Re: [webkit-dev] want to port JIT to MIPS - patchImmediate
Hi, in jitPropertyAccess.cpp: // Patch the offset into the propoerty map to load from, then patch the Structure to look for... stubInfo-hotPathBegin.dataLabel32AtOffset(patchOffsetGetByIdPropertyMapOffset).repatch(cachedOffset * sizeof(JSValuePtr)); how propertyMap is used and why we need such patch? who will/how to use patched data? rgds joe --- On Sun, 2/22/09, x yz last...@yahoo.com wrote: From: x yz last...@yahoo.com Subject: Re: [webkit-dev] want to port JIT to MIPS To: WebKit Development webkit-dev@lists.webkit.org, Gavin Barraclough barraclo...@apple.com Date: Sunday, February 22, 2009, 4:34 PM Thanks a lot otherwise I have misunderstanding. Yes I'll do wrec first. I just want to clean up possible blocking issues. I see wrec uses regparm(3) and jit always use fastcall for X86? In JIT.cpp ctiTrampoline put CallFrame in edi, but how about other arguments - where are they be fetched/poped from stack? when deal with caller/callee saved regs, gcc MIPS just preserves them when necesasary. The problem is after JIT used gcc may not have enough knowledge on necessary, do we have a way to force gcc always preserve them? how to identify a patch (patchimm/patchptr/patchaddr) relates to a data field in an instruction or relates to an element in a data array? In Mips the former means the 32bit needs to be separated into two 16bits and patched into two instructions. But if a 32bit is a pointer in a pointer array, we can save it directly. rgds joe --- On Fri, 2/20/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS To: WebKit Development webkit-dev@lists.webkit.org Date: Friday, February 20, 2009, 2:01 PM On Feb 19, 2009, at 8:27 PM, x yz wrote: I'd appreaciate your help to clarify the problem I faced: 1.In JIT.cpp I roughly understand ctiTrampoline() except for sp-0x1C, I guess the 1C includes 6 argument yet the 7th or 1st may be the hidden C++ pointer? And the reserved 1C stack space seems not used? why esi is forced to be 512 rather than use input argument? The JIT allocates a fixed frame on the stack which is used to pass arguments into stub functions. The 0x1C contains a spare word or two to maintain stack alignment. %esi is used in the timeout check mechanism. 2.How to understand the stack balance in ctiVMThrowTrampoline()? why after calling we still add 1C w/o sub 1C before calling? where comes _ZN3JSC11Interpreter12cti_vm_throwEPPv and how do I know which name for Mips? does this one relates to variable argument function call? ctiVMThrowTrampoline is never called as a function (it is declared as a function only to provide a symbol that can be manipulated from C code). ctiVMThrowTrampoline is used in returning back from JIT generated code, in the case of an exception. 3.I know how to handle jump in Mips, but not sure how/when to handle patchAddress/patchImm/patchPointer because I'm not sure the instructions related. I guess all patches are for last 32bit IMM field of instructions. Mips can't load 32bit in one instruction, thus I need to know the instruction before I can patch/add in the 32bit data. 4.I'm kind of want no asm code outside assembler folder, any plan for that? No. The assembler is intended to be independent of JavaScript types - it's just an assembler. The asm trampolines are specific to the JIT. It is currently the intention that architecture specific parts of the JIT implementation will remain in the jit folder. I'd suggest that in attempting to port the jit, WREC would be a good place to start. cheers, G. rgds joe --- On Mon, 2/16/09, x yz last...@yahoo.com wrote: From: x yz last...@yahoo.com Subject: Re: [webkit-dev] want to port JIT to MIPS - when WREC/JIT enabled? To: Gavin Barraclough barraclo...@apple.com Cc: WebKit Development webkit-dev@lists.webkit.org Date: Monday, February 16, 2009, 5:25 AM Hi, from paltform.h it is enabled only on X86 MAC/WIN; from javaScriptCore.pri it is also enabled for (QT_ARCH,i386). But, from config.log I see them are enabled! how can I run WREC/JIT test so I can trace in X86 asm coce generated? thanks a lot. joe --- On Sat, 2/7/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS - using X86::ecx as base To: last...@yahoo.com Cc: WebKit Development webkit-dev@lists.webkit.org Date: Saturday, February 7, 2009, 7:08 AM On Feb 6, 2009, at 2:52 PM, x yz wrote: 1.what's the meaning of ALTERNATE_JSIMMEDIATE and slow case? On x86-64 we use a different implementation of the class JSImmediate. See
Re: [webkit-dev] want to port JIT to MIPS - patchImmediate
Hi, jit GetByIdSelf methods caches the structure ID (see the line starting with Jump structureCheck = ...) and the offset in the PropertyStorage (see DataLabel32 displacementLabel = ...) in the jit code itself. StructureID-s are required to check that the input JSValue is the same JSObject which was used to set up the property offset. Things are more complicated for structures, which have multiple structure ID-s (called prototype chain). A separate stub function is generated for each of those objects, and the head is called after the main structureCheck fail. get_by_id: [...] [structure check] - on fail goto first_stub_function label_ok: load cached value label_exit: Somewhere else in the memory: first_stub_function: [structure or prototaype chain check] - on fail goto second_stub_function load cached value goto label_exit second_stub_function: [same thing again] Currently, the maximum number of extra stub functions is 4. If all of them fails, a get_by_id_generic function is called. To insert a new stub function, you need to keep the address of the first [structure check], and repatch it after a new head is added. Implementing these features was much more complicated for ARM. I hope mips is not so different compared to x86. Cheers, Zoltan Hi, in jitPropertyAccess.cpp: // Patch the offset into the propoerty map to load from, then patch the Structure to look for... stubInfo-hotPathBegin.dataLabel32AtOffset(patchOffsetGetByIdPropertyMapOffset).repatch(cachedOffset * sizeof(JSValuePtr)); how propertyMap is used and why we need such patch? who will/how to use patched data? rgds joe --- On Sun, 2/22/09, x yz last...@yahoo.com wrote: From: x yz last...@yahoo.com Subject: Re: [webkit-dev] want to port JIT to MIPS To: WebKit Development webkit-dev@lists.webkit.org, Gavin Barraclough barraclo...@apple.com Date: Sunday, February 22, 2009, 4:34 PM Thanks a lot otherwise I have misunderstanding. Yes I'll do wrec first. I just want to clean up possible blocking issues. I see wrec uses regparm(3) and jit always use fastcall for X86? In JIT.cpp ctiTrampoline put CallFrame in edi, but how about other arguments - where are they be fetched/poped from stack? when deal with caller/callee saved regs, gcc MIPS just preserves them when necesasary. The problem is after JIT used gcc may not have enough knowledge on necessary, do we have a way to force gcc always preserve them? how to identify a patch (patchimm/patchptr/patchaddr) relates to a data field in an instruction or relates to an element in a data array? In Mips the former means the 32bit needs to be separated into two 16bits and patched into two instructions. But if a 32bit is a pointer in a pointer array, we can save it directly. rgds joe --- On Fri, 2/20/09, Gavin Barraclough barraclo...@apple.com wrote: From: Gavin Barraclough barraclo...@apple.com Subject: Re: [webkit-dev] want to port JIT to MIPS To: WebKit Development webkit-dev@lists.webkit.org Date: Friday, February 20, 2009, 2:01 PM On Feb 19, 2009, at 8:27 PM, x yz wrote: I'd appreaciate your help to clarify the problem I faced: 1.In JIT.cpp I roughly understand ctiTrampoline() except for sp-0x1C, I guess the 1C includes 6 argument yet the 7th or 1st may be the hidden C++ pointer? And the reserved 1C stack space seems not used? why esi is forced to be 512 rather than use input argument? The JIT allocates a fixed frame on the stack which is used to pass arguments into stub functions. The 0x1C contains a spare word or two to maintain stack alignment. %esi is used in the timeout check mechanism. 2.How to understand the stack balance in ctiVMThrowTrampoline()? why after calling we still add 1C w/o sub 1C before calling? where comes _ZN3JSC11Interpreter12cti_vm_throwEPPv and how do I know which name for Mips? does this one relates to variable argument function call? ctiVMThrowTrampoline is never called as a function (it is declared as a function only to provide a symbol that can be manipulated from C code). ctiVMThrowTrampoline is used in returning back from JIT generated code, in the case of an exception. 3.I know how to handle jump in Mips, but not sure how/when to handle patchAddress/patchImm/patchPointer because I'm not sure the instructions related. I guess all patches are for last 32bit IMM field of instructions. Mips can't load 32bit in one instruction, thus I need to know the instruction before I can patch/add in the 32bit data. 4.I'm kind of want no asm code outside assembler folder, any plan for that? No. The assembler is intended to be independent of JavaScript types - it's just an assembler. The asm trampolines are specific to the JIT. It is currently the intention that architecture specific parts of the JIT implementation will remain in the jit folder. I'd suggest that in attempting to port the
