Switch to CPU stack spill slots

dstogov · dstogov · commit 754d8852a5f0 · 2023-09-08T18:29:20.000+03:00
diff --git a/ext/opcache/config.m4 b/ext/opcache/config.m4
@@ -147,7 +147,7 @@ if test "$PHP_OPCACHE" != "no"; then
 
     JIT_CFLAGS="-I@ext_builddir@/jit/ir -D${IR_TARGET} -DIR_PHP"
     if test "$ZEND_DEBUG" = "yes"; then
-      JIT_CFLAGS="${JIT_CFLAGS} -DIR_DEBUG"
+      JIT_CFLAGS="${JIT_CFLAGS} -DIR_DEBUG -DIR_DEBUG_MESSAGES"
     fi
   fi
 
diff --git a/ext/opcache/config.w32 b/ext/opcache/config.w32
@@ -53,7 +53,7 @@ if (PHP_OPCACHE != "no") {
 
 			ADD_FLAG("CFLAGS_OPCACHE", "/I \"ext\\opcache\\jit\\ir\" /D "+ir_target+" /D IR_PHP");
 			if (PHP_DEBUG == "yes") {
-				ADD_FLAG("CFLAGS_OPCACHE", "/D IR_DEBUG");
+				ADD_FLAG("CFLAGS_OPCACHE", "/D IR_DEBUG /D IR_DEBUG_MESSAGES");
 			}
 
 			if (CHECK_HEADER_ADD_INCLUDE("capstone\\capstone.h", "CFLAGS_OPCACHE", PHP_OPCACHE+ ";" + PHP_PHP_BUILD + "\\include") &&
diff --git a/ext/opcache/jit/ir b/ext/opcache/jit/ir
@@ -1 +1 @@
-Subproject commit e506c1367d6fee358bf6210dde33f28671ace80c
+Subproject commit b37d4e04439dee3a22a4c5cef0b0db15c7596d49
diff --git a/ext/opcache/jit/zend_jit.h b/ext/opcache/jit/zend_jit.h
@@ -169,15 +169,18 @@ ZEND_EXT_API void zend_jit_restart(void);
 #define ZREG_LOAD           (1<<0)
 #define ZREG_STORE          (1<<1)
 #define ZREG_LAST_USE       (1<<2)
+
 #define ZREG_PI             (1<<3)
 #define ZREG_PHI            (1<<4)
 #define ZREG_FORWARD        (1<<5)
-#define ZREG_CONST          (1<<6)
-#define ZREG_ZVAL_COPY      (1<<7)
 
-#define ZREG_TYPE_ONLY      (1<<3)
-#define ZREG_ZVAL_ADDREF    (1<<4)
-#define ZREG_THIS           (1<<5)
+#define ZREG_SPILL_SLOT     (1<<3)
+
+#define ZREG_CONST          (1<<4)
+#define ZREG_ZVAL_COPY      (2<<4)
+#define ZREG_TYPE_ONLY      (3<<4)
+#define ZREG_ZVAL_ADDREF    (4<<4)
+#define ZREG_THIS           (5<<4)
 
 #define ZREG_NONE           -1
 
diff --git a/ext/opcache/jit/zend_jit_ir.c b/ext/opcache/jit/zend_jit_ir.c
@@ -21,12 +21,14 @@
 
 #if defined(IR_TARGET_X86)
 # define IR_REG_SP            4 /* IR_REG_RSP */
+# define IR_REG_FP            5 /* IR_REG_RBP */
 # define ZREG_FP              6 /* IR_REG_RSI */
 # define ZREG_IP              7 /* IR_REG_RDI */
 # define ZREG_FIRST_FPR       8
 # define IR_REGSET_PRESERVED ((1<<3) | (1<<5) | (1<<6) | (1<<7)) /* all preserved registers */
 #elif defined(IR_TARGET_X64)
 # define IR_REG_SP            4 /* IR_REG_RSP */
+# define IR_REG_FP            5 /* IR_REG_RBP */
 # define ZREG_FP             14 /* IR_REG_R14 */
 # define ZREG_IP             15 /* IR_REG_R15 */
 # define ZREG_FIRST_FPR      16
@@ -42,6 +44,7 @@
 # endif
 #elif defined(IR_TARGET_AARCH64)
 # define IR_REG_SP           31 /* IR_REG_RSP */
+# define IR_REG_FP           29 /* IR_REG_X29 */
 # define ZREG_FP             27 /* IR_REG_X27 */
 # define ZREG_IP             28 /* IR_REG_X28 */
 # define ZREG_FIRST_FPR      32
@@ -676,9 +679,17 @@ void *zend_jit_snapshot_handler(ir_ctx *ctx, ir_ref snapshot_ref, ir_insn *snaps
 
 				if (ref > 0) {
 					if (reg != ZREG_NONE) {
-						t->stack_map[t->exit_info[exit_point].stack_offset + var].reg = IR_REG_NUM(reg);
 						if (reg & IR_REG_SPILL_LOAD) {
-							t->stack_map[t->exit_info[exit_point].stack_offset + var].flags |= ZREG_LOAD;
+							ZEND_ASSERT(!(reg & IR_REG_SPILL_SPECIAL));
+							/* spill slot on a CPU stack */
+							t->stack_map[t->exit_info[exit_point].stack_offset + var].ref = ref;
+							t->stack_map[t->exit_info[exit_point].stack_offset + var].reg = ZREG_NONE;
+							t->stack_map[t->exit_info[exit_point].stack_offset + var].flags |= ZREG_SPILL_SLOT;
+						} else if (reg & IR_REG_SPILL_SPECIAL) {
+							/* spill slot on a VM stack */
+							t->stack_map[t->exit_info[exit_point].stack_offset + var].flags = ZREG_TYPE_ONLY;
+						} else {
+							t->stack_map[t->exit_info[exit_point].stack_offset + var].reg = IR_REG_NUM(reg);
 						}
 					} else {
 						t->stack_map[t->exit_info[exit_point].stack_offset + var].flags = ZREG_TYPE_ONLY;
@@ -1149,6 +1160,29 @@ static ir_ref jit_Z_DVAL_ref(zend_jit_ctx *jit, ir_ref ref)
 	return ir_LOAD_D(ref);
 }
 
+static bool zend_jit_spilling_may_cause_conflict(zend_jit_ctx *jit, int var, ir_ref val)
+{
+//	if (jit->ctx.ir_base[val].op == IR_RLOAD) {
+//		/* Deoptimization */
+//		return 0;
+//	}
+//	if (jit->ctx.ir_base[val].op == IR_LOAD
+//	 && jit->ctx.ir_base[jit->ctx.ir_base[val].op2].op == IR_ADD
+//	 && jit->ctx.ir_base[jit->ctx.ir_base[jit->ctx.ir_base[val].op2].op1].op == IR_RLOAD
+//	 && jit->ctx.ir_base[jit->ctx.ir_base[jit->ctx.ir_base[val].op2].op1].op2 == ZREG_FP
+//	 && IR_IS_CONST_REF(jit->ctx.ir_base[jit->ctx.ir_base[val].op2].op2)
+//	 && jit->ctx.ir_base[jit->ctx.ir_base[jit->ctx.ir_base[val].op2].op2].val.addr == (uintptr_t)EX_NUM_TO_VAR(jit->ssa->vars[var].var)) {
+//		/* LOAD from the same location (the LOAD is pinned) */
+//		// TODO: should be anti-dependent with the following stores ???
+//		return 0;
+//	}
+//	if (jit->ssa->vars[var].var < jit->current_op_array->last_var) {
+//		/* IS_CV */
+//		return 0;
+//	}
+	return 1;
+}
+
 static void zend_jit_def_reg(zend_jit_ctx *jit, zend_jit_addr addr, ir_ref val)
 {
 	int var;
@@ -1161,46 +1195,8 @@ static void zend_jit_def_reg(zend_jit_ctx *jit, zend_jit_addr addr, ir_ref val)
 	}
 	ZEND_ASSERT(jit->ra && jit->ra[var].ref == IR_NULL);
 
-	/* Disable CSE for temporary variables */
-	/* TODO: This is a workarounf to fix ext/standard/tests/strings/htmlentities20.phpt failure with tracing JIT ??? */
-	if (0 && val > 0 && jit->ssa->vars[var].var >= jit->current_op_array->last_var) {
-		ir_insn *insn = &jit->ctx.ir_base[val];
-		ir_op op = insn->op;
-
-		if (op <= IR_LAST_FOLDABLE_OP && jit->ctx.prev_insn_chain[op]) {
-			if (jit->ctx.prev_insn_chain[op] == val) {
-				if (insn->prev_insn_offset) {
-					jit->ctx.prev_insn_chain[op] = val - (ir_ref)(uint32_t)insn->prev_insn_offset;
-				} else {
-					jit->ctx.prev_insn_chain[op] = IR_UNUSED;
-				}
-			} else {
-				ir_ref prev = jit->ctx.prev_insn_chain[op];
-				ir_ref tmp;
-
-				while (prev) {
-					insn = &jit->ctx.ir_base[prev];
-					if (!insn->prev_insn_offset) {
-						break;
-					}
-					tmp = prev - (ir_ref)(uint32_t)insn->prev_insn_offset;
-					if (tmp == val) {
-						ir_ref offset = jit->ctx.ir_base[tmp].prev_insn_offset;
-
-						if (!offset || prev - tmp + offset > 0xffff) {
-							insn->prev_insn_offset = 0;
-						} else {
-							insn->prev_insn_offset = prev - tmp + offset;
-						}
-					}
-					prev = tmp;
-				}
-			}
-		}
-	}
-
 	/* Negative "var" has special meaning for IR */
-	if (val > 0 && jit->ssa->vars[var].var < jit->current_op_array->last_var) {
+	if (val > 0 && !zend_jit_spilling_may_cause_conflict(jit, var, val)) {
 		val = ir_bind(&jit->ctx, -EX_NUM_TO_VAR(jit->ssa->vars[var].var), val);
 	}
 	jit->ra[var].ref = val;
@@ -2623,7 +2619,7 @@ static void zend_jit_init_ctx(zend_jit_ctx *jit, uint32_t flags)
 			jit->ctx.fixed_call_stack_size = 16;
 #endif
 #if defined(IR_TARGET_X86) || defined(IR_TARGET_X64)
-			jit->ctx.fixed_regset |= (1<<5); /* prevent %rbp (%r5) usage */
+			jit->ctx.fixed_regset |= (1<<IR_REG_FP); /* prevent %rbp (%r5) usage */
 #endif
 		}
 	}
@@ -4148,6 +4144,43 @@ static int zend_jit_store_reg(zend_jit_ctx *jit, uint32_t info, int var, int8_t
 	return 1;
 }
 
+static int zend_jit_store_spill_slot(zend_jit_ctx *jit, uint32_t info, int var, int8_t reg, int32_t offset, bool set_type)
+{
+	zend_jit_addr src;
+	zend_jit_addr dst = ZEND_ADDR_MEM_ZVAL(ZREG_FP, EX_NUM_TO_VAR(var));
+
+	if ((info & MAY_BE_ANY) == MAY_BE_LONG) {
+		src = ir_LOAD_L(ir_ADD_OFFSET(ir_RLOAD_A(reg), offset));
+		if (jit->ra && jit->ra[var].ref == IR_NULL) {
+			zend_jit_def_reg(jit, ZEND_ADDR_REG(var), src);
+		} else {
+			jit_set_Z_LVAL(jit, dst, src);
+			if (set_type &&
+			    (Z_REG(dst) != ZREG_FP ||
+			     !JIT_G(current_frame) ||
+			     STACK_MEM_TYPE(JIT_G(current_frame)->stack, EX_VAR_TO_NUM(Z_OFFSET(dst))) != IS_LONG)) {
+				jit_set_Z_TYPE_INFO(jit, dst, IS_LONG);
+			}
+		}
+	} else if ((info & MAY_BE_ANY) == MAY_BE_DOUBLE) {
+		src = ir_LOAD_D(ir_ADD_OFFSET(ir_RLOAD_A(reg), offset));
+		if (jit->ra && jit->ra[var].ref == IR_NULL) {
+			zend_jit_def_reg(jit, ZEND_ADDR_REG(var), src);
+		} else {
+			jit_set_Z_DVAL(jit, dst, src);
+			if (set_type &&
+			    (Z_REG(dst) != ZREG_FP ||
+			     !JIT_G(current_frame) ||
+			     STACK_MEM_TYPE(JIT_G(current_frame)->stack, EX_VAR_TO_NUM(Z_OFFSET(dst))) != IS_DOUBLE)) {
+				jit_set_Z_TYPE_INFO(jit, dst, IS_DOUBLE);
+			}
+		}
+	} else {
+		ZEND_UNREACHABLE();
+	}
+	return 1;
+}
+
 static int zend_jit_store_var_type(zend_jit_ctx *jit, int var, uint32_t type)
 {
 	zend_jit_addr dst = ZEND_ADDR_MEM_ZVAL(ZREG_FP, EX_NUM_TO_VAR(var));
@@ -6169,6 +6202,9 @@ static int zend_jit_assign_to_variable(zend_jit_ctx   *jit,
 			phi = ir_PHI_N(res_inputs->count, res_inputs->refs);
 		}
 		if (Z_MODE(var_addr) == IS_REG) {
+			if ((var_info & (MAY_BE_REF|MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE)) || ref_addr) {
+				phi = ir_emit2(&jit->ctx, IR_OPT(IR_COPY, jit->ctx.ir_base[phi].type), phi, 1);
+			}
 			zend_jit_def_reg(jit, var_addr, phi);
 			if (real_res_addr) {
 				if (var_def_info & MAY_BE_LONG) {
@@ -15547,6 +15583,20 @@ static void *zend_jit_finish(zend_jit_ctx *jit)
 			}
 		} else {
 			/* Only for tracing JIT */
+			zend_jit_trace_info *t = jit->trace;
+			zend_jit_trace_stack *stack;
+			uint32_t i;
+
+			if (t) {
+				for (i = 0; i < t->stack_map_size; i++) {
+					stack = t->stack_map + i;
+					if (stack->flags & ZREG_SPILL_SLOT) {
+						stack->reg = (jit->ctx.flags & IR_USE_FRAME_POINTER) ? IR_REG_FP : IR_REG_SP;
+						stack->ref = ir_get_spill_slot_offset(&jit->ctx, stack->ref);
+					}
+				}
+			}
+
 			zend_jit_trace_add_code(entry, size);
 
 #if ZEND_JIT_SUPPORT_CLDEMOTE
@@ -16023,12 +16073,12 @@ static int zend_jit_trace_start(zend_jit_ctx        *jit,
 
 					if (STACK_FLAGS(parent_stack, i) & (ZREG_LOAD|ZREG_STORE)) {
 						/* op3 is used as a flag that the value is already stored in memory.
-						 * In case the IR framework desides to spill the result of IR_LOAD,
+						 * In case the IR framework decides to spill the result of IR_LOAD,
 						 * it doesn't have to store the value once again.
 						 *
 						 * See: insn->op3 check in ir_emit_rload()
 						 */
-						ir_set_op(&jit->ctx, ref, 3, 1);
+						ir_set_op(&jit->ctx, ref, 3, EX_NUM_TO_VAR(i));
 					}
 				}
 			}
diff --git a/ext/opcache/jit/zend_jit_trace.c b/ext/opcache/jit/zend_jit_trace.c
@@ -3863,15 +3863,18 @@ static int zend_jit_trace_stack_needs_deoptimization(zend_jit_trace_stack *stack
 	uint32_t i;
 
 	for (i = 0; i < stack_size; i++) {
-#ifdef ZEND_JIT_IR
-		if (STACK_FLAGS(stack, i) & (ZREG_CONST|ZREG_ZVAL_COPY|ZREG_TYPE_ONLY|ZREG_ZVAL_ADDREF)) {
-			return 1;
-		}
-#endif
+#ifndef ZEND_JIT_IR
 		if (STACK_REG(stack, i) != ZREG_NONE
 		 && !(STACK_FLAGS(stack, i) & (ZREG_LOAD|ZREG_STORE))) {
 			return 1;
 		}
+#else
+		if (STACK_FLAGS(stack, i) & ~(ZREG_LOAD|ZREG_STORE|ZREG_LAST_USE)) {
+			return 1;
+		} else if (STACK_REG(stack, i) != ZREG_NONE) {
+			return 1;
+		}
+#endif
 	}
 	return 0;
 }
@@ -4000,6 +4003,29 @@ static int zend_jit_trace_deoptimization(
 			ZEND_ASSERT(reg != ZREG_NONE);
 			ZEND_ASSERT(check2 == -1);
 			check2 = i;
+		} else if (STACK_FLAGS(parent_stack, i) & ZREG_SPILL_SLOT) {
+			if (ssa && ssa->vars[i].no_val) {
+				/* pass */
+			} else {
+				uint8_t type = STACK_TYPE(parent_stack, i);
+
+				if (!zend_jit_store_spill_slot(jit, 1 << type, i, reg, STACK_REF(parent_stack, i),
+						STACK_MEM_TYPE(parent_stack, i) != type)) {
+					return 0;
+				}
+				if (stack) {
+					if (jit->ra && jit->ra[i].ref) {
+						SET_STACK_TYPE(stack, i, type, 0);
+						if ((STACK_FLAGS(parent_stack, i) & (ZREG_LOAD|ZREG_STORE)) != 0) {
+							SET_STACK_REF_EX(stack, i, jit->ra[i].ref, ZREG_LOAD);
+						} else {
+							SET_STACK_REF(stack, i, jit->ra[i].ref);
+						}
+					} else {
+						SET_STACK_TYPE(stack, i, type, 1);
+					}
+				}
+			}
 		} else if (reg != ZREG_NONE) {
 			if (ssa && ssa->vars[i].no_val) {
 				/* pass */
@@ -8476,6 +8502,16 @@ static void zend_jit_dump_exit_info(zend_jit_trace_info *t)
 					fprintf(stderr, "(zval_try_addref)");
 				} else if (STACK_FLAGS(stack, j) == ZREG_ZVAL_COPY) {
 					fprintf(stderr, "zval_copy(%s)", zend_reg_name(STACK_REG(stack, j)));
+				} else if (STACK_FLAGS(stack, j) & ZREG_SPILL_SLOT) {
+					if (STACK_REG(stack, j) == ZREG_NONE) {
+						fprintf(stderr, "(spill=0x%x", STACK_REF(stack, j));
+					} else {
+						fprintf(stderr, "(spill=0x%x(%s)", STACK_REF(stack, j), zend_reg_name(STACK_REG(stack, j)));
+					}
+					if (STACK_FLAGS(stack, j) != 0) {
+						fprintf(stderr, ":%x", STACK_FLAGS(stack, j));
+					}
+					fprintf(stderr, ")");
 				} else if (STACK_REG(stack, j) != ZREG_NONE) {
 					fprintf(stderr, "(%s", zend_reg_name(STACK_REG(stack, j)));
 					if (STACK_FLAGS(stack, j) != 0) {
@@ -9138,6 +9174,17 @@ int ZEND_FASTCALL zend_jit_trace_exit(uint32_t exit_num, zend_jit_registers_buf
 			} else {
 				ZVAL_COPY(EX_VAR_NUM(i), val);
 			}
+		} else if (STACK_FLAGS(stack, i) & ZREG_SPILL_SLOT) {
+			ZEND_ASSERT(STACK_REG(stack, i) != ZREG_NONE);
+			uintptr_t ptr = (uintptr_t)regs->gpr[STACK_REG(stack, i)] + STACK_REF(stack, i);
+
+			if (STACK_TYPE(stack, i) == IS_LONG) {
+				ZVAL_LONG(EX_VAR_NUM(i), *(zend_long*)ptr);
+			} else if (STACK_TYPE(stack, i) == IS_DOUBLE) {
+				ZVAL_DOUBLE(EX_VAR_NUM(i), *(double*)ptr);
+			} else {
+				ZEND_UNREACHABLE();
+			}
 		} else if (STACK_REG(stack, i) != ZREG_NONE) {
 			if (STACK_TYPE(stack, i) == IS_LONG) {
 				zend_long val = regs->gpr[STACK_REG(stack, i)];

Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,7 @@ if (PHP_OPCACHE != "no") {`
`53`	`53`
`54`	`54`	`ADD_FLAG("CFLAGS_OPCACHE", "/I \"ext\\opcache\\jit\\ir\" /D "+ir_target+" /D IR_PHP");`
`55`	`55`	`if (PHP_DEBUG == "yes") {`
`56`		`- ADD_FLAG("CFLAGS_OPCACHE", "/D IR_DEBUG");`
	`56`	`+ ADD_FLAG("CFLAGS_OPCACHE", "/D IR_DEBUG /D IR_DEBUG_MESSAGES");`
`57`	`57`	`}`
`58`	`58`
`59`	`59`	`if (CHECK_HEADER_ADD_INCLUDE("capstone\\capstone.h", "CFLAGS_OPCACHE", PHP_OPCACHE+ ";" + PHP_PHP_BUILD + "\\include") &&`