Changeset 270981 in webkit

Timestamp:

Dec 18, 2020, 11:25:34 AM (4 years ago)

Author:

mark.lam@apple.com

Message:

Add tagging to JIT probe's return address.
​https://bugs.webkit.org/show_bug.cgi?id=220008
rdar://71279530

Reviewed by Keith Miller and Robin Morisset.

• assembler/MacroAssemblerARM64.cpp:
• assembler/testmasm.cpp:

(JSC::testProbeModifiesProgramCounter):

• runtime/JSCPtrTag.h:

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• assembler/MacroAssemblerARM64.cpp (modified) (7 diffs)
• assembler/testmasm.cpp (modified) (1 diff)
• runtime/JSCPtrTag.h (modified) (2 diffs)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2020-12-17  Mark Lam  <mark.lam@apple.com>
+
+        Add tagging to JIT probe's return address.
+        https://bugs.webkit.org/show_bug.cgi?id=220008
+        rdar://71279530
+
+        Reviewed by Keith Miller and Robin Morisset.
+
+        * assembler/MacroAssemblerARM64.cpp:
+        * assembler/testmasm.cpp:
+        (JSC::testProbeModifiesProgramCounter):
+        * runtime/JSCPtrTag.h:
+
 2020-12-18  Yusuke Suzuki  <ysuzuki@apple.com>
 

trunk/Source/JavaScriptCore/assembler/MacroAssemblerARM64.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2013-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -301 +301 @@
 
 #if CPU(ARM64E)
+#define JIT_PROBE_PC_PTR_TAG 0xeeac
 #define JIT_PROBE_EXECUTOR_PTR_TAG 0x28de
 #define JIT_PROBE_STACK_INITIALIZATION_FUNCTION_PTR_TAG 0x315c
+static_assert(JIT_PROBE_PC_PTR_TAG == JITProbePCPtrTag);
 static_assert(JIT_PROBE_EXECUTOR_PTR_TAG == JITProbeExecutorPtrTag);
 static_assert(JIT_PROBE_STACK_INITIALIZATION_FUNCTION_PTR_TAG == JITProbeStackInitializationFunctionPtrTag);
@@ -361 +363 @@
     "stp       x7, x26, [sp, #" STRINGIZE_VALUE_OF(PROBE_CPU_LR_OFFSET) "]" "\n" // Save values lr and sp (original sp value computed into x26 above).
 
+    "add       x30, x30, #" STRINGIZE_VALUE_OF(2 * GPREG_SIZE) "\n" // The PC after the probe is at 2 instructions past the return point.
+#if CPU(ARM64E)
+    "movz      x27, #" STRINGIZE_VALUE_OF(JIT_PROBE_PC_PTR_TAG) "\n"
+    "pacib     x30, x27" "\n"
+#endif
     "str       x30, [sp, #" STRINGIZE_VALUE_OF(SAVED_PROBE_RETURN_PC_OFFSET) "]" "\n" // Save a duplicate copy of return pc (in lr).
-
-    "add       x30, x30, #" STRINGIZE_VALUE_OF(2 * GPREG_SIZE) "\n" // The PC after the probe is at 2 instructions past the return point.
     "str       x30, [sp, #" STRINGIZE_VALUE_OF(PROBE_CPU_PC_OFFSET) "]" "\n"
 
@@ -497 +502 @@
     "ldr       x27, [sp, #" STRINGIZE_VALUE_OF(SAVED_PROBE_RETURN_PC_OFFSET) "]" "\n"
     "ldr       x28, [sp, #" STRINGIZE_VALUE_OF(PROBE_CPU_PC_OFFSET) "]" "\n"
-    "add       x27, x27, #" STRINGIZE_VALUE_OF(2 * GPREG_SIZE) "\n"
     "cmp       x27, x28" "\n"
     "bne     " LOCAL_LABEL_STRING(ctiMasmProbeTrampolineEnd) "\n"
@@ -510 +514 @@
      // 3. Force the return ramp to return to the probe return site.
     "ldr       x27, [sp, #" STRINGIZE_VALUE_OF(SAVED_PROBE_RETURN_PC_OFFSET) "]" "\n"
+#if CPU(ARM64E)
+    "movz      x28, #" STRINGIZE_VALUE_OF(JIT_PROBE_PC_PTR_TAG) "\n"
+    "autib     x27, x28" "\n"
+    "lsr       x28, x27, #8" "\n"
+    "and       x28, x28, #0xff000000000000" "\n"
+    "orr       x28, x28, x27" "\n"
+    "ldrb      w28, [x28]" "\n"
+#endif
+    "sub       x27, x27, #" STRINGIZE_VALUE_OF(2 * GPREG_SIZE) "\n" // The return point PC is at 2 instructions before the end of the probe.
+#if CPU(ARM64E)
+    "movz      x28, #" STRINGIZE_VALUE_OF(JIT_PROBE_PC_PTR_TAG) "\n"
+    "pacib     x27, x28" "\n"
+#endif
     "str       x27, [sp, #" STRINGIZE_VALUE_OF(PROBE_CPU_PC_OFFSET) "]" "\n"
 
@@ -521 +538 @@
     "ldp       x27, x28, [sp, #" STRINGIZE_VALUE_OF(PROBE_CPU_X27_OFFSET) "]" "\n"
     "stp       x27, x28, [x30, #" STRINGIZE_VALUE_OF(OUT_X27_OFFSET) "]" "\n"
+    "ldr       x28, [sp, #" STRINGIZE_VALUE_OF(PROBE_CPU_PC_OFFSET) "]" "\n" // Set up the outgoing record so that we'll jump to the new PC.
+#if CPU(ARM64E)
+    "movz      x27, #" STRINGIZE_VALUE_OF(JIT_PROBE_PC_PTR_TAG) "\n"
+    "autib     x28, x27" "\n"
+    "lsr       x27, x28, #8" "\n"
+    "and       x27, x27, #0xff000000000000" "\n"
+    "orr       x27, x27, x28" "\n"
+    "ldrb      w27, [x27]" "\n"
+    "add       x27, x30, #48" "\n" // Compute sp at return point.
+    "pacib     x28, x27" "\n"
+#endif
     "ldr       x27, [sp, #" STRINGIZE_VALUE_OF(PROBE_CPU_FP_OFFSET) "]" "\n"
-    "ldr       x28, [sp, #" STRINGIZE_VALUE_OF(PROBE_CPU_PC_OFFSET) "]" "\n" // Set up the outgoing record so that we'll jump to the new PC.
     "stp       x27, x28, [x30, #" STRINGIZE_VALUE_OF(OUT_FP_OFFSET) "]" "\n"
     "mov       sp, x30" "\n"
@@ -532 +559 @@
     "ldp       x27, x28, [sp], #" STRINGIZE_VALUE_OF(2 * GPREG_SIZE) "\n"
     "ldp       x29, x30, [sp], #" STRINGIZE_VALUE_OF(2 * GPREG_SIZE) "\n"
+#if CPU(ARM64E)
+    "retab" "\n"
+#else
     "ret" "\n"
+#endif
 );
 #endif // COMPILER(GCC_COMPATIBLE)

trunk/Source/JavaScriptCore/assembler/testmasm.cpp

@@ -2124 +2124 @@
         jit.probe([&] (Probe::Context& context) {
             probeCallCount++;
-            context.cpu.pc() = untagCodePtr<JSEntryPtrTag>(continuation.code().executableAddress());
+            context.cpu.pc() = retagCodePtr<JSEntryPtrTag, JITProbePCPtrTag>(continuation.code().executableAddress());
         });
 

trunk/Source/JavaScriptCore/runtime/JSCPtrTag.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2018-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2018-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -58 +58 @@
     v(JITProbePtrTag, PtrTagCalleeType::Native, PtrTagCallerType::Native) \
     v(JITProbeExecutorPtrTag, PtrTagCalleeType::Native, PtrTagCallerType::Native) \
+    v(JITProbePCPtrTag, PtrTagCalleeType::Native, PtrTagCallerType::Native) \
     v(JITProbeStackInitializationFunctionPtrTag, PtrTagCalleeType::Native, PtrTagCallerType::Native) \
     /* Callee:JIT Caller:Native */ \