackSlot)
+        result.adjustOffsets(slot->byteSize() + slot->offsetFromFP());
     return result;
 }
@@ -278 +272 @@
         out.print(tierName, "Call arg area size: ", m_callArgAreaSize, "\n");
     RegisterAtOffsetList calleeSaveRegisters = this->calleeSaveRegisterAtOffsetList();
-    if (calleeSaveRegisters.size())
+    if (calleeSaveRegisters.registerCount())
         out.print(tierName, "Callee saves: ", calleeSaveRegisters, "\n");
 }

trunk/Source/JavaScriptCore/b3/testb3_7.cpp

@@ -1558 +1558 @@
     // The patchpoint early ret() works because we don't have callee saves.
     auto code = compileProc(proc);
-    RELEASE_ASSERT(!proc.calleeSaveRegisterAtOffsetList().size()); 
+    RELEASE_ASSERT(!proc.calleeSaveRegisterAtOffsetList().registerCount());
     invoke<void>(*code, static_cast<uint64_t>(55)); // Shouldn't crash dereferncing 55.
 }

trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp

@@ -2463 +2463 @@
 
 #if !ENABLE(C_LOOP)
-static size_t roundCalleeSaveSpaceAsVirtualRegisters(size_t calleeSaveRegisters)
-{
-
-    return (WTF::roundUpToMultipleOf(sizeof(Register), calleeSaveRegisters * sizeof(CPURegister)) / sizeof(Register));
-
-}
-
 size_t CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters()
 {
-    return roundCalleeSaveSpaceAsVirtualRegisters(numberOfLLIntBaselineCalleeSaveRegisters());
+    return WTF::roundUpToMultipleOf<sizeof(Register)>(numberOfLLIntBaselineCalleeSaveRegisters() * sizeof(CPURegister)) / sizeof(Register);
 }
 
 size_t CodeBlock::calleeSaveSpaceAsVirtualRegisters(const RegisterAtOffsetList& calleeSaveRegisters)
 {
-    return roundCalleeSaveSpaceAsVirtualRegisters(calleeSaveRegisters.size());
+    return WTF::roundUpToMultipleOf<sizeof(Register)>(calleeSaveRegisters.sizeOfAreaInBytes()) / sizeof(Register);
 }
 #endif

trunk/Source/JavaScriptCore/bytecode/ValueRecovery.h

@@ -193 +193 @@
 
 #if USE(JSVALUE32_64)
-    static ValueRecovery calleeSaveRegDisplacedInJSStack(VirtualRegister virtualReg, bool inTag)
+    static ValueRecovery calleeSaveGPRDisplacedInJSStack(VirtualRegister virtualReg, bool inTag)
     {
         ValueRecovery result;

trunk/Source/JavaScriptCore/dfg/DFGOSREntry.cpp

@@ -300 +300 @@
     RegisterSet dontSaveRegisters = RegisterSet(RegisterSet::stackRegisters());
 
-    unsigned registerCount = registerSaveLocations->size();
+    unsigned registerCount = registerSaveLocations->registerCount();
     VMEntryRecord* record = vmEntryRecord(vm.topEntryFrame);
     for (unsigned i = 0; i < registerCount; i++) {

trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp

@@ -232 +232 @@
 {
     const RegisterAtOffsetList* calleeSaves = baselineCodeBlock->jitCode()->calleeSaveRegisters();
-    for (unsigned i = 0; i < calleeSaves->size(); i++) {
+    for (unsigned i = 0; i < calleeSaves->registerCount(); i++) {
         RegisterAtOffset entry = calleeSaves->at(i);
         if (entry.reg() != calleeSave)

trunk/Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp

@@ -183 +183 @@
             exit.m_descriptor->m_values.size() + numMaterializations + maxMaterializationNumArguments) +
         requiredScratchMemorySizeInBytes() +
-        codeBlock->jitCode()->calleeSaveRegisters()->size() * sizeof(uint64_t));
+        codeBlock->jitCode()->calleeSaveRegisters()->sizeOfAreaInBytes());
     EncodedJSValue* scratch = scratchBuffer ? static_cast<EncodedJSValue*>(scratchBuffer->dataBuffer()) : nullptr;
     EncodedJSValue* materializationPointers = scratch + exit.m_descriptor->m_values.size();
@@ -453 +453 @@
         jit.move(CCallHelpers::TrustedImmPtr(unwindScratch), destBufferGPR);
         CCallHelpers::CopySpooler spooler(CCallHelpers::CopySpooler::BufferRegs::AllowModification, jit, srcBufferGPR, destBufferGPR, GPRInfo::regT0, GPRInfo::regT1);
-        for (unsigned i = codeBlock->jitCode()->calleeSaveRegisters()->size(); i--;) {
+        for (unsigned i = codeBlock->jitCode()->calleeSaveRegisters()->registerCount(); i--;) {
             RegisterAtOffset entry = codeBlock->jitCode()->calleeSaveRegisters()->at(i);
             spooler.loadGPR(entry.offset());

trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp

@@ -626 +626 @@
         CPURegister* frame = reinterpret_cast<CPURegister*>(m_callFrame->registers());
 
-        unsigned registerCount = currentCalleeSaves->size();
+        unsigned registerCount = currentCalleeSaves->registerCount();
         VMEntryRecord* record = vmEntryRecord(m_vm.topEntryFrame);
         for (unsigned i = 0; i < registerCount; i++) {

trunk/Source/JavaScriptCore/jit/AssemblyHelpers.cpp

@@ -634 +634 @@
     RegisterAtOffsetList* allCalleeSaves = RegisterSet::vmCalleeSaveRegisterOffsets();
     RegisterSet dontRestoreRegisters = RegisterSet::stackRegisters();
-    unsigned registerCount = allCalleeSaves->size();
+    unsigned registerCount = allCalleeSaves->registerCount();
 
     GPRReg scratch = InvalidGPRReg;
@@ -721 +721 @@
 
     RegisterAtOffsetList* allCalleeSaves = RegisterSet::vmCalleeSaveRegisterOffsets();
-    unsigned registerCount = allCalleeSaves->size();
+    unsigned registerCount = allCalleeSaves->registerCount();
 
     LoadRegSpooler spooler(*this, entryFrameGPR);
@@ -1110 +1110 @@
     RegisterAtOffsetList* allCalleeSaves = RegisterSet::vmCalleeSaveRegisterOffsets();
     RegisterSet dontCopyRegisters = RegisterSet::stackRegisters();
-    unsigned registerCount = allCalleeSaves->size();
+    unsigned registerCount = allCalleeSaves->registerCount();
 
     StoreRegSpooler spooler(*this, calleeSavesBuffer);
@@ -1220 +1220 @@
     StoreRegSpooler spooler(*this, framePointerRegister);
 
-    size_t listSize = list.size();
+    size_t registerCount = list.registerCount();
     size_t i = 0;
-    for (; i < listSize; i++) {
+    for (; i < registerCount; i++) {
         auto entry = list.at(i);
         if (!entry.reg().isGPR())
@@ -1230 +1230 @@
     spooler.finalizeGPR();
 
-    for (; i < listSize; i++)
+    for (; i < registerCount; i++)
         spooler.storeFPR(list.at(i));
     spooler.finalizeFPR();
@@ -1239 +1239 @@
     LoadRegSpooler spooler(*this, framePointerRegister);
 
-    size_t listSize = list.size();
+    size_t registerCount = list.registerCount();
     size_t i = 0;
-    for (; i < listSize; i++) {
+    for (; i < registerCount; i++) {
         auto entry = list.at(i);
         if (!entry.reg().isGPR())
@@ -1249 +1249 @@
     spooler.finalizeGPR();
 
-    for (; i < listSize; i++)
+    for (; i < registerCount; i++)
         spooler.loadFPR(list.at(i));
     spooler.finalizeFPR();
@@ -1257 +1257 @@
 {
     RegisterSet dontSaveRegisters = RegisterSet(RegisterSet::stackRegisters());
-    unsigned registerCount = calleeSaves->size();
+    unsigned registerCount = calleeSaves->registerCount();
 
     StoreRegSpooler spooler(*this, framePointerRegister);
@@ -1283 +1283 @@
 {
     RegisterSet dontRestoreRegisters = RegisterSet(RegisterSet::stackRegisters());
-    unsigned registerCount = calleeSaves->size();
+    unsigned registerCount = calleeSaves->registerCount();
     
     LoadRegSpooler spooler(*this, framePointerRegister);
@@ -1326 +1326 @@
     const RegisterAtOffsetList* currentCalleeSaves = &RegisterAtOffsetList::llintBaselineCalleeSaveRegisters();
     RegisterSet dontCopyRegisters = RegisterSet::stackRegisters();
-    unsigned registerCount = allCalleeSaves->size();
+    unsigned registerCount = allCalleeSaves->registerCount();
 
     unsigned i = 0;
@@ -1374 +1374 @@
     const RegisterAtOffsetList* calleeSaves = &RegisterAtOffsetList::llintBaselineCalleeSaveRegisters();
     RegisterSet dontSaveRegisters = RegisterSet(RegisterSet::stackRegisters());
-    unsigned registerCount = calleeSaves->size();
+    unsigned registerCount = calleeSaves->registerCount();
 
     GPRReg dstBufferGPR = temp1;

trunk/Source/JavaScriptCore/jit/CallFrameShuffleData.cpp

@@ -40 +40 @@
     RegisterSet calleeSaveRegisters { RegisterSet::vmCalleeSaveRegisters() };
 
-    for (size_t i = 0; i < registerSaveLocations->size(); ++i) {
+    for (size_t i = 0; i < registerSaveLocations->registerCount(); ++i) {
         RegisterAtOffset entry { registerSaveLocations->at(i) };
         if (!calleeSaveRegisters.get(entry.reg()))
@@ -53 +53 @@
             = ValueRecovery::displacedInJSStack(saveSlot, DataFormatJS);
 #elif USE(JSVALUE32_64)
-        // On 32-bit architectures, 2 callee saved registers may be packed into the same slot
-        static_assert(!PayloadOffset || !TagOffset);
-        static_assert(PayloadOffset == 4 || TagOffset == 4);
-        bool inTag = (saveSlotIndexInCPURegisters & 1) == !!TagOffset;
-        if (saveSlotIndexInCPURegisters < 0)
-            saveSlotIndexInCPURegisters -= 1; // Round towards -inf
-        VirtualRegister saveSlot { saveSlotIndexInCPURegisters / 2 };
-        registers[entry.reg()]
-            = ValueRecovery::calleeSaveRegDisplacedInJSStack(saveSlot, inTag);
+        // On 32-bit architectures, 2 callee saved GPRs may be packed into the same slot
+        if (entry.reg().isGPR()) {
+            static_assert(!PayloadOffset || !TagOffset);
+            static_assert(PayloadOffset == 4 || TagOffset == 4);
+            bool inTag = (saveSlotIndexInCPURegisters & 1) == !!TagOffset;
+            if (saveSlotIndexInCPURegisters < 0)
+                saveSlotIndexInCPURegisters -= 1; // Round towards -inf
+            VirtualRegister saveSlot { saveSlotIndexInCPURegisters / 2 };
+            registers[entry.reg()] = ValueRecovery::calleeSaveGPRDisplacedInJSStack(saveSlot, inTag);
+        } else {
+            ASSERT(!(saveSlotIndexInCPURegisters & 1)); // Should be at an even offset
+            VirtualRegister saveSlot { saveSlotIndexInCPURegisters / 2 };
+            registers[entry.reg()] = ValueRecovery::displacedInJSStack(saveSlot, DataFormatDouble);
+        }
 #endif
     }
@@ -75 +80 @@
         registers[reg] = ValueRecovery::inRegister(reg, DataFormatJS);
 #elif USE(JSVALUE32_64)
-        registers[reg] = ValueRecovery::inRegister(reg, DataFormatInt32);
+        registers[reg] = ValueRecovery::inRegister(reg, reg.isGPR() ? DataFormatInt32 : DataFormatDouble);
 #endif
     }

trunk/Source/JavaScriptCore/jit/CallFrameShuffler.h

@@ -120 +120 @@
 #elif USE(JSVALUE32_64)
             ValueRecovery recovery = cachedRecovery->recovery();
-            if (recovery.technique() == DisplacedInJSStack) {
+            if (reg.isGPR() && recovery.technique() == DisplacedInJSStack) {
                 JSValueRegs wantedJSValueReg = cachedRecovery->wantedJSValueRegs();
                 ASSERT(reg == wantedJSValueReg.payloadGPR() || reg == wantedJSValueReg.tagGPR());
                 bool inTag = reg == wantedJSValueReg.tagGPR();
-                data.registers[reg] = ValueRecovery::calleeSaveRegDisplacedInJSStack(recovery.virtualRegister(), inTag);
+                data.registers[reg] = ValueRecovery::calleeSaveGPRDisplacedInJSStack(recovery.virtualRegister(), inTag);
             } else
                 data.registers[reg] = recovery;

trunk/Source/JavaScriptCore/jit/CallFrameShuffler32_64.cpp

@@ -184 +184 @@
     ASSERT(location.recovery().isInRegisters());
     JSValueRegs wantedJSValueRegs { location.wantedJSValueRegs() };
-    ASSERT(wantedJSValueRegs); // We don't support wanted FPRs on 32bit platforms
-
     GPRReg wantedTagGPR { wantedJSValueRegs.tagGPR() };
     GPRReg wantedPayloadGPR { wantedJSValueRegs.payloadGPR() };
-    
+    FPRReg wantedFPR { location.wantedFPR() };
+
     if (wantedTagGPR != InvalidGPRReg) {
         ASSERT(!m_lockedRegisters.get(wantedTagGPR));
@@ -209 +208 @@
     if (location.recovery().technique() == InPair
         || location.recovery().isInGPR()) {
+        ASSERT(wantedJSValueRegs); // We don't support wanted FPRs on 32bit platforms at the moment
         GPRReg payloadGPR;
         if (location.recovery().technique() == InPair)
@@ -274 +274 @@
             RELEASE_ASSERT_NOT_REACHED();
         }
+        updateRecovery(location, ValueRecovery::inPair(wantedTagGPR, wantedPayloadGPR));
     } else {
         ASSERT(location.recovery().isInFPR());
-        if (wantedTagGPR == InvalidGPRReg) {
-            ASSERT(wantedPayloadGPR != InvalidGPRReg);
-            m_lockedRegisters.set(wantedPayloadGPR);
-            wantedTagGPR = getFreeGPR();
-            m_lockedRegisters.clear(wantedPayloadGPR);
-        }
-        if (wantedPayloadGPR == InvalidGPRReg) {
-            m_lockedRegisters.set(wantedTagGPR);
-            wantedPayloadGPR = getFreeGPR();
-            m_lockedRegisters.clear(wantedTagGPR);
-        }
-        m_jit.boxDouble(location.recovery().fpr(), wantedTagGPR, wantedPayloadGPR);
-    }
-    updateRecovery(location, ValueRecovery::inPair(wantedTagGPR, wantedPayloadGPR));
+        if (wantedFPR != InvalidFPRReg) {
+            m_jit.moveDouble(location.recovery().fpr(), wantedFPR);
+            updateRecovery(location, ValueRecovery::inRegister(wantedFPR, DataFormatJS));
+        } else {
+            if (wantedTagGPR == InvalidGPRReg) {
+                ASSERT(wantedPayloadGPR != InvalidGPRReg);
+                m_lockedRegisters.set(wantedPayloadGPR);
+                wantedTagGPR = getFreeGPR();
+                m_lockedRegisters.clear(wantedPayloadGPR);
+            }
+            if (wantedPayloadGPR == InvalidGPRReg) {
+                m_lockedRegisters.set(wantedTagGPR);
+                wantedPayloadGPR = getFreeGPR();
+                m_lockedRegisters.clear(wantedTagGPR);
+            }
+            m_jit.moveDoubleToInts(location.recovery().fpr(), wantedPayloadGPR, wantedTagGPR);
+            updateRecovery(location, ValueRecovery::inPair(wantedTagGPR, wantedPayloadGPR));
+        }
+    }
 }
 

trunk/Source/JavaScriptCore/jit/FPRInfo.h

@@ -107 +107 @@
 public:
     typedef FPRReg RegisterType;
-    static constexpr unsigned numberOfRegisters = 6;
+    static constexpr unsigned numberOfRegisters = 8;
 
 #if CPU(ARM_HARDFP)
@@ -116 +116 @@
 
     // Temporary registers.
-    // d7 is use by the MacroAssembler as fpTempRegister.
+    // d8-d15 are callee saved, d15 is use by the MacroAssembler as fpTempRegister.
     static constexpr FPRReg fpRegT0 = ARMRegisters::d0;
     static constexpr FPRReg fpRegT1 = ARMRegisters::d1;
@@ -123 +123 @@
     static constexpr FPRReg fpRegT4 = ARMRegisters::d4;
     static constexpr FPRReg fpRegT5 = ARMRegisters::d5;
+    static constexpr FPRReg fpRegT6 = ARMRegisters::d6;
+    static constexpr FPRReg fpRegT7 = ARMRegisters::d7;
+    static constexpr FPRReg fpRegCS0 = ARMRegisters::d8;
+    static constexpr FPRReg fpRegCS1 = ARMRegisters::d9;
+    static constexpr FPRReg fpRegCS2 = ARMRegisters::d10;
+    static constexpr FPRReg fpRegCS3 = ARMRegisters::d11;
+    static constexpr FPRReg fpRegCS4 = ARMRegisters::d12;
+    static constexpr FPRReg fpRegCS5 = ARMRegisters::d13;
+    static constexpr FPRReg fpRegCS6 = ARMRegisters::d14;
+
     // ARMv7 doesn't pass arguments in fp registers. The return
     // value is also actually in integer registers, for now
@@ -141 +151 @@
     static_assert(ARMRegisters::d4 == 4);
     static_assert(ARMRegisters::d5 == 5);
+    static_assert(ARMRegisters::d6 == 6);
+    static_assert(ARMRegisters::d7 == 7);
     static FPRReg toRegister(unsigned index)
     {

trunk/Source/JavaScriptCore/jit/GPRInfo.h

@@ -554 +554 @@
 #if CPU(ARM_THUMB2)
 #define NUMBER_OF_ARGUMENT_REGISTERS 4u
-#define NUMBER_OF_CALLEE_SAVES_REGISTERS 2u
+// Callee Saves includes r10, r11, and FP registers d8..d15, which are twice the size of a GPR
+#define NUMBER_OF_CALLEE_SAVES_REGISTERS 18u
 
 class GPRInfo {

trunk/Source/JavaScriptCore/jit/RegisterAtOffsetList.cpp

@@ -40 +40 @@
     : m_registers(registerSet.numberOfSetRegisters())
 {
-    size_t numberOfRegisters = registerSet.numberOfSetRegisters();
-    ptrdiff_t offset = 0;
-    
+    constexpr size_t sizeOfGPR = sizeof(CPURegister);
+    constexpr size_t sizeOfFPR = sizeof(double);
+
+    size_t sizeOfAreaInBytes;
+    {
+#if USE(JSVALUE64)
+        static_assert(sizeOfGPR == sizeOfFPR);
+        size_t numberOfRegs = registerSet.numberOfSetRegisters();
+        sizeOfAreaInBytes = numberOfRegs * sizeOfGPR;
+#elif USE(JSVALUE32_64)
+        static_assert(2 * sizeOfGPR == sizeOfFPR);
+        size_t numberOfGPRs = registerSet.numberOfSetGPRs();
+        size_t numberOfFPRs = registerSet.numberOfSetFPRs();
+        if (numberOfFPRs)
+            numberOfGPRs = WTF::roundUpToMultipleOf<2>(numberOfGPRs);
+        sizeOfAreaInBytes = numberOfGPRs * sizeOfGPR + numberOfFPRs * sizeOfFPR;
+        m_sizeOfAreaInBytes = sizeOfAreaInBytes; // Hold on to it to avoid having to re-compute it
+#endif
+    }
+
+    ptrdiff_t startOffset = 0;
     if (offsetBaseType == FramePointerBased)
-        offset = -(static_cast<ptrdiff_t>(numberOfRegisters) * sizeof(CPURegister));
+        startOffset = -static_cast<ptrdiff_t>(sizeOfAreaInBytes);
 
+    ptrdiff_t offset = startOffset;
     unsigned index = 0;
+
     registerSet.forEach([&] (Reg reg) {
-        m_registers[index] = RegisterAtOffset(reg, offset);
-        offset += sizeof(CPURegister);
-        ++index;
+        size_t registerSize = reg.isGPR() ? sizeOfGPR : sizeOfFPR;
+        offset = WTF::roundUpToMultipleOf(registerSize, offset);
+        m_registers[index++] = RegisterAtOffset(reg, offset);
+        offset += registerSize;
     });
+
+    ASSERT(static_cast<size_t>(offset - startOffset) == sizeOfAreaInBytes);
 }
 

trunk/Source/JavaScriptCore/jit/RegisterAtOffsetList.h

@@ -45 +45 @@
     void dump(PrintStream&) const;
 
-    size_t size() const
+    size_t registerCount() const { return m_registers.size(); }
+    size_t sizeOfAreaInBytes() const
     {
-        return m_registers.size();
+#if USE(JSVALUE64)
+        static_assert(sizeof(CPURegister) == sizeof(double));
+        return registerCount() * sizeof(CPURegister);
+#elif USE(JSVALUE32_64)
+        return m_sizeOfAreaInBytes;
+#endif
     }
 
@@ -55 +61 @@
     }
 
-    RegisterAtOffset& at(size_t index)
+    void adjustOffsets(ptrdiff_t addend)
     {
-        return m_registers.at(index);
+        // This preserves m_sizeOfAreaInBytes
+        for (RegisterAtOffset &item : m_registers)
+            item = RegisterAtOffset { item.reg(), item.offset() + addend };
     }
-    
+
     RegisterAtOffset* find(Reg) const;
     unsigned indexOf(Reg) const; // Returns UINT_MAX if not found.
@@ -66 +74 @@
     FixedVector<RegisterAtOffset>::const_iterator end() const { return m_registers.end(); }
 
+
     static const RegisterAtOffsetList& llintBaselineCalleeSaveRegisters(); // Registers and Offsets saved and used by the LLInt.
     static const RegisterAtOffsetList& dfgCalleeSaveRegisters(); // Registers and Offsets saved and used by DFG.
@@ -71 +80 @@
 private:
     FixedVector<RegisterAtOffset> m_registers;
+#if USE(JSVALUE32_64) // On JSVALUE64, we can compute this cheaply
+    size_t m_sizeOfAreaInBytes { 0 };
+#endif
 };
 

trunk/Source/JavaScriptCore/jit/RegisterSet.cpp

@@ -95 +95 @@
 #elif CPU(ARM64) || CPU(RISCV64)
     return RegisterSet(MacroAssembler::dataTempRegister, MacroAssembler::memoryTempRegister);
+#elif CPU(ARM_THUMB2)
+    RegisterSet result;
+    result.set(MacroAssembler::dataTempRegister);
+    result.set(MacroAssembler::addressTempRegister);
+    result.set(MacroAssembler::fpTempRegister);
+    return result;
 #elif CPU(MIPS)
     RegisterSet result;
@@ -153 +159 @@
     result.set(FPRInfo::fpRegCS6);
     result.set(FPRInfo::fpRegCS7);
-#elif CPU(ARM_THUMB2) || CPU(MIPS)
+#elif CPU(ARM_THUMB2)
+    result.set(GPRInfo::regCS0);
+    result.set(GPRInfo::regCS1);
+    result.set(FPRInfo::fpRegCS0);
+    result.set(FPRInfo::fpRegCS1);
+    result.set(FPRInfo::fpRegCS2);
+    result.set(FPRInfo::fpRegCS3);
+    result.set(FPRInfo::fpRegCS4);
+    result.set(FPRInfo::fpRegCS5);
+    result.set(FPRInfo::fpRegCS6);
+#elif CPU(MIPS)
     result.set(GPRInfo::regCS0);
     result.set(GPRInfo::regCS1);

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter.asm

@@ -757 +757 @@
     const CalleeSaveRegisterCount = 0
 elsif ARMv7
-    const CalleeSaveRegisterCount = 7
+    const CalleeSaveRegisterCount = 7 + 2 * 1 // 7 32-bit GPRs + 1 64-bit FPR
 elsif MIPS
     const CalleeSaveRegisterCount = 3
@@ -773 +773 @@
     if C_LOOP or C_LOOP_WIN or ARM64 or ARM64E or X86_64 or X86_64_WIN or RISCV64
     elsif ARMv7
+        emit "vpush.64 {d15}"
         emit "push {r4-r6, r8-r11}"
     elsif MIPS
@@ -796 +797 @@
     elsif ARMv7
         emit "pop {r4-r6, r8-r11}"
+        emit "vpop.64 {d15}"
     elsif MIPS
         emit "lw $s0, 0($sp)"
@@ -934 +936 @@
             storeq csr5, 40[entryFrame]
             storeq csr6, 48[entryFrame]
-        elsif ARMv7 or MIPS
+        elsif ARMv7
+            storep csr0, [entryFrame]
+            storep csr1, 4[entryFrame]
+            stored csfr0, 8[entryFrame]
+            stored csfr1, 16[entryFrame]
+            stored csfr2, 24[entryFrame]
+            stored csfr3, 32[entryFrame]
+            stored csfr4, 40[entryFrame]
+            stored csfr5, 48[entryFrame]
+            stored csfr6, 56[entryFrame]
+        elsif MIPS
             storep csr0, [entryFrame]
             storep csr1, 4[entryFrame]
@@ -1010 +1022 @@
             loadq 40[temp], csr5
             loadq 48[temp], csr6
-        elsif ARMv7 or MIPS
+        elsif ARMv7
+            loadp [temp], csr0
+            loadp 4[temp], csr1
+            loadd 8[temp], csfr0
+            loadd 16[temp], csfr1
+            loadd 24[temp], csfr2
+            loadd 32[temp], csfr3
+            loadd 40[temp], csfr4
+            loadd 48[temp], csfr5
+            loadd 56[temp], csfr6
+        elsif MIPS
             loadp [temp], csr0
             loadp 4[temp], csr1

trunk/Source/JavaScriptCore/offlineasm/arm.rb

@@ -49 +49 @@
 # FPR conventions, to match the baseline JIT
 #
-# d0 => ft0, fa0, fr
-# d1 => ft1, fa1
-# d2 => ft2
-# d3 => ft3
-# d4 => ft4
-# d5 => ft5
-# d6 =>              (scratch)
-# d7 =>              (scratch)
+#  d0 => ft0, fa0, fr
+#  d1 => ft1, fa1
+#  d2 => ft2
+#  d3 => ft3
+#  d4 => ft4
+#  d5 => ft5
+#  d6 => ft6
+#  d7 => ft7
+#  d8 => csfr0
+#  d9 => csfr1
+# d10 => csfr2
+# d11 => csfr3
+# d12 => csfr4
+# d13 => csfr5
+# d14 => csfr6
+# d15 => scratch
 
 class Node
@@ -77 +85 @@
 ARM_EXTRA_GPRS = [SpecialRegister.new("r9"), SpecialRegister.new("r12"), SpecialRegister.new("r6")]
 ARM_EXTRA_FPRS = [SpecialRegister.new("d7")]
-ARM_SCRATCH_FPR = SpecialRegister.new("d6")
+ARM_SCRATCH_FPR = SpecialRegister.new("d15")
 OS_DARWIN = ((RUBY_PLATFORM =~ /darwin/i) != nil)
 
@@ -148 +156 @@
         when "ft5"
             "d5"
+        when "ft6"
+            "d6"
+        when "ft7"
+            "d7"
+        when "csfr0"
+            "d8"
+        when "csfr1"
+            "d9"
+        when "csfr2"
+            "d10"
+        when "csfr3"
+            "d11"
+        when "csfr4"
+            "d12"
+        when "csfr5"
+            "d13"
+        when "csfr6"
+            "d14"
         else
             raise "Bad register #{name} for ARM at #{codeOriginString}"

trunk/Source/JavaScriptCore/wasm/js/JSToWasm.cpp

@@ -198 +198 @@
     result->entrypoint.calleeSaveRegisters = registersToSpill;
 
-    size_t totalFrameSize = registersToSpill.size() * sizeof(CPURegister);
+    size_t totalFrameSize = registersToSpill.sizeOfAreaInBytes();
     CallInformation wasmFrameConvention = wasmCallingConvention().callInformationFor(typeDefinition);
     RegisterAtOffsetList savedResultRegisters = wasmFrameConvention.computeResultsOffsetList();
     totalFrameSize += wasmFrameConvention.headerAndArgumentStackSizeInBytes;
-    totalFrameSize += savedResultRegisters.size() * sizeof(CPURegister);
+    totalFrameSize += savedResultRegisters.sizeOfAreaInBytes();
 
     totalFrameSize = WTF::roundUpToMultipleOf(stackAlignmentBytes(), totalFrameSize);

trunk/Source/JavaScriptCore/wasm/js/WasmToJS.cpp

@@ -89 +89 @@
     const unsigned numberOfRegsForCall = CallFrame::headerSizeInRegisters + numberOfParameters;
     const unsigned numberOfBytesForCall = numberOfRegsForCall * sizeof(Register) - sizeof(CallerFrameAndPC);
-    const unsigned stackOffset = WTF::roundUpToMultipleOf(stackAlignmentBytes(), std::max<unsigned>(numberOfBytesForCall, savedResultRegisters.size() * sizeof(CPURegister)));
+    const unsigned stackOffset = WTF::roundUpToMultipleOf(stackAlignmentBytes(), std::max<unsigned>(numberOfBytesForCall, savedResultRegisters.sizeOfAreaInBytes()));
     jit.subPtr(MacroAssembler::TrustedImm32(stackOffset), MacroAssembler::stackPointerRegister);
     JIT::Address calleeFrame = CCallHelpers::Address(MacroAssembler::stackPointerRegister, -static_cast<ptrdiff_t>(sizeof(CallerFrameAndPC)));

trunk/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp

@@ -194 +194 @@
     RegisterAtOffsetList savedResultRegisters = wasmCallInfo.computeResultsOffsetList();
 
-    unsigned totalFrameSize = registersToSpill.size() * sizeof(CPURegister);
+    unsigned totalFrameSize = registersToSpill.sizeOfAreaInBytes();
     totalFrameSize += sizeof(CPURegister); // Slot for the VM's previous wasm instance.
     totalFrameSize += wasmCallInfo.headerAndArgumentStackSizeInBytes;
-    totalFrameSize += savedResultRegisters.size() * sizeof(CPURegister);
+    totalFrameSize += savedResultRegisters.sizeOfAreaInBytes();
 
     // FIXME: Optimize Wasm function call even if arguments include I64.