some write barrier fixes

- false poisitive on EntryPointInfo->jsMethod after native address reuse in recycler - false poisitive in arena allocator cacheBlockEnd reused in leaf block in recycler (sharing same page allocator) - overload ChangeToAssign in JIT code, check all posible assign for write barrier - missing barriers in various location

Author: leirocks

lib/Backend/Lower.cpp

@@ -102,30 +102,30 @@ Lowerer::Lower()
  this->LowerRange(m_func->m_headInstr, m_func->m_tailInstr, defaultDoFastPath, loopFastPath);
 
 #if DBG
-// TODO: (leish)(swb) implement for arm
+ // TODO: (leish)(swb) implement for arm
 #if defined(_M_IX86) || defined(_M_AMD64)
-if (CONFIG_FLAG(ForceSoftwareWriteBarrier) && CONFIG_FLAG(RecyclerVerifyMark))
-{
-// find out all write barrier setting instr, call Recycler::WBSetBit for verification purpose
-// should do this in LowererMD::GenerateWriteBarrier, however, can't insert call instruction there
-FOREACH_INSTR_EDITING(instr, instrNext, m_func->m_headInstr)
-if (instr->m_src1 && instr->m_src1->IsAddrOpnd())
-{
-IR::AddrOpnd* addrOpnd = instr->m_src1->AsAddrOpnd();
-if (addrOpnd->GetAddrOpndKind() == IR::AddrOpndKindWriteBarrierCardTable)
-{
-auto& leaInstr = instr->m_prev->m_prev;
-auto& shrInstr = instr->m_prev;
-Assert(leaInstr->m_opcode == Js::OpCode::LEA);
-Assert(shrInstr->m_opcode == Js::OpCode::SHR);
-m_lowererMD.LoadHelperArgument(shrInstr, leaInstr->m_dst);
-IR::Instr* instrCall = IR::Instr::New(Js::OpCode::Call, m_func);
-shrInstr->InsertBefore(instrCall);
-m_lowererMD.ChangeToHelperCall(instrCall, IR::HelperWriteBarrierSetVerifyBit);
-}
-}
-NEXT_INSTR_EDITING
-}
+ if (CONFIG_FLAG(ForceSoftwareWriteBarrier) && CONFIG_FLAG(RecyclerVerifyMark))
+ {
+ // find out all write barrier setting instr, call Recycler::WBSetBit for verification purpose
+ // should do this in LowererMD::GenerateWriteBarrier, however, can't insert call instruction there
+ FOREACH_INSTR_EDITING(instr, instrNext, m_func->m_headInstr)
+ if (instr->m_src1 && instr->m_src1->IsAddrOpnd())
+ {
+ IR::AddrOpnd* addrOpnd = instr->m_src1->AsAddrOpnd();
+ if (addrOpnd->GetAddrOpndKind() == IR::AddrOpndKindWriteBarrierCardTable)
+ {
+ auto& leaInstr = instr->m_prev->m_prev;
+ auto& shrInstr = instr->m_prev;
+ Assert(leaInstr->m_opcode == Js::OpCode::LEA);
+ Assert(shrInstr->m_opcode == Js::OpCode::SHR);
+ m_lowererMD.LoadHelperArgument(shrInstr, leaInstr->m_dst);
+ IR::Instr* instrCall = IR::Instr::New(Js::OpCode::Call, m_func);
+ shrInstr->InsertBefore(instrCall);
+ m_lowererMD.ChangeToHelperCall(instrCall, IR::HelperWriteBarrierSetVerifyBit);
+ }
+ }
+ NEXT_INSTR_EDITING
+ }
 #endif
 #endif
 
@@ -14558,7 +14558,7 @@ IR::Instr *Lowerer::InsertMove(IR::Opnd *dst, IR::Opnd *src, IR::Instr *const in
  }
  else
  {
- LowererMD::ChangeToAssign(instr);
+ LowererMD::ChangeToAssignNoBarrierCheck(instr);
  }
 
  return instr;

lib/Backend/LowerMDShared.cpp

@@ -756,11 +756,17 @@ IR::Instr* LowererMD::ChangeToHelperCallMem(IR::Instr * instr, IR::JnHelperMeth
 ///----------------------------------------------------------------------------
 
 IR::Instr *
-LowererMD::ChangeToAssign(IR::Instr * instr)
+LowererMD::ChangeToAssignNoBarrierCheck(IR::Instr * instr)
 {
  return ChangeToAssign(instr, instr->GetDst()->GetType());
 }
 
+IR::Instr *
+LowererMD::ChangeToAssign(IR::Instr * instr)
+{
+ return ChangeToWriteBarrierAssign(instr, instr->m_func);
+}
+
 IR::Instr *
 LowererMD::ChangeToAssign(IR::Instr * instr, IRType type)
 {
@@ -4712,7 +4718,7 @@ LowererMD::GenerateLoadPolymorphicInlineCacheSlot(IR::Instr * instrLdSt, IR::Reg
  instrLdSt->InsertBefore(instr);
 }
 
-void
+IR::Instr *
 LowererMD::ChangeToWriteBarrierAssign(IR::Instr * assignInstr, const Func* func)
 {
 #ifdef RECYCLER_WRITE_BARRIER_JIT
@@ -4747,17 +4753,19 @@ LowererMD::ChangeToWriteBarrierAssign(IR::Instr * assignInstr, const Func* func)
  }
 #endif
 
- ChangeToAssign(assignInstr);
+ IR::Instr * instr = ChangeToAssignNoBarrierCheck(assignInstr);
 
  // Now insert write barrier if necessary
 #ifdef RECYCLER_WRITE_BARRIER_JIT
  if (isPossibleBarrieredDest 
  && assignInstr->m_opcode == Js::OpCode::MOV // ignore SSE instructions like MOVSD
  && assignInstr->GetSrc1()->IsWriteBarrierTriggerableValue())
  {
-LowererMD::GenerateWriteBarrier(assignInstr);
+ LowererMD::GenerateWriteBarrier(assignInstr);
  }
 #endif
+
+ return instr;
 }
 
 void

lib/Backend/LowerMDShared.h

@@ -85,6 +85,7 @@ class LowererMD
  static IR::Instr * CreateAssign(IR::Opnd *dst, IR::Opnd *src, IR::Instr *instrInsertPt, bool generateWriteBarrier = true);
 
  static IR::Instr * ChangeToAssign(IR::Instr * instr);
+ static IR::Instr * ChangeToAssignNoBarrierCheck(IR::Instr * instr);
  static IR::Instr * ChangeToAssign(IR::Instr * instr, IRType type);
  static IR::Instr * ChangeToLea(IR::Instr *const instr, bool postRegAlloc = false);
  static void ImmedSrcToReg(IR::Instr * instr, IR::Opnd * newOpnd, int srcNum);
@@ -305,7 +306,7 @@ class LowererMD
 
  void GenerateWriteBarrierAssign(IR::IndirOpnd * opndDst, IR::Opnd * opndSrc, IR::Instr * insertBeforeInstr);
  void GenerateWriteBarrierAssign(IR::MemRefOpnd * opndDst, IR::Opnd * opndSrc, IR::Instr * insertBeforeInstr);
- static void ChangeToWriteBarrierAssign(IR::Instr * assignInstr, const Func* func);
+ static IR::Instr * ChangeToWriteBarrierAssign(IR::Instr * assignInstr, const Func* func);
 
  static IR::BranchInstr * GenerateLocalInlineCacheCheck(IR::Instr * instrLdSt, IR::RegOpnd * opndType, IR::RegOpnd * opndInlineCache, IR::LabelInstr * labelNext, bool checkTypeWithoutProperty = false);
  static IR::BranchInstr * GenerateProtoInlineCacheCheck(IR::Instr * instrLdSt, IR::RegOpnd * opndType, IR::RegOpnd * opndInlineCache, IR::LabelInstr * labelNext);

lib/Backend/Sym.inl

@@ -86,7 +86,7 @@ StackSym::IsArgSlotSym() const
 inline bool
 StackSym::IsParamSlotSym() const
 {
-return m_isParamSym;
+ return m_isParamSym;
 }
 
 ///----------------------------------------------------------------------------

lib/Backend/SymTable.cpp

@@ -246,18 +246,18 @@ SymTable::GetArgSlotSym(Js::ArgSlot argSlotNum)
 StackSym * 
 SymTable::GetImplicitParam(Js::ArgSlot paramSlotNum)
 {
-Assert(paramSlotNum - 1 < this->k_maxImplicitParamSlot);
+ Assert(paramSlotNum - 1 < this->k_maxImplicitParamSlot);
 
-if (this->m_implicitParams[paramSlotNum - 1])
-{
-return this->m_implicitParams[paramSlotNum - 1];
-}
-StackSym *implicitParamSym = StackSym::NewParamSlotSym(paramSlotNum, this->m_func, TyVar);
-implicitParamSym->m_isImplicitParamSym = true;
+ if (this->m_implicitParams[paramSlotNum - 1])
+ {
+ return this->m_implicitParams[paramSlotNum - 1];
+ }
+ StackSym *implicitParamSym = StackSym::NewParamSlotSym(paramSlotNum, this->m_func, TyVar);
+ implicitParamSym->m_isImplicitParamSym = true;
 
-this->m_implicitParams[paramSlotNum - 1] = implicitParamSym;
+ this->m_implicitParams[paramSlotNum - 1] = implicitParamSym;
 
-return implicitParamSym;
+ return implicitParamSym;
 }
 
 ///----------------------------------------------------------------------------

lib/Backend/SymTable.h

@@ -11,23 +11,23 @@ class SymTable
  typedef JsUtil::BaseDictionary<Js::PropertyId, BVSparse<JitArenaAllocator> *, JitArenaAllocator, PowerOf2SizePolicy> PropertyEquivBvMap;
 
 private:
-static const int k_symTableSize = 8192;
-static const int k_maxImplicitParamSlot = 4;
+ static const int k_symTableSize = 8192;
+ static const int k_maxImplicitParamSlot = 4;
  Sym * m_table[k_symTableSize];
-StackSym * m_implicitParams[k_maxImplicitParamSlot];
+ StackSym * m_implicitParams[k_maxImplicitParamSlot];
  PropertyMap * m_propertyMap;
  Func * m_func;
  SymID m_currentID;
  SymID m_IDAdjustment;
 
 public:
-PropertyEquivBvMap *m_propertyEquivBvMap;
+ PropertyEquivBvMap *m_propertyEquivBvMap;
 
 public:
  SymTable() : m_currentID(0), m_func(nullptr), m_IDAdjustment(0)
  {
-memset(m_table, 0, sizeof(m_table));
-memset(m_implicitParams, 0, sizeof(m_implicitParams));
+ memset(m_table, 0, sizeof(m_table));
+ memset(m_implicitParams, 0, sizeof(m_implicitParams));
  }
 
 
@@ -41,7 +41,7 @@ class SymTable
  void IncreaseStartingID(SymID IDIncrease);
  SymID NewID();
  StackSym * GetArgSlotSym(Js::ArgSlot argSlotNum);
-StackSym * GetImplicitParam(Js::ArgSlot paramSlotNum);
+ StackSym * GetImplicitParam(Js::ArgSlot paramSlotNum);
  SymID GetMaxSymID() const;
  void ClearStackSymScratch();
  void SetIDAdjustment() { m_IDAdjustment = m_currentID;}

lib/Backend/amd64/LinearScanMD.h

@@ -44,7 +44,7 @@ class LinearScanMD : public LinearScanMDShared
 public:
  static void SaveAllRegistersAndBailOut(BailOutRecord *const bailOutRecord);
  static void SaveAllRegistersAndBranchBailOut(BranchBailOutRecord *const bailOutRecord, const BOOL condition);
-static RegNum GetParamReg(IR::SymOpnd *symOpnd, Func *func);
+ static RegNum GetParamReg(IR::SymOpnd *symOpnd, Func *func);
 
  static uint GetRegisterSaveSlotCount() {
  return RegisterSaveSlotCount;

lib/Backend/arm/LinearScanMD.h

@@ -45,7 +45,7 @@ class LinearScanMD : public LinearScanMDShared
 public:
  static void SaveAllRegistersAndBailOut(BailOutRecord *const bailOutRecord);
  static void SaveAllRegistersAndBranchBailOut(BranchBailOutRecord *const bailOutRecord, const BOOL condition);
-static RegNum GetParamReg(IR::SymOpnd *symOpnd, Func *func);
+ static RegNum GetParamReg(IR::SymOpnd *symOpnd, Func *func);
 
  bool IsAllocatable(RegNum reg, Func *func) const;
  static uint GetRegisterSaveSlotCount() {

lib/Backend/arm/LowerMD.cpp

@@ -2343,11 +2343,17 @@ IR::Instr* LowererMD::ChangeToHelperCallMem(IR::Instr * instr, IR::JnHelperMeth
 ///----------------------------------------------------------------------------
 
 IR::Instr *
-LowererMD::ChangeToAssign(IR::Instr * instr)
+LowererMD::ChangeToAssignNoBarrierCheck(IR::Instr * instr)
 {
  return ChangeToAssign(instr, instr->GetDst()->GetType());
 }
 
+IR::Instr *
+LowererMD::ChangeToAssign(IR::Instr * instr)
+{
+ return ChangeToWriteBarrierAssign(instr, instr->m_func);
+}
+
 IR::Instr *
 LowererMD::ChangeToAssign(IR::Instr * instr, IRType type)
 {
@@ -2381,13 +2387,13 @@ LowererMD::ChangeToAssign(IR::Instr * instr, IRType type)
  return instr;
 }
 
-void
+IR::Instr *
 LowererMD::ChangeToWriteBarrierAssign(IR::Instr * assignInstr, const Func* func)
 {
 #ifdef RECYCLER_WRITE_BARRIER_JIT
  // WriteBarrier-TODO- Implement ARM JIT
 #endif
- ChangeToAssign(assignInstr);
+ return ChangeToAssignNoBarrierCheck(assignInstr);
 }
 
 ///----------------------------------------------------------------------------

lib/Backend/arm/LowerMD.h

@@ -70,6 +70,7 @@ class LowererMD
  IR::Instr * ChangeToHelperCallMem(IR::Instr * instr, IR::JnHelperMethod helperMethod);
  static IR::Instr * CreateAssign(IR::Opnd *dst, IR::Opnd *src, IR::Instr *instrInsertPt, bool generateWriteBarrier = true);
  static IR::Instr * ChangeToAssign(IR::Instr * instr);
+ static IR::Instr * ChangeToAssignNoBarrierCheck(IR::Instr * instr);
  static IR::Instr * ChangeToAssign(IR::Instr * instr, IRType type);
  static IR::Instr * ChangeToLea(IR::Instr *const instr, bool postRegAlloc = false);
  static IR::Instr * ForceDstToReg(IR::Instr *instr);
@@ -270,7 +271,7 @@ class LowererMD
  static void GenerateStFldFromLocalInlineCache(IR::Instr * instrStFld, IR::RegOpnd * opndBase, IR::Opnd * opndSrc, IR::RegOpnd * opndInlineCache, IR::LabelInstr * labelFallThru, bool isInlineSlot);
  void GenerateFunctionObjectTest(IR::Instr * callInstr, IR::RegOpnd *functionOpnd, bool isHelper, IR::LabelInstr* continueAfterExLabel = nullptr);
 
- static void ChangeToWriteBarrierAssign(IR::Instr * assignInstr, const Func* func);
+ static IR::Instr * ChangeToWriteBarrierAssign(IR::Instr * assignInstr, const Func* func);
 
  int GetHelperArgsCount() { return this->helperCallArgsCount; }
  void ResetHelperArgsCount() { this->helperCallArgsCount = 0; }