1. Pre-allocated bytes are missing in function
zend_jit_assign_const_stub().
2. 'w' register should be used for macro SET_ZVAL_TYPE_INFO.
3. 'w' register should be used to load "num_args" in function
zend_jit_do_fcall().
4. Remove the local path name in test case recv_002.phpt
5. One option is disabled temporarily in [1] and several test cases
would fail, e.g. shift_right_003.phpt. I suppose new execution paths are
touched. We will support them in the near future.
[1] https://github.com/php/php-src/commit/63d673d
Opcodes FE_RESET_R and FE_FETCH_R are met for the first time. Updates in
funtions zend_jit_fe_reset() and zend_jit_fe_fetch() are made to support
them.
Besides, one new path is covered in function zend_jit_inc_dec() for
opcode POST_INC.
Opcodes for $test are:
BB0:
0000 #1.CV0($char_code) [rc1, rcn, any] = RECV 1
BB1:
0001 #2.T1 [rc1, ...] = BW_AND #1.CV0($char_code) ...
0002 #3.T2 [bool] RANGE[0..1] = BOOL_NOT #2.T1 [rc1, ...]
0003 #4.T1 [bool] RANGE[0..1] = IS_EQUAL #1.CV0($char_code) ...
0004 JMPZ #4.T1 [bool] RANGE[0..1] BB3
...
New path is covered in function zend_jit_long_math_helper() for opcode
BW_AND.
New path is covered in function zend_jit_bool_jmpznz() for opcode
BOOL_NOT.
Major changes lie in functions zend_jit_cmp(), zend_jit_cmp_slow() and
zend_jit_check_exception_undef_result() to support opocdes IS_EQUAL and
JMPZ.
Opcodes for $Test::method are:
BB0:
0000 #0.T0 [rcn, any] = FETCH_OBJ_R THIS string("prop")
0001 #1.T0 [bool] RANGE[0..1] = JMPZ_EX #0.T0 [rcn, any] BB3
BB1:
0002 #2.T1 [rcn, any] = FETCH_OBJ_R THIS string("prop")
0003 INIT_METHOD_CALL 0 #2.T1 [rcn, any] string("method2")
0004 #3.V1 [ref, rc1, rcn, any] = DO_FCALL
...
New path is covered in functions zend_jit_fetch_obj() and
zend_jit_zval_copy_deref() for FETCH_OBJ_R THIS opcode.
New path is covered in function zend_jit_init_method_call() for opcode
INIT_METHOD_CALL.
Major chagnes lie in function zend_jit_bool_jmpznz() to support opcode
JMPZ_EX.
Note that macro ZVAL_DTOR_FUNC is updated to remove the hard-coded use
of REG0.
Opcode SEND_VAR_EX used in $test and opcode ZEND_SEND_VAR_NO_REF_EX used
in $main cover two new branches in function zend_jit_send_var()
respectively.
The updates in function zend_jit_bool_jmpznz() are made to support
opcode JMPNZ_EX used in $test.
Opcodes for function $evaluate are:
BB0:
0000 ASSIGN_OBJ THIS string("evalParameters")
0001 OP_DATA array(...)
0002 INIT_NS_FCALL_BY_NAME 2 string("A\extract")
0003 CHECK_FUNC_ARG 1
0004 V1 = FETCH_OBJ_FUNC_ARG (ref) THIS string("evalParameters")
0005 SEND_FUNC_ARG V1 1
0006 T1 = FETCH_CONSTANT (unqualified-in-namespace) ...
0007 SEND_VAL_EX T1 2
0008 DO_FCALL_BY_NAME
...
Major changes are made in function zend_jit_fetch_constant() to support
FETCH_CONSTANT opcode.
Besdies, cold code is touched in functions zend_jit_check_func_arg() and
zend_jit_send_var() for opcodes CHECK_FUNC_ARG and SEND_FUNC_ARG
respectively.
Updates in function zend_jit_type_check() are made to support TYPE_CHECK
opcode for statement "is_array($type)".
New path is touched in function zend_jit_concat_helper() to support
opcode CONCAT for statement "$type ."ops"".
Besides, one new path is covered in function zend_jit_return() when
leaving.
Part of generated opcodes for $foo are:
...
BB1:
0002 INIT_FCALL 1 96 string("foo")
0003 #5.V1 [rcn, object (instanceof A)] = FETCH_THIS
0004 SEND_REF #5.V1 [rcn, object (instanceof A)] 1
0005 DO_UCALL
Updates in functions zend_jit_fetch_this() and zend_jit_load_this() are
made to support FETCH_THIS opcode.
One new path is covered in function zend_jit_send_ref() by SEND_REF
opcode.
Instructions 'cqo' + 'idiv' are used in x86 to conduct MOD operation.
Specific registers RDX:RAX are used.
We use instructions 'sdiv' + 'msub' to accomplish the equivalent
functionality[1], and there is no such contrain on registers.
Similary to left/right shift operations in the previous patches,
boundary values, i.e. the second operand is 0 or -1, are handled.
[1]
https://stackoverflow.com/questions/35351470/obtaining-remainder-using-single-aarch64-instruction
This patch supports SL opcode. The range of the second operand is
checked against 0 and 64. If the second operand is negative, exception
would be raised. If the second operand is >= 64, the result is 0.
Besides, new path in macro ZVAL_COPY_VLAUE is covered for RETURN opcode.
This test case is a big one. This patch mainly handles
smart_branch_opcode cases in function zend_jit_cmp_double_common().
Note that I failed to construct test cases to verify whether the missing
NaN check in x86 is buggy or not. One TODO is left to remind us when the
relevant code is touched.
The following opcodes would be generated for $foo:
0000 #2.CV0($test) [bool] RANGE[0..1] = RECV 1
0001 #3.CV1($x) [long] RANGE[MIN..MAX] = RECV 2
0002 JMPZ #2.CV0($test) [bool] RANGE[0..1] BB4
0003 #4.T2 [bool] ... = IS_SMALLER_OR_EQUAL int(1) #3.CV1($x) ...
0004 JMP BB5
...
The updates in function zend_jit_verify_arg_type() are made to support
RECV opcode.
The updates in function zend_jit_bool_jmpznz() are made to support JMPZ
opcode.
New path is covered in functions zend_jit_cmp() and
zend_jit_cmp_long_long() for IS_SMALLER_OR_EQUAL opcode.
'smart_branch_opcode' JMPZ is used in this test case. Similar to the
previous patch, I still didn't get why NaN check is missing for the
cases ">" and ">=". In our implementation, we add such checks.
Comparison between LONG and DOUBLE is (partially) supported in a similar
way to comparison between two LONG values. See the updates in function
zend_jit_cmp().
Key difference lies in handling NaN.
1. Instruction 'fcmp' is used to substitue 'ucomisd' in x86
implementation. Both of them raise invalid operation exception only when
either source operand is an SNaN.[1][2]
2. Parity flag is used in x86 to check whether either operand is NaN.[3]
I think this is QNaN case. As for AArch64, we use instruction 'bvs'.[4]
It's worthing noting that condition codes have different meanings for
floating-point comparions(e.g. 'fcmp')[4] compared to the
general-purpose comparisons(e.g. 'cmp').[5] For instance, 'b.hs' after
'fcmp' can check not only the cases "greater than, equal to" but also
the case "unordered"(that is NaN). We may simply treat it as a
combination of 'jae' and 'jp' in x86.
3. Instruction 'SETcc' is used in x86 for the case of ">=" or ">".
Note that flag "swap" is set in implementation, and it falls into cases
ZEND_IS_SMALLER or ZEND_IS_SMALLER_OR_EQUAL. We can use 'cset' in
AArch64.
However, it's weird that the NaN check is missing in x86. I suppose it
might be a bug. Take the case ">=" as an example. The two operands can
be either DOUBLE + LONG or DOUBLE + DOUBLE. See the relevant code where
flag "swap" is set(i.e. function zend_jit_cmp_double_long() and function
zend_jit_cmp_double_double()). For the case "NaN >= 1.0", the expected
result should be FALSE, however, JIT/x86 would produce TRUE due to the
following "setae al". Unfortunately I haven't constructed one test case
to trigger that.
In our implementation, we choose to follow the case of "<" or "<=", and
I believe our implementation is safe anyway..
4. Temporary FP register is also needed and we reserve v16. See the
updates in file zend_jit_arm64.h.
5. Macro SET_ZVAL_TYPE_INFO_FROM_REG is misused in function
zend_jit_zval_copy_deref(). The second argument should be 32-bit long
and we fix it.
Note that simple test cases involving NaN are tested locally. I believe
it would get deeper testing by cmp_003.phpt(we will support it later).
[1]
https://developer.arm.com/documentation/dui0204/f/vector-floating-point-programming/vfp-instructions/fcmp?lang=en
[2] https://www.felixcloutier.com/x86/ucomisd
[3] https://en.wikipedia.org/wiki/Parity_flag
[4]
https://community.arm.com/developer/ip-products/processors/b/processors-ip-blog/posts/condition-codes-4-floating-point-comparisons-using-vfp
[5]
https://community.arm.com/developer/ip-products/processors/b/processors-ip-blog/posts/condition-codes-1-condition-flags-and-codes
This test case is a big one. Major changes are:
1. statement "foo($obj->a)"
One new path is covered in function zend_jit_fetch_obj() for the
involved FETCH_OBJ_W opcode. See the update around label 5.
Opcode SEND_REF is used. The updates in function zend_jit_send_ref() are
made to support it. Note that macro FREE_OP is executed for the first
time. Temproray registers are passed since they are used inside. As a
result, its use sites are updated accordingly.
2. statement "$a = array()" in $foo2
One new path in function zend_jit_assign_to_variable() is covered.
3. statements involving variable $d in $bar
One new path in function zend_jit_fetch_obj() is covered. See the
updates around label 7.
Note that in macro EMALLOC, condition ZEND_DEBUG can be covered by DEBUG
build, i.e. "./configure --enable-debug".
One new path is covered inside function zend_jit_fetch_obj() due to the
use of FETCH_OBJ_R opcode. Note that function zend_jit_zval_copy_deref()
is invoked along this new path.
Updates in function zend_jit_free() are made to support FREE opcode.
Stub function zend_jit_leave_function_stub() is touched for the first
time.
Opcode ASSIGN_OBJ is generated for statement "$x->a = 1;" and one new
path in function zend_jit_assign_obj() is covered. Note that function
zend_jit_assign_to_variable_call() is invoked along this new path.
Besides, helper function zend_objects_store_del() is used as the dtor
for objects.
Opcode FETCH_DIM_RW is not touched before and the udpates in function
zend_jit_fetch_dim() and zend_jit_fetch_dimension_address_inner() are
made to support it.
Besides, one new path is covered in function zend_jit_return() when
leaving.
The opcodes for function $foo are:
0001 INIT_FCALL 1 96 string("var_dump")
0002 #2.T1 [null, long] = FETCH_DIM_R array(...) #1.CV0($n) [...]
0003 SEND_VAL #2.T1 [null, long] 1
0004 DO_ICALL
0005 RETURN null
Opcode FETCH_DIM_R is not touched before, and the updates in function
zend_jit_fetch_dim_read() are made to support it.
As different types of arguments are used for $foo, several cases in
function zend_jit_fetch_dimension_address_inner() are covered as well.
Besides, opcode DO_ICALL can reach one site of cold code in function
zend_jit_do_fcall().
1. For statement "$a->change($a = array("a" => range(1, 5)));", the
following opcodes will be generated:
0002 ASSIGN CV0($a) V1
0003 INIT_METHOD_CALL 1 CV0($a) string("change")
0004 INIT_NS_FCALL_BY_NAME 2 string("A\range")
0005 SEND_VAL_EX int(1) 1
0006 SEND_VAL_EX int(5) 2
0007 V1 = DO_FCALL_BY_NAME
The updates in function zend_jit_init_fcall(), zend_jit_send_val() and
zend_jit_do_fcall() are made to support INIT_NS_FCALL_BY_NAME,
SEND_VAL_EX and DO_FCALL_BY_NAME respectively.
2. For method $change(), opcode RECV is used to obtain the argument:
0000 #1.CV0($config) [rc1, rcn, array of [any, ref]] = RECV 1
Accordingly the updates in functions zend_jit_recv() and
zend_jit_verify_arg_type() are made.
3. For statement "array_keys($config["a"])", the following opcodes will
be generated:
0001 INIT_NS_FCALL_BY_NAME 1 string("A\array_keys")
0002 CHECK_FUNC_ARG 1
0003 #3.V1 [ref, rc1, rcn, any] = FETCH_DIM_FUNC_ARG #1.CV0($config)
... -> #2.CV0($config) [rc1, rcn, ...
0004 SEND_FUNC_ARG #3.V1 [ref, rc1, rcn, any] 1
0005 #4.V1 [ref, rc1, rcn, any] = DO_FCALL_BY_NAME
CHECK_FUNC_ARG and SEND_FUNC_ARG are not supported before. See the
updates in functions zend_jit_check_func_arg() and zend_jit_send_var().
Besides, a new path is covered in macro OBJ_RELEASE when leaving.
1. For statement "echo $a->test()", opcode INIT_METHOD_CALL is
involved. The updates in function zend_jit_init_method_call() and
zend_jit_push_call_frame() are made to support it.
2. The updates in function zend_jit_leave_func() are made to support the
RETURN opcode used in functions $closure and $test.
3. The updates in function zend_jit_assign_to_variable() are used to
support statement "$x = $arr".
4. The updates in function zend_jit_fetch_dimension_address_inner() and
zend_jit_simple_assign() are made to support statement "$x['a'] =
$closure()", where opcode ASSIGN_DIM is involved.
For function Foo(), the original handlers would be invoked for the first
two statements. And the third statement "$a = 42", where ASSIGN opcode
is involved, covers the cold code in function
zend_jit_assign_to_variable().
For function $main(), statement "var_dump(Foo::$prop);" covers a new
path in function zend_ jit_send_val() for SEND_VAL opcode.
Besides, another 2 test cases, i.e. fetch_dim_r_003.phpt and
fetch_dim_r_004.phpt, would pass as well with this patch.
There are 6 user function calls in this test cases. The first 3
functions, i.e. foo(), foo1() and foo2(), can be supported already. In
this patch, we mainly focus on foo3(). Note that based on my test, once
foo3() gets supported, the remaining functions foo4() and foo5() can
pass as well.
Regarding function foo3(), we mainly focus on statement "$array = new
ArrayObject();", and the following two opcodes are involved.
0009 V2 = NEW 0 string("ArrayObject")
0010 DO_FCALL
Accordingly, functions zend_jit_handler(), zend_jit_cond_jmp() and
zend_jit_do_fcall() are invoked to generate the machine code. See the
handling process for case ZEND_NEW at file zend_jit.c. Hence, major
changes in this patch are made to support this statement.
Note that the updates at line 4840 in function zend_jit_do_fcall() are
made to support the later internal function call, i.e. var_dump().
Note that another test "noval_001.phpt" would pass with this patch as
well.
For statement "$a = new stdClass;", opcode NEW is used and JIT would
invoke the original handler at runtime.
Our major changes are made to support statements "$a->a=1;" and
"$a->b=2;" where opcode ASSIGN_OBJ are used.
Major changes are:
1. Support opcode FETCH_DIM_W for "$arr[0][0] = $ref;" in the loop. See
the updates in function zend_jit_fetch_dim().
2. Spill the registers and store the values into memory. See the updates
in function zend_jit_spill_store(). This is done for Phi function.
3. Invoke function zend_array_destory() as dtor for arrays. This is done
by zend_jit_free_cv() when leaving the function foo().
Major changes are made to support statement "$a[0] = $unref", where
opcode ASSIGN_DIM is involved.
Besides, one bug in macro GC_DELREF is fixed. The reference count would
be further checked after decreasing in macro ZVAL_PTR_DTOR, hence,
instruction "subs" should be used to set the flags. After fixing this
bug, external function zend_jit_array_free() is used as the dtor for the
array "$a".
Hao Sun