Changeset 281718 in webkit

Timestamp:

Aug 27, 2021, 1:49:34 PM (4 years ago)

Author:

mark.lam@apple.com

Message:

Make ARM64 and X86_64 probe code a little bit more efficient.
​https://bugs.webkit.org/show_bug.cgi?id=229618
rdar://82445743

Reviewed by Yusuke Suzuki.

We were using an unnecessary indirect call to call Probe::executeProbe() when we
can be using a direct call, which emits less JIT code. This patch changes the
ARM64 and X86_64 ports to use a direct call now.

Also rename executeProbe to executeJSCJITProbe to make it more unique since we're
switching to extern "C" linkage for this function now.

For MacroAssemblerX86Common.cpp, we left the X86 and MSVC implementations unchanged.
For X86, I don't know the stack alignment requirements (if any) plus we might want
to delete this code eventually since we're not supporting the X86 JIT anymore.
For MSVC, I don't know the way to express a direct call in MSVC assembly, and have
no way to test it. Will leave that as an exercise for folks working on the Windows
ports if they are interested.

Also remove JITProbeExecutorPtrTag since it's no longer needed.

• assembler/MacroAssemblerARM64.cpp:

(JSC::MacroAssembler::probe):

• assembler/MacroAssemblerARMv7.cpp:

(JSC::MacroAssembler::probe):

• assembler/MacroAssemblerMIPS.cpp:

(JSC::MacroAssembler::probe):

• assembler/MacroAssemblerX86Common.cpp:

(JSC::ctiMasmProbeTrampoline):
(JSC::MacroAssembler::probe):

• assembler/ProbeContext.cpp:

(JSC::Probe::executeJSCJITProbe):
(JSC::Probe::executeProbe): Deleted.

• assembler/ProbeContext.h:
• runtime/JSCPtrTag.h:

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• assembler/MacroAssemblerARM64.cpp (modified) (11 diffs)
• assembler/MacroAssemblerARMv7.cpp (modified) (4 diffs)
• assembler/MacroAssemblerMIPS.cpp (modified) (5 diffs)
• assembler/MacroAssemblerX86Common.cpp (modified) (9 diffs)
• assembler/ProbeContext.cpp (modified) (1 diff)
• assembler/ProbeContext.h (modified) (1 diff)
• runtime/JSCPtrTag.h (modified) (1 diff)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2021-08-27  Mark Lam  <mark.lam@apple.com>
+
+        Make ARM64 and X86_64 probe code a little bit more efficient.
+        https://bugs.webkit.org/show_bug.cgi?id=229618
+        rdar://82445743
+
+        Reviewed by Yusuke Suzuki.
+
+        We were using an unnecessary indirect call to call Probe::executeProbe() when we
+        can be using a direct call, which emits less JIT code.  This patch changes the
+        ARM64 and X86_64 ports to use a direct call now.
+
+        Also rename executeProbe to executeJSCJITProbe to make it more unique since we're
+        switching to extern "C" linkage for this function now.
+
+        For MacroAssemblerX86Common.cpp, we left the X86 and MSVC implementations unchanged.
+        For X86, I don't know the stack alignment requirements (if any) plus we might want
+        to delete this code eventually since we're not supporting the X86 JIT anymore.
+        For MSVC, I don't know the way to express a direct call in MSVC assembly, and have
+        no way to test it.  Will leave that as an exercise for folks working on the Windows
+        ports if they are interested.
+
+        Also remove JITProbeExecutorPtrTag since it's no longer needed.
+
+        * assembler/MacroAssemblerARM64.cpp:
+        (JSC::MacroAssembler::probe):
+        * assembler/MacroAssemblerARMv7.cpp:
+        (JSC::MacroAssembler::probe):
+        * assembler/MacroAssemblerMIPS.cpp:
+        (JSC::MacroAssembler::probe):
+        * assembler/MacroAssemblerX86Common.cpp:
+        (JSC::ctiMasmProbeTrampoline):
+        (JSC::MacroAssembler::probe):
+        * assembler/ProbeContext.cpp:
+        (JSC::Probe::executeJSCJITProbe):
+        (JSC::Probe::executeProbe): Deleted.
+        * assembler/ProbeContext.h:
+        * runtime/JSCPtrTag.h:
+
 2021-08-27  Saam Barati  <sbarati@apple.com>
 

trunk/Source/JavaScriptCore/assembler/MacroAssemblerARM64.cpp

@@ -256 +256 @@
     UCPURegister x25;
     UCPURegister x26;
-    UCPURegister x27;
-    UCPURegister x28;
     UCPURegister x30; // lr
+    UCPURegister x27; // Saved in trampoline to use as scratch.
+    UCPURegister unusedForAlignment;
 };
 
@@ -264 +264 @@
 #define IN_X25_OFFSET (1 * GPREG_SIZE)
 #define IN_X26_OFFSET (2 * GPREG_SIZE)
-#define IN_X27_OFFSET (3 * GPREG_SIZE)
-#define IN_X28_OFFSET (4 * GPREG_SIZE)
-#define IN_X30_OFFSET (5 * GPREG_SIZE)
+#define IN_X30_OFFSET (3 * GPREG_SIZE)
+#define IN_X27_OFFSET (4 * GPREG_SIZE)
+// The 5th slot is unused. It's only there for alignment.
 #define IN_SIZE       (6 * GPREG_SIZE)
 
@@ -272 +272 @@
 static_assert(IN_X25_OFFSET == offsetof(IncomingProbeRecord, x25), "IN_X25_OFFSET is incorrect");
 static_assert(IN_X26_OFFSET == offsetof(IncomingProbeRecord, x26), "IN_X26_OFFSET is incorrect");
+static_assert(IN_X30_OFFSET == offsetof(IncomingProbeRecord, x30), "IN_X23_OFFSET is incorrect");
 static_assert(IN_X27_OFFSET == offsetof(IncomingProbeRecord, x27), "IN_X27_OFFSET is incorrect");
-static_assert(IN_X28_OFFSET == offsetof(IncomingProbeRecord, x28), "IN_X22_OFFSET is incorrect");
-static_assert(IN_X30_OFFSET == offsetof(IncomingProbeRecord, x30), "IN_X23_OFFSET is incorrect");
 static_assert(IN_SIZE == sizeof(IncomingProbeRecord), "IN_SIZE is incorrect");
 static_assert(!(sizeof(IncomingProbeRecord) & 0xf), "IncomingProbeStack must be 16-byte aligned");
@@ -318 +317 @@
 #if CPU(ARM64E)
 #define JIT_PROBE_PC_PTR_TAG 0xeeac
-#define JIT_PROBE_EXECUTOR_PTR_TAG 0x28de
 #define JIT_PROBE_STACK_INITIALIZATION_FUNCTION_PTR_TAG 0x315c
 static_assert(JIT_PROBE_PC_PTR_TAG == JITProbePCPtrTag);
-static_assert(JIT_PROBE_EXECUTOR_PTR_TAG == JITProbeExecutorPtrTag);
 static_assert(JIT_PROBE_STACK_INITIALIZATION_FUNCTION_PTR_TAG == JITProbeStackInitializationFunctionPtrTag);
 #endif
@@ -341 +338 @@
     //     x25: probe arg
     //     x26: scratch, was ctiMasmProbeTrampoline
-    //     x27: scratch
-    //     x28: Probe::executeProbe
     //     x30: return address
 
+    "str       x27, [sp, #" STRINGIZE_VALUE_OF(IN_X27_OFFSET) "]" "\n"
     "mov       x26, sp" "\n"
-    "mov       x27, sp" "\n"
-
-    "sub       x27, x27, #" STRINGIZE_VALUE_OF(PROBE_SIZE_PLUS_EXTRAS + OUT_SIZE) "\n"
-    "bic       x27, x27, #0xf" "\n" // The ARM EABI specifies that the stack needs to be 16 byte aligned.
-    "mov       sp, x27" "\n" // Set the sp to protect the Probe::State from interrupts before we initialize it.
+    "sub       x27, sp, #" STRINGIZE_VALUE_OF(PROBE_SIZE_PLUS_EXTRAS + OUT_SIZE) "\n"
+    "bic       sp, x27, #0xf" "\n" // The ARM EABI specifies that the stack needs to be 16 byte aligned.
 
     "stp       x24, x25, [sp, #" STRINGIZE_VALUE_OF(PROBE_PROBE_FUNCTION_OFFSET) "]" "\n" // Store the probe handler function and arg (preloaded into x24 and x25
@@ -363 +356 @@
 
     "ldp       x2, x3, [x26, #" STRINGIZE_VALUE_OF(IN_X24_OFFSET) "]" "\n" // Preload saved x24 and x25.
-    "ldp       x4, x5, [x26, #" STRINGIZE_VALUE_OF(IN_X26_OFFSET) "]" "\n" // Preload saved x26 and x27.
-    "ldp       x6, x7, [x26, #" STRINGIZE_VALUE_OF(IN_X28_OFFSET) "]" "\n" // Preload saved x28 and lr.
+    "ldp       x4, x5, [x26, #" STRINGIZE_VALUE_OF(IN_X26_OFFSET) "]" "\n" // Preload saved x26 and lr.
+    "ldr       x27, [x26, #" STRINGIZE_VALUE_OF(IN_X27_OFFSET) "]" "\n"
+
     "add       x26, x26, #" STRINGIZE_VALUE_OF(IN_SIZE) "\n" // Compute the sp before the probe.
 
@@ -374 +368 @@
     "stp       x20, x21, [sp, #" STRINGIZE_VALUE_OF(PROBE_CPU_X20_OFFSET) "]" "\n"
     "stp       x22, x23, [sp, #" STRINGIZE_VALUE_OF(PROBE_CPU_X22_OFFSET) "]" "\n"
-    "stp       x2, x3, [sp, #" STRINGIZE_VALUE_OF(PROBE_CPU_X24_OFFSET) "]" "\n" // Store saved r24 and r25 (preloaded into x2 and x3 above).
-    "stp       x4, x5, [sp, #" STRINGIZE_VALUE_OF(PROBE_CPU_X26_OFFSET) "]" "\n" // Store saved r26 and r27 (preloaded into x4 and x5 above).
-    "stp       x6, x29, [sp, #" STRINGIZE_VALUE_OF(PROBE_CPU_X28_OFFSET) "]" "\n"
-    "stp       x7, x26, [sp, #" STRINGIZE_VALUE_OF(PROBE_CPU_LR_OFFSET) "]" "\n" // Save values lr and sp (original sp value computed into x26 above).
+    "stp       x2,  x3,  [sp, #" STRINGIZE_VALUE_OF(PROBE_CPU_X24_OFFSET) "]" "\n" // Store saved r24 and r25 (preloaded into x2 and x3 above).
+    "stp       x4,  x27, [sp, #" STRINGIZE_VALUE_OF(PROBE_CPU_X26_OFFSET) "]" "\n" // Store saved r26 (preloaded into x4) and r27.
+    "stp       x28, x29, [sp, #" STRINGIZE_VALUE_OF(PROBE_CPU_X28_OFFSET) "]" "\n"
+    "stp       x5,  x26, [sp, #" STRINGIZE_VALUE_OF(PROBE_CPU_LR_OFFSET) "]" "\n" // Save values lr and sp (original sp value computed into x26 above).
 
     "add       x30, x30, #" STRINGIZE_VALUE_OF(2 * GPREG_SIZE) "\n" // The PC after the probe is at 2 instructions past the return point.
@@ -412 +406 @@
     // the caller of the probe (which is what we want in order to play nice with debuggers e.g. lldb).
     "mov       x0, sp" "\n" // Set the Probe::State* arg.
-#if CPU(ARM64E)
-    "movz      lr, #" STRINGIZE_VALUE_OF(JIT_PROBE_EXECUTOR_PTR_TAG) "\n"
-    "blrab     x28, lr" "\n" // Call the probe handler.
-#else
-    "blr       x28" "\n" // Call the probe handler.
-#endif
+    "bl      " SYMBOL_STRING(executeJSCJITProbe) "\n"
 
     // Make sure the Probe::State is entirely below the result stack pointer so
@@ -512 +501 @@
     // either modify lr or pc, but not both in the same probe invocation. The probe
     // mechanism ensures that we never try to modify both lr and pc with a RELEASE_ASSERT
-    // in Probe::executeProbe().
+    // in Probe::().
 
     // Determine if the probe handler changed the pc.
@@ -562 +551 @@
     "orr       x27, x27, x28" "\n"
     "ldrb      w27, [x27]" "\n"
-    "add       x27, x30, #48" "\n" // Compute sp at return point.
-    "pacib     x28, x27" "\n"
 #endif
     "ldr       x27, [sp, #" STRINGIZE_VALUE_OF(PROBE_CPU_FP_OFFSET) "]" "\n"
@@ -588 +575 @@
 
     storePair64(x24, x25, sp, TrustedImm32(offsetof(IncomingProbeRecord, x24)));
-    storePair64(x26, x27, sp, TrustedImm32(offsetof(IncomingProbeRecord, x26)));
-    storePair64(x28, x30, sp, TrustedImm32(offsetof(IncomingProbeRecord, x28))); // Note: x30 is lr.
+    storePair64(x26, x30, sp, TrustedImm32(offsetof(IncomingProbeRecord, x26))); // Note: x30 is lr.
     move(TrustedImmPtr(tagCFunction<OperationPtrTag>(ctiMasmProbeTrampoline)), x26);
-    move(TrustedImmPtr(tagCFunction<JITProbeExecutorPtrTag>(Probe::executeProbe)), x28);
 #if CPU(ARM64E)
     assertIsTaggedWith<JITProbePtrTag>(function);

trunk/Source/JavaScriptCore/assembler/MacroAssemblerARMv7.cpp

@@ -229 +229 @@
     //     r0: probe function
     //     r1: probe arg
-    //     r2: Probe::executeProbe
+    //     r2: Probe::executeJSCJITProbe
     //     ip: scratch, was ctiMasmProbeTrampoline
     //     lr: return address
 
     "mov       ip, sp" "\n"
-    "str       r2, [ip, #-" STRINGIZE_VALUE_OF(PTR_SIZE) "]" "\n" // Stash Probe::executeProbe.
+    "str       r2, [ip, #-" STRINGIZE_VALUE_OF(PTR_SIZE) "]" "\n" // Stash Probe::executeJSCJITProbe.
 
     "mov       r2, sp" "\n"
@@ -242 +242 @@
     "bic       r2, r2, #0xf" "\n"
     "mov       sp, r2" "\n" // Set the sp to protect the Probe::State from interrupts before we initialize it.
-    "ldr       r2, [ip, #-" STRINGIZE_VALUE_OF(PTR_SIZE) "]" "\n" // Reload Probe::executeProbe.
+    "ldr       r2, [ip, #-" STRINGIZE_VALUE_OF(PTR_SIZE) "]" "\n" // Reload Probe::executeJSCJITProbe.
 
     "str       r0, [sp, #" STRINGIZE_VALUE_OF(PROBE_PROBE_FUNCTION_OFFSET) "]" "\n"
@@ -281 +281 @@
 
     "mov       r0, sp" "\n" // the Probe::State* arg.
-    "blx       r2" "\n" // Call Probe::executeProbe.
+    "blx       r2" "\n" // Call Probe::executeJSCJITProbe.
 
     // Make sure the Probe::State is entirely below the result stack pointer so
@@ -381 +381 @@
     move(TrustedImmPtr(reinterpret_cast<void*>(function)), r0);
     move(TrustedImmPtr(arg), r1);
-    move(TrustedImmPtr(reinterpret_cast<void*>(Probe::executeProbe)), r2);
+    move(TrustedImmPtr(reinterpret_cast<void*>(Probe::executeJSCJITProbe)), r2);
     move(TrustedImmPtr(reinterpret_cast<void*>(ctiMasmProbeTrampoline)), ip);
     m_assembler.blx(ip);

trunk/Source/JavaScriptCore/assembler/MacroAssemblerMIPS.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2013-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2021 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -305 +305 @@
     //     a0: probe function
     //     a1: probe arg
-    //     a2: Probe::executeProbe
+    //     a2: Probe::executeJSCJITProbe
     //     s0: scratch, was ctiMasmProbeTrampoline
     //     s1: scratch
@@ -395 +395 @@
     "move      $a0, $sp" "\n" // Set the Probe::State* arg.
     "addiu     $sp, $sp, -16" "\n" // Allocate stack space for (unused) 16 bytes (8-byte aligned) for 4 arguments.
-    "move      $t9, $a2" "\n" // Probe::executeProbe()
+    "move      $t9, $a2" "\n" // Probe::executeJSCJITProbe()
     "jalr      $t9" "\n" // Call the probe handler.
     "nop" "\n"
@@ -509 +509 @@
     // either modify ra or pc, but not both in the same probe invocation. The probe
     // mechanism ensures that we never try to modify both ra and pc with a RELEASE_ASSERT
-    // in Probe::executeProbe().
+    // in Probe::executeJSCJITProbe().
 
     // Determine if the probe handler changed the pc.
@@ -564 +564 @@
     move(TrustedImmPtr(reinterpret_cast<void*>(function)), a0);
     move(TrustedImmPtr(arg), a1);
-    move(TrustedImmPtr(reinterpret_cast<void*>(Probe::executeProbe)), a2);
+    move(TrustedImmPtr(reinterpret_cast<void*>(Probe::executeJSCJITProbe)), a2);
     move(TrustedImmPtr(reinterpret_cast<void*>(ctiMasmProbeTrampoline)), s0);
     m_assembler.jalr(s0);

trunk/Source/JavaScriptCore/assembler/MacroAssemblerX86Common.cpp

@@ -106 +106 @@
 #endif // CPU(X86_64)
 
-#define PROBE_EXECUTOR_OFFSET PROBE_SIZE // Stash the executeProbe function pointer at the end of the ProbeContext.
+#if COMPILER(MSVC) || CPU(X86)
+#define PROBE_EXECUTOR_OFFSET PROBE_SIZE // Stash the executeJSCJITProbe function pointer at the end of the ProbeContext.
+#endif
 
 // The outgoing record to be popped off the stack at the end consists of:
@@ -166 +168 @@
 
 static_assert(sizeof(Probe::State) == PROBE_SIZE, "Probe::State::size's matches ctiMasmProbeTrampoline");
+#if COMPILER(MSVC) || CPU(X86)
 static_assert((PROBE_EXECUTOR_OFFSET + PTR_SIZE) <= (PROBE_SIZE + OUT_SIZE), "Must have room after ProbeContext to stash the probe handler");
+#endif
 
 #undef PROBE_OFFSETOF
@@ -190 +194 @@
     //
     // Incoming registers contain:
-    //     ecx: Probe::executeProbe
+    //     ecx: Probe::executeJSCJITProbe
     //     edx: probe function
     //     ebx: probe arg
@@ -357 +361 @@
         //
         // Incoming registers contain:
-        //     ecx: Probe::executeProbe
+        //     ecx: Probe::executeJSCJITProbe
         //     edx: probe function
         //     ebx: probe arg
@@ -529 +533 @@
     //     rbp[2 * ptrSize]: saved rbx
     //     rbp[3 * ptrSize]: saved rdx
-    //     rbp[4 * ptrSize]: saved rcx
-    //     rbp[5 * ptrSize]: saved rax
+    //     rbp[4 * ptrSize]: saved rax
     //
     // Incoming registers contain:
-    //     rcx: Probe::executeProbe
     //     rdx: probe function
     //     rbx: probe arg
@@ -544 +546 @@
     // Since sp points to the Probe::State, we've ensured that it's protected from interrupts before we initialize it.
 
-    "movq %rcx, " STRINGIZE_VALUE_OF(PROBE_EXECUTOR_OFFSET) "(%rsp)" "\n"
     "movq %rdx, " STRINGIZE_VALUE_OF(PROBE_PROBE_FUNCTION_OFFSET) "(%rsp)" "\n"
     "movq %rbx, " STRINGIZE_VALUE_OF(PROBE_ARG_OFFSET) "(%rsp)" "\n"
     "movq %rsi, " STRINGIZE_VALUE_OF(PROBE_CPU_ESI_OFFSET) "(%rsp)" "\n"
     "movq %rdi, " STRINGIZE_VALUE_OF(PROBE_CPU_EDI_OFFSET) "(%rsp)" "\n"
+
+    "movq %rcx, " STRINGIZE_VALUE_OF(PROBE_CPU_ECX_OFFSET) "(%rsp)" "\n"
 
     "movq -1 * " STRINGIZE_VALUE_OF(PTR_SIZE) "(%rbp), %rcx" "\n"
@@ -561 +564 @@
     "movq %rcx, " STRINGIZE_VALUE_OF(PROBE_CPU_EDX_OFFSET) "(%rsp)" "\n"
     "movq 4 * " STRINGIZE_VALUE_OF(PTR_SIZE) "(%rbp), %rcx" "\n"
-    "movq %rcx, " STRINGIZE_VALUE_OF(PROBE_CPU_ECX_OFFSET) "(%rsp)" "\n"
-    "movq 5 * " STRINGIZE_VALUE_OF(PTR_SIZE) "(%rbp), %rcx" "\n"
     "movq %rcx, " STRINGIZE_VALUE_OF(PROBE_CPU_EAX_OFFSET) "(%rsp)" "\n"
 
@@ -596 +597 @@
 
     "movq %rsp, %rdi" "\n" // the Probe::State* arg.
-    "call *" STRINGIZE_VALUE_OF(PROBE_EXECUTOR_OFFSET) "(%rsp)" "\n"
+    "call " SYMBOL_STRING(executeJSCJITProbe) "\n"
 
     // Make sure the Probe::State is entirely below the result stack pointer so
@@ -752 +753 @@
 void MacroAssembler::probe(Probe::Function function, void* arg)
 {
+#if CPU(X86_64) && COMPILER(GCC_COMPATIBLE)
+    // Extra push so that the total number of pushes pad out to 32-bytes, and the
+    // stack pointer remains 32 byte aligned as required by the ABI.
+    push(RegisterID::eax);
+#endif
     push(RegisterID::eax);
     move(TrustedImmPtr(reinterpret_cast<void*>(ctiMasmProbeTrampoline)), RegisterID::eax);
+#if COMPILER(MSVC) || CPU(X86)
     push(RegisterID::ecx);
-    move(TrustedImmPtr(reinterpret_cast<void*>(Probe::executeProbe)), RegisterID::ecx);
+    move(TrustedImmPtr(reinterpret_cast<void*>(Probe::executeJSCJITProbe)), RegisterID::ecx);
+#endif
     push(RegisterID::edx);
     move(TrustedImmPtr(reinterpret_cast<void*>(function)), RegisterID::edx);

trunk/Source/JavaScriptCore/assembler/ProbeContext.cpp

@@ -34 +34 @@
 static void flushDirtyStackPages(State*);
 
-void executeProbe(State* state)
+void executeJSCJITProbe(State* state)
 {
     Context context(state);

trunk/Source/JavaScriptCore/assembler/ProbeContext.h

@@ -244 +244 @@
 };
 
-void executeProbe(State*);
+extern "C" void executeJSCJITProbe(State*);
 
 } // namespace Probe

trunk/Source/JavaScriptCore/runtime/JSCPtrTag.h

@@ -57 +57 @@
     v(HostFunctionPtrTag, PtrTagCalleeType::Native, PtrTagCallerType::Native) \
     v(JITProbePtrTag, PtrTagCalleeType::Native, PtrTagCallerType::Native) \
-    v(JITProbeExecutorPtrTag, PtrTagCalleeType::Native, PtrTagCallerType::Native) \
     v(JITProbePCPtrTag, PtrTagCalleeType::Native, PtrTagCallerType::Native) \
     v(JITProbeStackInitializationFunctionPtrTag, PtrTagCalleeType::Native, PtrTagCallerType::Native) \