Changeset 146396 in webkit

Timestamp:

Mar 20, 2013 3:07:23 PM (11 years ago)

Author:

zherczeg@webkit.org

Message:

ARMv7 replaceWithJump ASSERT failure after r135330.
​https://bugs.webkit.org/show_bug.cgi?id=103146

Reviewed by Filip Pizlo.

On Linux, the 24 bit distance range of jumps sometimes does not
enough to cover all targets addresses. This patch supports jumps
outside of this range using a mov/movt/bx 10 byte long sequence.

• assembler/ARMv7Assembler.h:

(ARMv7Assembler):
(JSC::ARMv7Assembler::revertJumpTo_movT3movtcmpT2):
(JSC::ARMv7Assembler::nopw):
(JSC::ARMv7Assembler::label):
(JSC::ARMv7Assembler::replaceWithJump):
(JSC::ARMv7Assembler::maxJumpReplacementSize):

• assembler/MacroAssemblerARMv7.h:

(JSC::MacroAssemblerARMv7::revertJumpReplacementToBranchPtrWithPatch):

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• assembler/ARMv7Assembler.h (modified) (5 diffs)
• assembler/MacroAssemblerARMv7.h (modified) (1 diff)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2013-03-20  Zoltan Herczeg  <zherczeg@webkit.org>
+
+        ARMv7 replaceWithJump ASSERT failure after r135330.
+        https://bugs.webkit.org/show_bug.cgi?id=103146
+
+        Reviewed by Filip Pizlo.
+
+        On Linux, the 24 bit distance range of jumps sometimes does not
+        enough to cover all targets addresses. This patch supports jumps
+        outside of this range using a mov/movt/bx 10 byte long sequence.
+
+        * assembler/ARMv7Assembler.h:
+        (ARMv7Assembler):
+        (JSC::ARMv7Assembler::revertJumpTo_movT3movtcmpT2):
+        (JSC::ARMv7Assembler::nopw):
+        (JSC::ARMv7Assembler::label):
+        (JSC::ARMv7Assembler::replaceWithJump):
+        (JSC::ARMv7Assembler::maxJumpReplacementSize):
+        * assembler/MacroAssemblerARMv7.h:
+        (JSC::MacroAssemblerARMv7::revertJumpReplacementToBranchPtrWithPatch):
+
 2013-03-20  Mark Hahnenberg  <mhahnenberg@apple.com>
 

trunk/Source/JavaScriptCore/assembler/ARMv7Assembler.h

@@ -1267 +1267 @@
     }
     
+#if OS(LINUX)
+    static void revertJumpTo_movT3movtcmpT2(void* instructionStart, RegisterID left, RegisterID right, uintptr_t imm)
+    {
+        uint16_t* address = static_cast<uint16_t*>(instructionStart);
+        ARMThumbImmediate lo16 = ARMThumbImmediate::makeUInt16(static_cast<uint16_t>(imm));
+        ARMThumbImmediate hi16 = ARMThumbImmediate::makeUInt16(static_cast<uint16_t>(imm >> 16));
+        address[0] = twoWordOp5i6Imm4Reg4EncodedImmFirst(OP_MOV_imm_T3, lo16);
+        address[1] = twoWordOp5i6Imm4Reg4EncodedImmSecond(right, lo16);
+        address[2] = twoWordOp5i6Imm4Reg4EncodedImmFirst(OP_MOVT, hi16);
+        address[3] = twoWordOp5i6Imm4Reg4EncodedImmSecond(right, hi16);
+        address[4] = OP_CMP_reg_T2 | left;
+        cacheFlush(address, sizeof(uint16_t) * 5);
+    }
+#else
     static void revertJumpTo_movT3(void* instructionStart, RegisterID rd, ARMThumbImmediate imm)
     {
@@ -1278 +1292 @@
         cacheFlush(address, sizeof(uint16_t) * 2);
     }
+#endif
 
     ALWAYS_INLINE void mov(RegisterID rd, ARMThumbImmediate imm)
@@ -1883 +1898 @@
         m_formatter.oneWordOp8Imm8(OP_NOP_T1, 0);
     }
-    
+
+    void nopw()
+    {
+        m_formatter.twoWordOp16Op16(OP_NOP_T2a, OP_NOP_T2b);
+    }
+
     AssemblerLabel labelIgnoringWatchpoints()
     {
@@ -1903 +1923 @@
         AssemblerLabel result = m_formatter.label();
         while (UNLIKELY(static_cast<int>(result.m_offset) < m_indexOfTailOfLastWatchpoint)) {
-            nop();
+            if (UNLIKELY(static_cast<int>(result.m_offset) + 4 <= m_indexOfTailOfLastWatchpoint))
+                nopw();
+            else
+                nop();
             result = m_formatter.label();
         }
@@ -2161 +2184 @@
         ASSERT(!(bitwise_cast<uintptr_t>(instructionStart) & 1));
         ASSERT(!(bitwise_cast<uintptr_t>(to) & 1));
+
+#if OS(LINUX)
+        if (canBeJumpT4(reinterpret_cast<uint16_t*>(instructionStart), to)) {
+            uint16_t* ptr = reinterpret_cast<uint16_t*>(instructionStart) + 2;
+            linkJumpT4(ptr, to);
+            cacheFlush(ptr - 2, sizeof(uint16_t) * 2);
+        } else {
+            uint16_t* ptr = reinterpret_cast<uint16_t*>(instructionStart) + 5;
+            linkBX(ptr, to);
+            cacheFlush(ptr - 5, sizeof(uint16_t) * 5);
+        }
+#else
         uint16_t* ptr = reinterpret_cast<uint16_t*>(instructionStart) + 2;
-        
         linkJumpT4(ptr, to);
         cacheFlush(ptr - 2, sizeof(uint16_t) * 2);
+#endif
     }
     
     static ptrdiff_t maxJumpReplacementSize()
     {
+#if OS(LINUX)
+        return 10;
+#else
         return 4;
+#endif
     }
     

trunk/Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h

@@ -1774 +1774 @@
     }
     
-    static void revertJumpReplacementToBranchPtrWithPatch(CodeLocationLabel instructionStart, RegisterID, void* initialValue)
-    {
+    static void revertJumpReplacementToBranchPtrWithPatch(CodeLocationLabel instructionStart, RegisterID rd, void* initialValue)
+    {
+#if OS(LINUX)
+        ARMv7Assembler::revertJumpTo_movT3movtcmpT2(instructionStart.dataLocation(), rd, dataTempRegister, reinterpret_cast<uintptr_t>(initialValue));
+#else
+        UNUSED_PARAM(rd);
         ARMv7Assembler::revertJumpTo_movT3(instructionStart.dataLocation(), dataTempRegister, ARMThumbImmediate::makeUInt16(reinterpret_cast<uintptr_t>(initialValue) & 0xffff));
+#endif
     }