| // Copyright 2012 the V8 project authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef V8_DEOPTIMIZER_DEOPTIMIZER_H_ |
| #define V8_DEOPTIMIZER_DEOPTIMIZER_H_ |
| |
| #include <optional> |
| #include <vector> |
| |
| #include "src/builtins/builtins.h" |
| #include "src/codegen/source-position.h" |
| #include "src/deoptimizer/deoptimize-reason.h" |
| #include "src/deoptimizer/frame-description.h" |
| #include "src/deoptimizer/translated-state.h" |
| #include "src/diagnostics/code-tracer.h" |
| #include "src/objects/js-function.h" |
| |
| #if V8_ENABLE_WEBASSEMBLY |
| #include "src/sandbox/hardware-support.h" |
| #include "src/wasm/value-type.h" |
| #endif // V8_ENABLE_WEBASSEMBLY |
| |
| namespace v8 { |
| namespace internal { |
| |
| namespace wasm { |
| class WasmCode; |
| } |
| |
| enum class BuiltinContinuationMode; |
| |
| class DeoptimizedFrameInfo; |
| class Isolate; |
| |
| class Deoptimizer : public Malloced { |
| public: |
| struct DeoptInfo { |
| DeoptInfo(SourcePosition position, DeoptimizeReason deopt_reason, |
| uint32_t node_id, int deopt_id) |
| : position(position), |
| deopt_reason(deopt_reason), |
| node_id(node_id), |
| deopt_id(deopt_id) {} |
| |
| const SourcePosition position; |
| const DeoptimizeReason deopt_reason; |
| const uint32_t node_id; |
| const int deopt_id; |
| }; |
| |
| // Whether the deopt exit is contained by the outermost loop containing the |
| // osr'd loop. For example: |
| // |
| // for (;;) { |
| // for (;;) { |
| // } // OSR is triggered on this backedge. |
| // } // This is the outermost loop containing the osr'd loop. |
| static bool DeoptExitIsInsideOsrLoop(Isolate* isolate, |
| Tagged<JSFunction> function, |
| BytecodeOffset deopt_exit_offset, |
| BytecodeOffset osr_offset); |
| static DeoptInfo GetDeoptInfo(Tagged<Code> code, Address from); |
| DeoptInfo GetDeoptInfo() const { |
| return Deoptimizer::GetDeoptInfo(compiled_code_, from_); |
| } |
| |
| static const char* MessageFor(DeoptimizeKind kind); |
| |
| DirectHandle<JSFunction> function() const; |
| DirectHandle<Code> compiled_code() const; |
| DeoptimizeKind deopt_kind() const { return deopt_kind_; } |
| int output_count() const { return output_count_; } |
| |
| // Where the deopt exit occurred *in the outermost frame*, i.e in the |
| // function we generated OSR'd code for. If the deopt occurred in an inlined |
| // function, this would point at the corresponding outermost Call bytecode. |
| BytecodeOffset bytecode_offset_in_outermost_frame() const { |
| return bytecode_offset_in_outermost_frame_; |
| } |
| |
| static Deoptimizer* New(Address raw_function, DeoptimizeKind kind, |
| Address from, int fp_to_sp_delta, Isolate* isolate); |
| static Deoptimizer* Grab(Isolate* isolate); |
| |
| // Delete and deregister the deoptimizer from the current isolate. Returns the |
| // count of output (liftoff) frames that were constructed by the deoptimizer. |
| static size_t DeleteForWasm(Isolate* isolate); |
| |
| // The returned object with information on the optimized frame needs to be |
| // freed before another one can be generated. |
| static DeoptimizedFrameInfo* DebuggerInspectableFrame(JavaScriptFrame* frame, |
| int jsframe_index, |
| Isolate* isolate); |
| |
| // Deoptimize the function now. Its current optimized code will never be run |
| // again and any activations of the optimized code will get deoptimized when |
| // execution returns. If {code} is specified then the given code is targeted |
| // instead of the function code (e.g. OSR code not installed on function). |
| static void DeoptimizeFunction(Tagged<JSFunction> function, |
| LazyDeoptimizeReason reason, |
| Tagged<Code> code = {}); |
| |
| // Deoptimize all code in the given isolate. |
| V8_EXPORT_PRIVATE static void DeoptimizeAll(Isolate* isolate); |
| |
| // Deoptimizes all optimized code that has been previously marked |
| // (via code->set_marked_for_deoptimization) and unlinks all functions that |
| // refer to that code. |
| static void DeoptimizeMarkedCode(Isolate* isolate); |
| |
| // Deoptimizes all optimized code that implements the given function (whether |
| // directly or inlined). |
| static void DeoptimizeAllOptimizedCodeWithFunction( |
| Isolate* isolate, DirectHandle<SharedFunctionInfo> function); |
| |
| // Check the given address against a list of allowed addresses, to prevent a |
| // potential attacker from using the frame creation process in the |
| // deoptimizer, in particular the signing process, to gain control over the |
| // program. |
| // This function makes a crash if the address is not valid. If it's valid, |
| // it returns the given address. |
| static Address EnsureValidReturnAddress(Isolate* isolate, Address address); |
| |
| ~Deoptimizer(); |
| |
| void MaterializeHeapObjects(); |
| |
| static void ComputeOutputFrames(Deoptimizer* deoptimizer); |
| |
| V8_EXPORT_PRIVATE static Builtin GetDeoptimizationEntry(DeoptimizeKind kind); |
| |
| // InstructionStream generation support. |
| static int input_offset() { return offsetof(Deoptimizer, input_); } |
| static int output_count_offset() { |
| return offsetof(Deoptimizer, output_count_); |
| } |
| static int output_offset() { return offsetof(Deoptimizer, output_); } |
| |
| static int caller_frame_top_offset() { |
| return offsetof(Deoptimizer, caller_frame_top_); |
| } |
| |
| #ifdef V8_ENABLE_CET_SHADOW_STACK |
| static constexpr int shadow_stack_offset() { |
| return offsetof(Deoptimizer, shadow_stack_); |
| } |
| |
| static constexpr int shadow_stack_count_offset() { |
| return offsetof(Deoptimizer, shadow_stack_count_); |
| } |
| #endif // V8_ENABLE_CET_SHADOW_STACK |
| |
| Isolate* isolate() const { return isolate_; } |
| |
| static constexpr int kMaxNumberOfEntries = 16384; |
| |
| // This marker is passed to Deoptimizer::New as {deopt_exit_index} on |
| // platforms that have fixed deopt sizes. The actual deoptimization id is then |
| // calculated from the return address. |
| static constexpr unsigned kFixedExitSizeMarker = kMaxUInt32; |
| |
| // Size of deoptimization exit sequence. |
| V8_EXPORT_PRIVATE static const int kEagerDeoptExitSize; |
| V8_EXPORT_PRIVATE static const int kLazyDeoptExitSize; |
| |
| // The size of the call instruction to Builtins::kAdaptShadowStackForDeopt. |
| V8_EXPORT_PRIVATE static const int kAdaptShadowStackOffsetToSubtract; |
| |
| // Tracing. |
| static void TraceMarkForDeoptimization(Isolate* isolate, Tagged<Code> code, |
| LazyDeoptimizeReason reason); |
| static void TraceEvictFromOptimizedCodeCache(Isolate* isolate, |
| Tagged<SharedFunctionInfo> sfi, |
| const char* reason); |
| |
| // Patch the generated code to jump to a safepoint entry. This is used only |
| // when Shadow Stack is enabled. |
| static void PatchToJump(Address pc, Address new_pc); |
| |
| private: |
| void QueueValueForMaterialization(Address output_address, Tagged<Object> obj, |
| const TranslatedFrame::iterator& iterator); |
| void QueueFeedbackVectorForMaterialization( |
| Address output_address, const TranslatedFrame::iterator& iterator); |
| |
| Deoptimizer(Isolate* isolate, Tagged<JSFunction> function, |
| DeoptimizeKind kind, Address from, int fp_to_sp_delta); |
| void DeleteFrameDescriptions(); |
| |
| void DoComputeOutputFrames(); |
| |
| #if V8_ENABLE_WEBASSEMBLY |
| void DoComputeOutputFramesWasmImpl(); |
| FrameDescription* DoComputeWasmLiftoffFrame( |
| TranslatedFrame& frame, wasm::NativeModule* native_module, |
| Tagged<WasmTrustedInstanceData> wasm_trusted_instance, int frame_index, |
| std::stack<intptr_t>& shadow_stack); |
| |
| void GetWasmStackSlotsCounts(const wasm::FunctionSig* sig, |
| int* parameter_stack_slots, |
| int* return_stack_slots); |
| #endif |
| |
| void DoComputeUnoptimizedFrame(TranslatedFrame* translated_frame, |
| int frame_index, bool goto_catch_handler); |
| void DoComputeInlinedExtraArguments(TranslatedFrame* translated_frame, |
| int frame_index); |
| void DoComputeConstructCreateStubFrame(TranslatedFrame* translated_frame, |
| int frame_index); |
| void DoComputeConstructInvokeStubFrame(TranslatedFrame* translated_frame, |
| int frame_index); |
| |
| static Builtin TrampolineForBuiltinContinuation(BuiltinContinuationMode mode, |
| bool must_handle_result); |
| |
| #if V8_ENABLE_WEBASSEMBLY |
| TranslatedValue TranslatedValueForWasmReturnKind( |
| std::optional<wasm::ValueKind> wasm_call_return_kind); |
| #endif // V8_ENABLE_WEBASSEMBLY |
| |
| void DoComputeBuiltinContinuation(TranslatedFrame* translated_frame, |
| int frame_index, |
| BuiltinContinuationMode mode); |
| |
| unsigned ComputeInputFrameAboveFpFixedSize() const; |
| unsigned ComputeInputFrameSize() const; |
| |
| static unsigned ComputeIncomingArgumentSize(Tagged<Code> code); |
| |
| // Tracing. |
| bool tracing_enabled() const { return trace_scope_ != nullptr; } |
| bool verbose_tracing_enabled() const { |
| return v8_flags.trace_deopt_verbose && tracing_enabled(); |
| } |
| CodeTracer::Scope* trace_scope() const { return trace_scope_; } |
| CodeTracer::Scope* verbose_trace_scope() const { |
| return v8_flags.trace_deopt_verbose ? trace_scope() : nullptr; |
| } |
| void TraceDeoptBegin(int optimization_id, BytecodeOffset bytecode_offset); |
| void TraceDeoptEnd(double deopt_duration); |
| #ifdef DEBUG |
| static void TraceFoundActivation(Isolate* isolate, |
| Tagged<JSFunction> function); |
| #endif |
| static void TraceDeoptAll(Isolate* isolate); |
| |
| bool is_restart_frame() const { return restart_frame_index_ >= 0; } |
| |
| Isolate* isolate_; |
| Tagged<JSFunction> function_; |
| Tagged<Code> compiled_code_; |
| #if V8_ENABLE_WEBASSEMBLY |
| wasm::WasmCode* compiled_optimized_wasm_code_ = nullptr; |
| #endif |
| unsigned deopt_exit_index_; |
| BytecodeOffset bytecode_offset_in_outermost_frame_ = BytecodeOffset::None(); |
| DeoptimizeKind deopt_kind_; |
| Address from_; |
| int fp_to_sp_delta_; |
| bool deoptimizing_throw_; |
| int catch_handler_data_; |
| int catch_handler_pc_offset_; |
| int restart_frame_index_; |
| |
| // Input frame description. |
| FrameDescription* input_; |
| // Number of output frames. |
| int output_count_; |
| // Array of output frame descriptions. |
| FrameDescription** output_; |
| |
| // Caller frame details computed from input frame. |
| intptr_t caller_frame_top_; |
| intptr_t caller_fp_; |
| intptr_t caller_pc_; |
| intptr_t caller_constant_pool_; |
| |
| // The argument count of the bottom most frame. |
| int actual_argument_count_; |
| |
| // Key for lookup of previously materialized objects. |
| intptr_t stack_fp_; |
| |
| TranslatedState translated_state_; |
| struct ValueToMaterialize { |
| Address output_slot_address_; |
| TranslatedFrame::iterator value_; |
| }; |
| std::vector<ValueToMaterialize> values_to_materialize_; |
| std::vector<ValueToMaterialize> feedback_vector_to_materialize_; |
| |
| #ifdef V8_ENABLE_CET_SHADOW_STACK |
| intptr_t* shadow_stack_ = nullptr; |
| size_t shadow_stack_count_ = 0; |
| #endif // V8_ENABLE_CET_SHADOW_STACK |
| |
| #ifdef DEBUG |
| DisallowGarbageCollection* disallow_garbage_collection_; |
| #endif // DEBUG |
| |
| // Note: This is intentionally not a unique_ptr s.t. the Deoptimizer |
| // satisfies is_standard_layout, needed for offsetof(). |
| CodeTracer::Scope* const trace_scope_; |
| |
| #if V8_ENABLE_WEBASSEMBLY && V8_TARGET_ARCH_32_BIT |
| // Needed by webassembly for lowering signatures containing i64 types. Stored |
| // as members for reuse for multiple signatures during one de-optimization. |
| std::optional<AccountingAllocator> alloc_; |
| std::optional<Zone> zone_; |
| #endif |
| #if V8_ENABLE_WEBASSEMBLY && V8_ENABLE_SANDBOX |
| // Wasm deoptimizations should not access the heap at all. All deopt data is |
| // stored off-heap. |
| std::optional<SandboxHardwareSupport::BlockAccessScope> |
| no_heap_access_during_wasm_deopt_; |
| #endif |
| |
| friend class DeoptimizedFrameInfo; |
| friend class FrameDescription; |
| friend class FrameWriter; |
| }; |
| |
| } // namespace internal |
| } // namespace v8 |
| |
| #endif // V8_DEOPTIMIZER_DEOPTIMIZER_H_ |
