[turbofan] Better checking of code start register.

This decouples the checking of the {kJavaScriptCallCodeStartRegister}
from the deoptimization checks. We now rely more heavily on the above
register and should check its validity more broadly. Note that there
also is a bug fix for the ARM port contained in this change.

R=mvstanton@chromium.org

Change-Id: I27d8b72cb2b36a85dae4bbbf35e4dbcf150eac01
Reviewed-on: https://chromium-review.googlesource.com/916242
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51270}
This commit is contained in:
Michael Starzinger 2018-02-13 13:54:59 +01:00 committed by Commit Bot
parent a740255899
commit 5586ecfc68
10 changed files with 110 additions and 87 deletions

View File

@ -578,6 +578,17 @@ void CodeGenerator::AssembleTailCallAfterGap(Instruction* instr,
first_unused_stack_slot); first_unused_stack_slot);
} }
// Check that {kJavaScriptCallCodeStartRegister} is correct.
void CodeGenerator::AssembleCodeStartRegisterCheck() {
UseScratchRegisterScope temps(tasm());
Register scratch = temps.Acquire();
int pc_offset = __ pc_offset();
// We can use the register pc - 8 for the address of the current instruction.
__ sub(scratch, pc, Operand(pc_offset + TurboAssembler::kPcLoadDelta));
__ cmp(scratch, kJavaScriptCallCodeStartRegister);
__ Assert(eq, AbortReason::kWrongFunctionCodeStart);
}
// Check if the code object is marked for deoptimization. If it is, then it // Check if the code object is marked for deoptimization. If it is, then it
// jumps to the CompileLazyDeoptimizedCode builtin. In order to do this we need // jumps to the CompileLazyDeoptimizedCode builtin. In order to do this we need
// to: // to:
@ -588,16 +599,6 @@ void CodeGenerator::AssembleTailCallAfterGap(Instruction* instr,
void CodeGenerator::BailoutIfDeoptimized() { void CodeGenerator::BailoutIfDeoptimized() {
UseScratchRegisterScope temps(tasm()); UseScratchRegisterScope temps(tasm());
Register scratch = temps.Acquire(); Register scratch = temps.Acquire();
if (FLAG_debug_code) {
// Check that {kJavaScriptCallCodeStartRegister} is correct.
int pc_offset = __ pc_offset();
// We can use the register pc - 8 for the address of the current
// instruction.
__ add(scratch, pc, Operand(pc_offset - TurboAssembler::kPcLoadDelta));
__ cmp(scratch, kJavaScriptCallCodeStartRegister);
__ Assert(eq, AbortReason::kWrongFunctionCodeStart);
}
int offset = Code::kCodeDataContainerOffset - Code::kHeaderSize; int offset = Code::kCodeDataContainerOffset - Code::kHeaderSize;
__ ldr(scratch, MemOperand(kJavaScriptCallCodeStartRegister, offset)); __ ldr(scratch, MemOperand(kJavaScriptCallCodeStartRegister, offset));
__ ldr(scratch, __ ldr(scratch,
@ -612,10 +613,9 @@ void CodeGenerator::GenerateSpeculationPoison() {
UseScratchRegisterScope temps(tasm()); UseScratchRegisterScope temps(tasm());
Register scratch = temps.Acquire(); Register scratch = temps.Acquire();
// We can use the register pc - 8 for the address of the current // We can use the register pc - 8 for the address of the current instruction.
// instruction.
int pc_offset = __ pc_offset(); int pc_offset = __ pc_offset();
__ add(scratch, pc, Operand(pc_offset - TurboAssembler::kPcLoadDelta)); __ sub(scratch, pc, Operand(pc_offset + TurboAssembler::kPcLoadDelta));
// Calculate a mask which has all bits set in the normal case, but has all // Calculate a mask which has all bits set in the normal case, but has all
// bits cleared if we are speculatively executing the wrong PC. // bits cleared if we are speculatively executing the wrong PC.

View File

@ -533,6 +533,16 @@ void CodeGenerator::AssembleTailCallAfterGap(Instruction* instr,
} }
} }
// Check that {kJavaScriptCallCodeStartRegister} is correct.
void CodeGenerator::AssembleCodeStartRegisterCheck() {
UseScratchRegisterScope temps(tasm());
Register scratch = temps.AcquireX();
int pc_offset = __ pc_offset();
__ adr(scratch, -pc_offset);
__ cmp(scratch, kJavaScriptCallCodeStartRegister);
__ Assert(eq, AbortReason::kWrongFunctionCodeStart);
}
// Check if the code object is marked for deoptimization. If it is, then it // Check if the code object is marked for deoptimization. If it is, then it
// jumps to the CompileLazyDeoptimizedCode builtin. In order to do this we need // jumps to the CompileLazyDeoptimizedCode builtin. In order to do this we need
// to: // to:
@ -543,14 +553,6 @@ void CodeGenerator::AssembleTailCallAfterGap(Instruction* instr,
void CodeGenerator::BailoutIfDeoptimized() { void CodeGenerator::BailoutIfDeoptimized() {
UseScratchRegisterScope temps(tasm()); UseScratchRegisterScope temps(tasm());
Register scratch = temps.AcquireX(); Register scratch = temps.AcquireX();
if (FLAG_debug_code) {
// Check that {kJavaScriptCallCodeStartRegister} is correct.
int pc_offset = __ pc_offset();
__ adr(scratch, -pc_offset);
__ cmp(scratch, kJavaScriptCallCodeStartRegister);
__ Assert(eq, AbortReason::kWrongFunctionCodeStart);
}
int offset = Code::kCodeDataContainerOffset - Code::kHeaderSize; int offset = Code::kCodeDataContainerOffset - Code::kHeaderSize;
__ Ldr(scratch, MemOperand(kJavaScriptCallCodeStartRegister, offset)); __ Ldr(scratch, MemOperand(kJavaScriptCallCodeStartRegister, offset));
__ Ldr(scratch, __ Ldr(scratch,

View File

@ -148,6 +148,12 @@ void CodeGenerator::AssembleCode() {
ProfileEntryHookStub::MaybeCallEntryHookDelayed(tasm(), zone()); ProfileEntryHookStub::MaybeCallEntryHookDelayed(tasm(), zone());
} }
// Check that {kJavaScriptCallCodeStartRegister} has been set correctly.
if (FLAG_debug_code & (info->code_kind() == Code::OPTIMIZED_FUNCTION ||
info->code_kind() == Code::BYTECODE_HANDLER)) {
AssembleCodeStartRegisterCheck();
}
if (info->is_speculation_poison_enabled()) { if (info->is_speculation_poison_enabled()) {
GenerateSpeculationPoison(); GenerateSpeculationPoison();
} }

View File

@ -179,6 +179,10 @@ class CodeGenerator final : public GapResolver::Assembler {
void AssembleArchLookupSwitch(Instruction* instr); void AssembleArchLookupSwitch(Instruction* instr);
void AssembleArchTableSwitch(Instruction* instr); void AssembleArchTableSwitch(Instruction* instr);
// Generates code that checks whether the {kJavaScriptCallCodeStartRegister}
// contains the expected pointer to the start of the instruction stream.
void AssembleCodeStartRegisterCheck();
// When entering a code that is marked for deoptimization, rather continuing // When entering a code that is marked for deoptimization, rather continuing
// with its execution, we jump to a lazy compiled code. We need to do this // with its execution, we jump to a lazy compiled code. We need to do this
// because this code has already been deoptimized and needs to be unlinked // because this code has already been deoptimized and needs to be unlinked

View File

@ -495,17 +495,9 @@ void CodeGenerator::AssembleTailCallAfterGap(Instruction* instr,
first_unused_stack_slot); first_unused_stack_slot);
} }
// Check if the code object is marked for deoptimization. If it is, then it
// jumps to the CompileLazyDeoptimizedCode builtin. In order to do this we need
// to:
// 1. read from memory the word that contains that bit, which can be found in
// the flags in the referenced {CodeDataContainer} object;
// 2. test kMarkedForDeoptimizationBit in those flags; and
// 3. if it is not zero then it jumps to the builtin.
void CodeGenerator::BailoutIfDeoptimized() {
if (FLAG_debug_code) {
__ push(eax); // Push eax so we can use it as a scratch register.
// Check that {kJavaScriptCallCodeStartRegister} is correct. // Check that {kJavaScriptCallCodeStartRegister} is correct.
void CodeGenerator::AssembleCodeStartRegisterCheck() {
__ push(eax); // Push eax so we can use it as a scratch register.
Label current; Label current;
__ call(&current); __ call(&current);
int pc = __ pc_offset(); int pc = __ pc_offset();
@ -520,6 +512,14 @@ void CodeGenerator::BailoutIfDeoptimized() {
__ pop(eax); // Restore eax. __ pop(eax); // Restore eax.
} }
// Check if the code object is marked for deoptimization. If it is, then it
// jumps to the CompileLazyDeoptimizedCode builtin. In order to do this we need
// to:
// 1. read from memory the word that contains that bit, which can be found in
// the flags in the referenced {CodeDataContainer} object;
// 2. test kMarkedForDeoptimizationBit in those flags; and
// 3. if it is not zero then it jumps to the builtin.
void CodeGenerator::BailoutIfDeoptimized() {
int offset = Code::kCodeDataContainerOffset - Code::kHeaderSize; int offset = Code::kCodeDataContainerOffset - Code::kHeaderSize;
__ mov(ecx, Operand(kJavaScriptCallCodeStartRegister, offset)); __ mov(ecx, Operand(kJavaScriptCallCodeStartRegister, offset));
__ test(FieldOperand(ecx, CodeDataContainer::kKindSpecificFlagsOffset), __ test(FieldOperand(ecx, CodeDataContainer::kKindSpecificFlagsOffset),

View File

@ -618,16 +618,8 @@ void CodeGenerator::AssembleTailCallAfterGap(Instruction* instr,
first_unused_stack_slot); first_unused_stack_slot);
} }
// Check if the code object is marked for deoptimization. If it is, then it
// jumps to the CompileLazyDeoptimizedCode builtin. In order to do this we need
// to:
// 1. read from memory the word that contains that bit, which can be found in
// the flags in the referenced {CodeDataContainer} object;
// 2. test kMarkedForDeoptimizationBit in those flags; and
// 3. if it is not zero then it jumps to the builtin.
void CodeGenerator::BailoutIfDeoptimized() {
if (FLAG_debug_code) {
// Check that {kJavaScriptCallCodeStartRegister} is correct. // Check that {kJavaScriptCallCodeStartRegister} is correct.
void CodeGenerator::AssembleCodeStartRegisterCheck() {
Label current; Label current;
// This push on ra and the pop below together ensure that we restore the // This push on ra and the pop below together ensure that we restore the
// register ra, which is needed while computing frames for deoptimization. // register ra, which is needed while computing frames for deoptimization.
@ -644,6 +636,15 @@ void CodeGenerator::BailoutIfDeoptimized() {
kJavaScriptCallCodeStartRegister, Operand(at)); kJavaScriptCallCodeStartRegister, Operand(at));
__ pop(ra); __ pop(ra);
} }
// Check if the code object is marked for deoptimization. If it is, then it
// jumps to the CompileLazyDeoptimizedCode builtin. In order to do this we need
// to:
// 1. read from memory the word that contains that bit, which can be found in
// the flags in the referenced {CodeDataContainer} object;
// 2. test kMarkedForDeoptimizationBit in those flags; and
// 3. if it is not zero then it jumps to the builtin.
void CodeGenerator::BailoutIfDeoptimized() {
int offset = Code::kCodeDataContainerOffset - Code::kHeaderSize; int offset = Code::kCodeDataContainerOffset - Code::kHeaderSize;
__ lw(a2, MemOperand(kJavaScriptCallCodeStartRegister, offset)); __ lw(a2, MemOperand(kJavaScriptCallCodeStartRegister, offset));
__ lw(a2, FieldMemOperand(a2, CodeDataContainer::kKindSpecificFlagsOffset)); __ lw(a2, FieldMemOperand(a2, CodeDataContainer::kKindSpecificFlagsOffset));

View File

@ -634,16 +634,8 @@ void CodeGenerator::AssembleTailCallAfterGap(Instruction* instr,
first_unused_stack_slot); first_unused_stack_slot);
} }
// Check if the code object is marked for deoptimization. If it is, then it
// jumps to the CompileLazyDeoptimizedCode builtin. In order to do this we need
// to:
// 1. read from memory the word that contains that bit, which can be found in
// the flags in the referenced {CodeDataContainer} object;
// 2. test kMarkedForDeoptimizationBit in those flags; and
// 3. if it is not zero then it jumps to the builtin.
void CodeGenerator::BailoutIfDeoptimized() {
if (FLAG_debug_code) {
// Check that {kJavaScriptCallCodeStartRegister} is correct. // Check that {kJavaScriptCallCodeStartRegister} is correct.
void CodeGenerator::AssembleCodeStartRegisterCheck() {
Label current; Label current;
// This push on ra and the pop below together ensure that we restore the // This push on ra and the pop below together ensure that we restore the
// register ra, which is needed while computing frames for deoptimization. // register ra, which is needed while computing frames for deoptimization.
@ -660,6 +652,15 @@ void CodeGenerator::BailoutIfDeoptimized() {
kJavaScriptCallCodeStartRegister, Operand(at)); kJavaScriptCallCodeStartRegister, Operand(at));
__ pop(ra); __ pop(ra);
} }
// Check if the code object is marked for deoptimization. If it is, then it
// jumps to the CompileLazyDeoptimizedCode builtin. In order to do this we need
// to:
// 1. read from memory the word that contains that bit, which can be found in
// the flags in the referenced {CodeDataContainer} object;
// 2. test kMarkedForDeoptimizationBit in those flags; and
// 3. if it is not zero then it jumps to the builtin.
void CodeGenerator::BailoutIfDeoptimized() {
int offset = Code::kCodeDataContainerOffset - Code::kHeaderSize; int offset = Code::kCodeDataContainerOffset - Code::kHeaderSize;
__ Ld(a2, MemOperand(kJavaScriptCallCodeStartRegister, offset)); __ Ld(a2, MemOperand(kJavaScriptCallCodeStartRegister, offset));
__ Lw(a2, FieldMemOperand(a2, CodeDataContainer::kKindSpecificFlagsOffset)); __ Lw(a2, FieldMemOperand(a2, CodeDataContainer::kKindSpecificFlagsOffset));

View File

@ -779,6 +779,11 @@ void CodeGenerator::AssembleTailCallAfterGap(Instruction* instr,
first_unused_stack_slot); first_unused_stack_slot);
} }
// Check that {kJavaScriptCallCodeStartRegister} is correct.
void CodeGenerator::AssembleCodeStartRegisterCheck() {
// TODO(mstarzinger): Implement me.
}
// Check if the code object is marked for deoptimization. If it is, then it // Check if the code object is marked for deoptimization. If it is, then it
// jumps to the CompileLazyDeoptimizedCode builtin. In order to do this we need // jumps to the CompileLazyDeoptimizedCode builtin. In order to do this we need
// to: // to:

View File

@ -1028,6 +1028,11 @@ void CodeGenerator::AssembleTailCallAfterGap(Instruction* instr,
first_unused_stack_slot); first_unused_stack_slot);
} }
// Check that {kJavaScriptCallCodeStartRegister} is correct.
void CodeGenerator::AssembleCodeStartRegisterCheck() {
// TODO(mstarzinger): Implement me.
}
// Check if the code object is marked for deoptimization. If it is, then it // Check if the code object is marked for deoptimization. If it is, then it
// jumps to the CompileLazyDeoptimizedCode builtin. In order to do this we need // jumps to the CompileLazyDeoptimizedCode builtin. In order to do this we need
// to: // to:

View File

@ -570,18 +570,10 @@ void CodeGenerator::AssembleTailCallAfterGap(Instruction* instr,
first_unused_stack_slot); first_unused_stack_slot);
} }
// Check if the code object is marked for deoptimization. If it is, then it
// jumps to CompileLazyDeoptimizedCode builtin. In order to do this we need to:
// 1. read from memory the word that contains that bit, which can be found in
// the flags in the referenced {CodeDataContainer} object;
// 2. test kMarkedForDeoptimizationBit in those flags; and
// 3. if it is not zero then it jumps to the builtin.
void CodeGenerator::BailoutIfDeoptimized() {
if (FLAG_debug_code) {
// Check that {kJavaScriptCallCodeStartRegister} is correct. // Check that {kJavaScriptCallCodeStartRegister} is correct.
void CodeGenerator::AssembleCodeStartRegisterCheck() {
Label current; Label current;
// Load effective address to get the address of the current instruction into // Load effective address to get the address of the current instruction.
// rcx.
__ leaq(rbx, Operand(&current)); __ leaq(rbx, Operand(&current));
__ bind(&current); __ bind(&current);
int pc = __ pc_offset(); int pc = __ pc_offset();
@ -590,6 +582,13 @@ void CodeGenerator::BailoutIfDeoptimized() {
__ Assert(equal, AbortReason::kWrongFunctionCodeStart); __ Assert(equal, AbortReason::kWrongFunctionCodeStart);
} }
// Check if the code object is marked for deoptimization. If it is, then it
// jumps to CompileLazyDeoptimizedCode builtin. In order to do this we need to:
// 1. read from memory the word that contains that bit, which can be found in
// the flags in the referenced {CodeDataContainer} object;
// 2. test kMarkedForDeoptimizationBit in those flags; and
// 3. if it is not zero then it jumps to the builtin.
void CodeGenerator::BailoutIfDeoptimized() {
int offset = Code::kCodeDataContainerOffset - Code::kHeaderSize; int offset = Code::kCodeDataContainerOffset - Code::kHeaderSize;
__ movp(rbx, Operand(kJavaScriptCallCodeStartRegister, offset)); __ movp(rbx, Operand(kJavaScriptCallCodeStartRegister, offset));
__ testl(FieldOperand(rbx, CodeDataContainer::kKindSpecificFlagsOffset), __ testl(FieldOperand(rbx, CodeDataContainer::kKindSpecificFlagsOffset),