Re: [webkit-dev] want to port JIT to MIPS - cti_op_mod(STUB_ARGS) seg fault
this part of code has been ever tested or not? any body can tell me? #else //non X86 void JIT::compileFastArith_op_mod(unsigned result, unsigned op1, unsigned op2) { emitPutJITStubArgFromVirtualRegister(op1, 1, regT2); emitPutJITStubArgFromVirtualRegister(op2, 2, regT2); emitCTICall(JITStubs::cti_op_mod); emitPutVirtualRegister(result); } thanks alot, joe --- On Wed, 4/22/09, x yz last...@yahoo.com wrote: From: x yz last...@yahoo.com Subject: Re: [webkit-dev] want to port JIT to MIPS - cti_op_mod(STUB_ARGS) seg fault To: WebKit Development webkit-dev@lists.webkit.org, Gavin Barraclough barraclo...@apple.com Date: Wednesday, April 22, 2009, 8:31 AM I use MIPS32EL, VA_LIST call, MIPS pushes function argument from left to right. I wrote a simple VA_LIST test it works on my box. BEGIN_STUB_FUNCTION() cause seg fault due to MIPS uses gp reg to read sth. I treied to rewrite the code like that: JSObject* JITStubs::cti_op_new_func_exp(STUB_ARGS) { va_list vl_args; va_start(vl_args, args); StackHack stackHack(STUB_RETURN_ADDRESS_SLOT); JSValuePtr dividendValue = va_arg(vl_args, JSC::JSCell* ); JSValuePtr divisorValue = va_arg(vl_args, JSC::JSCell* ); ... } Still fail in stackHack(), if I comment out stackHack() then fails at va_arg. gp is a global register for common/public variables, the same usage before I call cti_op_mod() works fine. I also tried not use VA_LIST but REGISTER calling convention, still fail: (gdb) x/2i $at 0x6ab500 _ZN3JSC8JITStubs10cti_op_modEPPv: lui gp,0xf96 0x6ab504 _ZN3JSC8JITStubs10cti_op_modEPPv+4: addiu gp,gp,9008 (gdb) x/20i $at 0x6ab500 _ZN3JSC8JITStubs10cti_op_modEPPv: lui gp,0xf96 0x6ab504 _ZN3JSC8JITStubs10cti_op_modEPPv+4: addiu gp,gp,9008 0x6ab508 _ZN3JSC8JITStubs10cti_op_modEPPv+8: addugp,gp,t9 0x6ab50c _ZN3JSC8JITStubs10cti_op_modEPPv+12:addiu sp,sp,-80 0x6ab510 _ZN3JSC8JITStubs10cti_op_modEPPv+16:sw ra,72(sp) 0x6ab514 _ZN3JSC8JITStubs10cti_op_modEPPv+20:sw s8,68(sp) 0x6ab518 _ZN3JSC8JITStubs10cti_op_modEPPv+24:sw s0,64(sp) 0x6ab51c _ZN3JSC8JITStubs10cti_op_modEPPv+28:moves8,sp 0x6ab520 _ZN3JSC8JITStubs10cti_op_modEPPv+32:sw gp,16(sp) 0x6ab524 _ZN3JSC8JITStubs10cti_op_modEPPv+36:sw a0,80(s8) 0x6ab528 _ZN3JSC8JITStubs10cti_op_modEPPv+40:lw v0,80(s8) 0x6ab52c _ZN3JSC8JITStubs10cti_op_modEPPv+44:addiu v0,v0,-4 0x6ab530 _ZN3JSC8JITStubs10cti_op_modEPPv+48:addiu a0,s8,24 0x6ab534 _ZN3JSC8JITStubs10cti_op_modEPPv+52:movea1,v0 0x6ab538 _ZN3JSC8JITStubs10cti_op_modEPPv+56:lw t9,-19012(gp) 0x6ab53c _ZN3JSC8JITStubs10cti_op_modEPPv+60:jalrt9 0x6ab540 _ZN3JSC8JITStubs10cti_op_modEPPv+64: nop 0x6ab544 _ZN3JSC8JITStubs10cti_op_modEPPv+68:lw gp,16(s8) 0x6ab548 _ZN3JSC8JITStubs10cti_op_modEPPv+72:addiu v0,s8,32 0x6ab54c _ZN3JSC8JITStubs10cti_op_modEPPv+76:lw v1,80(s8) (gdb) stepi 14 Program received signal SIGSEGV, Segmentation fault. 0x006ab538 in JSC::JITStubs::cti_op_mod (args=0x2aac9500) at /home/jdai/depot/mp/mediabase/head/libs/webkit-1.1.1/JavaScriptCore/jit/JITStubs.cpp:1685 1685 BEGIN_STUB_FUNCTION(); another question is that there is no matched va_end() and it is a bug. thanks a lot for help, joe ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
Re: [webkit-dev] want to port JIT to MIPS - cti_op_mod(STUB_ARGS) seg fault
The cause details are below: 1. original C funtion: JSValueEncodedAsPointer* JITStubs::cti_op_mod(STUB_ARGS) { BEGIN_STUB_FUNCTION(); //causes seg fault JSValuePtr dividendValue = ARG_src1; JSValuePtr divisorValue = ARG_src2; CallFrame* callFrame = ARG_callFrame; double d = dividendValue.toNumber(callFrame); JSValuePtr result = jsNumber(ARG_globalData, fmod(d, divisorValue.toNumber(callFrame))); CHECK_FOR_EXCEPTION_AT_END(); return JSValuePtr::encode(result); } 2. On X86: Dump of assembler code for function _ZN3JSC8JITStubs10cti_op_modEPvz: 0x08141b12 _ZN3JSC8JITStubs10cti_op_modEPvz+0:push %ebp 0x08141b13 _ZN3JSC8JITStubs10cti_op_modEPvz+1:mov%esp,%ebp 0x08141b15 _ZN3JSC8JITStubs10cti_op_modEPvz+3:push %esi 0x08141b16 _ZN3JSC8JITStubs10cti_op_modEPvz+4:push %ebx 0x08141b17 _ZN3JSC8JITStubs10cti_op_modEPvz+5:sub$0x70,%esp 0x08141b1a _ZN3JSC8JITStubs10cti_op_modEPvz+8:call 0x80577bc __i686.get_pc_thunk.bx //this system call is not exist in MIPS compiled code 0x08141b1f _ZN3JSC8JITStubs10cti_op_modEPvz+13: add$0xee049,%ebx 0x08141b25 _ZN3JSC8JITStubs10cti_op_modEPvz+19: lea0xc(%ebp),%eax //1677 BEGIN_STUB_FUNCTION(); 0x08141b28 _ZN3JSC8JITStubs10cti_op_modEPvz+22: mov%eax,-0x1c(%ebp) 0x08141b2b _ZN3JSC8JITStubs10cti_op_modEPvz+25: mov-0x1c(%ebp),%eax 0x08141b2e _ZN3JSC8JITStubs10cti_op_modEPvz+28: sub$0x8,%eax 0x08141b31 _ZN3JSC8JITStubs10cti_op_modEPvz+31: mov%eax,0x4(%esp) 0x08141b35 _ZN3JSC8JITStubs10cti_op_modEPvz+35: lea-0x24(%ebp),%eax 0x08141b38 _ZN3JSC8JITStubs10cti_op_modEPvz+38: mov%eax,(%esp) 0x08141b3b _ZN3JSC8JITStubs10cti_op_modEPvz+41: call 0x8148e76 StackHack//242 ALWAYS_INLINE StackHack(void** location), MIPS disasm has no symbols at all 3. On MIPS Dump of assembler code for function _ZN3JSC8JITStubs10cti_op_modEPvz: 0x006abdb8 _ZN3JSC8JITStubs10cti_op_modEPvz+0:lui gp,0xf96 //this segment used on other routines and works 0x006abdbc _ZN3JSC8JITStubs10cti_op_modEPvz+4:addiu gp,gp,6776 0x006abdc0 _ZN3JSC8JITStubs10cti_op_modEPvz+8:addugp,gp,t9 0x006abdc4 _ZN3JSC8JITStubs10cti_op_modEPvz+12: addiu sp,sp,-88 0x006abdc8 _ZN3JSC8JITStubs10cti_op_modEPvz+16: sw ra,80(sp) 0x006abdcc _ZN3JSC8JITStubs10cti_op_modEPvz+20: sw s8,76(sp) 0x006abdd0 _ZN3JSC8JITStubs10cti_op_modEPvz+24: sw s0,72(sp) 0x006abdd4 _ZN3JSC8JITStubs10cti_op_modEPvz+28: moves8,sp 0x006abdd8 _ZN3JSC8JITStubs10cti_op_modEPvz+32: sw gp,16(sp) 0x006abddc _ZN3JSC8JITStubs10cti_op_modEPvz+36: sw a1,92(s8) 0x006abde0 _ZN3JSC8JITStubs10cti_op_modEPvz+40: sw a2,96(s8) 0x006abde4 _ZN3JSC8JITStubs10cti_op_modEPvz+44: sw a3,100(s8) 0x006abde8 _ZN3JSC8JITStubs10cti_op_modEPvz+48: sw a0,88(s8) 0x006abdec _ZN3JSC8JITStubs10cti_op_modEPvz+52: addiu v0,s8,92 0x006abdf0 _ZN3JSC8JITStubs10cti_op_modEPvz+56: sw v0,24(s8) 0x006abdf4 _ZN3JSC8JITStubs10cti_op_modEPvz+60: addiu v1,s8,32 0x006abdf8 _ZN3JSC8JITStubs10cti_op_modEPvz+64: lw v0,24(s8) 0x006abdfc _ZN3JSC8JITStubs10cti_op_modEPvz+68: addiu v0,v0,-8 0x006abe00 _ZN3JSC8JITStubs10cti_op_modEPvz+72: movea0,v1 0x006abe04 _ZN3JSC8JITStubs10cti_op_modEPvz+76: movea1,v0 0x006abe08 _ZN3JSC8JITStubs10cti_op_modEPvz+80: lw t9,-19028(gp) //seg fault here, -19028(gp) not accesible 0x006abe0c _ZN3JSC8JITStubs10cti_op_modEPvz+84: jalrt9 ... no label in MIPS. StackHack label shown on X86 but on mips are all xxx(gp), may be compiler/gdb not as good as X86 version? thanks for look at it, joe --- On Wed, 4/22/09, x yz last...@yahoo.com wrote: From: x yz last...@yahoo.com Subject: Re: [webkit-dev] want to port JIT to MIPS - cti_op_mod(STUB_ARGS) seg fault To: WebKit Development webkit-dev@lists.webkit.org, Gavin Barraclough barraclo...@apple.com Date: Wednesday, April 22, 2009, 8:31 AM I use MIPS32EL, VA_LIST call, MIPS pushes function argument from left to right. I wrote a simple VA_LIST test it works on my box. BEGIN_STUB_FUNCTION() cause seg fault due to MIPS uses gp reg to read sth. I treied to rewrite the code like that: JSObject* JITStubs::cti_op_new_func_exp(STUB_ARGS) { va_list vl_args; va_start(vl_args, args); StackHack stackHack(STUB_RETURN_ADDRESS_SLOT); JSValuePtr dividendValue = va_arg(vl_args, JSC::JSCell* ); JSValuePtr divisorValue = va_arg(vl_args, JSC::JSCell* ); ... } Still fail in stackHack(), if I comment out stackHack() then fails at va_arg. gp is a global register for common/public variables, the same usage before I call cti_op_mod() works fine. I also tried not use VA_LIST but REGISTER calling convention, still fail: (gdb) x/2i $at 0x6ab500
Re: [webkit-dev] want to port JIT to MIPS - cti_op_mod(STUB_ARGS) seg fault
I use MIPS32EL, VA_LIST call, MIPS pushes function argument from left to right. I wrote a simple VA_LIST test it works on my box. BEGIN_STUB_FUNCTION() cause seg fault due to MIPS uses gp reg to read sth. I treied to rewrite the code like that: JSObject* JITStubs::cti_op_new_func_exp(STUB_ARGS) { va_list vl_args; va_start(vl_args, args); StackHack stackHack(STUB_RETURN_ADDRESS_SLOT); JSValuePtr dividendValue = va_arg(vl_args, JSC::JSCell* ); JSValuePtr divisorValue = va_arg(vl_args, JSC::JSCell* ); ... } Still fail in stackHack(), if I comment out stackHack() then fails at va_arg. gp is a global register for common/public variables, the same usage before I call cti_op_mod() works fine. I also tried not use VA_LIST but REGISTER calling convention, still fail: (gdb) x/2i $at 0x6ab500 _ZN3JSC8JITStubs10cti_op_modEPPv:lui gp,0xf96 0x6ab504 _ZN3JSC8JITStubs10cti_op_modEPPv+4: addiu gp,gp,9008 (gdb) x/20i $at 0x6ab500 _ZN3JSC8JITStubs10cti_op_modEPPv:lui gp,0xf96 0x6ab504 _ZN3JSC8JITStubs10cti_op_modEPPv+4: addiu gp,gp,9008 0x6ab508 _ZN3JSC8JITStubs10cti_op_modEPPv+8: addugp,gp,t9 0x6ab50c _ZN3JSC8JITStubs10cti_op_modEPPv+12: addiu sp,sp,-80 0x6ab510 _ZN3JSC8JITStubs10cti_op_modEPPv+16: sw ra,72(sp) 0x6ab514 _ZN3JSC8JITStubs10cti_op_modEPPv+20: sw s8,68(sp) 0x6ab518 _ZN3JSC8JITStubs10cti_op_modEPPv+24: sw s0,64(sp) 0x6ab51c _ZN3JSC8JITStubs10cti_op_modEPPv+28: moves8,sp 0x6ab520 _ZN3JSC8JITStubs10cti_op_modEPPv+32: sw gp,16(sp) 0x6ab524 _ZN3JSC8JITStubs10cti_op_modEPPv+36: sw a0,80(s8) 0x6ab528 _ZN3JSC8JITStubs10cti_op_modEPPv+40: lw v0,80(s8) 0x6ab52c _ZN3JSC8JITStubs10cti_op_modEPPv+44: addiu v0,v0,-4 0x6ab530 _ZN3JSC8JITStubs10cti_op_modEPPv+48: addiu a0,s8,24 0x6ab534 _ZN3JSC8JITStubs10cti_op_modEPPv+52: movea1,v0 0x6ab538 _ZN3JSC8JITStubs10cti_op_modEPPv+56: lw t9,-19012(gp) 0x6ab53c _ZN3JSC8JITStubs10cti_op_modEPPv+60: jalrt9 0x6ab540 _ZN3JSC8JITStubs10cti_op_modEPPv+64: nop 0x6ab544 _ZN3JSC8JITStubs10cti_op_modEPPv+68: lw gp,16(s8) 0x6ab548 _ZN3JSC8JITStubs10cti_op_modEPPv+72: addiu v0,s8,32 0x6ab54c _ZN3JSC8JITStubs10cti_op_modEPPv+76: lw v1,80(s8) (gdb) stepi 14 Program received signal SIGSEGV, Segmentation fault. 0x006ab538 in JSC::JITStubs::cti_op_mod (args=0x2aac9500) at /home/jdai/depot/mp/mediabase/head/libs/webkit-1.1.1/JavaScriptCore/jit/JITStubs.cpp:1685 1685BEGIN_STUB_FUNCTION(); another question is that there is no matched va_end() and it is a bug. thanks a lot for help, joe ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
Re: [webkit-dev] want to port JIT to MIPS - where comes from _ZN3JSC8JITStubs12cti_vm_throwEPvz
jit complier give error because above label is hard coded. It reports the error with a file .s under /tmp yet I cannot see and not sure who removes it. Pls be kindly to let me know how I can change above label to correct one. Also, now I see hard coded constant patchOffsetOpCallCompareToJump=6 comes from some code via gdb, yet not sure where/when it is generated. It seems to be a c function head. rgds joe ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
Re: [webkit-dev] want to port JIT to MIPS - why GtkLaunder needs gcc?
Hello, Do you mean the Programs/GtkLauncher? Since the GtkLauncher is a wrapper script and will create the actual lt-GtkLauncher under Programs/.libs/. My way is to just run the Programs/GtkLauncher in host (with your cross toolchain in PATH) and let the script create the lt-GtkLauncher. Just ignore the error and copy the Programs/.libs/lt-GtkLauncher created to your target. Hope this helps. Regards, Jenson 2009/3/19 x yz last...@yahoo.com: we cross-compiled webkit and when we run GtkLaunder it says /bin/...gcc not found. thanks for help. rgds joe ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
Re: [webkit-dev] want to port JIT to MIPS - can anybody explain JIT::linkCall?
e.g, emitted asm code before/after patch? what does its four pointers do? MacroAssembler::CodeLocationNearCall callReturnLocation; MacroAssembler::CodeLocationDataLabelPtr hotPathBegin; MacroAssembler::CodeLocationNearCall hotPathOther; MacroAssembler::CodeLocationLabel coldPathOther; CodeBlock* callee; anywhere got doc of the JIT implementations? thanks a lot! joe --- On Wed, 3/4/09, Zoltan Herczeg zherc...@inf.u-szeged.hu wrote: From: Zoltan Herczeg zherc...@inf.u-szeged.hu Subject: Re: [webkit-dev] want to port JIT to MIPS - how patchOffset* constant determined? To: webkit-dev@lists.webkit.org Date: Wednesday, March 4, 2009, 3:33 PM Hi, they generate instructions, which size is known in advance. Think about the following sequence: hotPathBegin: mov regX, 32bit_const - 6 bytes (*) (**) add regX, regY - 2 bytes jo 32bit_addr - 5 bytes (*) * (Note) : these instructions will be modified during runtime. ** (Note) : there is a short form for mov regX, 8bit_const, which length is only 3 bytes, but they force the longer version in such cases to keep the size of the instruction. As you can see, the address of jo is always (hotPathBegin + 6 + 2). They simply introduce a new constant: patchOffsetXXX = 8, and use this constant to access the jo instruction later. In ARM we can't rely on such constant, because the constant pool can be placed after any instruction. hotPathBegin: ldr rX, [pc + const_pool_addr] ; 32 bit const [...] - the const pool can be placed here add rX, rX, rY [...] - the const pool can be placed here hotPath2: ldr pc, [pc + const_pool_addr] ; 32 bit target address We need to store both pointers (hotPathBegin and hotPath2). Zoltan Zoltan, Thanks for reply, I'm trying to understand your example. But,X86 instruction size is from 1 to 17bytes, not constant. I may misunderstand your comments? Many X86 instruction can have imm32 at the end, thus this pointer can be used for patch as well as next address after call. Does Arm have similar things? or else you still need to figure out why patchOffsetOpCallCompareToJump = 9;? may be some instruction lengths relates to the 9? rgds joe --- On Wed, 3/4/09, Zoltan Herczeg zherc...@inf.u-szeged.hu wrote: From: Zoltan Herczeg zherc...@inf.u-szeged.hu Subject: Re: [webkit-dev] want to port JIT to MIPS - how patchOffset* constant determined? To: webkit-dev@lists.webkit.org Date: Wednesday, March 4, 2009, 3:45 AM On x86, the size of the instructions are fixed. If you want to access multiple instructions in the instruction stream, you only need to store the address of the first one, and can access the others by their relative address. This saves a little memory. Example (see JIT::linkCall): instruction at callLinkInfo-hotPathBegin: points to callee comparison instruction at callLinkInfo-hotPathBegin + patchOffsetOpCallCompareToJump: points to the slow case entry jump Zoltan in jit.h, for example: static const int patchOffsetOpCallCompareToJump = 9; static const int patchOffsetPutByIdStructure = 7; static const int patchOffsetPutByIdPropertyMapOffset = 22; static const int patchOffsetGetByIdBranchToSlowCase = 13; thanks for help, I'm stucked here now. joe --- On Sat, 2/28/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS - JIT reg usage clean up? To: WebKit Development webkit-dev@lists.webkit.org Date: Saturday, February 28, 2009, 12:19 PM On Feb 27, 2009, at 4:55 PM, x yz wrote: The regTx seems to be working registers here, yet their definition are regparm(3) registers for function arugments. Such usage would cause conflict on other platforms. May I suggest that we use individual defined set of regs for func i/o argument and working? First up, I think you're getting slightly confused about regparm(3). This is not used anywhere in the JS language JIT, only in WREC. In some configurations of the JIT we use fastcall semantics on x86... but none of this is really relevant to MIPS. Just ignore all this. Stick to the default MIPS ABI for stub functions. Reading between the lines, I'm guessing your concern here is that in setting up arguments for a JIT stub call you may trample the JIT's temporary registers? If so, I think you need to look at the argument passing more closely. The mechanisms to pass arguments to stub functions pass all arguments in memory – typically passing a single pointer to the stub functions, which can be used to retrieve the arguments. This pointer argument can be set up immediately prior to the call, so it does not interfere with the regT
Re: [webkit-dev] want to port JIT to MIPS - can anybody explain JIT::linkCall?
The hot path for a call performs a check for a specific callee, with a fast mechanism for making JS-JS calls. The code is generated such that it will initially always bail out to the slow path, and the second time the call is executed it will dynamically linked itself to that callee. There are currently two slow paths generated for each callee, the initial one that calls out to relink the code, and a second form that does not. hotPathBegin hotPathOther are used (along with an offset) to find three things to repatch in the hot path: (1) The JSFunction* value that is checked, to identify the callee (2) The jump out to the slow path, so this can be relinked to the second form (which will not attempt to relink – this is stored in coldPathOther). (3) The call instruction to be linked the callee's code. The value callReturnLocation points to the call in the cold path to the relink mechanisms. This is used by the dynamic linking mechanisms to lookup the CallLinkInfo record describing the call to be linked, and is also used in exception handling. G. On Mar 6, 2009, at 5:40 PM, x yz wrote: e.g, emitted asm code before/after patch? what does its four pointers do? MacroAssembler::CodeLocationNearCall callReturnLocation; MacroAssembler::CodeLocationDataLabelPtr hotPathBegin; MacroAssembler::CodeLocationNearCall hotPathOther; MacroAssembler::CodeLocationLabel coldPathOther; CodeBlock* callee; anywhere got doc of the JIT implementations? thanks a lot! joe --- On Wed, 3/4/09, Zoltan Herczeg zherc...@inf.u-szeged.hu wrote: From: Zoltan Herczeg zherc...@inf.u-szeged.hu Subject: Re: [webkit-dev] want to port JIT to MIPS - how patchOffset* constant determined? To: webkit-dev@lists.webkit.org Date: Wednesday, March 4, 2009, 3:33 PM Hi, they generate instructions, which size is known in advance. Think about the following sequence: hotPathBegin: mov regX, 32bit_const - 6 bytes (*) (**) add regX, regY - 2 bytes jo 32bit_addr - 5 bytes (*) * (Note) : these instructions will be modified during runtime. ** (Note) : there is a short form for mov regX, 8bit_const, which length is only 3 bytes, but they force the longer version in such cases to keep the size of the instruction. As you can see, the address of jo is always (hotPathBegin + 6 + 2). They simply introduce a new constant: patchOffsetXXX = 8, and use this constant to access the jo instruction later. In ARM we can't rely on such constant, because the constant pool can be placed after any instruction. hotPathBegin: ldr rX, [pc + const_pool_addr] ; 32 bit const [...] - the const pool can be placed here add rX, rX, rY [...] - the const pool can be placed here hotPath2: ldr pc, [pc + const_pool_addr] ; 32 bit target address We need to store both pointers (hotPathBegin and hotPath2). Zoltan Zoltan, Thanks for reply, I'm trying to understand your example. But,X86 instruction size is from 1 to 17bytes, not constant. I may misunderstand your comments? Many X86 instruction can have imm32 at the end, thus this pointer can be used for patch as well as next address after call. Does Arm have similar things? or else you still need to figure out why patchOffsetOpCallCompareToJump = 9;? may be some instruction lengths relates to the 9? rgds joe --- On Wed, 3/4/09, Zoltan Herczeg zherc...@inf.u-szeged.hu wrote: From: Zoltan Herczeg zherc...@inf.u-szeged.hu Subject: Re: [webkit-dev] want to port JIT to MIPS - how patchOffset* constant determined? To: webkit-dev@lists.webkit.org Date: Wednesday, March 4, 2009, 3:45 AM On x86, the size of the instructions are fixed. If you want to access multiple instructions in the instruction stream, you only need to store the address of the first one, and can access the others by their relative address. This saves a little memory. Example (see JIT::linkCall): instruction at callLinkInfo-hotPathBegin: points to callee comparison instruction at callLinkInfo-hotPathBegin + patchOffsetOpCallCompareToJump: points to the slow case entry jump Zoltan in jit.h, for example: static const int patchOffsetOpCallCompareToJump = 9; static const int patchOffsetPutByIdStructure = 7; static const int patchOffsetPutByIdPropertyMapOffset = 22; static const int patchOffsetGetByIdBranchToSlowCase = 13; thanks for help, I'm stucked here now. joe --- On Sat, 2/28/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS - JIT reg usage clean up? To: WebKit Development webkit-dev@lists.webkit.org Date: Saturday, February 28, 2009, 12:19 PM On Feb 27, 2009, at 4:55 PM, x yz wrote: The regTx seems to be working registers here, yet their definition are regparm(3) registers for function arugments. Such usage would cause conflict on other platforms. May I suggest that we use individual defined set of regs for func i/o
Re: [webkit-dev] want to port JIT to MIPS - how patchOffset* constant determined?
Hi, this really helps! The two pointers may also help Mips. In Mips dest offset patches are in two instructions, no constant biase can be used as in X86. Currently I do check instruction syntax to determine the patch offset. thanks again! joe --- On Wed, 3/4/09, Zoltan Herczeg zherc...@inf.u-szeged.hu wrote: From: Zoltan Herczeg zherc...@inf.u-szeged.hu Subject: Re: [webkit-dev] want to port JIT to MIPS - how patchOffset* constant determined? To: webkit-dev@lists.webkit.org Date: Wednesday, March 4, 2009, 3:33 PM Hi, they generate instructions, which size is known in advance. Think about the following sequence: hotPathBegin: mov regX, 32bit_const - 6 bytes (*) (**) add regX, regY - 2 bytes jo 32bit_addr - 5 bytes (*) * (Note) : these instructions will be modified during runtime. ** (Note) : there is a short form for mov regX, 8bit_const, which length is only 3 bytes, but they force the longer version in such cases to keep the size of the instruction. As you can see, the address of jo is always (hotPathBegin + 6 + 2). They simply introduce a new constant: patchOffsetXXX = 8, and use this constant to access the jo instruction later. In ARM we can't rely on such constant, because the constant pool can be placed after any instruction. hotPathBegin: ldr rX, [pc + const_pool_addr] ; 32 bit const [...] - the const pool can be placed here add rX, rX, rY [...] - the const pool can be placed here hotPath2: ldr pc, [pc + const_pool_addr] ; 32 bit target address We need to store both pointers (hotPathBegin and hotPath2). Zoltan Zoltan, Thanks for reply, I'm trying to understand your example. But,X86 instruction size is from 1 to 17bytes, not constant. I may misunderstand your comments? Many X86 instruction can have imm32 at the end, thus this pointer can be used for patch as well as next address after call. Does Arm have similar things? or else you still need to figure out why patchOffsetOpCallCompareToJump = 9;? may be some instruction lengths relates to the 9? rgds joe --- On Wed, 3/4/09, Zoltan Herczeg zherc...@inf.u-szeged.hu wrote: From: Zoltan Herczeg zherc...@inf.u-szeged.hu Subject: Re: [webkit-dev] want to port JIT to MIPS - how patchOffset* constant determined? To: webkit-dev@lists.webkit.org Date: Wednesday, March 4, 2009, 3:45 AM On x86, the size of the instructions are fixed. If you want to access multiple instructions in the instruction stream, you only need to store the address of the first one, and can access the others by their relative address. This saves a little memory. Example (see JIT::linkCall): instruction at callLinkInfo-hotPathBegin: points to callee comparison instruction at callLinkInfo-hotPathBegin + patchOffsetOpCallCompareToJump: points to the slow case entry jump Zoltan in jit.h, for example: static const int patchOffsetOpCallCompareToJump = 9; static const int patchOffsetPutByIdStructure = 7; static const int patchOffsetPutByIdPropertyMapOffset = 22; static const int patchOffsetGetByIdBranchToSlowCase = 13; thanks for help, I'm stucked here now. joe --- On Sat, 2/28/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS - JIT reg usage clean up? To: WebKit Development webkit-dev@lists.webkit.org Date: Saturday, February 28, 2009, 12:19 PM On Feb 27, 2009, at 4:55 PM, x yz wrote: The regTx seems to be working registers here, yet their definition are regparm(3) registers for function arugments. Such usage would cause conflict on other platforms. May I suggest that we use individual defined set of regs for func i/o argument and working? First up, I think you're getting slightly confused about regparm(3). This is not used anywhere in the JS language JIT, only in WREC. In some configurations of the JIT we use fastcall semantics on x86... but none of this is really relevant to MIPS. Just ignore all this. Stick to the default MIPS ABI for stub functions. Reading between the lines, I'm guessing your concern here is that in setting up arguments for a JIT stub call you may trample the JIT's temporary registers? If so, I think you need to look at the argument passing more closely. The mechanisms to pass arguments to stub functions pass all arguments in memory – typically passing a single pointer to the stub functions, which can be used to retrieve the arguments. This pointer argument can be set up immediately prior to the call, so it does not interfere with the regT? temporaries. We follow this pattern on x86-64, where the ABI is typically to pass arguments in registers. You cannot
Re: [webkit-dev] want to port JIT to MIPS - how patchOffset* constant determined?
in jit.h, for example: static const int patchOffsetOpCallCompareToJump = 9; static const int patchOffsetPutByIdStructure = 7; static const int patchOffsetPutByIdPropertyMapOffset = 22; static const int patchOffsetGetByIdBranchToSlowCase = 13; thanks for help, I'm stucked here now. joe --- On Sat, 2/28/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS - JIT reg usage clean up? To: WebKit Development webkit-dev@lists.webkit.org Date: Saturday, February 28, 2009, 12:19 PM On Feb 27, 2009, at 4:55 PM, x yz wrote: The regTx seems to be working registers here, yet their definition are regparm(3) registers for function arugments. Such usage would cause conflict on other platforms. May I suggest that we use individual defined set of regs for func i/o argument and working? First up, I think you're getting slightly confused about regparm(3). This is not used anywhere in the JS language JIT, only in WREC. In some configurations of the JIT we use fastcall semantics on x86... but none of this is really relevant to MIPS. Just ignore all this. Stick to the default MIPS ABI for stub functions. Reading between the lines, I'm guessing your concern here is that in setting up arguments for a JIT stub call you may trample the JIT's temporary registers? If so, I think you need to look at the argument passing more closely. The mechanisms to pass arguments to stub functions pass all arguments in memory – typically passing a single pointer to the stub functions, which can be used to retrieve the arguments. This pointer argument can be set up immediately prior to the call, so it does not interfere with the regT? temporaries. We follow this pattern on x86-64, where the ABI is typically to pass arguments in registers. You cannot trivially change the way this works, since the argument pointer is used for other purposes too (e.g. retrieving the arguments passed into the JIT code from within the stubs). We strongly prefer small, simple, incremental changes. A patch that tried to both port the JIT to a new platform and to introduce a new argument passing interface to the JIT stub functions sounds unlikely to get anywhere (a patch porting the JIT to a new platform is on its own very likely to be too much more than we'd want to land in one chunk). I'd suggest that a port would be wise to engineer it's initial solution to fit one of the existing argument passing mechanisms (these are selected by JIT_STUB_ARGUMENT_* switches, to help find the relevant code). (Alternatively, you're welcome to attempt to port x86-64 to make use of an in-register argument passing solution, which could be hugely useful. With this landed first and separately, a port could then build on top of this.) As a more direct answer to your question, you could endeavour to make the set of hardware registers used as JIT temporaries non-overlapping with ABI function argument registers on MIPS, but this is unlikely to be a general solution to anything for all platforms, due to limited register availability on some architectures. we would put all these definition in a file named regMap.h, then we can remove all X86:: from other JIT files. I don't think we'll be keen on taking preemptive changes so far ahead in preparation of a port. The first logical step in porting to a new platform is still to start with WREC, and this requires no changes in the JIT directory. Any refactoring of the existing JIT would make more sense more directly prior to work in that area. cheers, G. I'd apperciate if sb can do it or help me to do it. rgds joe --- On Sat, 2/28/09, x yz last...@yahoo.com wrote: From: x yz last...@yahoo.com Subject: Re: [webkit-dev] want to port JIT to MIPS - which calling convention is used here? To: webkit-dev@lists.webkit.org, Zoltan Herczeg zherc...@inf.u-szeged.hu Date: Saturday, February 28, 2009, 7:40 AM Hi, Thanks for your help in advance:) in JITPropertyAccess.cpp: if (transitionWillNeedStorageRealloc(oldStructure, newStructure)) { pop(X86::ebx); ///pop return address, why? for exception? #if PLATFORM(X86_64)///which convention is this? move(Imm32(newStructure-propertyStorageCapacity()), regT1); //edx move(Imm32(oldStructure-propertyStorageCapacity()), X86::esi); move(regT0, X86::edi); callTarget = call(); #else ///__cdecl, yet how can I know resizePropertyStorage() use __cdecl? push(Imm32(newStructure-propertyStorageCapacity())); push(Imm32(oldStructure-propertyStorageCapacity())); push(regT0); callTarget = call(); addPtr(Imm32(3 * sizeof(void*)), X86::esp); ///clean stack #endif
Re: [webkit-dev] want to port JIT to MIPS - how patchOffset* constant determined?
On x86, the size of the instructions are fixed. If you want to access multiple instructions in the instruction stream, you only need to store the address of the first one, and can access the others by their relative address. This saves a little memory. Example (see JIT::linkCall): instruction at callLinkInfo-hotPathBegin: points to callee comparison instruction at callLinkInfo-hotPathBegin + patchOffsetOpCallCompareToJump: points to the slow case entry jump Zoltan in jit.h, for example: static const int patchOffsetOpCallCompareToJump = 9; static const int patchOffsetPutByIdStructure = 7; static const int patchOffsetPutByIdPropertyMapOffset = 22; static const int patchOffsetGetByIdBranchToSlowCase = 13; thanks for help, I'm stucked here now. joe --- On Sat, 2/28/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS - JIT reg usage clean up? To: WebKit Development webkit-dev@lists.webkit.org Date: Saturday, February 28, 2009, 12:19 PM On Feb 27, 2009, at 4:55 PM, x yz wrote: The regTx seems to be working registers here, yet their definition are regparm(3) registers for function arugments. Such usage would cause conflict on other platforms. May I suggest that we use individual defined set of regs for func i/o argument and working? First up, I think you're getting slightly confused about regparm(3). This is not used anywhere in the JS language JIT, only in WREC. In some configurations of the JIT we use fastcall semantics on x86... but none of this is really relevant to MIPS. Just ignore all this. Stick to the default MIPS ABI for stub functions. Reading between the lines, I'm guessing your concern here is that in setting up arguments for a JIT stub call you may trample the JIT's temporary registers? If so, I think you need to look at the argument passing more closely. The mechanisms to pass arguments to stub functions pass all arguments in memory – typically passing a single pointer to the stub functions, which can be used to retrieve the arguments. This pointer argument can be set up immediately prior to the call, so it does not interfere with the regT? temporaries. We follow this pattern on x86-64, where the ABI is typically to pass arguments in registers. You cannot trivially change the way this works, since the argument pointer is used for other purposes too (e.g. retrieving the arguments passed into the JIT code from within the stubs). We strongly prefer small, simple, incremental changes. A patch that tried to both port the JIT to a new platform and to introduce a new argument passing interface to the JIT stub functions sounds unlikely to get anywhere (a patch porting the JIT to a new platform is on its own very likely to be too much more than we'd want to land in one chunk). I'd suggest that a port would be wise to engineer it's initial solution to fit one of the existing argument passing mechanisms (these are selected by JIT_STUB_ARGUMENT_* switches, to help find the relevant code). (Alternatively, you're welcome to attempt to port x86-64 to make use of an in-register argument passing solution, which could be hugely useful. With this landed first and separately, a port could then build on top of this.) As a more direct answer to your question, you could endeavour to make the set of hardware registers used as JIT temporaries non-overlapping with ABI function argument registers on MIPS, but this is unlikely to be a general solution to anything for all platforms, due to limited register availability on some architectures. we would put all these definition in a file named regMap.h, then we can remove all X86:: from other JIT files. I don't think we'll be keen on taking preemptive changes so far ahead in preparation of a port. The first logical step in porting to a new platform is still to start with WREC, and this requires no changes in the JIT directory. Any refactoring of the existing JIT would make more sense more directly prior to work in that area. cheers, G. I'd apperciate if sb can do it or help me to do it. rgds joe --- On Sat, 2/28/09, x yz last...@yahoo.com wrote: From: x yz last...@yahoo.com Subject: Re: [webkit-dev] want to port JIT to MIPS - which calling convention is used here? To: webkit-dev@lists.webkit.org, Zoltan Herczeg zherc...@inf.u-szeged.hu Date: Saturday, February 28, 2009, 7:40 AM Hi, Thanks for your help in advance:) in JITPropertyAccess.cpp: if (transitionWillNeedStorageRealloc(oldStructure, newStructure)) { pop(X86::ebx); ///pop return address, why? for exception? #if PLATFORM(X86_64)///which convention is this? move(Imm32(newStructure-propertyStorageCapacity()), regT1); //edx move(Imm32(oldStructure-propertyStorageCapacity()), X86::esi
Re: [webkit-dev] want to port JIT to MIPS - how patchOffset* constant determined?
Zoltan, Thanks for reply, I'm trying to understand your example. But,X86 instruction size is from 1 to 17bytes, not constant. I may misunderstand your comments? Many X86 instruction can have imm32 at the end, thus this pointer can be used for patch as well as next address after call. Does Arm have similar things? or else you still need to figure out why patchOffsetOpCallCompareToJump = 9;? may be some instruction lengths relates to the 9? rgds joe --- On Wed, 3/4/09, Zoltan Herczeg zherc...@inf.u-szeged.hu wrote: From: Zoltan Herczeg zherc...@inf.u-szeged.hu Subject: Re: [webkit-dev] want to port JIT to MIPS - how patchOffset* constant determined? To: webkit-dev@lists.webkit.org Date: Wednesday, March 4, 2009, 3:45 AM On x86, the size of the instructions are fixed. If you want to access multiple instructions in the instruction stream, you only need to store the address of the first one, and can access the others by their relative address. This saves a little memory. Example (see JIT::linkCall): instruction at callLinkInfo-hotPathBegin: points to callee comparison instruction at callLinkInfo-hotPathBegin + patchOffsetOpCallCompareToJump: points to the slow case entry jump Zoltan in jit.h, for example: static const int patchOffsetOpCallCompareToJump = 9; static const int patchOffsetPutByIdStructure = 7; static const int patchOffsetPutByIdPropertyMapOffset = 22; static const int patchOffsetGetByIdBranchToSlowCase = 13; thanks for help, I'm stucked here now. joe --- On Sat, 2/28/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS - JIT reg usage clean up? To: WebKit Development webkit-dev@lists.webkit.org Date: Saturday, February 28, 2009, 12:19 PM On Feb 27, 2009, at 4:55 PM, x yz wrote: The regTx seems to be working registers here, yet their definition are regparm(3) registers for function arugments. Such usage would cause conflict on other platforms. May I suggest that we use individual defined set of regs for func i/o argument and working? First up, I think you're getting slightly confused about regparm(3). This is not used anywhere in the JS language JIT, only in WREC. In some configurations of the JIT we use fastcall semantics on x86... but none of this is really relevant to MIPS. Just ignore all this. Stick to the default MIPS ABI for stub functions. Reading between the lines, I'm guessing your concern here is that in setting up arguments for a JIT stub call you may trample the JIT's temporary registers? If so, I think you need to look at the argument passing more closely. The mechanisms to pass arguments to stub functions pass all arguments in memory – typically passing a single pointer to the stub functions, which can be used to retrieve the arguments. This pointer argument can be set up immediately prior to the call, so it does not interfere with the regT? temporaries. We follow this pattern on x86-64, where the ABI is typically to pass arguments in registers. You cannot trivially change the way this works, since the argument pointer is used for other purposes too (e.g. retrieving the arguments passed into the JIT code from within the stubs). We strongly prefer small, simple, incremental changes. A patch that tried to both port the JIT to a new platform and to introduce a new argument passing interface to the JIT stub functions sounds unlikely to get anywhere (a patch porting the JIT to a new platform is on its own very likely to be too much more than we'd want to land in one chunk). I'd suggest that a port would be wise to engineer it's initial solution to fit one of the existing argument passing mechanisms (these are selected by JIT_STUB_ARGUMENT_* switches, to help find the relevant code). (Alternatively, you're welcome to attempt to port x86-64 to make use of an in-register argument passing solution, which could be hugely useful. With this landed first and separately, a port could then build on top of this.) As a more direct answer to your question, you could endeavour to make the set of hardware registers used as JIT temporaries non-overlapping with ABI function argument registers on MIPS, but this is unlikely to be a general solution to anything for all platforms, due to limited register availability on some architectures. we would put all these definition in a file named regMap.h, then we can remove all X86:: from other JIT files. I don't think we'll be keen on taking preemptive changes so far ahead in preparation of a port. The first logical step in porting to a new platform is still to start with WREC, and this requires no changes in the JIT directory. Any refactoring of the existing JIT
Re: [webkit-dev] want to port JIT to MIPS - how patchOffset* constant determined?
Hi, they generate instructions, which size is known in advance. Think about the following sequence: hotPathBegin: mov regX, 32bit_const - 6 bytes (*) (**) add regX, regY - 2 bytes jo 32bit_addr - 5 bytes (*) * (Note) : these instructions will be modified during runtime. ** (Note) : there is a short form for mov regX, 8bit_const, which length is only 3 bytes, but they force the longer version in such cases to keep the size of the instruction. As you can see, the address of jo is always (hotPathBegin + 6 + 2). They simply introduce a new constant: patchOffsetXXX = 8, and use this constant to access the jo instruction later. In ARM we can't rely on such constant, because the constant pool can be placed after any instruction. hotPathBegin: ldr rX, [pc + const_pool_addr] ; 32 bit const [...] - the const pool can be placed here add rX, rX, rY [...] - the const pool can be placed here hotPath2: ldr pc, [pc + const_pool_addr] ; 32 bit target address We need to store both pointers (hotPathBegin and hotPath2). Zoltan Zoltan, Thanks for reply, I'm trying to understand your example. But,X86 instruction size is from 1 to 17bytes, not constant. I may misunderstand your comments? Many X86 instruction can have imm32 at the end, thus this pointer can be used for patch as well as next address after call. Does Arm have similar things? or else you still need to figure out why patchOffsetOpCallCompareToJump = 9;? may be some instruction lengths relates to the 9? rgds joe --- On Wed, 3/4/09, Zoltan Herczeg zherc...@inf.u-szeged.hu wrote: From: Zoltan Herczeg zherc...@inf.u-szeged.hu Subject: Re: [webkit-dev] want to port JIT to MIPS - how patchOffset* constant determined? To: webkit-dev@lists.webkit.org Date: Wednesday, March 4, 2009, 3:45 AM On x86, the size of the instructions are fixed. If you want to access multiple instructions in the instruction stream, you only need to store the address of the first one, and can access the others by their relative address. This saves a little memory. Example (see JIT::linkCall): instruction at callLinkInfo-hotPathBegin: points to callee comparison instruction at callLinkInfo-hotPathBegin + patchOffsetOpCallCompareToJump: points to the slow case entry jump Zoltan in jit.h, for example: static const int patchOffsetOpCallCompareToJump = 9; static const int patchOffsetPutByIdStructure = 7; static const int patchOffsetPutByIdPropertyMapOffset = 22; static const int patchOffsetGetByIdBranchToSlowCase = 13; thanks for help, I'm stucked here now. joe --- On Sat, 2/28/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS - JIT reg usage clean up? To: WebKit Development webkit-dev@lists.webkit.org Date: Saturday, February 28, 2009, 12:19 PM On Feb 27, 2009, at 4:55 PM, x yz wrote: The regTx seems to be working registers here, yet their definition are regparm(3) registers for function arugments. Such usage would cause conflict on other platforms. May I suggest that we use individual defined set of regs for func i/o argument and working? First up, I think you're getting slightly confused about regparm(3). This is not used anywhere in the JS language JIT, only in WREC. In some configurations of the JIT we use fastcall semantics on x86... but none of this is really relevant to MIPS. Just ignore all this. Stick to the default MIPS ABI for stub functions. Reading between the lines, I'm guessing your concern here is that in setting up arguments for a JIT stub call you may trample the JIT's temporary registers? If so, I think you need to look at the argument passing more closely. The mechanisms to pass arguments to stub functions pass all arguments in memory – typically passing a single pointer to the stub functions, which can be used to retrieve the arguments. This pointer argument can be set up immediately prior to the call, so it does not interfere with the regT? temporaries. We follow this pattern on x86-64, where the ABI is typically to pass arguments in registers. You cannot trivially change the way this works, since the argument pointer is used for other purposes too (e.g. retrieving the arguments passed into the JIT code from within the stubs). We strongly prefer small, simple, incremental changes. A patch that tried to both port the JIT to a new platform and to introduce a new argument passing interface to the JIT stub functions sounds unlikely to get anywhere (a patch porting the JIT to a new platform is on its own very likely to be too much more than we'd want to land in one chunk). I'd suggest that a port would be wise to engineer it's initial solution to fit one of the existing argument passing mechanisms (these are selected
Re: [webkit-dev] want to port JIT to MIPS - stack/code segment alignment
Zoltan, you are right, thanks a lot! joe --- On Fri, 2/27/09, Zoltan Herczeg zherc...@inf.u-szeged.hu wrote: From: Zoltan Herczeg zherc...@inf.u-szeged.hu Subject: Re: [webkit-dev] want to port JIT to MIPS - stack/code segment alignment To: webkit-dev@lists.webkit.org Date: Friday, February 27, 2009, 3:41 PM Hi, in ARM, we have a rule set called EABI (Embedded Application Binary Interface). It says the stack must always be word aligned, and must be 2 words (8 bytes) aligned if you call other functions. The WebKit interpreter callbacks returns either a single pointer (sometimes an int contains a boolean value) or double pointers. These return values can be passed through registers, no need to pre-allocate stack space for them. The functions generated by g++ are also EABI compilant, so we don't need worry about the stack at all. I think AssemblerBuffer is only temporary hold the generated machine instructions. When the compilation phase is done, you need to call AssemblerBuffer::executableCopy, which allocates a new executable memory space and that space is aligned by ExecutableAllocator. Cheers, Zoltan Zoltan, thanks a lot! yeah the issue is just JIT related. Do I need to take care of stack in JIT code, say before emit asm call I align the stack? I guess no need because Mips always aligned to 32bits, and the only double functions in webkit return result in registers not memory. For AssemblerBuffer.h I think it is different because the initial 256bytes buffer may be not aligned to 32bit. I'll add __attribute__ ((aligned (4))) or 8. rgds joe --- On Fri, 2/27/09, Zoltan Herczeg zherc...@inf.u-szeged.hu wrote: From: Zoltan Herczeg zherc...@inf.u-szeged.hu Subject: Re: [webkit-dev] want to port JIT to MIPS - stack/code segment alignment To: webkit-dev@lists.webkit.org Date: Friday, February 27, 2009, 6:16 AM Hi, I am not sure I understand your questions. The code blocks are allocated by mmap() or VirtualAlloc(), thus they are aligned to 4K. Smaller chunks are aligned by roundUpAllocationSize() function. Now the alignemt is sizeof(void*) in both x86 and ARM. See ExecutableAllocator.h The current jit implementations don't store temporary variables on the stack, they allocate a fixed size buffer after the entry, and only free that when you leave the jit. This approach is much easier than keep tracking of the stack. Cheers, Zoltan gcc handles it well for X86. now on Mips I need to do followings right? 1. make sure (re)allocated code buffer aligned to 64bits and gcc malloc() only guarantee 32bits 2. before any call instruction in JIT code, make sure stack is aligned to 64bit also. PPC no JIT thus no problem right? rgds joe --- On Sun, 2/22/09, x yz last...@yahoo.com wrote: From: x yz last...@yahoo.com Subject: Re: [webkit-dev] want to port JIT to MIPS To: WebKit Development webkit-dev@lists.webkit.org, Gavin Barraclough barraclo...@apple.com Date: Sunday, February 22, 2009, 4:34 PM Thanks a lot otherwise I have misunderstanding. Yes I'll do wrec first. I just want to clean up possible blocking issues. I see wrec uses regparm(3) and jit always use fastcall for X86? In JIT.cpp ctiTrampoline put CallFrame in edi, but how about other arguments - where are they be fetched/poped from stack? when deal with caller/callee saved regs, gcc MIPS just preserves them when necesasary. The problem is after JIT used gcc may not have enough knowledge on necessary, do we have a way to force gcc always preserve them? how to identify a patch (patchimm/patchptr/patchaddr) relates to a data field in an instruction or relates to an element in a data array? In Mips the former means the 32bit needs to be separated into two 16bits and patched into two instructions. But if a 32bit is a pointer in a pointer array, we can save it directly. rgds joe --- On Fri, 2/20/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS To: WebKit Development webkit-dev@lists.webkit.org Date: Friday, February 20, 2009, 2:01 PM On Feb 19, 2009, at 8:27 PM, x yz wrote: I'd appreaciate your help to clarify the problem I faced: 1.In JIT.cpp I roughly understand ctiTrampoline() except for sp-0x1C, I guess the 1C includes 6 argument yet the 7th or 1st may be the hidden C++ pointer? And the reserved 1C stack space seems not used? why esi is forced to be 512 rather than use input argument? The JIT allocates a fixed frame on the stack which is used to pass arguments into stub functions. The 0x1C contains a spare word or two
Re: [webkit-dev] want to port JIT to MIPS - which calling convention is used here?
Hi, Thanks for your help in advance:) in JITPropertyAccess.cpp: if (transitionWillNeedStorageRealloc(oldStructure, newStructure)) { pop(X86::ebx); ///pop return address, why? for exception? #if PLATFORM(X86_64)///which convention is this? move(Imm32(newStructure-propertyStorageCapacity()), regT1); //edx move(Imm32(oldStructure-propertyStorageCapacity()), X86::esi); move(regT0, X86::edi); callTarget = call(); #else ///__cdecl, yet how can I know resizePropertyStorage() use __cdecl? push(Imm32(newStructure-propertyStorageCapacity())); push(Imm32(oldStructure-propertyStorageCapacity())); push(regT0); callTarget = call(); addPtr(Imm32(3 * sizeof(void*)), X86::esp); ///clean stack #endif ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
Re: [webkit-dev] want to port JIT to MIPS - JIT reg usage clean up?
On Feb 27, 2009, at 4:55 PM, x yz wrote: The regTx seems to be working registers here, yet their definition are regparm(3) registers for function arugments. Such usage would cause conflict on other platforms. May I suggest that we use individual defined set of regs for func i/o argument and working? First up, I think you're getting slightly confused about regparm(3). This is not used anywhere in the JS language JIT, only in WREC. In some configurations of the JIT we use fastcall semantics on x86... but none of this is really relevant to MIPS. Just ignore all this. Stick to the default MIPS ABI for stub functions. Reading between the lines, I'm guessing your concern here is that in setting up arguments for a JIT stub call you may trample the JIT's temporary registers? If so, I think you need to look at the argument passing more closely. The mechanisms to pass arguments to stub functions pass all arguments in memory – typically passing a single pointer to the stub functions, which can be used to retrieve the arguments. This pointer argument can be set up immediately prior to the call, so it does not interfere with the regT? temporaries. We follow this pattern on x86-64, where the ABI is typically to pass arguments in registers. You cannot trivially change the way this works, since the argument pointer is used for other purposes too (e.g. retrieving the arguments passed into the JIT code from within the stubs). We strongly prefer small, simple, incremental changes. A patch that tried to both port the JIT to a new platform and to introduce a new argument passing interface to the JIT stub functions sounds unlikely to get anywhere (a patch porting the JIT to a new platform is on its own very likely to be too much more than we'd want to land in one chunk). I'd suggest that a port would be wise to engineer it's initial solution to fit one of the existing argument passing mechanisms (these are selected by JIT_STUB_ARGUMENT_* switches, to help find the relevant code). (Alternatively, you're welcome to attempt to port x86-64 to make use of an in-register argument passing solution, which could be hugely useful. With this landed first and separately, a port could then build on top of this.) As a more direct answer to your question, you could endeavour to make the set of hardware registers used as JIT temporaries non-overlapping with ABI function argument registers on MIPS, but this is unlikely to be a general solution to anything for all platforms, due to limited register availability on some architectures. we would put all these definition in a file named regMap.h, then we can remove all X86:: from other JIT files. I don't think we'll be keen on taking preemptive changes so far ahead in preparation of a port. The first logical step in porting to a new platform is still to start with WREC, and this requires no changes in the JIT directory. Any refactoring of the existing JIT would make more sense more directly prior to work in that area. cheers, G. I'd apperciate if sb can do it or help me to do it. rgds joe --- On Sat, 2/28/09, x yz last...@yahoo.com wrote: From: x yz last...@yahoo.com Subject: Re: [webkit-dev] want to port JIT to MIPS - which calling convention is used here? To: webkit-dev@lists.webkit.org, Zoltan Herczeg zherc...@inf.u-szeged.hu Date: Saturday, February 28, 2009, 7:40 AM Hi, Thanks for your help in advance:) in JITPropertyAccess.cpp: if (transitionWillNeedStorageRealloc(oldStructure, newStructure)) { pop(X86::ebx); ///pop return address, why? for exception? #if PLATFORM(X86_64)///which convention is this? move(Imm32(newStructure-propertyStorageCapacity()), regT1); //edx move(Imm32(oldStructure-propertyStorageCapacity()), X86::esi); move(regT0, X86::edi); callTarget = call(); #else ///__cdecl, yet how can I know resizePropertyStorage() use __cdecl? push(Imm32(newStructure-propertyStorageCapacity())); push(Imm32(oldStructure-propertyStorageCapacity())); push(regT0); callTarget = call(); addPtr(Imm32(3 * sizeof(void*)), X86::esp); ///clean stack #endif ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
Re: [webkit-dev] want to port JIT to MIPS - JIT reg usage clean up?
Gavin, Thanks for correct me, see my comments below with : --- On Sat, 2/28/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS - JIT reg usage clean up? To: WebKit Development webkit-dev@lists.webkit.org Date: Saturday, February 28, 2009, 12:19 PM On Feb 27, 2009, at 4:55 PM, x yz wrote: The regTx seems to be working registers here, yet their definition are regparm(3) registers for function arugments. Such usage would cause conflict on other platforms. May I suggest that we use individual defined set of regs for func i/o argument and working? First up, I think you're getting slightly confused about regparm(3). This is not used anywhere in the JS language JIT, only in WREC. In some configurations of the JIT we use fastcall semantics on x86... but none of this is really relevant to MIPS. Just ignore all this. Stick to the default MIPS ABI for stub functions. You are absolutely right, I used to see WREC has postfix for regparm(3) and comments on using fastcall or so, yet I'm confused by so many calling conventions and especially messed up today. For exmaple, how could I know which calling convention the following function uses? static JSObject* resizePropertyStorage(JSObject* baseObject, int32_t oldSize, int32_t newSize) { baseObject-allocatePropertyStorage(oldSize, newSize); return baseObject; } Reading between the lines, I'm guessing your concern here is that in setting up arguments for a JIT stub call you may trample the JIT's temporary registers? If so, I think you need to look at the argument passing more closely. The mechanisms to pass arguments to stub functions pass all arguments in memory – typically passing a single pointer to the stub functions, which can be used to retrieve the arguments. This pointer argument can be set up immediately prior to the call, so it does not interfere with the regT? temporaries. We follow this pattern on x86-64, where the ABI is typically to pass arguments in registers. You cannot trivially change the way this works, since the argument pointer is used for other purposes too (e.g. retrieving the arguments passed into the JIT code from within the stubs). We strongly prefer small, simple, incremental changes. A patch that tried to both port the JIT to a new platform and to introduce a new argument passing interface to the JIT stub functions sounds unlikely to get anywhere (a patch porting the JIT to a new platform is on its own very likely to be too much more than we'd want to land in one chunk). I'd suggest that a port would be wise to engineer it's initial solution to fit one of the existing argument passing mechanisms (these are selected by JIT_STUB_ARGUMENT_* switches, to help find the relevant code). (Alternatively, you're welcome to attempt to port x86-64 to make use of an in-register argument passing solution, which could be hugely useful. With this landed first and separately, a port could then build on top of this.) Mips calling conventions always passes 1st four in regs and others in stack from left to right. Thus I need to change argument passing. As a more direct answer to your question, you could endeavour to make the set of hardware registers used as JIT temporaries non-overlapping with ABI function argument registers on MIPS, but this is unlikely to be a general solution to anything for all platforms, due to limited register availability on some architectures. Thanks this would work. we would put all these definition in a file named regMap.h, then we can remove all X86:: from other JIT files. I don't think we'll be keen on taking preemptive changes so far ahead in preparation of a port. The first logical step in porting to a new platform is still to start with WREC, and this requires no changes in the JIT directory. Any refactoring of the existing JIT would make more sense more directly prior to work in that area. I'm waiting for a partner to complete tool chain, that's why I paused wrec and work on JIT. I don't ask for logical change on X86 code for porting, but sth like #define to remap registers. One reg can have multiple names like what we see in current code: static const RegisterID returnValueRegister = X86::eax; static const RegisterID cachedResultRegister = X86::eax; static const RegisterID regT0 = X86::eax; In this way the X86:eax can exist in just one regMap.h file. For Mips the above may be: static const RegisterID returnValueRegister = MIPS::$v0; static const RegisterID cachedResultRegister = MIPS::$s1; static const RegisterID regT0 = MIPS:$a0; The key is one name one usage. Currently I'll use same MIPS reg for above lines rather than 3 different one as I'm not sure any inter-usage in X86 code, or X86 uses one name for multiple purpose. If I don't use remapping, then I need another
Re: [webkit-dev] want to port JIT to MIPS - how to get of SSE2 now?
Hi, Old version seems use ENABLE_JIT_OPTIMIZE_ARITHMETIC to enable sse2 and only for X86_64, current version changes conf to: 1. you must ENABLE_JIT_OPTIMIZE_ARITHMETIC or else you use interpreter for arithmatic. 2. if ALTERNATE_JSIMMEDIATE not enabled you must have sse2 engine 3. if ALTERNATE_JSIMMEDIATE enabled, you use mmx arithematic, but ALTERNATE_JSIMMEDIATE is enabled in paltform.h only for X86_64 MAC. That means on X86 you need sse2??? thanks for your time! joe --- On Sun, 2/22/09, x yz last...@yahoo.com wrote: From: x yz last...@yahoo.com Subject: Re: [webkit-dev] want to port JIT to MIPS To: WebKit Development webkit-dev@lists.webkit.org, Gavin Barraclough barraclo...@apple.com Date: Sunday, February 22, 2009, 4:34 PM Thanks a lot otherwise I have misunderstanding. Yes I'll do wrec first. I just want to clean up possible blocking issues. I see wrec uses regparm(3) and jit always use fastcall for X86? In JIT.cpp ctiTrampoline put CallFrame in edi, but how about other arguments - where are they be fetched/poped from stack? when deal with caller/callee saved regs, gcc MIPS just preserves them when necesasary. The problem is after JIT used gcc may not have enough knowledge on necessary, do we have a way to force gcc always preserve them? how to identify a patch (patchimm/patchptr/patchaddr) relates to a data field in an instruction or relates to an element in a data array? In Mips the former means the 32bit needs to be separated into two 16bits and patched into two instructions. But if a 32bit is a pointer in a pointer array, we can save it directly. rgds joe --- On Fri, 2/20/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS To: WebKit Development webkit-dev@lists.webkit.org Date: Friday, February 20, 2009, 2:01 PM On Feb 19, 2009, at 8:27 PM, x yz wrote: I'd appreaciate your help to clarify the problem I faced: 1.In JIT.cpp I roughly understand ctiTrampoline() except for sp-0x1C, I guess the 1C includes 6 argument yet the 7th or 1st may be the hidden C++ pointer? And the reserved 1C stack space seems not used? why esi is forced to be 512 rather than use input argument? The JIT allocates a fixed frame on the stack which is used to pass arguments into stub functions. The 0x1C contains a spare word or two to maintain stack alignment. %esi is used in the timeout check mechanism. 2.How to understand the stack balance in ctiVMThrowTrampoline()? why after calling we still add 1C w/o sub 1C before calling? where comes _ZN3JSC11Interpreter12cti_vm_throwEPPv and how do I know which name for Mips? does this one relates to variable argument function call? ctiVMThrowTrampoline is never called as a function (it is declared as a function only to provide a symbol that can be manipulated from C code). ctiVMThrowTrampoline is used in returning back from JIT generated code, in the case of an exception. 3.I know how to handle jump in Mips, but not sure how/when to handle patchAddress/patchImm/patchPointer because I'm not sure the instructions related. I guess all patches are for last 32bit IMM field of instructions. Mips can't load 32bit in one instruction, thus I need to know the instruction before I can patch/add in the 32bit data. 4.I'm kind of want no asm code outside assembler folder, any plan for that? No. The assembler is intended to be independent of JavaScript types - it's just an assembler. The asm trampolines are specific to the JIT. It is currently the intention that architecture specific parts of the JIT implementation will remain in the jit folder. I'd suggest that in attempting to port the jit, WREC would be a good place to start. cheers, G. rgds joe --- On Mon, 2/16/09, x yz last...@yahoo.com wrote: From: x yz last...@yahoo.com Subject: Re: [webkit-dev] want to port JIT to MIPS - when WREC/JIT enabled? To: Gavin Barraclough barraclo...@apple.com Cc: WebKit Development webkit-dev@lists.webkit.org Date: Monday, February 16, 2009, 5:25 AM Hi, from paltform.h it is enabled only on X86 MAC/WIN; from javaScriptCore.pri it is also enabled for (QT_ARCH,i386). But, from config.log I see them are enabled! how can I run WREC/JIT test so I can trace in X86 asm coce generated? thanks a lot. joe --- On Sat, 2/7/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS - using X86::ecx as base To: last...@yahoo.com Cc: WebKit Development webkit-dev@lists.webkit.org Date: Saturday, February 7, 2009, 7:08 AM On Feb 6, 2009, at 2:52 PM, x yz wrote: 1.what's the meaning
Re: [webkit-dev] want to port JIT to MIPS - patchImmediate
Hi, in jitPropertyAccess.cpp: // Patch the offset into the propoerty map to load from, then patch the Structure to look for... stubInfo-hotPathBegin.dataLabel32AtOffset(patchOffsetGetByIdPropertyMapOffset).repatch(cachedOffset * sizeof(JSValuePtr)); how propertyMap is used and why we need such patch? who will/how to use patched data? rgds joe --- On Sun, 2/22/09, x yz last...@yahoo.com wrote: From: x yz last...@yahoo.com Subject: Re: [webkit-dev] want to port JIT to MIPS To: WebKit Development webkit-dev@lists.webkit.org, Gavin Barraclough barraclo...@apple.com Date: Sunday, February 22, 2009, 4:34 PM Thanks a lot otherwise I have misunderstanding. Yes I'll do wrec first. I just want to clean up possible blocking issues. I see wrec uses regparm(3) and jit always use fastcall for X86? In JIT.cpp ctiTrampoline put CallFrame in edi, but how about other arguments - where are they be fetched/poped from stack? when deal with caller/callee saved regs, gcc MIPS just preserves them when necesasary. The problem is after JIT used gcc may not have enough knowledge on necessary, do we have a way to force gcc always preserve them? how to identify a patch (patchimm/patchptr/patchaddr) relates to a data field in an instruction or relates to an element in a data array? In Mips the former means the 32bit needs to be separated into two 16bits and patched into two instructions. But if a 32bit is a pointer in a pointer array, we can save it directly. rgds joe --- On Fri, 2/20/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS To: WebKit Development webkit-dev@lists.webkit.org Date: Friday, February 20, 2009, 2:01 PM On Feb 19, 2009, at 8:27 PM, x yz wrote: I'd appreaciate your help to clarify the problem I faced: 1.In JIT.cpp I roughly understand ctiTrampoline() except for sp-0x1C, I guess the 1C includes 6 argument yet the 7th or 1st may be the hidden C++ pointer? And the reserved 1C stack space seems not used? why esi is forced to be 512 rather than use input argument? The JIT allocates a fixed frame on the stack which is used to pass arguments into stub functions. The 0x1C contains a spare word or two to maintain stack alignment. %esi is used in the timeout check mechanism. 2.How to understand the stack balance in ctiVMThrowTrampoline()? why after calling we still add 1C w/o sub 1C before calling? where comes _ZN3JSC11Interpreter12cti_vm_throwEPPv and how do I know which name for Mips? does this one relates to variable argument function call? ctiVMThrowTrampoline is never called as a function (it is declared as a function only to provide a symbol that can be manipulated from C code). ctiVMThrowTrampoline is used in returning back from JIT generated code, in the case of an exception. 3.I know how to handle jump in Mips, but not sure how/when to handle patchAddress/patchImm/patchPointer because I'm not sure the instructions related. I guess all patches are for last 32bit IMM field of instructions. Mips can't load 32bit in one instruction, thus I need to know the instruction before I can patch/add in the 32bit data. 4.I'm kind of want no asm code outside assembler folder, any plan for that? No. The assembler is intended to be independent of JavaScript types - it's just an assembler. The asm trampolines are specific to the JIT. It is currently the intention that architecture specific parts of the JIT implementation will remain in the jit folder. I'd suggest that in attempting to port the jit, WREC would be a good place to start. cheers, G. rgds joe --- On Mon, 2/16/09, x yz last...@yahoo.com wrote: From: x yz last...@yahoo.com Subject: Re: [webkit-dev] want to port JIT to MIPS - when WREC/JIT enabled? To: Gavin Barraclough barraclo...@apple.com Cc: WebKit Development webkit-dev@lists.webkit.org Date: Monday, February 16, 2009, 5:25 AM Hi, from paltform.h it is enabled only on X86 MAC/WIN; from javaScriptCore.pri it is also enabled for (QT_ARCH,i386). But, from config.log I see them are enabled! how can I run WREC/JIT test so I can trace in X86 asm coce generated? thanks a lot. joe --- On Sat, 2/7/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS - using X86::ecx as base To: last...@yahoo.com Cc: WebKit Development webkit-dev@lists.webkit.org Date: Saturday, February 7, 2009, 7:08 AM On Feb 6, 2009, at 2:52 PM, x yz wrote: 1.what's the meaning of ALTERNATE_JSIMMEDIATE and slow case? On x86-64 we use a different implementation of the class JSImmediate. See
Re: [webkit-dev] want to port JIT to MIPS - how to get of SSE2 now?
SSE2 code generation is guarded by calls to a function 'isSSE2Present()'. On Feb 26, 2009, at 12:27 PM, x yz wrote: Hi, Old version seems use ENABLE_JIT_OPTIMIZE_ARITHMETIC to enable sse2 and only for X86_64, current version changes conf to: 1. you must ENABLE_JIT_OPTIMIZE_ARITHMETIC or else you use interpreter for arithmatic. 2. if ALTERNATE_JSIMMEDIATE not enabled you must have sse2 engine 3. if ALTERNATE_JSIMMEDIATE enabled, you use mmx arithematic, but ALTERNATE_JSIMMEDIATE is enabled in paltform.h only for X86_64 MAC. That means on X86 you need sse2??? thanks for your time! joe --- On Sun, 2/22/09, x yz last...@yahoo.com wrote: From: x yz last...@yahoo.com Subject: Re: [webkit-dev] want to port JIT to MIPS To: WebKit Development webkit-dev@lists.webkit.org, Gavin Barraclough barraclo...@apple.com Date: Sunday, February 22, 2009, 4:34 PM Thanks a lot otherwise I have misunderstanding. Yes I'll do wrec first. I just want to clean up possible blocking issues. I see wrec uses regparm(3) and jit always use fastcall for X86? In JIT.cpp ctiTrampoline put CallFrame in edi, but how about other arguments - where are they be fetched/poped from stack? when deal with caller/callee saved regs, gcc MIPS just preserves them when necesasary. The problem is after JIT used gcc may not have enough knowledge on necessary, do we have a way to force gcc always preserve them? how to identify a patch (patchimm/patchptr/patchaddr) relates to a data field in an instruction or relates to an element in a data array? In Mips the former means the 32bit needs to be separated into two 16bits and patched into two instructions. But if a 32bit is a pointer in a pointer array, we can save it directly. rgds joe --- On Fri, 2/20/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS To: WebKit Development webkit-dev@lists.webkit.org Date: Friday, February 20, 2009, 2:01 PM On Feb 19, 2009, at 8:27 PM, x yz wrote: I'd appreaciate your help to clarify the problem I faced: 1.In JIT.cpp I roughly understand ctiTrampoline() except for sp-0x1C, I guess the 1C includes 6 argument yet the 7th or 1st may be the hidden C++ pointer? And the reserved 1C stack space seems not used? why esi is forced to be 512 rather than use input argument? The JIT allocates a fixed frame on the stack which is used to pass arguments into stub functions. The 0x1C contains a spare word or two to maintain stack alignment. %esi is used in the timeout check mechanism. 2.How to understand the stack balance in ctiVMThrowTrampoline()? why after calling we still add 1C w/o sub 1C before calling? where comes _ZN3JSC11Interpreter12cti_vm_throwEPPv and how do I know which name for Mips? does this one relates to variable argument function call? ctiVMThrowTrampoline is never called as a function (it is declared as a function only to provide a symbol that can be manipulated from C code). ctiVMThrowTrampoline is used in returning back from JIT generated code, in the case of an exception. 3.I know how to handle jump in Mips, but not sure how/when to handle patchAddress/patchImm/patchPointer because I'm not sure the instructions related. I guess all patches are for last 32bit IMM field of instructions. Mips can't load 32bit in one instruction, thus I need to know the instruction before I can patch/add in the 32bit data. 4.I'm kind of want no asm code outside assembler folder, any plan for that? No. The assembler is intended to be independent of JavaScript types - it's just an assembler. The asm trampolines are specific to the JIT. It is currently the intention that architecture specific parts of the JIT implementation will remain in the jit folder. I'd suggest that in attempting to port the jit, WREC would be a good place to start. cheers, G. rgds joe --- On Mon, 2/16/09, x yz last...@yahoo.com wrote: From: x yz last...@yahoo.com Subject: Re: [webkit-dev] want to port JIT to MIPS - when WREC/JIT enabled? To: Gavin Barraclough barraclo...@apple.com Cc: WebKit Development webkit-dev@lists.webkit.org Date: Monday, February 16, 2009, 5:25 AM Hi, from paltform.h it is enabled only on X86 MAC/WIN; from javaScriptCore.pri it is also enabled for (QT_ARCH,i386). But, from config.log I see them are enabled! how can I run WREC/JIT test so I can trace in X86 asm coce generated? thanks a lot. joe --- On Sat, 2/7/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS - using X86::ecx as base To: last...@yahoo.com Cc: WebKit Development webkit-dev@lists.webkit.org Date: Saturday, February 7, 2009, 7:08 AM On Feb 6, 2009, at 2:52 PM, x yz wrote: 1.what's the meaning of ALTERNATE_JSIMMEDIATE and slow case? On x86-64 we use a different implementation of the class JSImmediate
Re: [webkit-dev] want to port JIT to MIPS - patchImmediate
Hi, jit GetByIdSelf methods caches the structure ID (see the line starting with Jump structureCheck = ...) and the offset in the PropertyStorage (see DataLabel32 displacementLabel = ...) in the jit code itself. StructureID-s are required to check that the input JSValue is the same JSObject which was used to set up the property offset. Things are more complicated for structures, which have multiple structure ID-s (called prototype chain). A separate stub function is generated for each of those objects, and the head is called after the main structureCheck fail. get_by_id: [...] [structure check] - on fail goto first_stub_function label_ok: load cached value label_exit: Somewhere else in the memory: first_stub_function: [structure or prototaype chain check] - on fail goto second_stub_function load cached value goto label_exit second_stub_function: [same thing again] Currently, the maximum number of extra stub functions is 4. If all of them fails, a get_by_id_generic function is called. To insert a new stub function, you need to keep the address of the first [structure check], and repatch it after a new head is added. Implementing these features was much more complicated for ARM. I hope mips is not so different compared to x86. Cheers, Zoltan Hi, in jitPropertyAccess.cpp: // Patch the offset into the propoerty map to load from, then patch the Structure to look for... stubInfo-hotPathBegin.dataLabel32AtOffset(patchOffsetGetByIdPropertyMapOffset).repatch(cachedOffset * sizeof(JSValuePtr)); how propertyMap is used and why we need such patch? who will/how to use patched data? rgds joe --- On Sun, 2/22/09, x yz last...@yahoo.com wrote: From: x yz last...@yahoo.com Subject: Re: [webkit-dev] want to port JIT to MIPS To: WebKit Development webkit-dev@lists.webkit.org, Gavin Barraclough barraclo...@apple.com Date: Sunday, February 22, 2009, 4:34 PM Thanks a lot otherwise I have misunderstanding. Yes I'll do wrec first. I just want to clean up possible blocking issues. I see wrec uses regparm(3) and jit always use fastcall for X86? In JIT.cpp ctiTrampoline put CallFrame in edi, but how about other arguments - where are they be fetched/poped from stack? when deal with caller/callee saved regs, gcc MIPS just preserves them when necesasary. The problem is after JIT used gcc may not have enough knowledge on necessary, do we have a way to force gcc always preserve them? how to identify a patch (patchimm/patchptr/patchaddr) relates to a data field in an instruction or relates to an element in a data array? In Mips the former means the 32bit needs to be separated into two 16bits and patched into two instructions. But if a 32bit is a pointer in a pointer array, we can save it directly. rgds joe --- On Fri, 2/20/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS To: WebKit Development webkit-dev@lists.webkit.org Date: Friday, February 20, 2009, 2:01 PM On Feb 19, 2009, at 8:27 PM, x yz wrote: I'd appreaciate your help to clarify the problem I faced: 1.In JIT.cpp I roughly understand ctiTrampoline() except for sp-0x1C, I guess the 1C includes 6 argument yet the 7th or 1st may be the hidden C++ pointer? And the reserved 1C stack space seems not used? why esi is forced to be 512 rather than use input argument? The JIT allocates a fixed frame on the stack which is used to pass arguments into stub functions. The 0x1C contains a spare word or two to maintain stack alignment. %esi is used in the timeout check mechanism. 2.How to understand the stack balance in ctiVMThrowTrampoline()? why after calling we still add 1C w/o sub 1C before calling? where comes _ZN3JSC11Interpreter12cti_vm_throwEPPv and how do I know which name for Mips? does this one relates to variable argument function call? ctiVMThrowTrampoline is never called as a function (it is declared as a function only to provide a symbol that can be manipulated from C code). ctiVMThrowTrampoline is used in returning back from JIT generated code, in the case of an exception. 3.I know how to handle jump in Mips, but not sure how/when to handle patchAddress/patchImm/patchPointer because I'm not sure the instructions related. I guess all patches are for last 32bit IMM field of instructions. Mips can't load 32bit in one instruction, thus I need to know the instruction before I can patch/add in the 32bit data. 4.I'm kind of want no asm code outside assembler folder, any plan for that? No. The assembler is intended to be independent of JavaScript types - it's just an assembler. The asm trampolines are specific to the JIT. It is currently the intention that architecture specific parts of the JIT implementation will remain in the jit folder. I'd suggest that in attempting to port
Re: [webkit-dev] want to port JIT to MIPS - stack/code segment alignment
Hi, I am not sure I understand your questions. The code blocks are allocated by mmap() or VirtualAlloc(), thus they are aligned to 4K. Smaller chunks are aligned by roundUpAllocationSize() function. Now the alignemt is sizeof(void*) in both x86 and ARM. See ExecutableAllocator.h The current jit implementations don't store temporary variables on the stack, they allocate a fixed size buffer after the entry, and only free that when you leave the jit. This approach is much easier than keep tracking of the stack. Cheers, Zoltan gcc handles it well for X86. now on Mips I need to do followings right? 1. make sure (re)allocated code buffer aligned to 64bits and gcc malloc() only guarantee 32bits 2. before any call instruction in JIT code, make sure stack is aligned to 64bit also. PPC no JIT thus no problem right? rgds joe --- On Sun, 2/22/09, x yz last...@yahoo.com wrote: From: x yz last...@yahoo.com Subject: Re: [webkit-dev] want to port JIT to MIPS To: WebKit Development webkit-dev@lists.webkit.org, Gavin Barraclough barraclo...@apple.com Date: Sunday, February 22, 2009, 4:34 PM Thanks a lot otherwise I have misunderstanding. Yes I'll do wrec first. I just want to clean up possible blocking issues. I see wrec uses regparm(3) and jit always use fastcall for X86? In JIT.cpp ctiTrampoline put CallFrame in edi, but how about other arguments - where are they be fetched/poped from stack? when deal with caller/callee saved regs, gcc MIPS just preserves them when necesasary. The problem is after JIT used gcc may not have enough knowledge on necessary, do we have a way to force gcc always preserve them? how to identify a patch (patchimm/patchptr/patchaddr) relates to a data field in an instruction or relates to an element in a data array? In Mips the former means the 32bit needs to be separated into two 16bits and patched into two instructions. But if a 32bit is a pointer in a pointer array, we can save it directly. rgds joe --- On Fri, 2/20/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS To: WebKit Development webkit-dev@lists.webkit.org Date: Friday, February 20, 2009, 2:01 PM On Feb 19, 2009, at 8:27 PM, x yz wrote: I'd appreaciate your help to clarify the problem I faced: 1.In JIT.cpp I roughly understand ctiTrampoline() except for sp-0x1C, I guess the 1C includes 6 argument yet the 7th or 1st may be the hidden C++ pointer? And the reserved 1C stack space seems not used? why esi is forced to be 512 rather than use input argument? The JIT allocates a fixed frame on the stack which is used to pass arguments into stub functions. The 0x1C contains a spare word or two to maintain stack alignment. %esi is used in the timeout check mechanism. 2.How to understand the stack balance in ctiVMThrowTrampoline()? why after calling we still add 1C w/o sub 1C before calling? where comes _ZN3JSC11Interpreter12cti_vm_throwEPPv and how do I know which name for Mips? does this one relates to variable argument function call? ctiVMThrowTrampoline is never called as a function (it is declared as a function only to provide a symbol that can be manipulated from C code). ctiVMThrowTrampoline is used in returning back from JIT generated code, in the case of an exception. 3.I know how to handle jump in Mips, but not sure how/when to handle patchAddress/patchImm/patchPointer because I'm not sure the instructions related. I guess all patches are for last 32bit IMM field of instructions. Mips can't load 32bit in one instruction, thus I need to know the instruction before I can patch/add in the 32bit data. 4.I'm kind of want no asm code outside assembler folder, any plan for that? No. The assembler is intended to be independent of JavaScript types - it's just an assembler. The asm trampolines are specific to the JIT. It is currently the intention that architecture specific parts of the JIT implementation will remain in the jit folder. I'd suggest that in attempting to port the jit, WREC would be a good place to start. cheers, G. rgds joe --- On Mon, 2/16/09, x yz last...@yahoo.com wrote: From: x yz last...@yahoo.com Subject: Re: [webkit-dev] want to port JIT to MIPS - when WREC/JIT enabled? To: Gavin Barraclough barraclo...@apple.com Cc: WebKit Development webkit-dev@lists.webkit.org Date: Monday, February 16, 2009, 5:25 AM Hi, from paltform.h it is enabled only on X86 MAC/WIN; from javaScriptCore.pri it is also enabled for (QT_ARCH,i386). But, from config.log I see them are enabled! how can I run WREC/JIT test so I can trace in X86 asm coce generated? thanks a lot. joe --- On Sat, 2/7/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin
Re: [webkit-dev] want to port JIT to MIPS - stack/code segment alignment
Zoltan, thanks a lot! yeah the issue is just JIT related. Do I need to take care of stack in JIT code, say before emit asm call I align the stack? I guess no need because Mips always aligned to 32bits, and the only double functions in webkit return result in registers not memory. For AssemblerBuffer.h I think it is different because the initial 256bytes buffer may be not aligned to 32bit. I'll add __attribute__ ((aligned (4))) or 8. rgds joe --- On Fri, 2/27/09, Zoltan Herczeg zherc...@inf.u-szeged.hu wrote: From: Zoltan Herczeg zherc...@inf.u-szeged.hu Subject: Re: [webkit-dev] want to port JIT to MIPS - stack/code segment alignment To: webkit-dev@lists.webkit.org Date: Friday, February 27, 2009, 6:16 AM Hi, I am not sure I understand your questions. The code blocks are allocated by mmap() or VirtualAlloc(), thus they are aligned to 4K. Smaller chunks are aligned by roundUpAllocationSize() function. Now the alignemt is sizeof(void*) in both x86 and ARM. See ExecutableAllocator.h The current jit implementations don't store temporary variables on the stack, they allocate a fixed size buffer after the entry, and only free that when you leave the jit. This approach is much easier than keep tracking of the stack. Cheers, Zoltan gcc handles it well for X86. now on Mips I need to do followings right? 1. make sure (re)allocated code buffer aligned to 64bits and gcc malloc() only guarantee 32bits 2. before any call instruction in JIT code, make sure stack is aligned to 64bit also. PPC no JIT thus no problem right? rgds joe --- On Sun, 2/22/09, x yz last...@yahoo.com wrote: From: x yz last...@yahoo.com Subject: Re: [webkit-dev] want to port JIT to MIPS To: WebKit Development webkit-dev@lists.webkit.org, Gavin Barraclough barraclo...@apple.com Date: Sunday, February 22, 2009, 4:34 PM Thanks a lot otherwise I have misunderstanding. Yes I'll do wrec first. I just want to clean up possible blocking issues. I see wrec uses regparm(3) and jit always use fastcall for X86? In JIT.cpp ctiTrampoline put CallFrame in edi, but how about other arguments - where are they be fetched/poped from stack? when deal with caller/callee saved regs, gcc MIPS just preserves them when necesasary. The problem is after JIT used gcc may not have enough knowledge on necessary, do we have a way to force gcc always preserve them? how to identify a patch (patchimm/patchptr/patchaddr) relates to a data field in an instruction or relates to an element in a data array? In Mips the former means the 32bit needs to be separated into two 16bits and patched into two instructions. But if a 32bit is a pointer in a pointer array, we can save it directly. rgds joe --- On Fri, 2/20/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS To: WebKit Development webkit-dev@lists.webkit.org Date: Friday, February 20, 2009, 2:01 PM On Feb 19, 2009, at 8:27 PM, x yz wrote: I'd appreaciate your help to clarify the problem I faced: 1.In JIT.cpp I roughly understand ctiTrampoline() except for sp-0x1C, I guess the 1C includes 6 argument yet the 7th or 1st may be the hidden C++ pointer? And the reserved 1C stack space seems not used? why esi is forced to be 512 rather than use input argument? The JIT allocates a fixed frame on the stack which is used to pass arguments into stub functions. The 0x1C contains a spare word or two to maintain stack alignment. %esi is used in the timeout check mechanism. 2.How to understand the stack balance in ctiVMThrowTrampoline()? why after calling we still add 1C w/o sub 1C before calling? where comes _ZN3JSC11Interpreter12cti_vm_throwEPPv and how do I know which name for Mips? does this one relates to variable argument function call? ctiVMThrowTrampoline is never called as a function (it is declared as a function only to provide a symbol that can be manipulated from C code). ctiVMThrowTrampoline is used in returning back from JIT generated code, in the case of an exception. 3.I know how to handle jump in Mips, but not sure how/when to handle patchAddress/patchImm/patchPointer because I'm not sure the instructions related. I guess all patches are for last 32bit IMM field of instructions. Mips can't load 32bit in one instruction, thus I need to know the instruction before I can patch/add in the 32bit data. 4.I'm kind of want no asm code outside assembler folder, any plan for that? No. The assembler is intended to be independent of JavaScript types - it's just an assembler. The asm trampolines are specific to the JIT. It is currently the intention that architecture specific parts
Re: [webkit-dev] want to port JIT to MIPS - how to get of SSE2 now?
yes but if isSSE2Present() returns false the code becomes very simple so I doubt it may be slow. what's the benefit to enable/disable ALTERNATE_JSIMMEDIATE? thanks joe --- On Fri, 2/27/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS - how to get of SSE2 now? To: WebKit Development webkit-dev@lists.webkit.org Date: Friday, February 27, 2009, 6:03 AM SSE2 code generation is guarded by calls to a function 'isSSE2Present()'. On Feb 26, 2009, at 12:27 PM, x yz wrote: Hi, Old version seems use ENABLE_JIT_OPTIMIZE_ARITHMETIC to enable sse2 and only for X86_64, current version changes conf to: 1. you must ENABLE_JIT_OPTIMIZE_ARITHMETIC or else you use interpreter for arithmatic. 2. if ALTERNATE_JSIMMEDIATE not enabled you must have sse2 engine 3. if ALTERNATE_JSIMMEDIATE enabled, you use mmx arithematic, but ALTERNATE_JSIMMEDIATE is enabled in paltform.h only for X86_64 MAC. That means on X86 you need sse2??? thanks for your time! joe --- On Sun, 2/22/09, x yz last...@yahoo.com wrote: From: x yz last...@yahoo.com Subject: Re: [webkit-dev] want to port JIT to MIPS To: WebKit Development webkit-dev@lists.webkit.org, Gavin Barraclough barraclo...@apple.com Date: Sunday, February 22, 2009, 4:34 PM Thanks a lot otherwise I have misunderstanding. Yes I'll do wrec first. I just want to clean up possible blocking issues. I see wrec uses regparm(3) and jit always use fastcall for X86? In JIT.cpp ctiTrampoline put CallFrame in edi, but how about other arguments - where are they be fetched/poped from stack? when deal with caller/callee saved regs, gcc MIPS just preserves them when necesasary. The problem is after JIT used gcc may not have enough knowledge on necessary, do we have a way to force gcc always preserve them? how to identify a patch (patchimm/patchptr/patchaddr) relates to a data field in an instruction or relates to an element in a data array? In Mips the former means the 32bit needs to be separated into two 16bits and patched into two instructions. But if a 32bit is a pointer in a pointer array, we can save it directly. rgds joe --- On Fri, 2/20/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS To: WebKit Development webkit-dev@lists.webkit.org Date: Friday, February 20, 2009, 2:01 PM On Feb 19, 2009, at 8:27 PM, x yz wrote: I'd appreaciate your help to clarify the problem I faced: 1.In JIT.cpp I roughly understand ctiTrampoline() except for sp-0x1C, I guess the 1C includes 6 argument yet the 7th or 1st may be the hidden C++ pointer? And the reserved 1C stack space seems not used? why esi is forced to be 512 rather than use input argument? The JIT allocates a fixed frame on the stack which is used to pass arguments into stub functions. The 0x1C contains a spare word or two to maintain stack alignment. %esi is used in the timeout check mechanism. 2.How to understand the stack balance in ctiVMThrowTrampoline()? why after calling we still add 1C w/o sub 1C before calling? where comes _ZN3JSC11Interpreter12cti_vm_throwEPPv and how do I know which name for Mips? does this one relates to variable argument function call? ctiVMThrowTrampoline is never called as a function (it is declared as a function only to provide a symbol that can be manipulated from C code). ctiVMThrowTrampoline is used in returning back from JIT generated code, in the case of an exception. 3.I know how to handle jump in Mips, but not sure how/when to handle patchAddress/patchImm/patchPointer because I'm not sure the instructions related. I guess all patches are for last 32bit IMM field of instructions. Mips can't load 32bit in one instruction, thus I need to know the instruction before I can patch/add in the 32bit data. 4.I'm kind of want no asm code outside assembler folder, any plan for that? No. The assembler is intended to be independent of JavaScript types - it's just an assembler. The asm trampolines are specific to the JIT. It is currently the intention that architecture specific parts of the JIT implementation will remain in the jit folder. I'd suggest that in attempting to port the jit, WREC would be a good place to start. cheers, G. rgds joe --- On Mon, 2/16/09, x yz last...@yahoo.com wrote: From: x yz last...@yahoo.com Subject: Re: [webkit-dev] want to port JIT to MIPS - when WREC/JIT enabled? To: Gavin Barraclough barraclo...@apple.com Cc: WebKit Development webkit-dev@lists.webkit.org Date: Monday, February 16, 2009, 5:25 AM Hi, from paltform.h it is enabled only
Re: [webkit-dev] want to port JIT to MIPS - how to get of SSE2 now?
ALTERNATE_JSIMMEDIATE is only supported on 64-bit, and all 64-bit x86's have SSE2 – so the ALTERNATE_JSIMMEDIATE code is assuming that SSE2 is present. If we wanted to make ALTERNATE_JSIMMEDIATE being enabled on 32-bit x86 possible, then we would also need to check isSSE2Present() here. To address the problem at a slightly higher level, ENABLE_JIT_OPTIMIZE_ARITHMETIC is intended to guard JIT generation of double precision floating point math. In the long run we will potentially place double precision operations within the domain of the MacroAssembler interface, but this is unlikely to happen before the JIT is ported to another platform that feature a 64-bit register file based FPU (which will help drive ensuring that we get the interface right). I would suggest that ENABLE_JIT_OPTIMIZE_ARITHMETIC is not something interesting to worry about at this stage. It only affects a couple of functions, and shouldn't have any wider ramifications on design decisions – a sensible approach in porting the JIT is to switch the three optimizations switches off and then not thinking about them until after the ported JIT is up and running. (In fact, that is exactly why these three switches exist – to make it possible to port the JIT without worrying about some of the hairier bits of code generation. These compile switches were added when we ported the JIT to x86-64. Only once the JIT was up and running did we switch them on one by one). cheers, G. On Feb 26, 2009, at 5:39 PM, x yz wrote: yes but if isSSE2Present() returns false the code becomes very simple so I doubt it may be slow. what's the benefit to enable/disable ALTERNATE_JSIMMEDIATE? thanks joe --- On Fri, 2/27/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS - how to get of SSE2 now? To: WebKit Development webkit-dev@lists.webkit.org Date: Friday, February 27, 2009, 6:03 AM SSE2 code generation is guarded by calls to a function 'isSSE2Present()'. On Feb 26, 2009, at 12:27 PM, x yz wrote: Hi, Old version seems use ENABLE_JIT_OPTIMIZE_ARITHMETIC to enable sse2 and only for X86_64, current version changes conf to: 1. you must ENABLE_JIT_OPTIMIZE_ARITHMETIC or else you use interpreter for arithmatic. 2. if ALTERNATE_JSIMMEDIATE not enabled you must have sse2 engine 3. if ALTERNATE_JSIMMEDIATE enabled, you use mmx arithematic, but ALTERNATE_JSIMMEDIATE is enabled in paltform.h only for X86_64 MAC. That means on X86 you need sse2??? thanks for your time! joe --- On Sun, 2/22/09, x yz last...@yahoo.com wrote: From: x yz last...@yahoo.com Subject: Re: [webkit-dev] want to port JIT to MIPS To: WebKit Development webkit-dev@lists.webkit.org, Gavin Barraclough barraclo...@apple.com Date: Sunday, February 22, 2009, 4:34 PM Thanks a lot otherwise I have misunderstanding. Yes I'll do wrec first. I just want to clean up possible blocking issues. I see wrec uses regparm(3) and jit always use fastcall for X86? In JIT.cpp ctiTrampoline put CallFrame in edi, but how about other arguments - where are they be fetched/poped from stack? when deal with caller/callee saved regs, gcc MIPS just preserves them when necesasary. The problem is after JIT used gcc may not have enough knowledge on necessary, do we have a way to force gcc always preserve them? how to identify a patch (patchimm/patchptr/patchaddr) relates to a data field in an instruction or relates to an element in a data array? In Mips the former means the 32bit needs to be separated into two 16bits and patched into two instructions. But if a 32bit is a pointer in a pointer array, we can save it directly. rgds joe --- On Fri, 2/20/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS To: WebKit Development webkit-dev@lists.webkit.org Date: Friday, February 20, 2009, 2:01 PM On Feb 19, 2009, at 8:27 PM, x yz wrote: I'd appreaciate your help to clarify the problem I faced: 1.In JIT.cpp I roughly understand ctiTrampoline() except for sp-0x1C, I guess the 1C includes 6 argument yet the 7th or 1st may be the hidden C++ pointer? And the reserved 1C stack space seems not used? why esi is forced to be 512 rather than use input argument? The JIT allocates a fixed frame on the stack which is used to pass arguments into stub functions. The 0x1C contains a spare word or two to maintain stack alignment. %esi is used in the timeout check mechanism. 2.How to understand the stack balance in ctiVMThrowTrampoline()? why after calling we still add 1C w/o sub 1C before calling? where comes _ZN3JSC11Interpreter12cti_vm_throwEPPv and how do I know which name for Mips? does this one relates to variable argument function call? ctiVMThrowTrampoline is never called as a function
Re: [webkit-dev] want to port JIT to MIPS - stack/code segment alignment
Hi, in ARM, we have a rule set called EABI (Embedded Application Binary Interface). It says the stack must always be word aligned, and must be 2 words (8 bytes) aligned if you call other functions. The WebKit interpreter callbacks returns either a single pointer (sometimes an int contains a boolean value) or double pointers. These return values can be passed through registers, no need to pre-allocate stack space for them. The functions generated by g++ are also EABI compilant, so we don't need worry about the stack at all. I think AssemblerBuffer is only temporary hold the generated machine instructions. When the compilation phase is done, you need to call AssemblerBuffer::executableCopy, which allocates a new executable memory space and that space is aligned by ExecutableAllocator. Cheers, Zoltan Zoltan, thanks a lot! yeah the issue is just JIT related. Do I need to take care of stack in JIT code, say before emit asm call I align the stack? I guess no need because Mips always aligned to 32bits, and the only double functions in webkit return result in registers not memory. For AssemblerBuffer.h I think it is different because the initial 256bytes buffer may be not aligned to 32bit. I'll add __attribute__ ((aligned (4))) or 8. rgds joe --- On Fri, 2/27/09, Zoltan Herczeg zherc...@inf.u-szeged.hu wrote: From: Zoltan Herczeg zherc...@inf.u-szeged.hu Subject: Re: [webkit-dev] want to port JIT to MIPS - stack/code segment alignment To: webkit-dev@lists.webkit.org Date: Friday, February 27, 2009, 6:16 AM Hi, I am not sure I understand your questions. The code blocks are allocated by mmap() or VirtualAlloc(), thus they are aligned to 4K. Smaller chunks are aligned by roundUpAllocationSize() function. Now the alignemt is sizeof(void*) in both x86 and ARM. See ExecutableAllocator.h The current jit implementations don't store temporary variables on the stack, they allocate a fixed size buffer after the entry, and only free that when you leave the jit. This approach is much easier than keep tracking of the stack. Cheers, Zoltan gcc handles it well for X86. now on Mips I need to do followings right? 1. make sure (re)allocated code buffer aligned to 64bits and gcc malloc() only guarantee 32bits 2. before any call instruction in JIT code, make sure stack is aligned to 64bit also. PPC no JIT thus no problem right? rgds joe --- On Sun, 2/22/09, x yz last...@yahoo.com wrote: From: x yz last...@yahoo.com Subject: Re: [webkit-dev] want to port JIT to MIPS To: WebKit Development webkit-dev@lists.webkit.org, Gavin Barraclough barraclo...@apple.com Date: Sunday, February 22, 2009, 4:34 PM Thanks a lot otherwise I have misunderstanding. Yes I'll do wrec first. I just want to clean up possible blocking issues. I see wrec uses regparm(3) and jit always use fastcall for X86? In JIT.cpp ctiTrampoline put CallFrame in edi, but how about other arguments - where are they be fetched/poped from stack? when deal with caller/callee saved regs, gcc MIPS just preserves them when necesasary. The problem is after JIT used gcc may not have enough knowledge on necessary, do we have a way to force gcc always preserve them? how to identify a patch (patchimm/patchptr/patchaddr) relates to a data field in an instruction or relates to an element in a data array? In Mips the former means the 32bit needs to be separated into two 16bits and patched into two instructions. But if a 32bit is a pointer in a pointer array, we can save it directly. rgds joe --- On Fri, 2/20/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS To: WebKit Development webkit-dev@lists.webkit.org Date: Friday, February 20, 2009, 2:01 PM On Feb 19, 2009, at 8:27 PM, x yz wrote: I'd appreaciate your help to clarify the problem I faced: 1.In JIT.cpp I roughly understand ctiTrampoline() except for sp-0x1C, I guess the 1C includes 6 argument yet the 7th or 1st may be the hidden C++ pointer? And the reserved 1C stack space seems not used? why esi is forced to be 512 rather than use input argument? The JIT allocates a fixed frame on the stack which is used to pass arguments into stub functions. The 0x1C contains a spare word or two to maintain stack alignment. %esi is used in the timeout check mechanism. 2.How to understand the stack balance in ctiVMThrowTrampoline()? why after calling we still add 1C w/o sub 1C before calling? where comes _ZN3JSC11Interpreter12cti_vm_throwEPPv and how do I know which name for Mips? does this one relates to variable argument function call? ctiVMThrowTrampoline is never called as a function (it is declared as a function only to provide a symbol that can be manipulated from
Re: [webkit-dev] want to port JIT to MIPS
Thanks a lot otherwise I have misunderstanding. Yes I'll do wrec first. I just want to clean up possible blocking issues. I see wrec uses regparm(3) and jit always use fastcall for X86? In JIT.cpp ctiTrampoline put CallFrame in edi, but how about other arguments - where are they be fetched/poped from stack? when deal with caller/callee saved regs, gcc MIPS just preserves them when necesasary. The problem is after JIT used gcc may not have enough knowledge on necessary, do we have a way to force gcc always preserve them? how to identify a patch (patchimm/patchptr/patchaddr) relates to a data field in an instruction or relates to an element in a data array? In Mips the former means the 32bit needs to be separated into two 16bits and patched into two instructions. But if a 32bit is a pointer in a pointer array, we can save it directly. rgds joe --- On Fri, 2/20/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS To: WebKit Development webkit-dev@lists.webkit.org Date: Friday, February 20, 2009, 2:01 PM On Feb 19, 2009, at 8:27 PM, x yz wrote: I'd appreaciate your help to clarify the problem I faced: 1.In JIT.cpp I roughly understand ctiTrampoline() except for sp-0x1C, I guess the 1C includes 6 argument yet the 7th or 1st may be the hidden C++ pointer? And the reserved 1C stack space seems not used? why esi is forced to be 512 rather than use input argument? The JIT allocates a fixed frame on the stack which is used to pass arguments into stub functions. The 0x1C contains a spare word or two to maintain stack alignment. %esi is used in the timeout check mechanism. 2.How to understand the stack balance in ctiVMThrowTrampoline()? why after calling we still add 1C w/o sub 1C before calling? where comes _ZN3JSC11Interpreter12cti_vm_throwEPPv and how do I know which name for Mips? does this one relates to variable argument function call? ctiVMThrowTrampoline is never called as a function (it is declared as a function only to provide a symbol that can be manipulated from C code). ctiVMThrowTrampoline is used in returning back from JIT generated code, in the case of an exception. 3.I know how to handle jump in Mips, but not sure how/when to handle patchAddress/patchImm/patchPointer because I'm not sure the instructions related. I guess all patches are for last 32bit IMM field of instructions. Mips can't load 32bit in one instruction, thus I need to know the instruction before I can patch/add in the 32bit data. 4.I'm kind of want no asm code outside assembler folder, any plan for that? No. The assembler is intended to be independent of JavaScript types - it's just an assembler. The asm trampolines are specific to the JIT. It is currently the intention that architecture specific parts of the JIT implementation will remain in the jit folder. I'd suggest that in attempting to port the jit, WREC would be a good place to start. cheers, G. rgds joe --- On Mon, 2/16/09, x yz last...@yahoo.com wrote: From: x yz last...@yahoo.com Subject: Re: [webkit-dev] want to port JIT to MIPS - when WREC/JIT enabled? To: Gavin Barraclough barraclo...@apple.com Cc: WebKit Development webkit-dev@lists.webkit.org Date: Monday, February 16, 2009, 5:25 AM Hi, from paltform.h it is enabled only on X86 MAC/WIN; from javaScriptCore.pri it is also enabled for (QT_ARCH,i386). But, from config.log I see them are enabled! how can I run WREC/JIT test so I can trace in X86 asm coce generated? thanks a lot. joe --- On Sat, 2/7/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS - using X86::ecx as base To: last...@yahoo.com Cc: WebKit Development webkit-dev@lists.webkit.org Date: Saturday, February 7, 2009, 7:08 AM On Feb 6, 2009, at 2:52 PM, x yz wrote: 1.what's the meaning of ALTERNATE_JSIMMEDIATE and slow case? On x86-64 we use a different implementation of the class JSImmediate. See JSImmediate.h. Re 'slow case', in the JIT code generation is performed as two passes over the bytecode – see JIT::privateCompileMainPass and JIT::privateCompileSlowCases. 2.how come the following code can use ECX as base register? load32(Address(X86::ecx, FIELD_OFFSET(Structure, m_typeInfo.m_flags)), X86::ecx); if the X86::ecx just means its value 1 in ModR/M, does it means [BX+DI]? I think you're looking at the old 16-bit addressing mode tables; 32/64-bit x86 can happily encode ecx as a base register. If you're looking at the Intel IA-32 manual volume 2, see table 2-2 on the next page. 3. can anybody help me on my previous questions? does JIT support floating point? Yes, some. See JITArithmetic.cpp. cheers, G
Re: [webkit-dev] want to port JIT to MIPS
I'd appreaciate your help to clarify the problem I faced: 1.In JIT.cpp I roughly understand ctiTrampoline() except for sp-0x1C, I guess the 1C includes 6 argument yet the 7th or 1st may be the hidden C++ pointer? And the reserved 1C stack space seems not used? why esi is forced to be 512 rather than use input argument? 2.How to understand the stack balance in ctiVMThrowTrampoline()? why after calling we still add 1C w/o sub 1C before calling? where comes _ZN3JSC11Interpreter12cti_vm_throwEPPv and how do I know which name for Mips? does this one relates to variable argument function call? 3.I know how to handle jump in Mips, but not sure how/when to handle patchAddress/patchImm/patchPointer because I'm not sure the instructions related. I guess all patches are for last 32bit IMM field of instructions. Mips can't load 32bit in one instruction, thus I need to know the instruction before I can patch/add in the 32bit data. 4.I'm kind of want no asm code outside assembler folder, any plan for that? rgds joe --- On Mon, 2/16/09, x yz last...@yahoo.com wrote: From: x yz last...@yahoo.com Subject: Re: [webkit-dev] want to port JIT to MIPS - when WREC/JIT enabled? To: Gavin Barraclough barraclo...@apple.com Cc: WebKit Development webkit-dev@lists.webkit.org Date: Monday, February 16, 2009, 5:25 AM Hi, from paltform.h it is enabled only on X86 MAC/WIN; from javaScriptCore.pri it is also enabled for (QT_ARCH,i386). But, from config.log I see them are enabled! how can I run WREC/JIT test so I can trace in X86 asm coce generated? thanks a lot. joe --- On Sat, 2/7/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS - using X86::ecx as base To: last...@yahoo.com Cc: WebKit Development webkit-dev@lists.webkit.org Date: Saturday, February 7, 2009, 7:08 AM On Feb 6, 2009, at 2:52 PM, x yz wrote: 1.what's the meaning of ALTERNATE_JSIMMEDIATE and slow case? On x86-64 we use a different implementation of the class JSImmediate. See JSImmediate.h. Re 'slow case', in the JIT code generation is performed as two passes over the bytecode – see JIT::privateCompileMainPass and JIT::privateCompileSlowCases. 2.how come the following code can use ECX as base register? load32(Address(X86::ecx, FIELD_OFFSET(Structure, m_typeInfo.m_flags)), X86::ecx); if the X86::ecx just means its value 1 in ModR/M, does it means [BX+DI]? I think you're looking at the old 16-bit addressing mode tables; 32/64-bit x86 can happily encode ecx as a base register. If you're looking at the Intel IA-32 manual volume 2, see table 2-2 on the next page. 3. can anybody help me on my previous questions? does JIT support floating point? Yes, some. See JITArithmetic.cpp. cheers, G. ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
Re: [webkit-dev] want to port JIT to MIPS
On Feb 19, 2009, at 8:27 PM, x yz wrote: I'd appreaciate your help to clarify the problem I faced: 1.In JIT.cpp I roughly understand ctiTrampoline() except for sp-0x1C, I guess the 1C includes 6 argument yet the 7th or 1st may be the hidden C++ pointer? And the reserved 1C stack space seems not used? why esi is forced to be 512 rather than use input argument? The JIT allocates a fixed frame on the stack which is used to pass arguments into stub functions. The 0x1C contains a spare word or two to maintain stack alignment. %esi is used in the timeout check mechanism. 2.How to understand the stack balance in ctiVMThrowTrampoline()? why after calling we still add 1C w/o sub 1C before calling? where comes _ZN3JSC11Interpreter12cti_vm_throwEPPv and how do I know which name for Mips? does this one relates to variable argument function call? ctiVMThrowTrampoline is never called as a function (it is declared as a function only to provide a symbol that can be manipulated from C code). ctiVMThrowTrampoline is used in returning back from JIT generated code, in the case of an exception. 3.I know how to handle jump in Mips, but not sure how/when to handle patchAddress/patchImm/patchPointer because I'm not sure the instructions related. I guess all patches are for last 32bit IMM field of instructions. Mips can't load 32bit in one instruction, thus I need to know the instruction before I can patch/add in the 32bit data. 4.I'm kind of want no asm code outside assembler folder, any plan for that? No. The assembler is intended to be independent of JavaScript types - it's just an assembler. The asm trampolines are specific to the JIT. It is currently the intention that architecture specific parts of the JIT implementation will remain in the jit folder. I'd suggest that in attempting to port the jit, WREC would be a good place to start. cheers, G. rgds joe --- On Mon, 2/16/09, x yz last...@yahoo.com wrote: From: x yz last...@yahoo.com Subject: Re: [webkit-dev] want to port JIT to MIPS - when WREC/JIT enabled? To: Gavin Barraclough barraclo...@apple.com Cc: WebKit Development webkit-dev@lists.webkit.org Date: Monday, February 16, 2009, 5:25 AM Hi, from paltform.h it is enabled only on X86 MAC/WIN; from javaScriptCore.pri it is also enabled for (QT_ARCH,i386). But, from config.log I see them are enabled! how can I run WREC/JIT test so I can trace in X86 asm coce generated? thanks a lot. joe --- On Sat, 2/7/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS - using X86::ecx as base To: last...@yahoo.com Cc: WebKit Development webkit-dev@lists.webkit.org Date: Saturday, February 7, 2009, 7:08 AM On Feb 6, 2009, at 2:52 PM, x yz wrote: 1.what's the meaning of ALTERNATE_JSIMMEDIATE and slow case? On x86-64 we use a different implementation of the class JSImmediate. See JSImmediate.h. Re 'slow case', in the JIT code generation is performed as two passes over the bytecode – see JIT::privateCompileMainPass and JIT::privateCompileSlowCases. 2.how come the following code can use ECX as base register? load32(Address(X86::ecx, FIELD_OFFSET(Structure, m_typeInfo.m_flags)), X86::ecx); if the X86::ecx just means its value 1 in ModR/M, does it means [BX+DI]? I think you're looking at the old 16-bit addressing mode tables; 32/64-bit x86 can happily encode ecx as a base register. If you're looking at the Intel IA-32 manual volume 2, see table 2-2 on the next page. 3. can anybody help me on my previous questions? does JIT support floating point? Yes, some. See JITArithmetic.cpp. cheers, G. ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
Re: [webkit-dev] want to port JIT to MIPS - when WREC/JIT enabled?
Hi, from paltform.h it is enabled only on X86 MAC/WIN; from javaScriptCore.pri it is also enabled for (QT_ARCH,i386). But, from config.log I see them are enabled! how can I run WREC/JIT test so I can trace in X86 asm coce generated? thanks a lot. joe --- On Sat, 2/7/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS - using X86::ecx as base To: last...@yahoo.com Cc: WebKit Development webkit-dev@lists.webkit.org Date: Saturday, February 7, 2009, 7:08 AM On Feb 6, 2009, at 2:52 PM, x yz wrote: 1.what's the meaning of ALTERNATE_JSIMMEDIATE and slow case? On x86-64 we use a different implementation of the class JSImmediate. See JSImmediate.h. Re 'slow case', in the JIT code generation is performed as two passes over the bytecode – see JIT::privateCompileMainPass and JIT::privateCompileSlowCases. 2.how come the following code can use ECX as base register? load32(Address(X86::ecx, FIELD_OFFSET(Structure, m_typeInfo.m_flags)), X86::ecx); if the X86::ecx just means its value 1 in ModR/M, does it means [BX+DI]? I think you're looking at the old 16-bit addressing mode tables; 32/64-bit x86 can happily encode ecx as a base register. If you're looking at the Intel IA-32 manual volume 2, see table 2-2 on the next page. 3. can anybody help me on my previous questions? does JIT support floating point? Yes, some. See JITArithmetic.cpp. cheers, G. ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
Re: [webkit-dev] want to port JIT to MIPS - using X86::ecx as base
1.what's the meaning of ALTERNATE_JSIMMEDIATE and slow case? 2.how come the following code can use ECX as base register? load32(Address(X86::ecx, FIELD_OFFSET(Structure, m_typeInfo.m_flags)), X86::ecx); if the X86::ecx just means its value 1 in ModR/M, does it means [BX+DI]? 3. can anybody help me on my previous questions? does JIT support floating point? many thanks joe --- On Tue, 2/3/09, x yz last...@yahoo.com wrote: From: x yz last...@yahoo.com Subject: Re: [webkit-dev] want to port JIT to MIPS - IEEE ques To: Gavin Barraclough barraclo...@apple.com, WebKit Development webkit-dev@lists.webkit.org Date: Tuesday, February 3, 2009, 9:08 AM 1. Thanks for more info. Although X86 Linux gcc uses regparam(3), I think MIPS ABI always asks $a0~a3/@v0~v1 for i/o? 2. It seems I can get rid of 64bit OP if JIT_OPTIMIZE_ARITHMETIC and ALTERNATE_JSIMMEDIATE are both disabled? 3. is it ALTERNATE_JSIMMEDIATE for ecma-262? 4. does JIT support floating point? if yes why it is not under jit/asm? rgds joe --- On Wed, 1/28/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS, any coworker or any hint? To: last...@yahoo.com Date: Wednesday, January 28, 2009, 4:55 PM On Jan 27, 2009, at 10:58 PM, x yz wrote: Gavin, last night I saw WREC when I search X86, and realized many places need to be touched. Your reply give more info and really help. Thanks a lot. In Generator::generateEnter(), there is comment On gcc the function is regparm(3)..., how to understand that? WREC JIT generates a function with a C calling convention that implements the regular expression. The entry and exit from the function are generated by the generateEnter() and generateReturn*() methods. On OS X x86, the JIT generated function implements a regparm(3) calling convention (see WREC.h, the generated code is called through a CompiledRegExp function pointer). The function has no argument, why we peek four arguments from stack(input,output,length,index)? These calls are not peeking values from the stack at the time they are called; they are emitting JIT code that will will read values from the stack, when the JIT function has been generated and is run. The JIT generated regular expression function is passed these four arguments (again see WREC.h). As a note, you're best directing these emails at the webkit-dev list in future, that way other people will also be able to help you out. cheers, G. rgds joe --- On Tue, 1/27/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS, any coworker or any hint? To: last...@yahoo.com Date: Tuesday, January 27, 2009, 5:10 AM On Jan 26, 2009, at 11:09 AM, x yz wrote: Gavin, Thanks, I really need to learn fast. Where can I find more on WREC or its spec? WREC is WebKit's regular expression JIT. The spec it is implementing is the regular expression syntax described in ECMA-262. Which part of webkit is WREC? I just see all assembler codes are in assembler and jit and wonder whether I can just change them rather then change WREC. WebKit contains two separate JITs, one for the JavaScript language (in the 'jit' directory), one for JavaScript's regular expression language (in the 'wrec' directory). Both JITs make use of the same assembler to emit code. WREC is a much smaller, simpler JIT, which is why I suggest starting by looking at this, but either JIT can be enabled independently of the other. Foresee SSE set may be a problem as MIPS has no SSE. WREC does not use SSE, and I believe all JIT code generated by the main JS JIT is guarded by the a configuration switch, JIT_OPTIMIZE_ARITHMETIC – this can be disabled in Platform.h. Sun's link for The JIT Compiler Interface Specification not valid anymore. Our JIT is all our own code, and written from scratch, so I'm not sure this documentation would help you. Good luck, G. MacroAssembler::breakpoint() is just int3 which I know used as debug int in X86. I'll see which one used in gnu mips. joe --- On Sun, 1/25/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS, any coworker or any hint? To: WebKit Development webkit-dev@lists.webkit.org Date: Sunday, January 25, 2009, 5:34 PM On Jan 24, 2009, at 8:36 PM, x yz wrote: Just build webkit on XP using cgywin, not tested yet. I want to port to 32bit MIPS, it seems I need
Re: [webkit-dev] want to port JIT to MIPS - using X86::ecx as base
On Feb 6, 2009, at 2:52 PM, x yz wrote: 1.what's the meaning of ALTERNATE_JSIMMEDIATE and slow case? On x86-64 we use a different implementation of the class JSImmediate. See JSImmediate.h. Re 'slow case', in the JIT code generation is performed as two passes over the bytecode – see JIT::privateCompileMainPass and JIT::privateCompileSlowCases. 2.how come the following code can use ECX as base register? load32(Address(X86::ecx, FIELD_OFFSET(Structure, m_typeInfo.m_flags)), X86::ecx); if the X86::ecx just means its value 1 in ModR/M, does it means [BX +DI]? I think you're looking at the old 16-bit addressing mode tables; 32/64- bit x86 can happily encode ecx as a base register. If you're looking at the Intel IA-32 manual volume 2, see table 2-2 on the next page. 3. can anybody help me on my previous questions? does JIT support floating point? Yes, some. See JITArithmetic.cpp. cheers, G. ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
Re: [webkit-dev] want to port JIT to MIPS - IEEE ques
1. Thanks for more info. Although X86 Linux gcc uses regparam(3), I think MIPS ABI always asks $a0~a3/@v0~v1 for i/o? 2. It seems I can get rid of 64bit OP if JIT_OPTIMIZE_ARITHMETIC and ALTERNATE_JSIMMEDIATE are both disabled? 3. is it ALTERNATE_JSIMMEDIATE for ecma-262? 4. does JIT support floating point? if yes why it is not under jit/asm? rgds joe --- On Wed, 1/28/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS, any coworker or any hint? To: last...@yahoo.com Date: Wednesday, January 28, 2009, 4:55 PM On Jan 27, 2009, at 10:58 PM, x yz wrote: Gavin, last night I saw WREC when I search X86, and realized many places need to be touched. Your reply give more info and really help. Thanks a lot. In Generator::generateEnter(), there is comment On gcc the function is regparm(3)..., how to understand that? WREC JIT generates a function with a C calling convention that implements the regular expression. The entry and exit from the function are generated by the generateEnter() and generateReturn*() methods. On OS X x86, the JIT generated function implements a regparm(3) calling convention (see WREC.h, the generated code is called through a CompiledRegExp function pointer). The function has no argument, why we peek four arguments from stack(input,output,length,index)? These calls are not peeking values from the stack at the time they are called; they are emitting JIT code that will will read values from the stack, when the JIT function has been generated and is run. The JIT generated regular expression function is passed these four arguments (again see WREC.h). As a note, you're best directing these emails at the webkit-dev list in future, that way other people will also be able to help you out. cheers, G. rgds joe --- On Tue, 1/27/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS, any coworker or any hint? To: last...@yahoo.com Date: Tuesday, January 27, 2009, 5:10 AM On Jan 26, 2009, at 11:09 AM, x yz wrote: Gavin, Thanks, I really need to learn fast. Where can I find more on WREC or its spec? WREC is WebKit's regular expression JIT. The spec it is implementing is the regular expression syntax described in ECMA-262. Which part of webkit is WREC? I just see all assembler codes are in assembler and jit and wonder whether I can just change them rather then change WREC. WebKit contains two separate JITs, one for the JavaScript language (in the 'jit' directory), one for JavaScript's regular expression language (in the 'wrec' directory). Both JITs make use of the same assembler to emit code. WREC is a much smaller, simpler JIT, which is why I suggest starting by looking at this, but either JIT can be enabled independently of the other. Foresee SSE set may be a problem as MIPS has no SSE. WREC does not use SSE, and I believe all JIT code generated by the main JS JIT is guarded by the a configuration switch, JIT_OPTIMIZE_ARITHMETIC – this can be disabled in Platform.h. Sun's link for The JIT Compiler Interface Specification not valid anymore. Our JIT is all our own code, and written from scratch, so I'm not sure this documentation would help you. Good luck, G. MacroAssembler::breakpoint() is just int3 which I know used as debug int in X86. I'll see which one used in gnu mips. joe --- On Sun, 1/25/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS, any coworker or any hint? To: WebKit Development webkit-dev@lists.webkit.org Date: Sunday, January 25, 2009, 5:34 PM On Jan 24, 2009, at 8:36 PM, x yz wrote: Just build webkit on XP using cgywin, not tested yet. I want to port to 32bit MIPS, it seems I need to touch JIT and rewrite assembler folder. Once you have the bytecode interpreter up and running on MIPS, I'd recommend starting by just trying to port WREC (the regular expression JIT). This is a good starting point because it utilizes a smaller subset of the MacroAssembler interface, and has a much simpler interface to C code (JIT code is called with C calling conventions, and no callbacks are made into C from the JIT generated code). Any document there on javascripcore/assembler? I also want a smart way to make sure output is correct. A very simple way to validate you are generating the correct code is to simply force the JIT to insert a breakpoint (i.e. use MacroAssembler::breakpoint()) at the head of the function you are generating, then run jsc under a debugger, and when it hits
Re: [webkit-dev] want to port JIT to MIPS, any coworker or any hint?
On Jan 24, 2009, at 8:36 PM, x yz wrote: Just build webkit on XP using cgywin, not tested yet. I want to port to 32bit MIPS, it seems I need to touch JIT and rewrite assembler folder. Once you have the bytecode interpreter up and running on MIPS, I'd recommend starting by just trying to port WREC (the regular expression JIT). This is a good starting point because it utilizes a smaller subset of the MacroAssembler interface, and has a much simpler interface to C code (JIT code is called with C calling conventions, and no callbacks are made into C from the JIT generated code). Any document there on javascripcore/assembler? I also want a smart way to make sure output is correct. A very simple way to validate you are generating the correct code is to simply force the JIT to insert a breakpoint (i.e. use MacroAssembler::breakpoint()) at the head of the function you are generating, then run jsc under a debugger, and when it hits the breakpoint simply disassemble the code in memory at the point it has stopped. Now you can visually inspect that it it has generated the code you were expecting. Good luck! G. ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
[webkit-dev] want to port JIT to MIPS, any coworker or any hint?
Just build webkit on XP using cgywin, not tested yet. I want to port to 32bit MIPS, it seems I need to touch JIT and rewrite assembler folder. Any document there on javascripcore/assembler? I also want a smart way to make sure output is correct. ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev