RESOLVED FIXED 116586
JIT probe for ARMv7 and ARM + bug fixes 
https://bugs.webkit.org/show_bug.cgi?id=116586
Summary JIT probe for ARMv7 and ARM + bug fixes
Mark Lam
Reported 2013-05-21 18:36:43 PDT
1. ARMv7 + traditional ARM support 2. Fix bugs: a. Don't assume the sp is already aligned when we setup our probe call. Ensure alignment ourselves. b. Ensure that we can handle the case where the user modifies the sp to point into the region where the ProbeContext is stored on the stack. 3. Make X86_64 dumps look nicer (sort registers to match gdb's order). 4. Save condition code registers. Patch coming.
Attachments
the patch (89.24 KB, patch)
2013-05-21 18:38 PDT, Mark Lam 		no flags
DetailsFormatted DiffDiff
updated patch: fixed some typos, and changed some "copy-and-paste"d comments to just refer to the X86_64 version. (97.48 KB, patch)
2013-05-28 14:26 PDT, Mark Lam 		no flags
DetailsFormatted DiffDiff
corrected patch. (89.46 KB, patch)
2013-05-28 14:31 PDT, Mark Lam 		msaboff: review+
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Mark Lam
Comment 1 2013-05-21 18:38:39 PDT
Created attachment 202487 [details] the patch
Mark Lam
Comment 2 2013-05-28 14:26:51 PDT
Created attachment 203087 [details] updated patch: fixed some typos, and changed some "copy-and-paste"d comments to just refer to the X86_64 version.
Mark Lam
Comment 3 2013-05-28 14:30:02 PDT
Comment on attachment 203087 [details] updated patch: fixed some typos, and changed some "copy-and-paste"d comments to just refer to the X86_64 version. View in context: https://bugs.webkit.org/attachment.cgi?id=203087&action=review > Source/JavaScriptCore/config.h:82 > +#define WTF_USE_MASM_PROBE 1 should not have enabled by default.  Forgot to disable this after testing a build. Will fix and upload another patch. > Source/WebKit2/Shared/mac/ChildProcessMac.mm:54 > +// mlam extern "C" CGError CGSShutdownServerConnections(); These should not have been included in the patch.
Mark Lam
Comment 4 2013-05-28 14:31:44 PDT
Created attachment 203089 [details] corrected patch.
Michael Saboff
Comment 5 2013-05-28 15:12:33 PDT
Comment on attachment 203089 [details] corrected patch. View in context: https://bugs.webkit.org/attachment.cgi?id=203089&action=review r=me, with comments. > Source/JavaScriptCore/jit/JITStubsARM.h:290 > + // 2. Issue 1 means we will need to write to the stack location at > + // ProbeContext.cpu.sp - 4. But if the user probe function had modified > + // the value of ProbeContext.cpu.sp to point in the range between > + // &ProbeContext.cpu.ip thru &ProbeContext.cpu.aspr, then the action for > + // Issue 1 may trash the values to be restored before we can restore > + // them. Do we really care if the user modified sp? Seems like something we shouldn't have to worry about. > Source/JavaScriptCore/jit/JITStubsARMv7.h:393 > + // 2. Issue 1 means we will need to write to the stack location at > + // ProbeContext.cpu.sp - 4. But if the user probe function had modified > + // the value of ProbeContext.cpu.sp to point in the range between > + // &ProbeContext.cpu.ip thru &ProbeContext.cpu.aspr, then the action for > + // Issue 1 may trash the values to be restored before we can restore > + // them. Same comment as above. > Source/JavaScriptCore/jit/JITStubsX86.h:196 > + // 2. The user probe function may have altered the restore value of esp to > + // point to the vicinity of one of the restore values for the remaining > + // registers left to be restored. > + // That means, for requirement 1, we may end up writing over some of the > + // restore values. We can check for this, and first copy the restore > + // values to a "safe area" on the stack before commencing with the action > + // for requirement 1. Ditto. > Source/JavaScriptCore/jit/JITStubsX86_64.h:225 > + // 2. The user probe function may have altered the restore value of esp to > + // point to the vicinity of one of the restore values for the remaining > + // registers left to be restored. > + // That means, for requirement 1, we may end up writing over some of the > + // restore values. We can check for this, and first copy the restore > + // values to a "safe area" on the stack before commencing with the action > + // for requirement 1. Ditto
Mark Lam
Comment 6 2013-05-28 15:22:15 PDT
(In reply to comment #5) > (From update of attachment 203089 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=203089&action=review > > r=me, with comments. > > > Source/JavaScriptCore/jit/JITStubsARM.h:290 > > + // 2. Issue 1 means we will need to write to the stack location at > > + // ProbeContext.cpu.sp - 4. But if the user probe function had modified > > + // the value of ProbeContext.cpu.sp to point in the range between > > + // &ProbeContext.cpu.ip thru &ProbeContext.cpu.aspr, then the action for > > + // Issue 1 may trash the values to be restored before we can restore > > + // them. > > Do we really care if the user modified sp? Seems like something we shouldn't have to worry about. The promise of the probe is that if the probe functions modify the registers values in the ProbeContext, we'll set the machine registers to those values upon returning. The code as is honors that promise without exception. The only case where we'll want that feature is if we're debugging JIT generated code with the probe mechanism, and encounter a case where we see the stack at a wrong place (e.g. some new JIT code we wrote forgot to pop 2 values), and we want to adjust it from our debugging session in gdb to see if that resolves the failure we're debugging. It's rare that we'll encounter such situations, but it can happen. I'm going to commit it as is. Thanks.
Mark Lam
Comment 7 2013-05-28 15:27:18 PDT
Landed in r150844: <http://trac.webkit.org/changeset/150844>.
Note You need to log in before you can comment on or make changes to this bug.