Changeset 294180 in webkit

Timestamp:

May 13, 2022 3:28:16 PM (2 years ago)

Author:

mark.lam@apple.com

Message:

Enhance the ARM64Disassembler to print pc indices and better branch target labels.
​https://bugs.webkit.org/show_bug.cgi?id=240370

Reviewed by Saam Barati.

Disassemblies used to look like this:

0x10e480ff8: ldurb w17, [x0, #7]
0x10e480ffc: cmp w17, #0
0x10e481000: b.hi 0x10e48103c
0x10e481004: stur x0, [fp, #-72]
...
0x10e481040: movk x3, #0xfffe, lsl #48
0x10e481044: b 0x10e4814f4
0x10e481048: nop

With this patch, it will now look like this:

<748> 0x10e120aec: ldurb w17, [x0, #7]
<752> 0x10e120af0: cmp w17, #0
<756> 0x10e120af4: b.hi 0x10e120b30 -> <816>
<760> 0x10e120af8: stur x0, [fp, #-80]
...
<820> 0x10e120b34: movk x3, #0xfffe, lsl #48
<824> 0x10e120b38: b 0x10e120fc8 -> <1992>
<828> 0x10e120b3c: nop

1. Each instruction pc is now prefixed with a pc index i.e. the offset of the pc address from the start of the compilation unit e.g. <756>.

2. Relative branches now show the branch target as a pc index (effectively, an internal label in this compilation unit) in addition to the pc address e.g. the "-> <816>" in:

<756> 0x10e120af4: b.hi 0x10e120b30 -> <816>

Also fixed a formatting bug where the space between relative branch instructions
and their target pc was short 2 spaces.

3. If the relative branch target is a known thunk, the disassembler will now print the thunk label e.g.

<828> 0x10e12033c: bl 0x10e0f0a00 -> <thunk: get_from_scope thunk>

<1476> 0x10e120dc4: cbnz x16, 0x10e104100 -> <thunk: handleExceptionWithCallFrameRollback>
<2368> 0x10e121140: b 0x10e10c000 -> <thunk: DFG OSR exit generation thunk>

Introduced a FINALIZE_THUNK macro that will be used instead of FINALIZE_CODE in
thunk generators. By doing so, thunk labels will automatically be registered
with the disassembler, and will be used for the above look up.

Thunk label registration is only done if disassembly is enabled.

4. If the branch target is neither an internal label nor a thunk, then the disassembler will print some useful info about it to the best of its knowledge e.g.

<168> 0x10e1002e8: b 0x10e120b60 -> <JIT PC>
<168> 0x10e1002e8: b 0x10e120b60 -> <LLInt PC>
<168> 0x10e1002e8: b 0x10e120b60 -> <unknown>

5. The disassemble() function now takes 2 additional arguments: codeStart, and codeEnd. These are needed so that the disassembler can compute the pc index for each instruction, as well as determine if a branch target is internal to this compilation unit, or pointing out of it.

This feature is currently only supported for the ARM64 disassembler.

Printing of JIT operation labels (via movz + movk + indirect branch) is not yet
supported.

• assembler/LinkBuffer.cpp:

(JSC::LinkBuffer::finalizeCodeWithDisassemblyImpl):

• assembler/LinkBuffer.h:

(JSC::LinkBuffer::setIsThunk):

• b3/air/AirDisassembler.cpp:

(JSC::B3::Air::Disassembler::dump):

• dfg/DFGDisassembler.cpp:

(JSC::DFG::Disassembler::dumpDisassembly):

• dfg/DFGThunks.cpp:

(JSC::DFG::osrExitGenerationThunkGenerator):
(JSC::DFG::osrEntryThunkGenerator):

• disassembler/ARM64/A64DOpcode.cpp:

(JSC::ARM64Disassembler::A64DOpcode::appendPCRelativeOffset):
(JSC::ARM64Disassembler::A64DOpcodeConditionalBranchImmediate::format):

• disassembler/ARM64/A64DOpcode.h:

(JSC::ARM64Disassembler::A64DOpcode::A64DOpcode):
(JSC::ARM64Disassembler::A64DOpcode::appendPCRelativeOffset): Deleted.

• disassembler/ARM64Disassembler.cpp:

(JSC::tryToDisassemble):

• disassembler/CapstoneDisassembler.cpp:

(JSC::tryToDisassemble):

• disassembler/Disassembler.cpp:

(JSC::disassemble):
(JSC::disassembleAsynchronously):
(JSC::ensureThunkLabelMap):
(JSC::registerThunkLabel):
(JSC::labelForThunk):

• disassembler/Disassembler.h:

(JSC::tryToDisassemble):

• disassembler/RISCV64Disassembler.cpp:

(JSC::tryToDisassemble):

• disassembler/X86Disassembler.cpp:

(JSC::tryToDisassemble):

• ftl/FTLThunks.cpp:

(JSC::FTL::genericGenerationThunkGenerator):
(JSC::FTL::slowPathCallThunkGenerator):

• jit/JIT.cpp:

(JSC::JIT::consistencyCheckGenerator):

• jit/JITCall.cpp:

(JSC::JIT::returnFromBaselineGenerator):

• jit/JITDisassembler.cpp:

(JSC::JITDisassembler::dump):
(JSC::JITDisassembler::dumpDisassembly):

• jit/JITDisassembler.h:
• jit/JITOpcodes.cpp:

(JSC::JIT::valueIsFalseyGenerator):
(JSC::JIT::valueIsTruthyGenerator):
(JSC::JIT::op_throw_handlerGenerator):
(JSC::JIT::op_enter_handlerGenerator):
(JSC::JIT::op_check_traps_handlerGenerator):

• jit/JITPropertyAccess.cpp:

(JSC::JIT::slow_op_get_by_val_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::slow_op_get_private_name_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::slow_op_put_by_val_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::slow_op_put_private_name_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::slow_op_del_by_id_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::slow_op_del_by_val_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::slow_op_get_by_id_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::slow_op_get_by_id_with_this_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::slow_op_put_by_id_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::generateOpResolveScopeThunk):
(JSC::JIT::slow_op_resolve_scopeGenerator):
(JSC::JIT::generateOpGetFromScopeThunk):
(JSC::JIT::slow_op_get_from_scopeGenerator):
(JSC::JIT::slow_op_put_to_scopeGenerator):

• jit/SlowPathCall.cpp:

(JSC::JITSlowPathCall::generateThunk):

• jit/SpecializedThunkJIT.h:

(JSC::SpecializedThunkJIT::finalize):

• jit/ThunkGenerator.h:
• jit/ThunkGenerators.cpp:

(JSC::handleExceptionGenerator):
(JSC::handleExceptionWithCallFrameRollbackGenerator):
(JSC::popThunkStackPreservesAndHandleExceptionGenerator):
(JSC::checkExceptionGenerator):
(JSC::throwExceptionFromCallSlowPathGenerator):
(JSC::linkCallThunkGenerator):
(JSC::linkPolymorphicCallThunkGenerator):
(JSC::virtualThunkFor):
(JSC::nativeForGenerator):
(JSC::arityFixupGenerator):
(JSC::unreachableGenerator):
(JSC::stringGetByValGenerator):
(JSC::boundFunctionCallGenerator):
(JSC::remoteFunctionCallGenerator):

• llint/LLIntThunks.cpp:

(JSC::LLInt::generateThunkWithJumpTo):
(JSC::LLInt::generateThunkWithJumpToPrologue):
(JSC::LLInt::generateThunkWithJumpToLLIntReturnPoint):
(JSC::LLInt::createJSGateThunk):
(JSC::LLInt::createWasmGateThunk):
(JSC::LLInt::createTailCallGate):
(JSC::LLInt::tagGateThunk):
(JSC::LLInt::untagGateThunk):

• yarr/YarrDisassembler.cpp:

(JSC::Yarr::YarrDisassembler::dump):
(JSC::Yarr::YarrDisassembler::dumpDisassembly):

• yarr/YarrDisassembler.h:

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• assembler/LinkBuffer.cpp (modified) (3 diffs)
• assembler/LinkBuffer.h (modified) (3 diffs)
• b3/air/AirDisassembler.cpp (modified) (3 diffs)
• dfg/DFGDisassembler.cpp (modified) (2 diffs)
• dfg/DFGThunks.cpp (modified) (3 diffs)
• disassembler/ARM64/A64DOpcode.cpp (modified) (4 diffs)
• disassembler/ARM64/A64DOpcode.h (modified) (4 diffs)
• disassembler/ARM64Disassembler.cpp (modified) (2 diffs)
• disassembler/CapstoneDisassembler.cpp (modified) (1 diff)
• disassembler/Disassembler.cpp (modified) (7 diffs)
• disassembler/Disassembler.h (modified) (3 diffs)
• disassembler/RISCV64Disassembler.cpp (modified) (1 diff)
• disassembler/X86Disassembler.cpp (modified) (1 diff)
• ftl/FTLThunks.cpp (modified) (2 diffs)
• jit/JIT.cpp (modified) (2 diffs)
• jit/JITCall.cpp (modified) (2 diffs)
• jit/JITDisassembler.cpp (modified) (3 diffs)
• jit/JITDisassembler.h (modified) (2 diffs)
• jit/JITOpcodes.cpp (modified) (6 diffs)
• jit/JITPropertyAccess.cpp (modified) (15 diffs)
• jit/SlowPathCall.cpp (modified) (2 diffs)
• jit/SpecializedThunkJIT.h (modified) (2 diffs)
• jit/ThunkGenerator.h (modified) (2 diffs)
• jit/ThunkGenerators.cpp (modified) (15 diffs)
• llint/LLIntThunks.cpp (modified) (9 diffs)
• yarr/YarrDisassembler.cpp (modified) (3 diffs)
• yarr/YarrDisassembler.h (modified) (2 diffs)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2022-05-13  Mark Lam  <mark.lam@apple.com>
+
+        Enhance the ARM64Disassembler to print pc indices and better branch target labels.
+        https://bugs.webkit.org/show_bug.cgi?id=240370
+
+        Reviewed by Saam Barati.
+
+        Disassemblies used to look like this:
+
+             0x10e480ff8:    ldurb    w17, [x0, #7]
+             0x10e480ffc:    cmp      w17, #0
+             0x10e481000:    b.hi   0x10e48103c
+             0x10e481004:    stur     x0, [fp, #-72]
+             ...
+             0x10e481040:    movk     x3, #0xfffe, lsl #48
+             0x10e481044:    b        0x10e4814f4
+             0x10e481048:    nop      
+
+        With this patch, it will now look like this:
+
+               <748> 0x10e120aec:    ldurb    w17, [x0, #7]
+               <752> 0x10e120af0:    cmp      w17, #0
+               <756> 0x10e120af4:    b.hi     0x10e120b30 -> <816>
+               <760> 0x10e120af8:    stur     x0, [fp, #-80]
+               ...
+               <820> 0x10e120b34:    movk     x3, #0xfffe, lsl #48
+               <824> 0x10e120b38:    b        0x10e120fc8 -> <1992>
+               <828> 0x10e120b3c:    nop      
+
+        1. Each instruction pc is now prefixed with a pc index i.e. the offset of the
+           pc address from the start of the compilation unit e.g. <756>.
+
+        2. Relative branches now show the branch target as a pc index (effectively, an
+           internal label in this compilation unit) in addition to the pc address e.g.
+           the "-> <816>" in:
+               <756> 0x10e120af4:    b.hi     0x10e120b30 -> <816>
+
+           Also fixed a formatting bug where the space between relative branch instructions
+           and their target pc was short 2 spaces.
+
+        3. If the relative branch target is a known thunk, the disassembler will now
+           print the thunk label e.g.
+
+               <828> 0x10e12033c:    bl       0x10e0f0a00 -> <thunk: get_from_scope thunk>
+              <1476> 0x10e120dc4:    cbnz     x16, 0x10e104100 -> <thunk: handleExceptionWithCallFrameRollback>
+              <2368> 0x10e121140:    b        0x10e10c000 -> <thunk: DFG OSR exit generation thunk>
+
+           Introduced a FINALIZE_THUNK macro that will be used instead of FINALIZE_CODE in
+           thunk generators.  By doing so, thunk labels will automatically be registered
+           with the disassembler, and will be used for the above look up.
+
+           Thunk label registration is only done if disassembly is enabled.
+
+        4. If the branch target is neither an internal label nor a thunk, then the
+           disassembler will print some useful info about it to the best of its
+           knowledge e.g.
+
+               <168> 0x10e1002e8:    b        0x10e120b60 -> <JIT PC>
+               <168> 0x10e1002e8:    b        0x10e120b60 -> <LLInt PC>
+               <168> 0x10e1002e8:    b        0x10e120b60 -> <unknown>
+
+        5. The disassemble() function now takes 2 additional arguments: codeStart, and
+           codeEnd.  These are needed so that the disassembler can compute the pc index
+           for each instruction, as well as determine if a branch target is internal to
+           this compilation unit, or pointing out of it.
+
+        This feature is currently only supported for the ARM64 disassembler.
+
+        Printing of JIT operation labels (via movz + movk + indirect branch) is not yet
+        supported.
+
+        * assembler/LinkBuffer.cpp:
+        (JSC::LinkBuffer::finalizeCodeWithDisassemblyImpl):
+        * assembler/LinkBuffer.h:
+        (JSC::LinkBuffer::setIsThunk):
+        * b3/air/AirDisassembler.cpp:
+        (JSC::B3::Air::Disassembler::dump):
+        * dfg/DFGDisassembler.cpp:
+        (JSC::DFG::Disassembler::dumpDisassembly):
+        * dfg/DFGThunks.cpp:
+        (JSC::DFG::osrExitGenerationThunkGenerator):
+        (JSC::DFG::osrEntryThunkGenerator):
+        * disassembler/ARM64/A64DOpcode.cpp:
+        (JSC::ARM64Disassembler::A64DOpcode::appendPCRelativeOffset):
+        (JSC::ARM64Disassembler::A64DOpcodeConditionalBranchImmediate::format):
+        * disassembler/ARM64/A64DOpcode.h:
+        (JSC::ARM64Disassembler::A64DOpcode::A64DOpcode):
+        (JSC::ARM64Disassembler::A64DOpcode::appendPCRelativeOffset): Deleted.
+        * disassembler/ARM64Disassembler.cpp:
+        (JSC::tryToDisassemble):
+        * disassembler/CapstoneDisassembler.cpp:
+        (JSC::tryToDisassemble):
+        * disassembler/Disassembler.cpp:
+        (JSC::disassemble):
+        (JSC::disassembleAsynchronously):
+        (JSC::ensureThunkLabelMap):
+        (JSC::registerThunkLabel):
+        (JSC::labelForThunk):
+        * disassembler/Disassembler.h:
+        (JSC::tryToDisassemble):
+        * disassembler/RISCV64Disassembler.cpp:
+        (JSC::tryToDisassemble):
+        * disassembler/X86Disassembler.cpp:
+        (JSC::tryToDisassemble):
+        * ftl/FTLThunks.cpp:
+        (JSC::FTL::genericGenerationThunkGenerator):
+        (JSC::FTL::slowPathCallThunkGenerator):
+        * jit/JIT.cpp:
+        (JSC::JIT::consistencyCheckGenerator):
+        * jit/JITCall.cpp:
+        (JSC::JIT::returnFromBaselineGenerator):
+        * jit/JITDisassembler.cpp:
+        (JSC::JITDisassembler::dump):
+        (JSC::JITDisassembler::dumpDisassembly):
+        * jit/JITDisassembler.h:
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::valueIsFalseyGenerator):
+        (JSC::JIT::valueIsTruthyGenerator):
+        (JSC::JIT::op_throw_handlerGenerator):
+        (JSC::JIT::op_enter_handlerGenerator):
+        (JSC::JIT::op_check_traps_handlerGenerator):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::slow_op_get_by_val_callSlowOperationThenCheckExceptionGenerator):
+        (JSC::JIT::slow_op_get_private_name_callSlowOperationThenCheckExceptionGenerator):
+        (JSC::JIT::slow_op_put_by_val_callSlowOperationThenCheckExceptionGenerator):
+        (JSC::JIT::slow_op_put_private_name_callSlowOperationThenCheckExceptionGenerator):
+        (JSC::JIT::slow_op_del_by_id_callSlowOperationThenCheckExceptionGenerator):
+        (JSC::JIT::slow_op_del_by_val_callSlowOperationThenCheckExceptionGenerator):
+        (JSC::JIT::slow_op_get_by_id_callSlowOperationThenCheckExceptionGenerator):
+        (JSC::JIT::slow_op_get_by_id_with_this_callSlowOperationThenCheckExceptionGenerator):
+        (JSC::JIT::slow_op_put_by_id_callSlowOperationThenCheckExceptionGenerator):
+        (JSC::JIT::generateOpResolveScopeThunk):
+        (JSC::JIT::slow_op_resolve_scopeGenerator):
+        (JSC::JIT::generateOpGetFromScopeThunk):
+        (JSC::JIT::slow_op_get_from_scopeGenerator):
+        (JSC::JIT::slow_op_put_to_scopeGenerator):
+        * jit/SlowPathCall.cpp:
+        (JSC::JITSlowPathCall::generateThunk):
+        * jit/SpecializedThunkJIT.h:
+        (JSC::SpecializedThunkJIT::finalize):
+        * jit/ThunkGenerator.h:
+        * jit/ThunkGenerators.cpp:
+        (JSC::handleExceptionGenerator):
+        (JSC::handleExceptionWithCallFrameRollbackGenerator):
+        (JSC::popThunkStackPreservesAndHandleExceptionGenerator):
+        (JSC::checkExceptionGenerator):
+        (JSC::throwExceptionFromCallSlowPathGenerator):
+        (JSC::linkCallThunkGenerator):
+        (JSC::linkPolymorphicCallThunkGenerator):
+        (JSC::virtualThunkFor):
+        (JSC::nativeForGenerator):
+        (JSC::arityFixupGenerator):
+        (JSC::unreachableGenerator):
+        (JSC::stringGetByValGenerator):
+        (JSC::boundFunctionCallGenerator):
+        (JSC::remoteFunctionCallGenerator):
+        * llint/LLIntThunks.cpp:
+        (JSC::LLInt::generateThunkWithJumpTo):
+        (JSC::LLInt::generateThunkWithJumpToPrologue):
+        (JSC::LLInt::generateThunkWithJumpToLLIntReturnPoint):
+        (JSC::LLInt::createJSGateThunk):
+        (JSC::LLInt::createWasmGateThunk):
+        (JSC::LLInt::createTailCallGate):
+        (JSC::LLInt::tagGateThunk):
+        (JSC::LLInt::untagGateThunk):
+        * yarr/YarrDisassembler.cpp:
+        (JSC::Yarr::YarrDisassembler::dump):
+        (JSC::Yarr::YarrDisassembler::dumpDisassembly):
+        * yarr/YarrDisassembler.h:
+
 2022-05-13  Adrian Perez de Castro  <aperez@igalia.com>
 

trunk/Source/JavaScriptCore/assembler/LinkBuffer.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2012-2021 Apple Inc. All rights reserved.
+ * Copyright (C) 2012-2022 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -76 +76 @@
     va_list argList;
     va_start(argList, format);
-    out.vprintf(format, argList);
+
+    if (m_isThunk) {
+        va_list preflightArgs;
+        va_copy(preflightArgs, argList);
+        size_t stringLength = vsnprintf(nullptr, 0, format, preflightArgs);
+        va_end(preflightArgs);
+
+        char* buffer = 0;
+        CString label = CString::newUninitialized(stringLength + 1, buffer);
+        vsnprintf(buffer, stringLength + 1, format, argList);
+        buffer[stringLength] = '\0';
+        out.printf("%s", buffer);
+
+        registerThunkLabel(result.code().untaggedExecutableAddress(), WTFMove(label));
+    } else
+        out.vprintf(format, argList);
+
     va_end(argList);
     out.printf(":\n");
@@ -91 +107 @@
     }
     
+    void* codeStart = entrypoint<DisassemblyPtrTag>().untaggedExecutableAddress();
+    void* codeEnd = bitwise_cast<uint8_t*>(codeStart) + size();
+
     if (Options::asyncDisassembly()) {
         CodeRef<DisassemblyPtrTag> codeRefForDisassembly = result.retagged<DisassemblyPtrTag>();
-        disassembleAsynchronously(header, WTFMove(codeRefForDisassembly), m_size, "    ");
+        disassembleAsynchronously(header, WTFMove(codeRefForDisassembly), m_size, codeStart, codeEnd, "    ");
         return result;
     }
     
     dataLog(header);
-    disassemble(result.retaggedCode<DisassemblyPtrTag>(), m_size, "    ", WTF::dataFile());
+    disassemble(result.retaggedCode<DisassemblyPtrTag>(), m_size, codeStart, codeEnd, "    ", WTF::dataFile());
     
     return result;

trunk/Source/JavaScriptCore/assembler/LinkBuffer.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2009-2021 Apple Inc. All rights reserved.
+ * Copyright (C) 2009-2022 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -343 +343 @@
     }
 
+    void setIsThunk() { m_isThunk = true; }
+
 private:
     JS_EXPORT_PRIVATE CodeRef<LinkBufferPtrTag> finalizeCodeWithoutDisassemblyImpl();
@@ -418 +420 @@
 #endif
     bool m_alreadyDisassembled { false };
+    bool m_isThunk { false };
     Profile m_profile { Profile::Uncategorized };
     MacroAssemblerCodePtr<LinkBufferPtrTag> m_code;

trunk/Source/JavaScriptCore/b3/air/AirDisassembler.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2017-2020 Apple Inc. All rights reserved.
+ * Copyright (C) 2017-2022 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -72 +72 @@
 void Disassembler::dump(Code& code, PrintStream& out, LinkBuffer& linkBuffer, const char* airPrefix, const char* asmPrefix, const ScopedLambda<void(Inst&)>& doToEachInst)
 {
+    void* codeStart = linkBuffer.entrypoint<DisassemblyPtrTag>().untaggedExecutableAddress();
+    void* codeEnd = bitwise_cast<uint8_t*>(codeStart) +  linkBuffer.size();
+
     auto dumpAsmRange = [&] (CCallHelpers::Label startLabel, CCallHelpers::Label endLabel) {
         RELEASE_ASSERT(startLabel.isSet());
@@ -78 +81 @@
         CodeLocationLabel<DisassemblyPtrTag> end = linkBuffer.locationOf<DisassemblyPtrTag>(endLabel);
         RELEASE_ASSERT(end.dataLocation<uintptr_t>() >= start.dataLocation<uintptr_t>());
-        disassemble(start, end.dataLocation<uintptr_t>() - start.dataLocation<uintptr_t>(), asmPrefix, out);
+        disassemble(start, end.dataLocation<uintptr_t>() - start.dataLocation<uintptr_t>(), codeStart, codeEnd, asmPrefix, out);
     };
 

trunk/Source/JavaScriptCore/dfg/DFGDisassembler.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2012-2018 Apple Inc. All rights reserved.
+ * Copyright (C) 2012-2022 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -163 +163 @@
     prefixBuffer[prefixLength + amountOfNodeWhiteSpace] = 0;
     
+    void* codeStart = linkBuffer.entrypoint<DisassemblyPtrTag>().untaggedExecutableAddress();
+    void* codeEnd = bitwise_cast<uint8_t*>(codeStart) +  linkBuffer.size();
+
     CodeLocationLabel<DisassemblyPtrTag> start = linkBuffer.locationOf<DisassemblyPtrTag>(previousLabel);
     CodeLocationLabel<DisassemblyPtrTag> end = linkBuffer.locationOf<DisassemblyPtrTag>(currentLabel);
     previousLabel = currentLabel;
     ASSERT(end.dataLocation<uintptr_t>() >= start.dataLocation<uintptr_t>());
-    disassemble(start, end.dataLocation<uintptr_t>() - start.dataLocation<uintptr_t>(), prefixBuffer.data(), out);
+    disassemble(start, end.dataLocation<uintptr_t>() - start.dataLocation<uintptr_t>(), codeStart, codeEnd, prefixBuffer.data(), out);
 }
 

trunk/Source/JavaScriptCore/dfg/DFGThunks.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2011-2021 Apple Inc. All rights reserved.
+ * Copyright (C) 2011-2022 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -128 +128 @@
     patchBuffer.link(functionCall, FunctionPtr<OperationPtrTag>(operationCompileOSRExit));
 
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "DFG OSR exit generation thunk");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "DFG OSR exit generation thunk");
 }
 
@@ -176 +176 @@
 
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::DFGOSREntry);
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "DFG OSR entry thunk");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "DFG OSR entry thunk");
 }
 

trunk/Source/JavaScriptCore/disassembler/ARM64/A64DOpcode.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2012-2021 Apple Inc. All rights reserved.
+ * Copyright (C) 2012-2022 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -30 +30 @@
 #include "A64DOpcode.h"
 
+#include "Disassembler.h"
+#include "ExecutableAllocator.h"
+#include "GPRInfo.h"
+#include "LLIntPCRanges.h"
 #include <stdarg.h>
 #include <stdint.h>
@@ -188 +192 @@
 }
 
+void A64DOpcode::appendPCRelativeOffset(uint32_t* pc, int32_t immediate)
+{
+    uint32_t* targetPC = pc + immediate;
+    constexpr size_t bufferSize = 101;
+    char buffer[bufferSize];
+    const char* targetInfo = buffer;
+    if (!m_startPC)
+        targetInfo = "";
+    else if (targetPC >= m_startPC && targetPC < m_endPC)
+        snprintf(buffer, bufferSize - 1, " -> <%u>", static_cast<unsigned>((targetPC - m_startPC) * sizeof(uint32_t)));
+    else if (const char* thunkLabel = labelForThunk(targetPC))
+        snprintf(buffer, bufferSize - 1, " -> <thunk: %s>", thunkLabel);
+    else if (isJITPC(targetPC))
+        targetInfo = " -> <JIT PC>";
+    else if (LLInt::isLLIntPC(targetPC))
+        targetInfo = " -> <LLInt PC>";
+    else
+        targetInfo = " -> <unknown>";
+
+    bufferPrintf("0x%" PRIxPTR "%s", bitwise_cast<uintptr_t>(targetPC),  targetInfo);
+}
+
 void A64DOpcode::appendRegisterName(unsigned registerNumber, bool is64Bit)
 {
@@ -413 +439 @@
 const char* A64DOpcodeConditionalBranchImmediate::format()
 {
-    bufferPrintf("   b.%-5.5s", conditionName(condition()));
+    bufferPrintf("   b.%-7.7s", conditionName(condition()));
     appendPCRelativeOffset(m_currentPC, static_cast<int32_t>(immediate19()));
     return m_formatBuffer;

trunk/Source/JavaScriptCore/disassembler/ARM64/A64DOpcode.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2012-2021 Apple Inc. All rights reserved.
+ * Copyright (C) 2012-2022 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -74 +74 @@
     static void init();
 
-    A64DOpcode()
-        : m_opcode(0)
+    A64DOpcode(uint32_t* startPC = nullptr, uint32_t* endPC = nullptr)
+        : m_startPC(startPC)
+        , m_endPC(endPC)
+        , m_opcode(0)
         , m_bufferOffset(0)
     {
@@ -186 +188 @@
     }
 
-    void appendPCRelativeOffset(uint32_t* pc, int32_t immediate)
-    {
-        bufferPrintf("0x%" PRIxPTR, bitwise_cast<uintptr_t>(pc + immediate));
-    }
+    void appendPCRelativeOffset(uint32_t* pc, int32_t immediate);
 
     void appendShiftAmount(unsigned amount)
@@ -199 +198 @@
 
     char m_formatBuffer[bufferSize];
+    uint32_t* m_startPC;
+    uint32_t* m_endPC;
     uint32_t* m_currentPC;
     uint32_t m_opcode;

trunk/Source/JavaScriptCore/disassembler/ARM64Disassembler.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2012-2018 Apple Inc. All rights reserved.
+ * Copyright (C) 2012-2022 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -34 +34 @@
 namespace JSC {
 
-bool tryToDisassemble(const MacroAssemblerCodePtr<DisassemblyPtrTag>& codePtr, size_t size, const char* prefix, PrintStream& out)
+bool tryToDisassemble(const MacroAssemblerCodePtr<DisassemblyPtrTag>& codePtr, size_t size, void* codeStart, void* codeEnd, const char* prefix, PrintStream& out)
 {
-    A64DOpcode arm64Opcode;
-
     uint32_t* currentPC = codePtr.untaggedExecutableAddress<uint32_t*>();
     size_t byteCount = size;
 
+    uint32_t* armCodeStart = bitwise_cast<uint32_t*>(codeStart);
+    uint32_t* armCodeEnd = bitwise_cast<uint32_t*>(codeEnd);
+    A64DOpcode arm64Opcode(armCodeStart, armCodeEnd);
+
+    unsigned pcOffset = (currentPC - armCodeStart) * sizeof(uint32_t);
+    char pcInfo[25];
     while (byteCount) {
-        out.printf("%s%#16llx: %s\n", prefix, static_cast<unsigned long long>(bitwise_cast<uintptr_t>(currentPC)), arm64Opcode.disassemble(currentPC));
+        if (codeStart)
+            snprintf(pcInfo, sizeof(pcInfo) - 1, "<%u> %#llx", pcOffset, static_cast<unsigned long long>(bitwise_cast<uintptr_t>(currentPC)));
+        else
+            snprintf(pcInfo, sizeof(pcInfo) - 1, "%#llx", static_cast<unsigned long long>(bitwise_cast<uintptr_t>(currentPC)));
+        out.printf("%s%24s: %s\n", prefix, pcInfo, arm64Opcode.disassemble(currentPC));
+        pcOffset += sizeof(uint32_t);
         currentPC++;
         byteCount -= sizeof(uint32_t);

trunk/Source/JavaScriptCore/disassembler/CapstoneDisassembler.cpp

@@ -34 +34 @@
 namespace JSC {
 
-bool tryToDisassemble(const MacroAssemblerCodePtr<DisassemblyPtrTag>& codePtr, size_t size, const char* prefix, PrintStream& out)
+bool tryToDisassemble(const MacroAssemblerCodePtr<DisassemblyPtrTag>& codePtr, size_t size, void*, void*, const char* prefix, PrintStream& out)
 {
     csh handle;

trunk/Source/JavaScriptCore/disassembler/Disassembler.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2012-2018 Apple Inc. All rights reserved.
+ * Copyright (C) 2012-2022 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -37 +37 @@
 namespace JSC {
 
-void disassemble(const MacroAssemblerCodePtr<DisassemblyPtrTag>& codePtr, size_t size, const char* prefix, PrintStream& out)
+using ThunkLabelMap = HashMap<void*, CString>;
+LazyNeverDestroyed<ThunkLabelMap> thunkLabelMap;
+
+void disassemble(const MacroAssemblerCodePtr<DisassemblyPtrTag>& codePtr, size_t size, void* codeStart, void* codeEnd, const char* prefix, PrintStream& out)
 {
-    if (tryToDisassemble(codePtr, size, prefix, out))
+    if (tryToDisassemble(codePtr, size, codeStart, codeEnd, prefix, out))
         return;
     
@@ -66 +69 @@
     MacroAssemblerCodeRef<DisassemblyPtrTag> codeRef;
     size_t size { 0 };
+    void* codeStart { nullptr };
+    void* codeEnd { nullptr };
     const char* prefix { nullptr };
 };
@@ -106 +111 @@
 
             dataLog(task->header);
-            disassemble(task->codeRef.code(), task->size, task->prefix, WTF::dataFile());
+            disassemble(task->codeRef.code(), task->size, task->codeStart, task->codeEnd, task->prefix, WTF::dataFile());
         }
     }
@@ -132 +137 @@
 
 void disassembleAsynchronously(
-    const CString& header, const MacroAssemblerCodeRef<DisassemblyPtrTag>& codeRef, size_t size, const char* prefix)
+    const CString& header, const MacroAssemblerCodeRef<DisassemblyPtrTag>& codeRef, size_t size, void* codeStart, void* codeEnd, const char* prefix)
 {
     std::unique_ptr<DisassemblyTask> task = makeUnique<DisassemblyTask>();
@@ -138 +143 @@
     task->codeRef = codeRef;
     task->size = size;
+    task->codeStart = codeStart;
+    task->codeEnd = codeEnd;
     task->prefix = prefix;
     
@@ -151 +158 @@
 }
 
+static ThunkLabelMap& ensureThunkLabelMap()
+{
+    static std::once_flag onceKey;
+    std::call_once(onceKey, [] {
+        thunkLabelMap.construct();
+    });
+    return thunkLabelMap.get();
+}
+
+void registerThunkLabel(void* thunkAddress, CString&& label)
+{
+    ensureThunkLabelMap().add(thunkAddress, WTFMove(label));
+}
+
+const char* labelForThunk(void* thunkAddress)
+{
+    auto& map = ensureThunkLabelMap();
+    auto it = map.find(thunkAddress);
+    if (it == map.end())
+        return nullptr;
+    return it->value.data();
+}
+
 } // namespace JSC
 

trunk/Source/JavaScriptCore/disassembler/Disassembler.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2012-2018 Apple Inc. All rights reserved.
+ * Copyright (C) 2012-2022 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -38 +38 @@
 
 #if ENABLE(DISASSEMBLER)
-bool tryToDisassemble(const MacroAssemblerCodePtr<DisassemblyPtrTag>&, size_t, const char* prefix, PrintStream&);
+bool tryToDisassemble(const MacroAssemblerCodePtr<DisassemblyPtrTag>&, size_t, void* codeStart, void* codeEnd, const char* prefix, PrintStream&);
 #else
-inline bool tryToDisassemble(const MacroAssemblerCodePtr<DisassemblyPtrTag>&, size_t, const char*, PrintStream&)
+inline bool tryToDisassemble(const MacroAssemblerCodePtr<DisassemblyPtrTag>&, size_t, void*, void*, const char*, PrintStream&)
 {
     return false;
@@ -46 +46 @@
 #endif
 
+inline bool tryToDisassemble(const MacroAssemblerCodePtr<DisassemblyPtrTag>& code, size_t size, const char* prefix, PrintStream& out)
+{
+    return tryToDisassemble(code, size, nullptr, nullptr, prefix, out);
+}
+
 // Prints either the disassembly, or a line of text indicating that disassembly failed and
 // the range of machine code addresses.
-void disassemble(const MacroAssemblerCodePtr<DisassemblyPtrTag>&, size_t, const char* prefix, PrintStream& out);
+void disassemble(const MacroAssemblerCodePtr<DisassemblyPtrTag>&, size_t, void* codeStart, void* codeEnd, const char* prefix, PrintStream& out);
 
 // Asynchronous disassembly. This happens on another thread, and calls the provided
 // callback when the disassembly is done.
 void disassembleAsynchronously(
-    const CString& header, const MacroAssemblerCodeRef<DisassemblyPtrTag>&, size_t, const char* prefix);
+    const CString& header, const MacroAssemblerCodeRef<DisassemblyPtrTag>&, size_t, void* codeStart, void* codeEnd, const char* prefix);
 
 JS_EXPORT_PRIVATE void waitForAsynchronousDisassembly();
 
+void registerThunkLabel(void* thunkAddress, CString&& label);
+const char* labelForThunk(void* thunkAddress);
+
 } // namespace JSC

trunk/Source/JavaScriptCore/disassembler/RISCV64Disassembler.cpp

@@ -634 +634 @@
 } // namespace RISCV64Disassembler
 
-bool tryToDisassemble(const MacroAssemblerCodePtr<DisassemblyPtrTag>& codePtr, size_t size, const char* prefix, PrintStream& out)
+bool tryToDisassemble(const MacroAssemblerCodePtr<DisassemblyPtrTag>& codePtr, size_t size, void*, void*, const char* prefix, PrintStream& out)
 {
     uint32_t* currentPC = codePtr.untaggedExecutableAddress<uint32_t*>();

trunk/Source/JavaScriptCore/disassembler/X86Disassembler.cpp

@@ -34 +34 @@
 namespace JSC {
 
-bool tryToDisassemble(const MacroAssemblerCodePtr<DisassemblyPtrTag>& codePtr, size_t size, const char* prefix, PrintStream& out)
+bool tryToDisassemble(const MacroAssemblerCodePtr<DisassemblyPtrTag>& codePtr, size_t size, void*, void*, const char* prefix, PrintStream& out)
 {
     ZydisDecoder decoder;

trunk/Source/JavaScriptCore/ftl/FTLThunks.cpp

@@ -121 +121 @@
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::FTLThunk);
     patchBuffer.link(functionCall, generationFunction.retagged<OperationPtrTag>());
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "%s", name);
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "%s", name);
 }
 
@@ -244 +244 @@
     if (key.callTarget())
         patchBuffer.link(call, key.callTarget());
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "FTL slow path call thunk for %s", toCString(key).data());
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "FTL slow path call thunk for %s", toCString(key).data());
 }
 

trunk/Source/JavaScriptCore/jit/JIT.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2008-2021 Apple Inc. All rights reserved.
+ * Copyright (C) 2008-2022 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -706 +706 @@
 
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::ExtraCTIThunk);
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "Baseline: generateConsistencyCheck");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "Baseline: generateConsistencyCheck");
 }
 

trunk/Source/JavaScriptCore/jit/JITCall.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2008-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2008-2022 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -64 +64 @@
 
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::ExtraCTIThunk);
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "Baseline: op_ret_handler");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "Baseline: op_ret_handler");
 }
 

trunk/Source/JavaScriptCore/jit/JITDisassembler.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2012-2018 Apple Inc. All rights reserved.
+ * Copyright (C) 2012-2022 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -52 +52 @@
 void JITDisassembler::dump(PrintStream& out, LinkBuffer& linkBuffer)
 {
+    m_codeStart = linkBuffer.entrypoint<DisassemblyPtrTag>().untaggedExecutableAddress();
+    m_codeEnd = bitwise_cast<uint8_t*>(m_codeStart) + linkBuffer.size();
+
     dumpHeader(out, linkBuffer);
     dumpDisassembly(out, linkBuffer, m_startOfCode, m_labelForBytecodeIndexInMainPath[0]);
@@ -163 +166 @@
     CodeLocationLabel<DisassemblyPtrTag> fromLocation = linkBuffer.locationOf<DisassemblyPtrTag>(from);
     CodeLocationLabel<DisassemblyPtrTag> toLocation = linkBuffer.locationOf<DisassemblyPtrTag>(to);
-    disassemble(fromLocation, toLocation.dataLocation<uintptr_t>() - fromLocation.dataLocation<uintptr_t>(), "        ", out);
+    disassemble(fromLocation, toLocation.dataLocation<uintptr_t>() - fromLocation.dataLocation<uintptr_t>(), m_codeStart, m_codeEnd, "        ", out);
 }
 

trunk/Source/JavaScriptCore/jit/JITDisassembler.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2012 Apple Inc. All rights reserved.
+ * Copyright (C) 2012-2022 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -85 +85 @@
     MacroAssembler::Label m_endOfSlowPath;
     MacroAssembler::Label m_endOfCode;
+    void* m_codeStart { nullptr };
+    void* m_codeEnd { nullptr };
 };
 

trunk/Source/JavaScriptCore/jit/JITOpcodes.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2009-2021 Apple Inc. All rights reserved.
+ * Copyright (C) 2009-2022 Apple Inc. All rights reserved.
  * Copyright (C) 2010 Patrick Gansterer <paroga@paroga.com>
  *
@@ -479 +479 @@
 
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::ExtraCTIThunk);
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "Baseline: valueIsFalsey");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "Baseline: valueIsFalsey");
 }
 
@@ -665 +665 @@
 
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::ExtraCTIThunk);
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "Baseline: valueIsTruthy");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "Baseline: valueIsTruthy");
 }
 
@@ -735 +735 @@
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::ExtraCTIThunk);
     patchBuffer.link(operation, FunctionPtr<OperationPtrTag>(operationThrow));
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "Baseline: op_throw_handler");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "Baseline: op_throw_handler");
 }
 
@@ -1324 +1324 @@
         patchBuffer.link(operationOptimizeCall, FunctionPtr<OperationPtrTag>(operationOptimize));
 #endif
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "Baseline: op_enter_handler");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "Baseline: op_enter_handler");
 }
 
@@ -1569 +1569 @@
     patchBuffer.link(operation, FunctionPtr<OperationPtrTag>(operationHandleTraps));
     patchBuffer.link(exceptionCheck, CodeLocationLabel(vm.getCTIStub(checkExceptionGenerator).retaggedCode<NoPtrTag>()));
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "Baseline: op_check_traps_handler");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "Baseline: op_check_traps_handler");
 }
 

trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2008-2021 Apple Inc. All rights reserved.
+ * Copyright (C) 2008-2022 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -162 +162 @@
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::ExtraCTIThunk);
     patchBuffer.link(exceptionCheck, CodeLocationLabel(vm.getCTIStub(checkExceptionGenerator).retaggedCode<NoPtrTag>()));
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "Baseline: slow_op_get_by_val_callSlowOperationThenCheckException");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "Baseline: slow_op_get_by_val_callSlowOperationThenCheckException");
 }
 
@@ -256 +256 @@
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::ExtraCTIThunk);
     patchBuffer.link(exceptionCheck, CodeLocationLabel(vm.getCTIStub(checkExceptionGenerator).retaggedCode<NoPtrTag>()));
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "Baseline: slow_op_get_private_name_callSlowOperationThenCheckException");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "Baseline: slow_op_get_private_name_callSlowOperationThenCheckException");
 }
 
@@ -478 +478 @@
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::ExtraCTIThunk);
     patchBuffer.link(exceptionCheck, CodeLocationLabel(vm.getCTIStub(checkExceptionGenerator).retaggedCode<NoPtrTag>()));
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "Baseline: slow_op_put_by_val_callSlowOperationThenCheckException");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "Baseline: slow_op_put_by_val_callSlowOperationThenCheckException");
 }
 
@@ -578 +578 @@
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::ExtraCTIThunk);
     patchBuffer.link(exceptionCheck, CodeLocationLabel(vm.getCTIStub(checkExceptionGenerator).retaggedCode<NoPtrTag>()));
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "Baseline: slow_op_put_private_name_callSlowOperationThenCheckException");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "Baseline: slow_op_put_private_name_callSlowOperationThenCheckException");
 }
 
@@ -755 +755 @@
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::ExtraCTIThunk);
     patchBuffer.link(exceptionCheck, CodeLocationLabel(vm.getCTIStub(checkExceptionGenerator).retaggedCode<NoPtrTag>()));
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "Baseline: slow_op_del_by_id_callSlowOperationThenCheckException");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "Baseline: slow_op_del_by_id_callSlowOperationThenCheckException");
 }
 
@@ -866 +866 @@
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::ExtraCTIThunk);
     patchBuffer.link(exceptionCheck, CodeLocationLabel(vm.getCTIStub(checkExceptionGenerator).retaggedCode<NoPtrTag>()));
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "Baseline: slow_op_del_by_val_prepareCall");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "Baseline: slow_op_del_by_val_prepareCall");
 }
 
@@ -1091 +1091 @@
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::ExtraCTIThunk);
     patchBuffer.link(exceptionCheck, CodeLocationLabel(vm.getCTIStub(checkExceptionGenerator).retaggedCode<NoPtrTag>()));
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "Baseline: slow_op_get_by_id_callSlowOperationThenCheckException");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "Baseline: slow_op_get_by_id_callSlowOperationThenCheckException");
 }
 
@@ -1191 +1191 @@
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::ExtraCTIThunk);
     patchBuffer.link(exceptionCheck, CodeLocationLabel(vm.getCTIStub(checkExceptionGenerator).retaggedCode<NoPtrTag>()));
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "Baseline: slow_op_get_by_id_with_this_callSlowOperationThenCheckException");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "Baseline: slow_op_get_by_id_with_this_callSlowOperationThenCheckException");
 }
 
@@ -1299 +1299 @@
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::ExtraCTIThunk);
     patchBuffer.link(exceptionCheck, CodeLocationLabel(vm.getCTIStub(checkExceptionGenerator).retaggedCode<NoPtrTag>()));
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "Baseline: slow_op_put_by_id_callSlowOperationThenCheckException");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "Baseline: slow_op_put_by_id_callSlowOperationThenCheckException");
 }
 
@@ -1689 +1689 @@
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::Thunk);
     patchBuffer.link(slowCase, CodeLocationLabel(vm.getCTIStub(slow_op_resolve_scopeGenerator).retaggedCode<NoPtrTag>()));
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "resolve_scope thunk");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "resolve_scope thunk");
 }
 
@@ -1727 +1727 @@
     patchBuffer.link(operation, FunctionPtr<OperationPtrTag>(operationResolveScopeForBaseline));
     patchBuffer.link(exceptionCheck, CodeLocationLabel(vm.getCTIStub(checkExceptionGenerator).retaggedCode<NoPtrTag>()));
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "Baseline: slow_op_resolve_scope");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "Baseline: slow_op_resolve_scope");
 }
 
@@ -1905 +1905 @@
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::Thunk);
     patchBuffer.link(slowCase, CodeLocationLabel(vm.getCTIStub(slow_op_get_from_scopeGenerator).retaggedCode<NoPtrTag>()));
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "get_from_scope thunk");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "get_from_scope thunk");
 }
 
@@ -1958 +1958 @@
     auto handler = vm.getCTIStub(popThunkStackPreservesAndHandleExceptionGenerator);
     patchBuffer.link(jumpToHandler, CodeLocationLabel(handler.retaggedCode<NoPtrTag>()));
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "Baseline: slow_op_get_from_scope");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "Baseline: slow_op_get_from_scope");
 }
 
@@ -2157 +2157 @@
     patchBuffer.link(operation, FunctionPtr<OperationPtrTag>(operationPutToScope));
     patchBuffer.link(exceptionCheck, CodeLocationLabel(vm.getCTIStub(checkExceptionGenerator).retaggedCode<NoPtrTag>()));
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "Baseline: slow_op_put_to_scope");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "Baseline: slow_op_put_to_scope");
 }
 

trunk/Source/JavaScriptCore/jit/SlowPathCall.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2021 Apple Inc. All rights reserved.
+ * Copyright (C) 2021-2022 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -95 +95 @@
     patchBuffer.link(call, FunctionPtr<OperationPtrTag>(slowPathFunction));
     patchBuffer.link(exceptionCheck, CodeLocationLabel(vm.getCTIStub(checkExceptionGenerator).retaggedCode<NoPtrTag>()));
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "SlowPathCall");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "SlowPathCall");
 }
 

trunk/Source/JavaScriptCore/jit/SpecializedThunkJIT.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2010-2021 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2022 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -160 +160 @@
             for (unsigned i = 0; i < m_calls.size(); i++)
                 patchBuffer.link(m_calls[i].first, m_calls[i].second);
-            return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "Specialized thunk for %s", thunkKind);
+            return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "Specialized thunk for %s", thunkKind);
         }
 

trunk/Source/JavaScriptCore/jit/ThunkGenerator.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2012-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2012-2022 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -36 +36 @@
 using ThunkGenerator = MacroAssemblerCodeRef<JITThunkPtrTag> (*)(VM&);
 
+#define FINALIZE_THUNK(linkBufferReference, resultPtrTag, ...) \
+    (linkBufferReference.setIsThunk(), FINALIZE_CODE(linkBufferReference, resultPtrTag, __VA_ARGS__))
+
 } // namespace JSC
 

trunk/Source/JavaScriptCore/jit/ThunkGenerators.cpp

@@ -34 +34 @@
 #include "MaxFrameExtentForSlowPathCall.h"
 #include "SpecializedThunkJIT.h"
+#include "ThunkGenerator.h"
 #include <wtf/InlineASM.h>
 #include <wtf/StdIntExtras.h>
@@ -56 +57 @@
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::ExtraCTIThunk);
     patchBuffer.link(operation, FunctionPtr<OperationPtrTag>(operationLookupExceptionHandler));
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "handleException");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "handleException");
 }
 
@@ -72 +73 @@
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::ExtraCTIThunk);
     patchBuffer.link(operation, FunctionPtr<OperationPtrTag>(operationLookupExceptionHandlerFromCallerFrame));
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "handleExceptionWithCallFrameRollback");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "handleExceptionWithCallFrameRollback");
 }
 
@@ -89 +90 @@
     auto handler = vm.getCTIStub(handleExceptionGenerator);
     patchBuffer.link(continuation, CodeLocationLabel(handler.retaggedCode<NoPtrTag>()));
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "popThunkStackPreservesAndHandleException");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "popThunkStackPreservesAndHandleException");
 }
 
@@ -119 +120 @@
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::ExtraCTIThunk);
     patchBuffer.link(handleException, CodeLocationLabel(vm.getCTIStub(handlerGenerator).retaggedCode<NoPtrTag>()));
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "CheckException");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "CheckException");
 }
 
@@ -164 +165 @@
 
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::Thunk);
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "Throw exception from call slow path thunk");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "Throw exception from call slow path thunk");
 }
 
@@ -233 +234 @@
 
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::Thunk);
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "Link call slow path thunk");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "Link call slow path thunk");
 }
 
@@ -245 +246 @@
 
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::Thunk);
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "Link polymorphic call slow path thunk");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "Link polymorphic call slow path thunk");
 }
 
@@ -334 +335 @@
 
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::VirtualThunk);
-    return FINALIZE_CODE(
+    return FINALIZE_THUNK(
         patchBuffer, JITThunkPtrTag,
         "Virtual %s slow path thunk",
@@ -487 +488 @@
 
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::Thunk);
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "%s %s%s trampoline", thunkFunctionType == ThunkFunctionType::JSFunction ? "native" : "internal", entryType == EnterViaJumpWithSavedTags ? "Tail With Saved Tags " : entryType == EnterViaJumpWithoutSavedTags ? "Tail Without Saved Tags " : "", toCString(kind).data());
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "%s %s%s trampoline", thunkFunctionType == ThunkFunctionType::JSFunction ? "native" : "internal", entryType == EnterViaJumpWithSavedTags ? "Tail With Saved Tags " : entryType == EnterViaJumpWithoutSavedTags ? "Tail Without Saved Tags " : "", toCString(kind).data());
 }
 
@@ -666 +667 @@
 
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::Thunk);
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "fixup arity");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "fixup arity");
 }
 
@@ -676 +677 @@
 
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::Thunk);
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "unreachable thunk");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "unreachable thunk");
 }
 
@@ -727 +728 @@
 
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::Thunk);
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "String get_by_val stub");
+    return FINALIZE_THUNK(patchBuffer, JITThunkPtrTag, "String get_by_val stub");
 }
 
@@ -1418 +1419 @@
     LinkBuffer linkBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::BoundFunctionThunk);
     linkBuffer.link(noCode, CodeLocationLabel<JITThunkPtrTag>(vm.jitStubs->ctiNativeTailCallWithoutSavedTags(vm)));
-    return FINALIZE_CODE(
-        linkBuffer, JITThunkPtrTag, "Specialized thunk for bound function calls with no arguments");
+    return FINALIZE_THUNK(linkBuffer, JITThunkPtrTag, "Specialized thunk for bound function calls with no arguments");
 }
 
@@ -1628 +1628 @@
     LinkBuffer linkBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::RemoteFunctionThunk);
     linkBuffer.link(noCode, CodeLocationLabel<JITThunkPtrTag>(vm.jitStubs->ctiNativeTailCallWithoutSavedTags(vm)));
-    return FINALIZE_CODE(
-        linkBuffer, JITThunkPtrTag, "Specialized thunk for remote function calls");
+    return FINALIZE_THUNK(linkBuffer, JITThunkPtrTag, "Specialized thunk for remote function calls");
 }
 

trunk/Source/JavaScriptCore/llint/LLIntThunks.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2012-2021 Apple Inc. All rights reserved.
+ * Copyright (C) 2012-2022 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -83 +83 @@
 
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::LLIntThunk);
-    return FINALIZE_CODE(patchBuffer, tag, "LLInt %s thunk", thunkKind);
+    return FINALIZE_THUNK(patchBuffer, tag, "LLInt %s thunk", thunkKind);
 }
 
@@ -110 +110 @@
 
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::LLIntThunk);
-    return FINALIZE_CODE(patchBuffer, tag, "LLInt %s jump to prologue thunk", thunkKind);
+    return FINALIZE_THUNK(patchBuffer, tag, "LLInt %s jump to prologue thunk", thunkKind);
 }
 
@@ -120 +120 @@
     jit.farJump(CCallHelpers::TrustedImmPtr(target), OperationPtrTag);
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::LLIntThunk);
-    return FINALIZE_CODE(patchBuffer, tag, "LLInt %s return point thunk", thunkKind);
+    return FINALIZE_THUNK(patchBuffer, tag, "LLInt %s return point thunk", thunkKind);
 }
 
@@ -420 +420 @@
 
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::LLIntThunk);
-    return FINALIZE_CODE(patchBuffer, NativeToJITGatePtrTag, "LLInt %s call gate thunk", name);
+    return FINALIZE_THUNK(patchBuffer, NativeToJITGatePtrTag, "LLInt %s call gate thunk", name);
 }
 
@@ -432 +432 @@
 
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::LLIntThunk);
-    return FINALIZE_CODE(patchBuffer, NativeToJITGatePtrTag, "LLInt %s wasm call gate thunk", name);
+    return FINALIZE_THUNK(patchBuffer, NativeToJITGatePtrTag, "LLInt %s wasm call gate thunk", name);
 }
 
@@ -446 +446 @@
 
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::LLIntThunk);
-    return FINALIZE_CODE(patchBuffer, NativeToJITGatePtrTag, "LLInt tail call gate thunk");
+    return FINALIZE_THUNK(patchBuffer, NativeToJITGatePtrTag, "LLInt tail call gate thunk");
 }
 
@@ -537 +537 @@
 
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::LLIntThunk);
-    return FINALIZE_CODE(patchBuffer, NativeToJITGatePtrTag, "tag thunk");
+    return FINALIZE_THUNK(patchBuffer, NativeToJITGatePtrTag, "tag thunk");
 }
 
@@ -552 +552 @@
 
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::LLIntThunk);
-    return FINALIZE_CODE(patchBuffer, NativeToJITGatePtrTag, "untag thunk");
+    return FINALIZE_THUNK(patchBuffer, NativeToJITGatePtrTag, "untag thunk");
 }
 

trunk/Source/JavaScriptCore/yarr/YarrDisassembler.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2018 Apple Inc. All rights reserved.
+ * Copyright (C) 2018-2022 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -59 +59 @@
 void YarrDisassembler::dump(PrintStream& out, LinkBuffer& linkBuffer)
 {
+    m_codeStart = linkBuffer.entrypoint<DisassemblyPtrTag>().untaggedExecutableAddress();
+    m_codeEnd = bitwise_cast<uint8_t*>(m_codeStart) + linkBuffer.size();
+
     dumpHeader(out, linkBuffer);
     dumpDisassembly(out, indentString(), linkBuffer, m_startOfCode, m_labelForGenerateYarrOp[0]);
@@ -144 +147 @@
     CodeLocationLabel<DisassemblyPtrTag> fromLocation = linkBuffer.locationOf<DisassemblyPtrTag>(from);
     CodeLocationLabel<DisassemblyPtrTag> toLocation = linkBuffer.locationOf<DisassemblyPtrTag>(to);
-    disassemble(fromLocation, toLocation.dataLocation<uintptr_t>() - fromLocation.dataLocation<uintptr_t>(), prefix, out);
+    disassemble(fromLocation, toLocation.dataLocation<uintptr_t>() - fromLocation.dataLocation<uintptr_t>(), m_codeStart, m_codeEnd, prefix, out);
 }
 

trunk/Source/JavaScriptCore/yarr/YarrDisassembler.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2018 Apple Inc. All rights reserved.
+ * Copyright (C) 2018-2022 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -107 +107 @@
     MacroAssembler::Label m_endOfBacktrack;
     MacroAssembler::Label m_endOfCode;
+    void* m_codeStart { nullptr };
+    void* m_codeEnd { nullptr };
     unsigned m_indentLevel { 0 };
 };