| author | Daniel Varga <dvarga@mozilla.com> |
| Tue, 23 Oct 2018 00:23:41 +0300 | |
| changeset 442389 | 540bd4c32be5831ae94a1db1a437d2d8eea04647 |
| parent 442388 | 1eaa48d8b75d4534ca251da7f37457914494d58e |
| child 442390 | 6fcb74d1393cd5f6524e19a3b71208cf35ac5ec2 |
| push id | 109161 |
| push user | dvarga@mozilla.com |
| push date | Mon, 22 Oct 2018 21:24:17 +0000 |
| treeherder | mozilla-inbound@540bd4c32be5 [default view] [failures only] |
| perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
| bugs | 1498371, 1498047 |
| milestone | 65.0a1 |
| backs out | 1eaa48d8b75d4534ca251da7f37457914494d58e 9e28ac6527a99480d97fb5ac353a41f57a0456e0 |
| first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| js/src/jit/arm64/CodeGenerator-arm64.cpp | file | annotate | diff | comparison | revisions | |
| js/src/jit/arm64/Trampoline-arm64.cpp | file | annotate | diff | comparison | revisions |
--- a/js/src/jit/arm64/CodeGenerator-arm64.cpp +++ b/js/src/jit/arm64/CodeGenerator-arm64.cpp @@ -949,40 +949,23 @@ void CodeGenerator::visitCompareBAndBranch(LCompareBAndBranch* lir) { MOZ_CRASH("visitCompareBAndBranch"); } void CodeGenerator::visitCompareBitwise(LCompareBitwise* lir) { - MCompare* mir = lir->mir(); - Assembler::Condition cond = JSOpToCondition(mir->compareType(), mir->jsop()); - const ValueOperand lhs = ToValue(lir, LCompareBitwise::LhsInput); - const ValueOperand rhs = ToValue(lir, LCompareBitwise::RhsInput); - const Register output = ToRegister(lir->output()); - - MOZ_ASSERT(IsEqualityOp(mir->jsop())); - - masm.cmpPtrSet(cond, lhs.valueReg(), rhs.valueReg(), output); + MOZ_CRASH("visitCompareBitwise"); } void CodeGenerator::visitCompareBitwiseAndBranch(LCompareBitwiseAndBranch* lir) { - MCompare* mir = lir->cmpMir(); - Assembler::Condition cond = JSOpToCondition(mir->compareType(), mir->jsop()); - const ValueOperand lhs = ToValue(lir, LCompareBitwiseAndBranch::LhsInput); - const ValueOperand rhs = ToValue(lir, LCompareBitwiseAndBranch::RhsInput); - - MOZ_ASSERT(mir->jsop() == JSOP_EQ || mir->jsop() == JSOP_STRICTEQ || - mir->jsop() == JSOP_NE || mir->jsop() == JSOP_STRICTNE); - - masm.cmpPtr(lhs.valueReg(), rhs.valueReg()); - emitBranch(cond, lir->ifTrue(), lir->ifFalse()); + MOZ_CRASH("visitCompareBitwiseAndBranch"); } void CodeGenerator::visitBitAndAndBranch(LBitAndAndBranch* baab) { MOZ_CRASH("visitBitAndAndBranch"); } @@ -1035,19 +1018,16 @@ CodeGeneratorARM64::generateInvalidateEp // Ensure that there is enough space in the buffer for the OsiPoint patching // to occur. Otherwise, we could overwrite the invalidation epilogue. for (size_t i = 0; i < sizeof(void*); i += Assembler::NopSize()) { masm.nop(); } masm.bind(&invalidate_); - // Push the return address of the point that we bailout out onto the stack. - masm.push(lr); - // Push the Ion script onto the stack (when we determine what that pointer is). invalidateEpilogueData_ = masm.pushWithPatch(ImmWord(uintptr_t(-1))); TrampolinePtr thunk = gen->jitRuntime()->getInvalidationThunk(); masm.call(thunk); // We should never reach this point in JIT code -- the invalidation thunk // should pop the invalidated JS frame and return directly to its caller.
--- a/js/src/jit/arm64/Trampoline-arm64.cpp +++ b/js/src/jit/arm64/Trampoline-arm64.cpp @@ -15,16 +15,24 @@ #include "jit/VMFunctions.h" #include "jit/MacroAssembler-inl.h" #include "jit/SharedICHelpers-inl.h" using namespace js; using namespace js::jit; +// All registers to save and restore. This includes the stack pointer, since we +// use the ability to reference register values on the stack by index. +// TODO: This is almost certainly incorrect. +// TODO: All uses need auditing. +static const LiveRegisterSet AllRegs = + LiveRegisterSet(GeneralRegisterSet(Registers::AllMask & ~(1 << 31 | 1 << 30 | 1 << 29| 1 << 28)), + FloatRegisterSet(FloatRegisters::AllMask)); + /* This method generates a trampoline on ARM64 for a c++ function with * the following signature: * bool blah(void* code, int argc, Value* argv, JSObject* scopeChain, Value* vp) * ...using standard AArch64 calling convention */ void JitRuntime::generateEnterJIT(JSContext* cx, MacroAssembler& masm) { @@ -266,57 +274,24 @@ JitRuntime::generateEnterJIT(JSContext* // Return using the value popped into x30. masm.abiret(); // Reset stack pointer. masm.SetStackPointer64(PseudoStackPointer64); } -static void -PushRegisterDump(MacroAssembler& masm) -{ - const LiveRegisterSet First28GeneralRegisters = - LiveRegisterSet(GeneralRegisterSet( - Registers::AllMask & ~(1 << 31 | 1 << 30 | 1 << 29 | 1 << 28)), - FloatRegisterSet(FloatRegisters::NoneMask)); - - const LiveRegisterSet AllFloatRegisters = - LiveRegisterSet(GeneralRegisterSet(Registers::NoneMask), - FloatRegisterSet(FloatRegisters::AllMask)); - - // Push all general-purpose registers. - // - // The ARM64 ABI does not treat SP as a normal register that can - // be pushed. So pushing happens in two phases. - // - // Registers are pushed in reverse order of code. - - // First, push the last four registers, passing zero for sp. - // Zero is pushed for x28 and x31: the pseudo-SP and SP, respectively. - masm.asVIXL().Push(xzr, x30, x29, xzr); - - // Second, push the first 28 registers that serve no special purpose. - masm.PushRegsInMask(First28GeneralRegisters); - - // Finally, push all floating-point registers, completing the RegisterDump. - masm.PushRegsInMask(AllFloatRegisters); -} - void JitRuntime::generateInvalidator(MacroAssembler& masm, Label* bailoutTail) { invalidatorOffset_ = startTrampolineCode(masm); - // The InvalidationBailoutStack saved in r0 must be: - // - osiPointReturnAddress_ - // - ionScript_ (pushed by CodeGeneratorARM64::generateInvalidateEpilogue()) - // - regs_ (pushed here) - // - fpregs_ (pushed here) [=r0] - PushRegisterDump(masm); + masm.push(r0, r1, r2, r3); + + masm.PushRegsInMask(AllRegs); masm.moveStackPtrTo(r0); masm.Sub(x1, masm.GetStackPointer64(), Operand(sizeof(size_t))); masm.Sub(x2, masm.GetStackPointer64(), Operand(sizeof(size_t) + sizeof(void*))); masm.moveToStackPtr(r2); masm.setupUnalignedABICall(r10); masm.passABIArg(r0); @@ -439,22 +414,48 @@ JitRuntime::generateArgumentsRectifier(M // Pop the return address from earlier and branch. masm.ret(); } static void PushBailoutFrame(MacroAssembler& masm, Register spArg) { + const LiveRegisterSet First28GeneralRegisters = + LiveRegisterSet(GeneralRegisterSet( + Registers::AllMask & ~(1 << 31 | 1 << 30 | 1 << 29 | 1 << 28)), + FloatRegisterSet(FloatRegisters::NoneMask)); + + const LiveRegisterSet AllFloatRegisters = + LiveRegisterSet(GeneralRegisterSet(Registers::NoneMask), + FloatRegisterSet(FloatRegisters::AllMask)); + + // Push all general-purpose registers. + // + // The bailout frame expects all registers to be present, including SP. + // But the ARM64 ABI does not treat SP as a normal register that can + // be pushed. So pushing happens in two phases. + // + // Registers are pushed in reverse order of code. + + // First, push the last four registers, passing zero for sp. + // Zero is pushed for x28 and x31: the pseudo-SP and SP, respectively. + masm.asVIXL().Push(xzr, x30, x29, xzr); + + // Second, push the first 28 registers that serve no special purpose. + masm.PushRegsInMask(First28GeneralRegisters); + + // Finally, push all floating-point registers, completing the BailoutStack. + masm.PushRegsInMask(AllFloatRegisters); + // The stack saved in spArg must be (higher entries have higher memory addresses): // - snapshotOffset_ // - frameSize_ // - regs_ // - fpregs_ (spArg + 0) - PushRegisterDump(masm); masm.moveStackPtrTo(spArg); } static void GenerateBailoutThunk(MacroAssembler& masm, Label* bailoutTail) { PushBailoutFrame(masm, r0);