Closed Bug 932180 Opened 11 years ago Closed 11 years ago

Rewrite decompiler's bytecode parser to not need SRC_HIDDEN annotations

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla28

People

(Reporter: wingo, Assigned: wingo)

References

Details

(Whiteboard: [qa-])

Attachments

(1 file, 7 obsolete files)

Rewrite decompiler's bytecode parser to not need SRC_HIDDEN annotations v8
39.97 KB, patch
jandem
: review+
Details | Diff | Splinter Review 
The attached patch ports the bytecode parser in jsanalyze.cpp to jsopcode.cpp, and uses it to determine the stack depth and defining opcode stack for each instruction in a function.  It then ports the decompiler to use that parser to attempt to reconstruct stack operands.

I ported the parser instead of using it directly because I hear that jsanalyze is on its way out.  I don't need SSA information anyway.

Once GetBlockChainAtPC uses a side table (bug 927782), this will remove all uses of SRC_HIDDEN, so we can make the bytecode emitter stop adding those notes.  Yays.  Also it fixes bug 931414.
Assignee: nobody → wingo
Attachment #823838 - Attachment is obsolete: true
Updated patch fixed decompilation of stack operands whose definition could not be found.
Attachment #823844 - Attachment description: Rewrite decompiler's bytecode parser to not need SRC_HIDDEN annotations → Rewrite decompiler's bytecode parser to not need SRC_HIDDEN annotations v2
Comment on attachment 823844 [details] [diff] [review]
Rewrite decompiler's bytecode parser to not need SRC_HIDDEN annotations v2

Jan has kindly agreed to take a look here.  Thanks!
Attachment #823844 - Flags: review?(jdemooij)
The patch is broken for release mode;  I just need to move the BytecodeParser outside of the #ifdef DEBUG.  Running this test:

 var t = new Date; (function(){ for (var i = 0; i < 1000000; i++) { try { var x = 0; x(); } catch (e) {} } })(); print(new Date - t);

Before the patch I get around 4350ms, and after I get 4200ms or so; so perf is a wash.
Attachment #823844 - Attachment is obsolete: true
Attachment #823844 - Flags: review?(jdemooij)
Comment on attachment 823892 [details] [diff] [review]
Rewrite decompiler's bytecode parser to not need SRC_HIDDEN annotations v3

Updated patch compiles BytecodeParser in release mode as well.  Previously quoted perf numbers are for release mode.
Attachment #823892 - Attachment description: Rewrite decompiler's bytecode parser to not need SRC_HIDDEN annotations → Rewrite decompiler's bytecode parser to not need SRC_HIDDEN annotations v3
Attachment #823892 - Flags: review?(jdemooij)
Comment on attachment 823892 [details] [diff] [review]
Rewrite decompiler's bytecode parser to not need SRC_HIDDEN annotations v3

Review of attachment 823892 [details] [diff] [review]:
-----------------------------------------------------------------

Excellent! I tried to debug this a few times and still have no idea how SRC_HIDDEN is supposed to work.

::: js/src/jsopcode.cpp
@@ +362,5 @@
> +
> +        // Whether this instruction has been analyzed to get its output defines
> +        // and stack. */
> +        bool parsed : 1;
> +        

Nit: trailing whitespace.

@@ +404,5 @@
> +    JSContext *cx_;
> +    LifoAllocScope allocScope_;
> +#ifdef DEBUG
> +    //LifoAlloc::Mark mark_;
> +#endif

Can remove this and similar #ifdef DEBUG blocks below.

@@ +430,5 @@
> +
> +    bool parse();
> +
> +    uint32_t stackDepthAtPC(uint32_t offset) {
> +        Bytecode *code = maybeCode(offset);

Can we use getCode here instead of maybeCode?

@@ +554,5 @@
> +
> +bool
> +BytecodeParser::addJump(unsigned offset,
> +                        unsigned *currentOffset, unsigned *forwardJump, unsigned *forwardLoop,
> +                        unsigned stackDepth, const unsigned *offsetStack)

BytecodeParser::simulateOp uses uint32_t for offset, stackDepth and offsetStack instead of unsigned. The rest of the code mostly uses unsigned.

uint32_t for the offsetStack seems a bit more efficient on x64 so we should probably use that everywhere for the offsets?

@@ +594,5 @@
> +}
> +
> +bool
> +BytecodeParser::parse()
> +{

Nit: can you assert here we are not calling parse() twice? JS_ASSERT(!codeArray_) or something.

@@ +615,5 @@
> +    unsigned forwardLoop = 0;
> +
> +    // If we are in the middle of a try block, the offset of the highest
> +    // catch/finally/enditer.
> +    unsigned forwardCatch = 0;

forwardJump, forwardLoop and forwardCatch are set/checked in a few places but not really used anywhere. Removing them will simplify the code even more.

@@ +1879,5 @@
>      /*
> +     * Fall back on *valuepc as start pc if this frame is calling .apply and the
> +     * methodjit has "splatted" the arguments array, bumping the caller's stack
> +     * pointer and skewing it from what static analysis in BytecodeParser would
> +     * compute.

Remove this comment. There used to be a StackFrame check here but it was removed with JM.
Attachment #823892 - Flags: review?(jdemooij)
You can also remove Bytecode's jumpTarget, fallthrough, jumpFallthrough and exceptionEntry fields. We can always add them back later if we have to.
Comment on attachment 823892 [details] [diff] [review]
Rewrite decompiler's bytecode parser to not need SRC_HIDDEN annotations v3

Re-adding jandem as reviewer; got lost in the shuffle.
Attachment #823892 - Flags: review?(jdemooij)
Comment on attachment 823892 [details] [diff] [review]
Rewrite decompiler's bytecode parser to not need SRC_HIDDEN annotations v3

Sorry, I was confused; didn't see the review, I thought I cleared it accidentally.  Thanks for the comments, will get back to you :)
Attachment #823892 - Flags: review?(jdemooij)
Attachment #823892 - Attachment is obsolete: true
Comment on attachment 824015 [details] [diff] [review]
Rewrite decompiler's bytecode parser to not need SRC_HIDDEN annotations v4

Updated patch addresses nits.

Regarding the question about using getCode instead of maybeCode in getStackDepthForPC, I did the change, then found one case that was asserting.  The backtrace:

#0  0x00000000005e9faa in getCode (this=<optimized out>, this=<optimized out>, offset=96) at /home/wingo/src/mozilla-central/js/src/jsopcode.cpp:444
#1  stackDepthAtPC (offset=96, this=0x7fffffff7d30) at /home/wingo/src/mozilla-central/js/src/jsopcode.cpp:405
#2  stackDepthAtPC (pc=0x7ffff5941940 "(\021\225\365\377\177", this=0x7fffffff7d30) at /home/wingo/src/mozilla-central/js/src/jsopcode.cpp:406
#3  js_ReconstructStackDepth (cx=<optimized out>, script=script@entry=0x7ffff5941940, pc=pc@entry=0x1788c79 " \240\r\245\220\022\231\016рψ\203\246\220\022\231\016рψ\203\256$\230\006\232\b")
    at /home/wingo/src/mozilla-central/js/src/jsopcode.cpp:1993
#4  0x000000000092abfe in js::jit::CodeGeneratorShared::encode (this=this@entry=0x17b60b0, snapshot=0x17ad170) at /home/wingo/src/mozilla-central/js/src/jit/shared/CodeGenerator-shared.cpp:282
#5  0x000000000092dad3 in js::jit::CodeGeneratorShared::markOsiPoint (this=this@entry=0x17b60b0, ins=ins@entry=0x17ad1b8, callPointOffset=callPointOffset@entry=0x7fffffff7f00)
    at /home/wingo/src/mozilla-central/js/src/jit/shared/CodeGenerator-shared.cpp:426

This corresponded to getting the stack depth at the JSOP_STOP in this function:

(gdb) fr 3
#3  js_ReconstructStackDepth (cx=<optimized out>, script=script@entry=0x7ffff5941940, pc=pc@entry=0x1788c79 " \240\r\245\220\022\231\016рψ\203\246\220\022\231\016рψ\203\256$\230\006\232\b")
    at /home/wingo/src/mozilla-central/js/src/jsopcode.cpp:1993
1993	    return parser.stackDepthAtPC(pc);
(gdb) p js_DumpScriptDepth(parser.cx_, script, pc)
js1_8_1/regress/regress-479430-02.js:30
    sn stack loc   line  op
    -- ----- ----- ----  --
main:
             00000:  32  getarg 0
             00003:  32  zero
             00004:  32  ne
    01       00005:  32  ifeq 94 (+89)
    18       00010:  33  try 33 (+23)
             00011:  33  callname "f"
             00016:  33  undefined
             00017:  33  notearg
             00018:  33  getarg 0
             00021:  33  one
             00022:  33  sub
             00023:  33  notearg
             00024:  33  call 1
             00027:  33  pop
    16       00028:  33  goto 52 (+24)
             00033:  33  enterblock object
             00038:  33  exception
             00039:  33  setlocal 0
             00042:  33  pop
    17       00043:  33  leaveblock 1
    16       00046:  33  goto 52 (+6)
             00051:  33  nop
    18       00052:  34  try 75 (+23)
             00053:  34  callname "f"
             00058:  34  undefined
             00059:  34  notearg
             00060:  34  getarg 0
             00063:  34  one
             00064:  34  sub
             00065:  34  notearg
             00066:  34  call 1
             00069:  34  pop
    16       00070:  34  goto 94 (+24)
             00075:  34  enterblock object
             00080:  34  exception
             00081:  34  setlocal 0
             00084:  34  pop
    17       00085:  34  leaveblock 1
    16       00088:  34  goto 94 (+6)
             00093:  34  nop
             00094:  36  zero
             00095:  36  throw
-->          00096:  36  stop

So I added code to mark JSOP_STOP as always reachable.  TBH I don't know why JSOP_STOP is needed at all; it would be easy to ensure all functions end with JSOP_RETURN.  But whatever, an issue for some other day.
Attachment #824015 - Attachment description: Rewrite decompiler's bytecode parser to not need SRC_HIDDEN annotations → Rewrite decompiler's bytecode parser to not need SRC_HIDDEN annotations v4
Attachment #824015 - Flags: review?(jdemooij)
Attachment #824015 - Attachment is obsolete: true
Attachment #824015 - Flags: review?(jdemooij)
Comment on attachment 824017 [details] [diff] [review]
Rewrite decompiler's bytecode parser to not need SRC_HIDDEN annotations v5

Sorry for the churn; forgot to remove a comment and noticed some trailing whitespace.
Attachment #824017 - Attachment description: Rewrite decompiler's bytecode parser to not need SRC_HIDDEN annotations → Rewrite decompiler's bytecode parser to not need SRC_HIDDEN annotations v5
Attachment #824017 - Flags: review?(jdemooij)
Blocks: 932312
Comment on attachment 824017 [details] [diff] [review]
Rewrite decompiler's bytecode parser to not need SRC_HIDDEN annotations v5

Review of attachment 824017 [details] [diff] [review]:
-----------------------------------------------------------------

Nice! r=me with nits addressed.

::: js/src/jsopcode.cpp
@@ +395,5 @@
> +
> +  public:
> +    BytecodeParser(JSContext *cx, JSScript *script)
> +      : cx_(cx),
> +        allocScope_(&cx->typeLifoAlloc()),

s/typeLifoAlloc/tempLifoAlloc

@@ +511,5 @@
> +    return stackDepth;
> +}
> +
> +bool
> +BytecodeParser::addJump(uint32_t offset, uint32_t *currentOffset, 

Nit: trailing whitespace

@@ +597,5 @@
> +            // FrameRegs::setToEndOfScript that can reach it.
> +            if (op == JSOP_STOP) {
> +                // Simulate a jump coming in to the STOP from who-knows where,
> +                // with zero operands on the stack.
> +                addJump(offset, &offset, 0, nullptr);

Nit: OOM check.
Attachment #824017 - Flags: review?(jdemooij) → review+
Attachment #824017 - Attachment is obsolete: true
Attachment #824043 - Attachment is obsolete: true
Comment on attachment 824045 [details] [diff] [review]
Rewrite decompiler's bytecode parser to not need SRC_HIDDEN annotations  r=jandem

Thanks for the review :)
Attachment #824045 - Attachment description: Rewrite decompiler's bytecode parser to not need SRC_HIDDEN annotations → Rewrite decompiler's bytecode parser to not need SRC_HIDDEN annotations r=jandem
Attachment #824045 - Flags: review+
Keywords: checkin-needed
Clearing checkin-needed, while I run a try build just in case:

https://tbpl.mozilla.org/?tree=Try
Keywords: checkin-needed
Though the release trybuild is fine, running debug with --ion-eager I get another assertion failure:

gdb --args +debug/js --ion-eager /home/wingo/src/mozilla-central/js/src/jit-test/tests/auto-regress/bug912379.js
(gdb) r
Assertion failure: codeArray_[offset], at /home/wingo/src/mozilla-central/js/src/jsopcode.cpp:444

Catchpoint 1 (signal SIGSEGV), 0x00000000005e9e03 in getCode (this=<optimized out>, this=<optimized out>, offset=7) at /home/wingo/src/mozilla-central/js/src/jsopcode.cpp:444
444	        JS_ASSERT(codeArray_[offset]);
(gdb) fr 3
#3  js_ReconstructStackDepth (cx=<optimized out>, script=script@entry=0x7ffff595a100, pc=pc@entry=0x1796ac0 "\006") at /home/wingo/src/mozilla-central/js/src/jsopcode.cpp:1999
1999	    return parser.stackDepthAtPC(pc);
(gdb) p js_DumpScriptDepth(parser.cx_, script, pc)
/home/wingo/src/mozilla-central/js/src/jit-test/tests/auto-regress/bug912379.js:9
    sn stack loc   line  op
    -- ----- ----- ----  --
main:
    18       00000:   9  try 12 (+12)
             00001:   9  getgname "StopIteration"
             00006:   9  throw
--> 16       00007:   9  goto 45 (+38)
             00012:   9  enterblock object
             00017:   9  exception
             00018:   9  setlocal 0
             00021:   9  pop
             00022:   9  bindgname "x"
             00027:   9  getlocal 0
             00030:   9  setgname "x"
             00035:   9  popv
    17       00036:   9  leaveblock 1
    16       00039:   9  goto 45 (+6)
             00044:   9  nop
             00045:   9  callgname "wrap"
             00050:   9  undefined
             00051:   9  notearg
             00052:   9  getgname "x"
             00057:   9  notearg
             00058:   9  call 1
             00061:   9  popv
             00062:   9  stop

And indeed this instruction is not reachable.  So I think the best thing to do is to go back to maybeCode, and assume that the stack depth is 0 if there is no code -- because it shouldn't be possible to get to an unreachable opcode while there are values on the stack.  Jan, WDYT?
Flags: needinfo?(jdemooij)
Attachment #824045 - Attachment is obsolete: true
Comment on attachment 824587 [details] [diff] [review]
Rewrite decompiler's bytecode parser to not need SRC_HIDDEN annotations v8

Uploaded patch reverting to maybeCode and removing the JSOP_STOP case.  r? to jandem.
Attachment #824587 - Attachment description: Rewrite decompiler's bytecode parser to not need SRC_HIDDEN annotations → Rewrite decompiler's bytecode parser to not need SRC_HIDDEN annotations v8
Attachment #824587 - Flags: review?(jdemooij)
Flags: needinfo?(jdemooij)
Attachment #824587 - Flags: review?(jdemooij) → review+
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/3510684869de
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla28
Blocks: 931414
Whiteboard: [qa-]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: