Changeset 229481 in webkit

Timestamp:

Mar 9, 2018 1:35:17 PM (6 years ago)

Author:

mark.lam@apple.com

Message:

[Re-landing] Prepare LLInt code to support pointer profiling.
​https://bugs.webkit.org/show_bug.cgi?id=183387
<rdar://problem/38199678>

Reviewed by JF Bastien.

Source/JavaScriptCore:

1. Introduced PtrTag enums for supporting pointer profiling later.

2. Also introduced tagging, untagging, retagging, and tag removal placeholder template functions for the same purpose.

3. Prepare the offlineasm for supporting pointer profiling later.

4. Tagged some pointers in LLInt asm code. Currently, these should have no effect on behavior.

5. Removed returnToThrowForThrownException() because it is not used anywhere.

6. Added the offlineasm folder to JavaScriptCore Xcode project so that it's easier to view and edit these files in Xcode.

• CMakeLists.txt:
• JavaScriptCore.xcodeproj/project.pbxproj:
• bytecode/LLIntCallLinkInfo.h:

(JSC::LLIntCallLinkInfo::unlink):

• llint/LLIntData.cpp:

(JSC::LLInt::initialize):

• llint/LLIntData.h:
• llint/LLIntExceptions.cpp:

(JSC::LLInt::returnToThrowForThrownException): Deleted.

• llint/LLIntExceptions.h:
• llint/LLIntOfflineAsmConfig.h:
• llint/LLIntOffsetsExtractor.cpp:
• llint/LLIntPCRanges.h:

(JSC::LLInt::isLLIntPC):

• llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):
(JSC::LLInt::handleHostCall):
(JSC::LLInt::setUpCall):

• llint/LowLevelInterpreter.asm:
• llint/LowLevelInterpreter32_64.asm:
• llint/LowLevelInterpreter64.asm:
• offlineasm/ast.rb:
• offlineasm/instructions.rb:
• offlineasm/risc.rb:
• runtime/PtrTag.h: Added.

(JSC::uniquePtrTagID):
(JSC::ptrTag):
(JSC::tagCodePtr):
(JSC::untagCodePtr):
(JSC::retagCodePtr):
(JSC::removeCodePtrTag):

Source/WTF:

• wtf/Platform.h:

Location:

trunk/Source

Files:

• JavaScriptCore/CMakeLists.txt (modified) (1 diff)
• JavaScriptCore/ChangeLog (modified) (1 diff)
• JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj (modified) (7 diffs)
• JavaScriptCore/bytecode/LLIntCallLinkInfo.h (modified) (4 diffs)
• JavaScriptCore/llint/LLIntData.cpp (modified) (1 diff)
• JavaScriptCore/llint/LLIntData.h (modified) (1 diff)
• JavaScriptCore/llint/LLIntExceptions.cpp (modified) (2 diffs)
• JavaScriptCore/llint/LLIntExceptions.h (modified) (2 diffs)
• JavaScriptCore/llint/LLIntOfflineAsmConfig.h (modified) (1 diff)
• JavaScriptCore/llint/LLIntOffsetsExtractor.cpp (modified) (2 diffs)
• JavaScriptCore/llint/LLIntPCRanges.h (modified) (2 diffs)
• JavaScriptCore/llint/LLIntSlowPaths.cpp (modified) (12 diffs)
• JavaScriptCore/llint/LowLevelInterpreter.asm (modified) (14 diffs)
• JavaScriptCore/llint/LowLevelInterpreter32_64.asm (modified) (2 diffs)
• JavaScriptCore/llint/LowLevelInterpreter64.asm (modified) (15 diffs)
• JavaScriptCore/offlineasm/ast.rb (modified) (1 diff)
• JavaScriptCore/offlineasm/instructions.rb (modified) (2 diffs)
• JavaScriptCore/offlineasm/risc.rb (modified) (1 diff)
• JavaScriptCore/runtime/PtrTag.h (added)
• WTF/ChangeLog (modified) (1 diff)
• WTF/wtf/Platform.h (modified) (1 diff)

trunk/Source/JavaScriptCore/CMakeLists.txt

@@ -839 +839 @@
     runtime/Options.h
     runtime/ParseInt.h
+    runtime/PtrTag.h
     runtime/PrivateName.h
     runtime/ProgramExecutable.h

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2018-03-09  Mark Lam  <mark.lam@apple.com>
+
+        [Re-landing] Prepare LLInt code to support pointer profiling.
+        https://bugs.webkit.org/show_bug.cgi?id=183387
+        <rdar://problem/38199678>
+
+        Reviewed by JF Bastien.
+
+        1. Introduced PtrTag enums for supporting pointer profiling later.
+
+        2. Also introduced tagging, untagging, retagging, and tag removal placeholder
+           template functions for the same purpose.
+
+        3. Prepare the offlineasm for supporting pointer profiling later.
+
+        4. Tagged some pointers in LLInt asm code.  Currently, these should have no
+           effect on behavior.
+
+        5. Removed returnToThrowForThrownException() because it is not used anywhere.
+
+        6. Added the offlineasm folder to JavaScriptCore Xcode project so that it's
+           easier to view and edit these files in Xcode.
+
+        * CMakeLists.txt:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * bytecode/LLIntCallLinkInfo.h:
+        (JSC::LLIntCallLinkInfo::unlink):
+        * llint/LLIntData.cpp:
+        (JSC::LLInt::initialize):
+        * llint/LLIntData.h:
+        * llint/LLIntExceptions.cpp:
+        (JSC::LLInt::returnToThrowForThrownException): Deleted.
+        * llint/LLIntExceptions.h:
+        * llint/LLIntOfflineAsmConfig.h:
+        * llint/LLIntOffsetsExtractor.cpp:
+        * llint/LLIntPCRanges.h:
+        (JSC::LLInt::isLLIntPC):
+        * llint/LLIntSlowPaths.cpp:
+        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+        (JSC::LLInt::handleHostCall):
+        (JSC::LLInt::setUpCall):
+        * llint/LowLevelInterpreter.asm:
+        * llint/LowLevelInterpreter32_64.asm:
+        * llint/LowLevelInterpreter64.asm:
+        * offlineasm/ast.rb:
+        * offlineasm/instructions.rb:
+        * offlineasm/risc.rb:
+        * runtime/PtrTag.h: Added.
+        (JSC::uniquePtrTagID):
+        (JSC::ptrTag):
+        (JSC::tagCodePtr):
+        (JSC::untagCodePtr):
+        (JSC::retagCodePtr):
+        (JSC::removeCodePtrTag):
+
 2018-03-09  Mark Lam  <mark.lam@apple.com>
 

trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj

@@ -1768 +1768 @@
                 FE6491371D78F01D00A694D4 /* ExceptionScope.h in Headers */ = {isa = PBXBuildFile; fileRef = FE6491361D78F01300A694D4 /* ExceptionScope.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 FE68C6371B90DE040042BCB3 /* MacroAssemblerPrinter.h in Headers */ = {isa = PBXBuildFile; fileRef = FE68C6361B90DDD90042BCB3 /* MacroAssemblerPrinter.h */; settings = {ATTRIBUTES = (Private, ); }; };
+                FE6C1E4A20366F0100BDC2B7 /* PtrTag.h in Headers */ = {isa = PBXBuildFile; fileRef = FE9AE1C82032C887002B6934 /* PtrTag.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 FE6F56DE1E64EAD600D17801 /* VMTraps.h in Headers */ = {isa = PBXBuildFile; fileRef = FE6F56DD1E64E92000D17801 /* VMTraps.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 FE7C41961B97FC4B00F4D598 /* PingPongStackOverflowTest.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FEDA50D41B97F442009A3B4F /* PingPongStackOverflowTest.cpp */; };
@@ -4706 +4707 @@
                 FE99B2471C24B6D300C82159 /* JITNegGenerator.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JITNegGenerator.cpp; sourceTree = "<group>"; };
                 FE99B2481C24B6D300C82159 /* JITNegGenerator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JITNegGenerator.h; sourceTree = "<group>"; };
+                FE9AE1C82032C887002B6934 /* PtrTag.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PtrTag.h; sourceTree = "<group>"; };
                 FEA0861E182B7A0400F6D851 /* Breakpoint.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Breakpoint.h; sourceTree = "<group>"; };
                 FEA0861F182B7A0400F6D851 /* DebuggerPrimitives.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DebuggerPrimitives.h; sourceTree = "<group>"; };
@@ -4726 +4728 @@
                 FEF040501AAE662D00BD28B0 /* CompareAndSwapTest.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = CompareAndSwapTest.cpp; path = API/tests/CompareAndSwapTest.cpp; sourceTree = "<group>"; };
                 FEF040521AAEC4ED00BD28B0 /* CompareAndSwapTest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = CompareAndSwapTest.h; path = API/tests/CompareAndSwapTest.h; sourceTree = "<group>"; };
+                FEF3475220362B1B00B7C0EF /* parser.rb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.ruby; path = parser.rb; sourceTree = "<group>"; };
+                FEF3475320362B1B00B7C0EF /* risc.rb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.ruby; path = risc.rb; sourceTree = "<group>"; };
+                FEF3475420362B1B00B7C0EF /* self_hash.rb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.ruby; path = self_hash.rb; sourceTree = "<group>"; };
+                FEF3475520362B1C00B7C0EF /* arm.rb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.ruby; path = arm.rb; sourceTree = "<group>"; };
+                FEF3475620362B1C00B7C0EF /* backends.rb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.ruby; path = backends.rb; sourceTree = "<group>"; };
+                FEF3475720362B1D00B7C0EF /* registers.rb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.ruby; path = registers.rb; sourceTree = "<group>"; };
+                FEF3475820362B1D00B7C0EF /* ast.rb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.ruby; path = ast.rb; sourceTree = "<group>"; };
+                FEF3475920362B1D00B7C0EF /* asm.rb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.ruby; path = asm.rb; sourceTree = "<group>"; };
+                FEF3475A20362B1E00B7C0EF /* cloop.rb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.ruby; path = cloop.rb; sourceTree = "<group>"; };
+                FEF3475B20362B1E00B7C0EF /* x86.rb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.ruby; path = x86.rb; sourceTree = "<group>"; };
+                FEF3475C20362B1E00B7C0EF /* mips.rb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.ruby; path = mips.rb; sourceTree = "<group>"; };
+                FEF3475D20362B1F00B7C0EF /* config.rb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.ruby; path = config.rb; sourceTree = "<group>"; };
+                FEF3475E20362B1F00B7C0EF /* instructions.rb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.ruby; path = instructions.rb; sourceTree = "<group>"; };
+                FEF3475F20362B2000B7C0EF /* opt.rb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.ruby; path = opt.rb; sourceTree = "<group>"; };
+                FEF3476020362B2100B7C0EF /* transform.rb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.ruby; path = transform.rb; sourceTree = "<group>"; };
+                FEF3476120362B2100B7C0EF /* offsets.rb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.ruby; path = offsets.rb; sourceTree = "<group>"; };
+                FEF3476220362B2200B7C0EF /* arm64.rb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.ruby; path = arm64.rb; sourceTree = "<group>"; };
+                FEF3476320362B2300B7C0EF /* settings.rb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.ruby; path = settings.rb; sourceTree = "<group>"; };
+                FEF3476420362B2300B7C0EF /* generate_offset_extractor.rb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.ruby; path = generate_offset_extractor.rb; sourceTree = "<group>"; };
                 FEF49AA91EB947FE00653BDB /* MultithreadedMultiVMExecutionTest.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = MultithreadedMultiVMExecutionTest.cpp; path = API/tests/MultithreadedMultiVMExecutionTest.cpp; sourceTree = "<group>"; };
                 FEF49AAA1EB947FE00653BDB /* MultithreadedMultiVMExecutionTest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = MultithreadedMultiVMExecutionTest.h; path = API/tests/MultithreadedMultiVMExecutionTest.h; sourceTree = "<group>"; };
@@ -4881 +4902 @@
                                 1429D92C0ED22D7000B89619 /* jit */,
                                 0F46809C14BA7F4D00BFE272 /* llint */,
+                                FEF347512036291300B7C0EF /* offlineasm */,
                                 7E39D8370EC3A388003AF11A /* parser */,
                                 034768DFFF38A50411DB9C8B /* Products */,
@@ -6852 +6874 @@
                                 79160DBB1C8E3EC8008C085A /* ProxyRevoke.cpp */,
                                 79160DBC1C8E3EC8008C085A /* ProxyRevoke.h */,
+                                FE9AE1C82032C887002B6934 /* PtrTag.h */,
                                 0F5780A118FE1E98001E72D9 /* PureNaN.h */,
                                 0F0CD4C015F1A6040032F1C0 /* PutDirectIndexMode.h */,
@@ -8032 +8055 @@
                         sourceTree = "<group>";
                 };
+                FEF347512036291300B7C0EF /* offlineasm */ = {
+                        isa = PBXGroup;
+                        children = (
+                                FEF3475520362B1C00B7C0EF /* arm.rb */,
+                                FEF3476220362B2200B7C0EF /* arm64.rb */,
+                                FEF3475920362B1D00B7C0EF /* asm.rb */,
+                                FEF3475820362B1D00B7C0EF /* ast.rb */,
+                                FEF3475620362B1C00B7C0EF /* backends.rb */,
+                                FEF3475A20362B1E00B7C0EF /* cloop.rb */,
+                                FEF3475D20362B1F00B7C0EF /* config.rb */,
+                                FEF3476420362B2300B7C0EF /* generate_offset_extractor.rb */,
+                                FEF3475E20362B1F00B7C0EF /* instructions.rb */,
+                                FEF3475C20362B1E00B7C0EF /* mips.rb */,
+                                FEF3476120362B2100B7C0EF /* offsets.rb */,
+                                FEF3475F20362B2000B7C0EF /* opt.rb */,
+                                FEF3475220362B1B00B7C0EF /* parser.rb */,
+                                FEF3475720362B1D00B7C0EF /* registers.rb */,
+                                FEF3475320362B1B00B7C0EF /* risc.rb */,
+                                FEF3475420362B1B00B7C0EF /* self_hash.rb */,
+                                FEF3476320362B2300B7C0EF /* settings.rb */,
+                                FEF3476020362B2100B7C0EF /* transform.rb */,
+                                FEF3475B20362B1E00B7C0EF /* x86.rb */,
+                        );
+                        path = offlineasm;
+                        sourceTree = "<group>";
+                };
 /* End PBXGroup section */
 
@@ -8068 +8117 @@
                                 0F2C63BC1E63440C00C13839 /* AirBlockInsertionSet.h in Headers */,
                                 0FB3878E1BFBC44D00E3AB1E /* AirBlockWorklist.h in Headers */,
+                                FE6C1E4A20366F0100BDC2B7 /* PtrTag.h in Headers */,
                                 0F79C7CA1E74C93B00EB34D1 /* AirBreakCriticalEdges.h in Headers */,
                                 0F61832A1C45BF070072450B /* AirCCallingConvention.h in Headers */,

trunk/Source/JavaScriptCore/bytecode/LLIntCallLinkInfo.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2012 Apple Inc. All rights reserved.
+ * Copyright (C) 2012-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -28 +28 @@
 #include "JSFunction.h"
 #include "MacroAssemblerCodeRef.h"
+#include "PtrTag.h"
 #include <wtf/SentinelLinkedList.h>
 
@@ -51 +52 @@
         callee.clear();
         machineCodeTarget = MacroAssemblerCodePtr();
+        callPtrTag = NoPtrTag;
         if (isOnList())
             remove();
@@ -58 +60 @@
     WriteBarrier<JSObject> lastSeenCallee;
     MacroAssemblerCodePtr machineCodeTarget;
+    PtrTag callPtrTag { NoPtrTag };
 };
 

trunk/Source/JavaScriptCore/llint/LLIntData.cpp

@@ -59 +59 @@
     llint_entry(&Data::s_opcodeMap);
 
+    for (int i = 0; i < NUMBER_OF_BYTECODE_IDS; ++i) {
+        PtrTag tag = (i == op_catch) ? ExceptionHandlerPtrTag : BytecodePtrTag;
+        Data::s_opcodeMap[i] = tagCodePtr(Data::s_opcodeMap[i], tag);
+    }
+
+    if (VM::canUseJIT()) {
+        for (int i = NUMBER_OF_BYTECODE_IDS; i < NUMBER_OF_BYTECODE_IDS + NUMBER_OF_BYTECODE_HELPER_IDS; ++i)
+            Data::s_opcodeMap[i] = tagCodePtr(Data::s_opcodeMap[i], ptrTag(BytecodeHelperPtrTag, i));
+    } else {
+        static const PtrTag tagsForOpcode[] = {
+            CodeEntryPtrTag, // llint_program_prologue
+            CodeEntryPtrTag, // llint_eval_prologue
+            CodeEntryPtrTag, // llint_module_program_prologue
+            CodeEntryPtrTag, // llint_function_for_call_prologue
+            CodeEntryPtrTag, // llint_function_for_construct_prologue
+            CodeEntryWithArityCheckPtrTag, // llint_function_for_call_arity_check
+            CodeEntryWithArityCheckPtrTag, // llint_function_for_construct_arity_check
+            CodeEntryPtrTag, // llint_generic_return_point
+            BytecodePtrTag, // llint_throw_from_slow_path_trampoline
+            CodeEntryPtrTag, // llint_throw_during_call_trampoline
+            NativeCodePtrTag, // llint_native_call_trampoline
+            NativeCodePtrTag, // llint_native_construct_trampoline
+            InternalFunctionPtrTag, // llint_internal_function_call_trampoline
+            InternalFunctionPtrTag, // llint_internal_function_construct_trampoline
+            ExceptionHandlerPtrTag, // handleUncaughtException
+        };
+
+        static_assert(sizeof(tagsForOpcode) / sizeof(tagsForOpcode[0]) == NUMBER_OF_BYTECODE_HELPER_IDS, "");
+        static_assert(static_cast<uintptr_t>(llint_program_prologue) == NUMBER_OF_BYTECODE_IDS, "");
+
+        for (int i = 0; i < NUMBER_OF_BYTECODE_HELPER_IDS; ++i) {
+            int opcodeID = i + NUMBER_OF_BYTECODE_IDS;
+            Data::s_opcodeMap[opcodeID] = tagCodePtr(Data::s_opcodeMap[opcodeID], tagsForOpcode[i]);
+        }
+    }
+
+    void* handler = LLInt::getCodePtr(llint_throw_from_slow_path_trampoline);
     for (int i = 0; i < maxOpcodeLength + 1; ++i)
-        Data::s_exceptionInstructions[i].u.pointer =
-            LLInt::getCodePtr(llint_throw_from_slow_path_trampoline);
+        Data::s_exceptionInstructions[i].u.pointer = handler;
+
 #endif // ENABLE(JIT)
 }

trunk/Source/JavaScriptCore/llint/LLIntData.h

@@ -28 +28 @@
 #include "JSCJSValue.h"
 #include "Opcode.h"
-#include <wtf/PointerPreparations.h>
+#include "PtrTag.h"
 
 namespace JSC {

trunk/Source/JavaScriptCore/llint/LLIntExceptions.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2011, 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2011-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -40 +40 @@
 namespace JSC { namespace LLInt {
 
-Instruction* returnToThrowForThrownException(ExecState* exec)
-{
-    UNUSED_PARAM(exec);
-    return LLInt::exceptionInstructions();
-}
-
 Instruction* returnToThrow(ExecState* exec)
 {

trunk/Source/JavaScriptCore/llint/LLIntExceptions.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2011 Apple Inc. All rights reserved.
+ * Copyright (C) 2011-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -35 +35 @@
 namespace LLInt {
 
-// Tells you where to jump to if you want to return-to-throw, after you've already
-// set up all information needed to throw the exception.
-Instruction* returnToThrowForThrownException(ExecState*);
-
 // Gives you a PC that you can tell the interpreter to go to, which when advanced
 // between 1 and 9 slots will give you an "instruction" that threads to the

trunk/Source/JavaScriptCore/llint/LLIntOfflineAsmConfig.h

@@ -168 +168 @@
 #endif
 
+#if USE(POINTER_PROFILING)
+#define OFFLINE_ASM_POINTER_PROFILING 1
+#else
+#define OFFLINE_ASM_POINTER_PROFILING 0
+#endif
+
 #define OFFLINE_ASM_GIGACAGE_ENABLED GIGACAGE_ENABLED

trunk/Source/JavaScriptCore/llint/LLIntOffsetsExtractor.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2012, 2015-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2012-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -52 +52 @@
 #include "NativeExecutable.h"
 #include "ProtoCallFrame.h"
+#include "PtrTag.h"
 #include "ShadowChicken.h"
 #include "Structure.h"

trunk/Source/JavaScriptCore/llint/LLIntPCRanges.h

@@ -26 +26 @@
 #pragma once
 
-#include <wtf/PointerPreparations.h>
+#include "PtrTag.h"
 
 namespace JSC {
@@ -41 +41 @@
 {
     uintptr_t pcAsInt = bitwise_cast<uintptr_t>(pc);
-    uintptr_t llintStart = bitwise_cast<uintptr_t>(WTF_PREPARE_FUNCTION_POINTER_FOR_EXECUTION(llintPCRangeStart));
-    uintptr_t llintEnd = bitwise_cast<uintptr_t>(WTF_PREPARE_FUNCTION_POINTER_FOR_EXECUTION(llintPCRangeEnd));
+    uintptr_t llintStart = untagCodePtr<uintptr_t>(llintPCRangeStart, CFunctionPtrTag);
+    uintptr_t llintEnd = untagCodePtr<uintptr_t>(llintPCRangeEnd, CFunctionPtrTag);
     RELEASE_ASSERT(llintStart < llintEnd);
     return llintStart <= pcAsInt && pcAsInt <= llintEnd;

trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2011-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2011-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -160 +160 @@
     } while (false)
 
-#define LLINT_CALL_END_IMPL(exec, callTarget) LLINT_RETURN_TWO((callTarget), (exec))
+#define LLINT_CALL_END_IMPL(exec, callTarget, callTargetTag) \
+    LLINT_RETURN_TWO(retagCodePtr((callTarget), callTargetTag, SlowPathPtrTag), (exec))
 
 #define LLINT_CALL_THROW(exec, exceptionToThrow) do {                   \
         ExecState* __ct_exec = (exec);                                  \
         throwException(__ct_exec, throwScope, exceptionToThrow);        \
-        LLINT_CALL_END_IMPL(0, callToThrow(__ct_exec));                 \
+        LLINT_CALL_END_IMPL(0, callToThrow(__ct_exec), ExceptionHandlerPtrTag);                 \
     } while (false)
 
@@ -173 +174 @@
         doExceptionFuzzingIfEnabled(__cce_exec, throwScope, "LLIntSlowPaths/call", nullptr); \
         if (UNLIKELY(throwScope.exception()))                           \
-            LLINT_CALL_END_IMPL(0, callToThrow(__cce_execCallee));      \
+            LLINT_CALL_END_IMPL(0, callToThrow(__cce_execCallee), ExceptionHandlerPtrTag); \
     } while (false)
 
-#define LLINT_CALL_RETURN(exec, execCallee, callTarget) do {            \
+#define LLINT_CALL_RETURN(exec, execCallee, callTarget, callTargetTag) do { \
         ExecState* __cr_exec = (exec);                                  \
         ExecState* __cr_execCallee = (execCallee);                      \
         void* __cr_callTarget = (callTarget);                           \
         LLINT_CALL_CHECK_EXCEPTION(__cr_exec, __cr_execCallee);         \
-        LLINT_CALL_END_IMPL(__cr_execCallee, __cr_callTarget);          \
+        LLINT_CALL_END_IMPL(__cr_execCallee, __cr_callTarget, callTargetTag); \
     } while (false)
 
@@ -284 +285 @@
     if (opcodeID == op_enter) {
         dataLogF("Frame will eventually return to %p\n", exec->returnPC().value());
-        *bitwise_cast<volatile char*>(exec->returnPC().value());
+        *removeCodePtrTag<volatile char*>(exec->returnPC().value());
     }
     if (opcodeID == op_ret) {
@@ -1326 +1327 @@
             
             PoisonedMasmPtr::assertIsNotPoisoned(LLInt::getCodePtr(getHostCallReturnValue));
-            LLINT_CALL_RETURN(execCallee, execCallee, LLInt::getCodePtr(getHostCallReturnValue));
+            LLINT_CALL_RETURN(execCallee, execCallee, LLInt::getCodePtr(getHostCallReturnValue), CFunctionPtrTag);
         }
         
@@ -1350 +1351 @@
 
         PoisonedMasmPtr::assertIsNotPoisoned(LLInt::getCodePtr(getHostCallReturnValue));
-        LLINT_CALL_RETURN(execCallee, execCallee, LLInt::getCodePtr(getHostCallReturnValue));
+        LLINT_CALL_RETURN(execCallee, execCallee, LLInt::getCodePtr(getHostCallReturnValue), CFunctionPtrTag);
     }
     
@@ -1387 +1388 @@
                 callLinkInfo->lastSeenCallee.set(vm, callerCodeBlock, internalFunction);
                 callLinkInfo->machineCodeTarget = codePtr;
+                callLinkInfo->callPtrTag = InternalFunctionPtrTag;
             }
 
             PoisonedMasmPtr::assertIsNotPoisoned(codePtr.executableAddress());
-            LLINT_CALL_RETURN(exec, execCallee, codePtr.executableAddress());
+            LLINT_CALL_RETURN(exec, execCallee, codePtr.executableAddress(), InternalFunctionPtrTag);
         }
         throwScope.release();
@@ -1399 +1401 @@
     ExecutableBase* executable = callee->executable();
 
+    PtrTag callPtrTag = NoPtrTag;
     MacroAssemblerCodePtr codePtr;
     CodeBlock* codeBlock = 0;
     if (executable->isHostFunction()) {
         codePtr = executable->entrypointFor(kind, MustCheckArity);
+        callPtrTag = NativeCodePtrTag;
     } else {
         FunctionExecutable* functionExecutable = static_cast<FunctionExecutable*>(executable);
@@ -1417 +1421 @@
         ASSERT(codeBlock);
         ArityCheckMode arity;
-        if (execCallee->argumentCountIncludingThis() < static_cast<size_t>(codeBlock->numParameters()))
+        if (execCallee->argumentCountIncludingThis() < static_cast<size_t>(codeBlock->numParameters())) {
             arity = MustCheckArity;
-        else
+            callPtrTag = CodeEntryWithArityCheckPtrTag;
+        } else {
             arity = ArityCheckNotRequired;
+            callPtrTag = CodeEntryPtrTag;
+        }
         codePtr = functionExecutable->entrypointFor(kind, arity);
     }
@@ -1436 +1443 @@
         callLinkInfo->lastSeenCallee.set(vm, callerCodeBlock, callee);
         callLinkInfo->machineCodeTarget = codePtr;
+        RELEASE_ASSERT(callPtrTag != NoPtrTag);
+        callLinkInfo->callPtrTag = callPtrTag;
         if (codeBlock)
             codeBlock->linkIncomingCall(exec, callLinkInfo);
@@ -1441 +1450 @@
 
     PoisonedMasmPtr::assertIsNotPoisoned(codePtr.executableAddress());
-    LLINT_CALL_RETURN(exec, execCallee, codePtr.executableAddress());
+    LLINT_CALL_RETURN(exec, execCallee, codePtr.executableAddress(), callPtrTag);
 }
 
@@ -1581 +1590 @@
     
     vm.hostCallReturnValue = eval(execCallee);
-    LLINT_CALL_RETURN(exec, execCallee, LLInt::getCodePtr(getHostCallReturnValue));
+    LLINT_CALL_RETURN(exec, execCallee, LLInt::getCodePtr(getHostCallReturnValue), CFunctionPtrTag);
 }
 

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter.asm

@@ -260 +260 @@
 const ArithProfileNumberNumber = 0x900000
 const ArithProfileIntNumber = 0x500000
+
+# Pointer Tags
+const BytecodePtrTag = constexpr BytecodePtrTag
+const CodeEntryPtrTag = constexpr CodeEntryPtrTag
+const CodeEntryWithArityCheckPtrTag = constexpr CodeEntryWithArityCheckPtrTag
+const ExceptionHandlerPtrTag = constexpr ExceptionHandlerPtrTag
+const InternalFunctionPtrTag = constexpr InternalFunctionPtrTag
+const NativeCodePtrTag = constexpr NativeCodePtrTag
+const NoPtrTag = constexpr NoPtrTag
+const SlowPathPtrTag = constexpr SlowPathPtrTag
 
 # Some register conventions.
@@ -786 +796 @@
 
 macro functionPrologue()
+    tagReturnAddress sp
     if X86 or X86_WIN or X86_64 or X86_64_WIN
         push cfr
@@ -835 +846 @@
 end
 
-macro callTargetFunction(callee)
+macro callTargetFunction(callee, callPtrTag)
     if C_LOOP
         cloopCallJSFunction callee
     else
-        call callee
+        call callee, callPtrTag
     end
     restoreStackPointerAfterCall()
@@ -845 +856 @@
 end
 
-macro prepareForRegularCall(callee, temp1, temp2, temp3)
+macro prepareForRegularCall(callee, temp1, temp2, temp3, prepareCallPtrTag)
     addp CallerFrameAndPCSize, sp
 end
 
 # sp points to the new frame
-macro prepareForTailCall(callee, temp1, temp2, temp3)
+macro prepareForTailCall(callee, temp1, temp2, temp3, prepareCallPtrTag)
     restoreCalleeSavesUsedByLLInt()
 
@@ -885 +896 @@
     end
 
+    if POINTER_PROFILING
+        addp 16, cfr, temp3
+        untagReturnAddress temp3
+    end
+
     subp temp2, temp1
     loadp [cfr], cfr
@@ -894 +910 @@
     btinz temp2, .copyLoop
 
+    prepareCallPtrTag(temp2)
     move temp1, sp
-    jmp callee
+    jmp callee, temp2
 end
 
@@ -905 +922 @@
             btpz calleeFramePtr, .dontUpdateSP
             move calleeFramePtr, sp
-            prepareCall(callee, t2, t3, t4)
+            prepareCall(callee, t2, t3, t4, macro (callPtrTagReg)
+                if POINTER_PROFILING
+                    move SlowPathPtrTag, callPtrTagReg
+                end
+            end)
         .dontUpdateSP:
-            callTargetFunction(callee)
+            callTargetFunction(callee, SlowPathPtrTag)
         end)
 end
@@ -989 +1010 @@
 macro prologue(codeBlockGetter, codeBlockSetter, osrSlowPath, traceSlowPath)
     # Set up the call frame and check if we should OSR.
+    tagReturnAddress sp
     preserveCallerPCAndCFR()
 
@@ -1023 +1045 @@
             pop cfr
         end
-        jmp r0
+        jmp r0, CodeEntryPtrTag
     .recover:
         codeBlockGetter(t1, t2)
@@ -1141 +1163 @@
     _vmEntryToJavaScript:
 end
-    doVMEntry(makeJavaScriptCall)
+    doVMEntry(makeJavaScriptCall, CodeEntryPtrTag, CodeEntryWithArityCheckPtrTag)
 
 
@@ -1150 +1172 @@
     _vmEntryToNative:
 end
-    doVMEntry(makeHostFunctionCall)
+    doVMEntry(makeHostFunctionCall, NativeCodePtrTag, NativeCodePtrTag)
 
 
@@ -1157 +1179 @@
     global _sanitizeStackForVMImpl
     _sanitizeStackForVMImpl:
+        tagReturnAddress sp
         # We need three non-aliased caller-save registers. We are guaranteed
         # this for a0, a1 and a2 on all architectures.
@@ -1174 +1197 @@
         addp PtrSize, address
         bpa sp, address, .zeroFillLoop
-    
+
     .zeroFillDone:
         move sp, address
@@ -1183 +1206 @@
     global _vmEntryRecord
     _vmEntryRecord:
+        tagReturnAddress sp
         if X86 or X86_WIN
             loadp 4[sp], a0

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm

@@ -97 +97 @@
 end
 
-macro doVMEntry(makeCall)
+macro doVMEntry(makeCall, unused1, unused2)
     functionPrologue()
     pushCalleeSaves()
@@ -1958 +1958 @@
     storei CellTag, Callee + TagOffset[t3]
     move t3, sp
-    prepareCall(LLIntCallLinkInfo::machineCodeTarget[t1], t2, t3, t4)
-    callTargetFunction(LLIntCallLinkInfo::machineCodeTarget[t1])
+    prepareCall(LLIntCallLinkInfo::machineCodeTarget[t1], t2, t3, t4, macro (callPtrTag) end)
+    callTargetFunction(LLIntCallLinkInfo::machineCodeTarget[t1], NoPtrTag)
 
 .opCallSlow:

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm

@@ -25 +25 @@
 # Utilities.
 macro jumpToInstruction()
-    jmp [PB, PC, 8]
+    jmp [PB, PC, 8], BytecodePtrTag
 end
 
@@ -93 +93 @@
         subp 32, sp 
         call function
-        addp 32, sp 
+        addp 32, sp
     else
         cCall2(function)
@@ -116 +116 @@
 end
 
-macro doVMEntry(makeCall)
+macro doVMEntry(makeCall, callTag, callWithArityCheckTag)
     functionPrologue()
     pushCalleeSaves()
@@ -226 +226 @@
     checkStackPointerAlignment(extraTempReg, 0xbad0dc02)
 
-    makeCall(entry, t3)
+    if POINTER_PROFILING
+        btbnz ProtoCallFrame::hasArityMismatch[protoCallFrame], .doCallWithArityCheck
+        move callTag, t2
+        jmp .readyToCall
+    .doCallWithArityCheck:
+        move callWithArityCheckTag, t2
+    .readyToCall:
+    end
+
+    makeCall(entry, t3, t2)
 
     # We may have just made a call into a JS function, so we can't rely on sp
@@ -250 +259 @@
 
 
-macro makeJavaScriptCall(entry, temp)
+macro makeJavaScriptCall(entry, temp, callTag)
     addp 16, sp
     if C_LOOP
         cloopCallJSFunction entry
     else
-        call entry
+        call entry, callTag
     end
     subp 16, sp
@@ -261 +270 @@
 
 
-macro makeHostFunctionCall(entry, temp)
+macro makeHostFunctionCall(entry, temp, callTag)
     move entry, temp
     storep cfr, [sp]
@@ -271 +280 @@
         # We need to allocate 32 bytes on the stack for the shadow space.
         subp 32, sp
-        call temp
+        call temp, callTag
         addp 32, sp
     else
-        call temp
+        call temp, callTag
     end
 end
@@ -371 +380 @@
             btpz r0, .recover
             move r1, sp
-            jmp r0
+            jmp r0, CodeEntryPtrTag
         .recover:
             loadi ArgumentCount + TagOffset[cfr], PC
@@ -544 +553 @@
 
 .noExtraSlot:
+    if POINTER_PROFILING
+        if ARM64
+            loadp 8[cfr], lr
+        end
+
+        addp 16, cfr, t3
+        untagReturnAddress t3
+    end
+
     // Move frame up t1 slots
     negq t1
@@ -566 +584 @@
     addp 8, t3
     baddinz 1, t2, .fillLoop
+
+    if POINTER_PROFILING
+        addp 16, cfr, t1
+        tagReturnAddress t1
+
+        if ARM64
+            storep lr, 8[cfr]
+        end
+    end
 
 .continue:
@@ -1957 +1984 @@
     loadisFromInstruction(2, t0)
     loadpFromInstruction(5, t1)
+    if POINTER_PROFILING
+        move t1, t5
+    end
     loadp LLIntCallLinkInfo::callee[t1], t2
     loadConstantOrVariable(t0, t3)
@@ -1972 +2002 @@
         loadp _g_JITCodePoison, t2
         xorp LLIntCallLinkInfo::machineCodeTarget[t1], t2
-        prepareCall(t2, t1, t3, t4)
-        callTargetFunction(t2)
+        prepareCall(t2, t1, t3, t4, macro (callPtrTag)
+            if POINTER_PROFILING
+                loadp LLIntCallLinkInfo::callPtrTag[t5], callPtrTag
+            end
+        end)
+        if POINTER_PROFILING
+            loadp LLIntCallLinkInfo::callPtrTag[t5], t3
+        end
+        callTargetFunction(t2, t3)
     else
-        prepareCall(LLIntCallLinkInfo::machineCodeTarget[t1], t2, t3, t4)
-        callTargetFunction(LLIntCallLinkInfo::machineCodeTarget[t1])
+        prepareCall(LLIntCallLinkInfo::machineCodeTarget[t1], t2, t3, t4, macro (callPtrTag)
+            if POINTER_PROFILING
+                loadp LLIntCallLinkInfo::callPtrTag[t5], callPtrTag
+            end
+        end)
+        if POINTER_PROFILING
+            loadp LLIntCallLinkInfo::callPtrTag[t5], t3
+        end
+        callTargetFunction(LLIntCallLinkInfo::machineCodeTarget[t1], t3)
     end
 
@@ -2076 +2120 @@
     andp MarkedBlockMask, t1
     loadp MarkedBlockFooterOffset + MarkedBlock::Footer::m_vm[t1], t1
-    jmp VM::targetMachinePCForThrow[t1]
+    jmp VM::targetMachinePCForThrow[t1], ExceptionHandlerPtrTag
 
 
@@ -2107 +2151 @@
         if X86_64_WIN
             subp 32, sp
-            call executableOffsetToFunction[t1]
+            call executableOffsetToFunction[t1], NativeCodePtrTag
             addp 32, sp
         else
             loadp _g_NativeCodePoison, t2
             xorp executableOffsetToFunction[t1], t2
-            call t2
+            call t2, NativeCodePtrTag
         end
     end
@@ -2150 +2194 @@
         if X86_64_WIN
             subp 32, sp
-            call offsetOfFunction[t1]
+            call offsetOfFunction[t1], InternalFunctionPtrTag
             addp 32, sp
         else
             loadp _g_NativeCodePoison, t2
             xorp offsetOfFunction[t1], t2
-            call t2
+            call t2, InternalFunctionPtrTag
         end
     end

trunk/Source/JavaScriptCore/offlineasm/ast.rb

@@ -930 +930 @@
         when "emit"
             $asm.puts "#{operands[0].dump}"
+        when "tagReturnAddress", "untagReturnAddress"
         else
             raise "Unhandled opcode #{opcode} at #{codeOriginString}"

trunk/Source/JavaScriptCore/offlineasm/instructions.rb

@@ -1 @@
-# Copyright (C) 2011 Apple Inc. All rights reserved.
+# Copyright (C) 2011-2018 Apple Inc. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -250 +250 @@
      "leai",
      "leap",
-     "memfence"
+     "memfence",
+     "tagReturnAddress",
+     "untagReturnAddress",
+     "removeCodePtrTag"
     ]
 

trunk/Source/JavaScriptCore/offlineasm/risc.rb

@@ -449 +449 @@
 def riscLowerMisplacedAddresses(list)
     newList = []
-    list.each {
-        | node |
-        if node.is_a? Instruction
+    hasBackendSpecificLowering = Instruction.respond_to? "lowerMisplacedAddresses#{$activeBackend}"
+    list.each {
+        | node |
+        if node.is_a? Instruction
+            if hasBackendSpecificLowering
+                wasHandled, newList = Instruction.send("lowerMisplacedAddresses#{$activeBackend}", node, newList)
+                next if wasHandled
+            end
+
             postInstructions = []
             annotation = node.annotation

trunk/Source/WTF/ChangeLog

@@ +1 @@
+2018-03-09  Mark Lam  <mark.lam@apple.com>
+
+        [Re-landing] Prepare LLInt code to support pointer profiling.
+        https://bugs.webkit.org/show_bug.cgi?id=183387
+        <rdar://problem/38199678>
+
+        Reviewed by JF Bastien.
+
+        * wtf/Platform.h:
+
 2018-03-08  Commit Queue  <commit-queue@webkit.org>
 

trunk/Source/WTF/wtf/Platform.h

@@ -1013 +1013 @@
 #endif
 
+#if !defined(USE_POINTER_PROFILING) || USE(JSVALUE32_64) || !ENABLE(JIT)
+#undef USE_POINTER_PROFILING
+#define USE_POINTER_PROFILING 0
+#endif
+
 /* CSS Selector JIT Compiler */
 #if !defined(ENABLE_CSS_SELECTOR_JIT)