diff options
Diffstat (limited to 'js/src/jit/IonScript.h')
-rw-r--r-- | js/src/jit/IonScript.h | 590 |
1 files changed, 590 insertions, 0 deletions
diff --git a/js/src/jit/IonScript.h b/js/src/jit/IonScript.h new file mode 100644 index 0000000000..c1f7a4810a --- /dev/null +++ b/js/src/jit/IonScript.h @@ -0,0 +1,590 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * vim: set ts=8 sts=2 et sw=2 tw=80: + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef jit_IonScript_h +#define jit_IonScript_h + +#include "mozilla/MemoryReporting.h" // MallocSizeOf + +#include <stddef.h> // size_t +#include <stdint.h> // uint8_t, uint32_t + +#include "jstypes.h" + +#include "gc/Barrier.h" // HeapPtr{JitCode,Object} +#include "jit/IonTypes.h" // IonCompilationId +#include "jit/JitCode.h" // JitCode +#include "jit/JitOptions.h" // JitOptions +#include "js/TypeDecls.h" // jsbytecode +#include "util/TrailingArray.h" // TrailingArray + +namespace js { +namespace jit { + +class SnapshotWriter; +class RecoverWriter; +class SafepointWriter; +class CodegenSafepointIndex; +class SafepointIndex; +class OsiIndex; +class IonIC; + +// An IonScript attaches Ion-generated information to a JSScript. The header +// structure is followed by several arrays of data. These trailing arrays have a +// layout based on offsets (bytes from 'this') stored in the IonScript header. +// +// <IonScript itself> +// -- +// PreBarriered<Value>[] constantTable() +// uint8_t[] runtimeData() +// OsiIndex[] osiIndex() +// SafepointIndex[] safepointIndex() +// uint32_t[] icIndex() +// -- +// uint8_t[] safepoints() +// uint8_t[] snapshots() +// uint8_t[] snapshotsRVATable() +// uint8_t[] recovers() +// +// Note: These are arranged in order of descending alignment requirements to +// avoid the need for padding. The `runtimeData` uses uint64_t alignement due to +// its use of mozilla::AlignedStorage2. +class alignas(8) IonScript final : public TrailingArray { + private: + // Offset (in bytes) from `this` to the start of each trailing array. Each + // array ends where following one begins. There is no implicit padding (except + // possible at very end). + Offset constantTableOffset_ = 0; // JS::Value aligned + Offset runtimeDataOffset_ = 0; // uint64_t aligned + Offset nurseryObjectsOffset_ = 0; // pointer aligned + Offset osiIndexOffset_ = 0; + Offset safepointIndexOffset_ = 0; + Offset icIndexOffset_ = 0; + Offset safepointsOffset_ = 0; + Offset snapshotsOffset_ = 0; + Offset rvaTableOffset_ = 0; + Offset recoversOffset_ = 0; + Offset allocBytes_ = 0; + + // Code pointer containing the actual method. + HeapPtr<JitCode*> method_ = nullptr; + + // Entrypoint for OSR, or nullptr. + jsbytecode* osrPc_ = nullptr; + + // Offset to OSR entrypoint from method_->raw(), or 0. + uint32_t osrEntryOffset_ = 0; + + // Offset of the invalidation epilogue (which pushes this IonScript + // and calls the invalidation thunk). + uint32_t invalidateEpilogueOffset_ = 0; + + // The offset immediately after the IonScript immediate. + // NOTE: technically a constant delta from + // |invalidateEpilogueOffset_|, so we could hard-code this + // per-platform if we want. + uint32_t invalidateEpilogueDataOffset_ = 0; + + // Number of bailouts that have occurred for reasons that could be + // fixed if we invalidated and recompiled. + uint16_t numFixableBailouts_ = 0; + + // Number of bailouts that have occurred for reasons that can't be + // fixed by recompiling: for example, bailing out to catch an exception. + uint16_t numUnfixableBailouts_ = 0; + + public: + enum class LICMState : uint8_t { NeverBailed, Bailed, BailedAndHitFallback }; + + private: + // Tracks the state of LICM bailouts. + LICMState licmState_ = LICMState::NeverBailed; + + // Flag set if IonScript was compiled with profiling enabled. + bool hasProfilingInstrumentation_ = false; + + // Number of bytes this function reserves on the stack for slots spilled by + // the register allocator. + uint32_t localSlotsSize_ = 0; + + // Number of bytes used passed in as formal arguments or |this|. + uint32_t argumentSlotsSize_ = 0; + + // Frame size is the value that can be added to the StackPointer along + // with the frame prefix to get a valid JitFrameLayout. + uint32_t frameSize_ = 0; + + // Number of references from invalidation records. + uint32_t invalidationCount_ = 0; + + // Identifier of the compilation which produced this code. + IonCompilationId compilationId_; + + // Number of times we tried to enter this script via OSR but failed due to + // a LOOPENTRY pc other than osrPc_. + uint32_t osrPcMismatchCounter_ = 0; + +#ifdef DEBUG + // A hash of the ICScripts used in this compilation. + mozilla::HashNumber icHash_ = 0; +#endif + + // End of fields. + + private: + // Layout helpers + Offset constantTableOffset() const { return constantTableOffset_; } + Offset runtimeDataOffset() const { return runtimeDataOffset_; } + Offset nurseryObjectsOffset() const { return nurseryObjectsOffset_; } + Offset osiIndexOffset() const { return osiIndexOffset_; } + Offset safepointIndexOffset() const { return safepointIndexOffset_; } + Offset icIndexOffset() const { return icIndexOffset_; } + Offset safepointsOffset() const { return safepointsOffset_; } + Offset snapshotsOffset() const { return snapshotsOffset_; } + Offset rvaTableOffset() const { return rvaTableOffset_; } + Offset recoversOffset() const { return recoversOffset_; } + Offset endOffset() const { return allocBytes_; } + + // Hardcode size of incomplete types. These are verified in Ion.cpp. + static constexpr size_t SizeOf_OsiIndex = 2 * sizeof(uint32_t); + static constexpr size_t SizeOf_SafepointIndex = 2 * sizeof(uint32_t); + + public: + // + // Table of constants referenced in snapshots. (JS::Value alignment) + // + PreBarriered<Value>* constants() { + // Nursery constants are manually barriered in CodeGenerator::link() so a + // post barrier is not required.. + return offsetToPointer<PreBarriered<Value>>(constantTableOffset()); + } + size_t numConstants() const { + return numElements<PreBarriered<Value>>(constantTableOffset(), + runtimeDataOffset()); + } + + // + // IonIC data structures. (uint64_t alignment) + // + uint8_t* runtimeData() { + return offsetToPointer<uint8_t>(runtimeDataOffset()); + } + size_t runtimeSize() const { + return numElements<uint8_t>(runtimeDataOffset(), nurseryObjectsOffset()); + } + + // + // List of (originally) nursery-allocated objects referenced from JIT code. + // (JSObject* alignment) + // + HeapPtr<JSObject*>* nurseryObjects() { + return offsetToPointer<HeapPtr<JSObject*>>(nurseryObjectsOffset()); + } + size_t numNurseryObjects() const { + return numElements<HeapPtr<JSObject*>>(nurseryObjectsOffset(), + osiIndexOffset()); + } + void* addressOfNurseryObject(uint32_t index) { + MOZ_ASSERT(index < numNurseryObjects()); + return &nurseryObjects()[index]; + } + + // + // Map OSI-point displacement to snapshot. + // + OsiIndex* osiIndices() { return offsetToPointer<OsiIndex>(osiIndexOffset()); } + const OsiIndex* osiIndices() const { + return offsetToPointer<OsiIndex>(osiIndexOffset()); + } + size_t numOsiIndices() const { + return numElements<SizeOf_OsiIndex>(osiIndexOffset(), + safepointIndexOffset()); + } + + // + // Map code displacement to safepoint / OSI-patch-delta. + // + SafepointIndex* safepointIndices() { + return offsetToPointer<SafepointIndex>(safepointIndexOffset()); + } + const SafepointIndex* safepointIndices() const { + return offsetToPointer<SafepointIndex>(safepointIndexOffset()); + } + size_t numSafepointIndices() const { + return numElements<SizeOf_SafepointIndex>(safepointIndexOffset(), + icIndexOffset()); + } + + // + // Offset into `runtimeData` for each (variable-length) IonIC. + // + uint32_t* icIndex() { return offsetToPointer<uint32_t>(icIndexOffset()); } + size_t numICs() const { + return numElements<uint32_t>(icIndexOffset(), safepointsOffset()); + } + + // + // Safepoint table as a CompactBuffer. + // + const uint8_t* safepoints() const { + return offsetToPointer<uint8_t>(safepointsOffset()); + } + size_t safepointsSize() const { + return numElements<uint8_t>(safepointsOffset(), snapshotsOffset()); + } + + // + // Snapshot and RValueAllocation tables as CompactBuffers. + // + const uint8_t* snapshots() const { + return offsetToPointer<uint8_t>(snapshotsOffset()); + } + size_t snapshotsListSize() const { + return numElements<uint8_t>(snapshotsOffset(), rvaTableOffset()); + } + size_t snapshotsRVATableSize() const { + return numElements<uint8_t>(rvaTableOffset(), recoversOffset()); + } + + // + // Recover instruction table as a CompactBuffer. + // + const uint8_t* recovers() const { + return offsetToPointer<uint8_t>(recoversOffset()); + } + size_t recoversSize() const { + return numElements<uint8_t>(recoversOffset(), endOffset()); + } + + private: + IonScript(IonCompilationId compilationId, uint32_t localSlotsSize, + uint32_t argumentSlotsSize, uint32_t frameSize); + + public: + static IonScript* New(JSContext* cx, IonCompilationId compilationId, + uint32_t localSlotsSize, uint32_t argumentSlotsSize, + uint32_t frameSize, size_t snapshotsListSize, + size_t snapshotsRVATableSize, size_t recoversSize, + size_t constants, size_t nurseryObjects, + size_t safepointIndices, size_t osiIndices, + size_t icEntries, size_t runtimeSize, + size_t safepointsSize); + + static void Destroy(JS::GCContext* gcx, IonScript* script); + + void trace(JSTracer* trc); + + static inline size_t offsetOfInvalidationCount() { + return offsetof(IonScript, invalidationCount_); + } + + public: + JitCode* method() const { return method_; } + void setMethod(JitCode* code) { + MOZ_ASSERT(!invalidated()); + method_ = code; + } + void setOsrPc(jsbytecode* osrPc) { osrPc_ = osrPc; } + jsbytecode* osrPc() const { return osrPc_; } + void setOsrEntryOffset(uint32_t offset) { + MOZ_ASSERT(!osrEntryOffset_); + osrEntryOffset_ = offset; + } + uint32_t osrEntryOffset() const { return osrEntryOffset_; } + bool containsCodeAddress(uint8_t* addr) const { + return method()->raw() <= addr && + addr <= method()->raw() + method()->instructionsSize(); + } + bool containsReturnAddress(uint8_t* addr) const { + // This accounts for an off by one error caused by the return address of a + // bailout sitting outside the range of the containing function. + return method()->raw() <= addr && + addr <= method()->raw() + method()->instructionsSize(); + } + void setInvalidationEpilogueOffset(uint32_t offset) { + MOZ_ASSERT(!invalidateEpilogueOffset_); + invalidateEpilogueOffset_ = offset; + } + uint32_t invalidateEpilogueOffset() const { + MOZ_ASSERT(invalidateEpilogueOffset_); + return invalidateEpilogueOffset_; + } + void setInvalidationEpilogueDataOffset(uint32_t offset) { + MOZ_ASSERT(!invalidateEpilogueDataOffset_); + invalidateEpilogueDataOffset_ = offset; + } + uint32_t invalidateEpilogueDataOffset() const { + MOZ_ASSERT(invalidateEpilogueDataOffset_); + return invalidateEpilogueDataOffset_; + } + + void incNumFixableBailouts() { numFixableBailouts_++; } + void resetNumFixableBailouts() { numFixableBailouts_ = 0; } + void incNumUnfixableBailouts() { numUnfixableBailouts_++; } + + bool shouldInvalidate() const { + return numFixableBailouts_ >= JitOptions.frequentBailoutThreshold; + } + bool shouldInvalidateAndDisable() const { + return numUnfixableBailouts_ >= JitOptions.frequentBailoutThreshold * 5; + } + + LICMState licmState() const { return licmState_; } + void setHadLICMBailout() { + if (licmState_ == LICMState::NeverBailed) { + licmState_ = LICMState::Bailed; + } + } + void noteBaselineFallback() { + if (licmState_ == LICMState::Bailed) { + licmState_ = LICMState::BailedAndHitFallback; + } + } + + void setHasProfilingInstrumentation() { hasProfilingInstrumentation_ = true; } + void clearHasProfilingInstrumentation() { + hasProfilingInstrumentation_ = false; + } + bool hasProfilingInstrumentation() const { + return hasProfilingInstrumentation_; + } + + size_t sizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf) const { + return mallocSizeOf(this); + } + PreBarriered<Value>& getConstant(size_t index) { + MOZ_ASSERT(index < numConstants()); + return constants()[index]; + } + uint32_t localSlotsSize() const { return localSlotsSize_; } + uint32_t argumentSlotsSize() const { return argumentSlotsSize_; } + uint32_t frameSize() const { return frameSize_; } + const SafepointIndex* getSafepointIndex(uint32_t disp) const; + const SafepointIndex* getSafepointIndex(uint8_t* retAddr) const { + MOZ_ASSERT(containsCodeAddress(retAddr)); + return getSafepointIndex(retAddr - method()->raw()); + } + const OsiIndex* getOsiIndex(uint32_t disp) const; + const OsiIndex* getOsiIndex(uint8_t* retAddr) const; + + IonIC& getICFromIndex(uint32_t index) { + MOZ_ASSERT(index < numICs()); + uint32_t offset = icIndex()[index]; + return getIC(offset); + } + inline IonIC& getIC(uint32_t offset) { + MOZ_ASSERT(offset < runtimeSize()); + return *reinterpret_cast<IonIC*>(runtimeData() + offset); + } + void purgeICs(Zone* zone); + void copySnapshots(const SnapshotWriter* writer); + void copyRecovers(const RecoverWriter* writer); + void copyConstants(const Value* vp); + void copySafepointIndices(const CodegenSafepointIndex* si); + void copyOsiIndices(const OsiIndex* oi); + void copyRuntimeData(const uint8_t* data); + void copyICEntries(const uint32_t* icEntries); + void copySafepoints(const SafepointWriter* writer); + + bool invalidated() const { return invalidationCount_ != 0; } + + // Invalidate the current compilation. + void invalidate(JSContext* cx, JSScript* script, bool resetUses, + const char* reason); + + size_t invalidationCount() const { return invalidationCount_; } + void incrementInvalidationCount() { invalidationCount_++; } + void decrementInvalidationCount(JS::GCContext* gcx) { + MOZ_ASSERT(invalidationCount_); + invalidationCount_--; + if (!invalidationCount_) { + Destroy(gcx, this); + } + } + IonCompilationId compilationId() const { return compilationId_; } + uint32_t incrOsrPcMismatchCounter() { return ++osrPcMismatchCounter_; } + void resetOsrPcMismatchCounter() { osrPcMismatchCounter_ = 0; } + + size_t allocBytes() const { return allocBytes_; } + + static void preWriteBarrier(Zone* zone, IonScript* ionScript); + +#ifdef DEBUG + mozilla::HashNumber icHash() const { return icHash_; } + void setICHash(mozilla::HashNumber hash) { icHash_ = hash; } +#endif +}; + +// Execution information for a basic block which may persist after the +// accompanying IonScript is destroyed, for use during profiling. +struct IonBlockCounts { + private: + uint32_t id_; + + // Approximate bytecode in the outer (not inlined) script this block + // was generated from. + uint32_t offset_; + + // File and line of the inner script this block was generated from. + char* description_; + + // ids for successors of this block. + uint32_t numSuccessors_; + uint32_t* successors_; + + // Hit count for this block. + uint64_t hitCount_; + + // Text information about the code generated for this block. + char* code_; + + public: + [[nodiscard]] bool init(uint32_t id, uint32_t offset, char* description, + uint32_t numSuccessors) { + id_ = id; + offset_ = offset; + description_ = description; + numSuccessors_ = numSuccessors; + if (numSuccessors) { + successors_ = js_pod_calloc<uint32_t>(numSuccessors); + if (!successors_) { + return false; + } + } + return true; + } + + void destroy() { + js_free(description_); + js_free(successors_); + js_free(code_); + } + + uint32_t id() const { return id_; } + + uint32_t offset() const { return offset_; } + + const char* description() const { return description_; } + + size_t numSuccessors() const { return numSuccessors_; } + + void setSuccessor(size_t i, uint32_t id) { + MOZ_ASSERT(i < numSuccessors_); + successors_[i] = id; + } + + uint32_t successor(size_t i) const { + MOZ_ASSERT(i < numSuccessors_); + return successors_[i]; + } + + uint64_t* addressOfHitCount() { return &hitCount_; } + + uint64_t hitCount() const { return hitCount_; } + + void setCode(const char* code) { + char* ncode = js_pod_malloc<char>(strlen(code) + 1); + if (ncode) { + strcpy(ncode, code); + code_ = ncode; + } + } + + const char* code() const { return code_; } + + size_t sizeOfExcludingThis(mozilla::MallocSizeOf mallocSizeOf) const { + return mallocSizeOf(description_) + mallocSizeOf(successors_) + + mallocSizeOf(code_); + } +}; + +// Execution information for a compiled script which may persist after the +// IonScript is destroyed, for use during profiling. +struct IonScriptCounts { + private: + // Any previous invalidated compilation(s) for the script. + IonScriptCounts* previous_ = nullptr; + + // Information about basic blocks in this script. + size_t numBlocks_ = 0; + IonBlockCounts* blocks_ = nullptr; + + public: + IonScriptCounts() = default; + + ~IonScriptCounts() { + for (size_t i = 0; i < numBlocks_; i++) { + blocks_[i].destroy(); + } + js_free(blocks_); + // The list can be long in some corner cases (bug 1140084), so + // unroll the recursion. + IonScriptCounts* victims = previous_; + while (victims) { + IonScriptCounts* victim = victims; + victims = victim->previous_; + victim->previous_ = nullptr; + js_delete(victim); + } + } + + [[nodiscard]] bool init(size_t numBlocks) { + blocks_ = js_pod_calloc<IonBlockCounts>(numBlocks); + if (!blocks_) { + return false; + } + + numBlocks_ = numBlocks; + return true; + } + + size_t numBlocks() const { return numBlocks_; } + + IonBlockCounts& block(size_t i) { + MOZ_ASSERT(i < numBlocks_); + return blocks_[i]; + } + + void setPrevious(IonScriptCounts* previous) { previous_ = previous; } + + IonScriptCounts* previous() const { return previous_; } + + size_t sizeOfIncludingThis(mozilla::MallocSizeOf mallocSizeOf) const { + size_t size = 0; + auto currCounts = this; + do { + size += currCounts->sizeOfOneIncludingThis(mallocSizeOf); + currCounts = currCounts->previous_; + } while (currCounts); + return size; + } + + size_t sizeOfOneIncludingThis(mozilla::MallocSizeOf mallocSizeOf) const { + size_t size = mallocSizeOf(this) + mallocSizeOf(blocks_); + for (size_t i = 0; i < numBlocks_; i++) { + blocks_[i].sizeOfExcludingThis(mallocSizeOf); + } + return size; + } +}; + +} // namespace jit +} // namespace js + +namespace JS { + +template <> +struct DeletePolicy<js::jit::IonScript> { + explicit DeletePolicy(JSRuntime* rt) : rt_(rt) {} + void operator()(const js::jit::IonScript* script); + + private: + JSRuntime* rt_; +}; + +} // namespace JS + +#endif /* jit_IonScript_h */ |