[webkit-dev] ARM JIT for WinCE
Zoltan Herczeg
zherczeg at inf.u-szeged.hu
Thu Jan 7 00:19:35 PST 2010
Hi Patrick,
hm, I feel I found something. Please have a look at
JavaScriptCore/jit/JITOpcodes.cpp : privateCompileCTIMachineTrampolines.
The second one, when JSVALUE32_64 is disabled. If JIT_OPTIMIZE_NATIVE_CALL
is enabled, a specialized code is generated to call native builtin
functions (like Date.toString). This code for arm is around line 1733.
Perhaps WinCE ABI wants the arguments in a different way than GCC. The
faulting address according to your call stack is 0x003e01d4, which is the
"call(Address(regT1, OBJECT_OFFSETOF(JSFunction, m_data)));" macro
assembler instruction in line 1768. (Thank you for sending the instruction
dump). Please try to fix this code according to WinCE ABI, since I am not
sure JIT_OPTIMIZE_NATIVE_CALL can be disabled.
Regards
Zoltan
> Hi Gabor,
>
> Thanks for your prompt reply.
>
>> Make sure your assembler does not break ctiVMThrowTrampoline
>> and ctiOpThrowNotCaught functions. This approach requires that the
>> ctiVMThrowTrampoline fall-backs to ctiOpThrowNotCaught
>> after 'bl cti_vm_throw' call. Or you can simply copy the body of
>> ctiOpThrowNotCaught into ctiVMThrowTrampoline after the
>> call.
> I've copied it, but I think it's unnecessary (see disassembly)
>
>> Did you do anything with DEFINE_STUB_FUNCTION macro?
> I've done it like for the RVCT compiler. (e.g. see cti_op_end in
> disassembly)
>
> When I run "jsc.exe tests\mozilla\ecma_2\shell.js" it crashes with the
> following callstack:
> 0x00000000
> jsc.EXE!JSC::JSCell::inherits(JSC::ClassInfo* info = 0x00189818) Line:
> 335,
> Byte Offsets: 0x2c
> jsc.EXE!JSC::JSValue::inherits(JSC::ClassInfo* classInfo = 0x00189818)
> Line:
> 345, Byte Offsets: 0x40
> jsc.EXE!JSC::dateProtoFuncGetTimezoneOffset(JSC::ExecState* exec =
> 0x00601b60,
> JSC::JSObject* __formal = 0x00601b40, JSC::JSValue thisValue = {...},
> JSC::ArgList& __formal = {...}) Line: 764, Byte Offsets: 0x1c
> 0x003e01d4
>
> Is there a better javascript file to start with? When I enter a simple
> "1+2+3"
> into the interactive jsc.exe it prints the correct result.
>
> Here are some parts of the disassembly:
>
> // Execute the code!
> inline JSValue execute(RegisterFile* registerFile, CallFrame*
> callFrame, JSGlobalData* globalData, JSValue* exception)
> {
> 000A7868 mov r12, sp
> 000A786C stmdb sp!, {r0 - r3}
> 000A7870 stmdb sp!, {r12, lr}
> 000A7874 sub sp, sp, #0x20
> return
> JSValue::decode(ctiTrampoline(m_ref.m_code.executableAddress(),
> registerFile,
> callFrame, exception, Profiler::enabledProfilerReference(), globalData));
> 000A7878 bl |JSC::Profiler::enabledProfilerReference ( 1b2e0h )|
> 000A787C str r0, [sp, #0x14]
> 000A7880 ldr r0, this
> 000A7884 bl |WTF::RefPtr<JSC::Profile>::operator-> ( d2e3ch )|
> 000A7888 str r0, [sp, #0x18]
> 000A788C ldr r3, globalData
> 000A7890 str r3, [sp, #4]
> 000A7894 ldr r3, [sp, #0x14]
> 000A7898 str r3, [sp]
> 000A789C ldr r3, exception
> 000A78A0 ldr r2, callFrame
> 000A78A4 ldr r1, registerFile
> 000A78A8 ldr r0, [sp, #0x18]
> 000A78AC bl 0014A000
> 000A78B0 str r0, [sp, #0x1C]
> 000A78B4 ldr r1, [sp, #0x1C]
> 000A78B8 ldr r0, [sp, #0x2C]
> 000A78BC bl |JSC::JSValue::decode ( 1b94ch )|
> 000A78C0 ldr r3, [sp, #0x2C]
> 000A78C4 str r3, [sp, #0x10]
> }
> 000A78C8 ldr r0, [sp, #0x10]
> 000A78CC add sp, sp, #0x20
> 000A78D0 ldmia sp, {sp, pc}
>
> ================================================================================
>
> ctiTrampoline:
> 0014A000 stmdb sp!, {r1 - r3}
> 0014A004 stmdb sp!, {r4 - r8, lr}
> 0014A008 sub sp, sp, #0x24
> 0014A00C mov r4, r2
> 0014A010 mov r5, #2, 24
> 0014A014 mov lr, pc
> 0014A018 bx r0 // r0 = 0x003e0270
> 0014A01C add sp, sp, #0x24
> 0014A020 ldmia sp!, {r4 - r8, lr}
> 0014A024 add sp, sp, #0xC
> 0014A028 bx lr
> ctiVMThrowTrampoline:
> 0014A02C mov r0, sp
> 0014A030 bl 0014A6D4
> 0014A034 add sp, sp, #0x24
> 0014A038 ldmia sp!, {r4 - r8, lr}
> 0014A03C add sp, sp, #0xC
> 0014A040 bx lr
> ctiOpThrowNotCaught:
> 0014A044 add sp, sp, #0x24
> 0014A048 ldmia sp!, {r4 - r8, lr}
> 0014A04C add sp, sp, #0xC
> 0014A050 bx lr
> cti_op_convert_this:
> 0014A054 str lr, [sp, #0x20]
> 0014A058 bl |JITStubThunked_op_convert_this ( ae718h )|
> 0014A05C ldr lr, [sp, #0x20]
> 0014A060 bx lr
> cti_op_end:
> 0014A064 str lr, [sp, #0x20]
> 0014A068 bl |JITStubThunked_op_end ( ae878h )|
> 0014A06C ldr lr, [sp, #0x20]
> 0014A070 bx lr
>
> ================================================================================
>
> 003E017C mov pc, r0
> 003E0180 mov r0, lr
> 003E0184 str r0, [r4, #-0x14]
> 003E0188 ldr r1, [r4, #-0x18]
> 003E018C ldr r1, [r1, #-0x1C]
> 003E0190 str r1, [r4, #-0x1C]
> 003E0194 ldr r0, [r4, #-0xC]
> 003E0198 subs sp, sp, #8
> 003E019C subs r0, r0, #1
> 003E01A0 str r0, [sp, #4]
> 003E01A4 mov r1, r4
> 003E01A8 subs r1, r1, #0x20
> 003E01AC mov r3, #4
> 003E01B0 muls r0, r3, r0
> 003E01B4 subs r1, r1, r0
> 003E01B8 str r1, [sp]
> 003E01BC ldr r2, [r1, #-4]
> 003E01C0 ldr r1, [r4, #-8]
> 003E01C4 mov r0, r4
> 003E01C8 mov r3, sp
> 003E01CC mov lr, pc
> 003E01D0 ldr pc, [r1, #0x1C]
> 003E01D4 adds sp, sp, #8
> 003E01D8 ldr r3, [pc, #0x7C]
> 003E01DC ldr r2, [r3]
> 003E01E0 bics r3, r2, #0
> 003E01E4 bne 003E01F8
> 003E01E8 ldr r1, [r4, #-0x14]
> 003E01EC ldr r4, [r4, #-0x18]
> 003E01F0 mov lr, r1
> 003E01F4 mov pc, lr
> 003E01F8 ldr r1, [r4, #-0x14]
> 003E01FC ldr r2, [pc, #0x60]
> 003E0200 str r1, [r2]
> 003E0204 ldr r2, [pc, #0x5C]
> 003E0208 ldr r4, [r4, #-0x18]
> 003E020C str r4, [sp, #0x40]
> 003E0210 mov lr, r2
> 003E0214 mov pc, lr
>
> ================================================================================
>
> 003E0258 andeq r0, r0, r0
> 003E025C eoreq r0, r11, r8, ror #30
> 003E0260 streqd r0, [r0], -r8
> 003E0264 eoreq r0, r11, r12, ror #30
> 003E0268 andeqs r10, r4, r12, lsr #32
> 003E026C ldr r3, [r3, -r3]
> 003E0270 mov r2, lr
> 003E0274 str r2, [r4, #-0x14]
> 003E0278 ldr r8, [pc, #0x400]
> 003E027C str r8, [sp, #4]
> 003E0280 mov r0, sp
> 003E0284 str r4, [sp, #0x40]
> 003E0288 mov lr, pc
> 003E028C ldr pc, [pc, #0x3F0]
> 003E0290 str r0, [r4, #-0x3C]
> 003E0294 ldr r8, [pc, #0x3EC]
> 003E0298 str r8, [sp, #4]
> 003E029C mov r0, sp
> 003E02A0 str r4, [sp, #0x40]
> 003E02A4 mov lr, pc
> 003E02A8 ldr pc, [pc, #0x3DC]
> 003E02AC str r0, [r4, #-0x40]
> 003E02B0 ldr r8, [pc, #0x3D8]
> 003E02B4 str r8, [sp, #4]
> 003E02B8 mov r0, sp
> 003E02BC str r4, [sp, #0x40]
> 003E02C0 mov lr, pc
> 003E02C4 ldr pc, [pc, #0x3C8]
> 003E02C8 str r0, [r4, #-0x44]
> 003E02CC ldr r8, [pc, #0x3C4]
> 003E02D0 str r8, [sp, #4]
> 003E02D4 mov r0, sp
> 003E02D8 str r4, [sp, #0x40]
> 003E02DC mov lr, pc
> 003E02E0 ldr pc, [pc, #0x3B4]
> 003E02E4 str r0, [r4, #-0x48]
> 003E02E8 ldr r8, [pc, #0x3B0]
> 003E02EC str r8, [sp, #4]
>
> - Patrick
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
> http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
>
More information about the webkit-dev
mailing list