[Vm-dev] VM Maker: VMMaker.oscog-eem.1270.mcz
Clément Bera
bera.clement at gmail.com
Wed Apr 29 08:24:53 UTC 2015
Hey Eliot,
thanks for helping.
2015-04-29 2:25 GMT+02:00 Eliot Miranda <eliot.miranda at gmail.com>:
> Hi Clément,
>
> the issue with the assert fail on starting the current Sista is one of
> incorrect pc mapping. The only difference
> between SistaStackToRegisterMappingCogit and StackToRegisterMappingCogit is
> that in the Sista cogit #== is mapped, see
>
> SistaStackToRegisterMappingCogit class>>generatorTableFrom: anArray
> "Override to replace the unmapped, non-counting inlined #== with a mapped
> counting inlined #==."
> | table |
> table := super generatorTableFrom: anArray.
> table object do:
> [:descriptor|
> descriptor generator == #genSpecialSelectorEqualsEquals ifTrue:
> [descriptor
> isMapped: true;
> isMappedInBlock: true;
> needsFrameFunction: nil]].
> ^table
>
Ok I'll fix that
>
> Loking at what you've done I guess you've removed the need to map #==
> mapped, in which case the above should be deleted and #== unmapped. But
> looking at the generated code for #== followed by a jump I can't understand
> how the code works.
>
> What I see is counting instructions followed by the #== comparison, as in
>
> SistaStackToRegisterMappingCogit
> genAndDis: IdentityDictionary>>#scanFor:
> options: #( SistaVM true
> ObjectMemory Spur32BitCoMemoryManager
> MULTIPLEBYTECODESETS true
> ISA IA32
> bytecodeTableInitializer
> initializeBytecodeTableForSqueakV3PlusClosuresSistaV1Hybrid)
>
> which generates the following for the "(element := array at: index) ==
> nil" #== comparison:
>
> 000014c6: movl $0x00100098=#at:, %ecx : B9 98 00 10 00
> 000014cb: call .+0xffffefa0 (0x00000470=ceSend1Args) : E8 A0 EF FF FF
> IsSendCall bc 49/50:
> 000014d0: movl %edx, -24(%ebp) : 89 55 E8
>
> do the "executed jump" count for the following jump:
> 000014d3: movl %ds:0x40090, %edi : 8B 3D 90 00 04 00
> 000014d9: subl $0x00010000, %edi : 81 EF 00 00 01 00
> "If the count trips, jump to a second occurrence of the comparison code"
> 000014df: jb .+0x00000035 (0x00001516) : 72 35
> "write back modified count"
> 000014e1: movl %edi, %ds:0x40090 : 89 3D 90 00 04 00
>
> "do the #== nil comparison"
> 000014e7: cmpl $0x00100000=nil, %edx : 81 FA 00 00 10 00
> "jump to the #== nil being true continuation"
> 000014ed: jz .+0x00000086 (0x00001579) : 0F 84 86 00 00 00
> "fall throguh to unforwarding code given that the #== nil could be false
> because of forwarding, and it should be retried"
> 000014f3: movl %edx, %eax : 89 D0
> 000014f5: andl $0x00000003, %eax : 83 E0 03
> 000014f8: jnz .+0x0000000e (0x00001508) : 75 0E
>
> What I don't understand is if you trip the count how is the #== ever
> executed? Don't you just continue assuming the result was either true or
> false? That can't be right. So I'm confused and hence I haven't deleted
> the generatorTableFrom: method. I don't understand the code and so
> shouldn't mess with it :)
>
Ok I think you understood it at some point and you forgot :-).
Basically #== tries to use the inlined version merged with the following
branch, but if the counter trips, #== is executed in an inlined version
that ignores the branch, pushing true or false on the simulated stack, and
then the code generated for the branch uses the result of #== pushed on the
simulated stack, which calls the trampoline for the tripping counter.
Conceptually, this is the code generated for #==, if followed by branch
true, for this example:
foo
^ instVar1 == instVar2 ifTrue: [ 1 ] ifFalse: [ 2 ]
*Loading the operands*
0000146a: movl -12(%ebp), %edx : 8B 55 F4
0000146d: movl %ds:0xc(%edx), %edi : 8B 7A 0C
00001470: movl %ds:0x8(%edx), %esi : 8B 72 08
%edi <- instVar1
%esi <- instVar2
*counter logic (execution count)*
00001473: movl %ds:0x40090, %ebx : 8B 1D 90 00 04 00
%ebx <- counter value for this branch
00001479: subl $0x00010000, %ebx : 81 EB 00 00 01 00
execution count - 1
0000147f: jb .+0x00000046 (0x000014c7) : 72 46
if trip, jumps to the alternative #== which push true or false on stack for
the branch code
00001481: movl %ebx, %ds:0x40090 : 89 1D 90 00 04 00
write back the counter to the memory location
*#== followed by inlined branch version*
00001487: cmpl %edi, %esi : 39 FE
00001489: jz .+0x000000a6 (0x00001535) : 0F 84 A6 00 00 00
compare instVar1 and instVar2 and jump if equals to the branch that pushes 1
0000148f: movl %edi, %eax : 89 F8
00001491: andl $0x00000003, %eax : 83 E0 03
00001494: jnz .+0x0000000e (0x000014a4) : 75 0E
00001496: movl %ds:(%edi), %eax : 8B 07
00001498: andl $0x003ffff7, %eax : 25 F7 FF 3F 00
0000149d: jnz .+0x00000005 (0x000014a4) : 75 05
0000149f: movl %ds:0x8(%edi), %edi : 8B 7F 08
000014a2: jmp .+0xffffffe3 (0x00001487) : EB E3
000014a4: movl %esi, %eax : 89 F0
000014a6: andl $0x00000003, %eax : 83 E0 03
000014a9: jnz .+0x0000000e (0x000014b9) : 75 0E
000014ab: movl %ds:(%esi), %eax : 8B 06
000014ad: andl $0x003ffff7, %eax : 25 F7 FF 3F 00
000014b2: jnz .+0x00000005 (0x000014b9) : 75 05
000014b4: movl %ds:0x8(%esi), %esi : 8B 76 08
000014b7: jmp .+0xffffffce (0x00001487) : EB CE
forwarder checks
*counter logic (branch count)*
000014b9: subl $0x00000001, %ebx : 83 EB 01
branch count - 1
000014bc: movl %ebx, %ds:0x40090 : 89 1D 90 00 04 00
write back the counter to the memory location
000014c2: jmp .+0x00000075 (0x0000153c) : E9 75 00 00 00
The result of #== was false let's jump to the branch that pushes 2.
*We arrive here only if the counter has tripped*
000014c7: cmpl %edi, %esi : 39 FE
000014c9: jz .+0x00000031 (0x000014fc) : 74 31
000014cb: movl %edi, %eax : 89 F8
000014cd: andl $0x00000003, %eax : 83 E0 03
000014d0: jnz .+0x0000000e (0x000014e0) : 75 0E
000014d2: movl %ds:(%edi), %eax : 8B 07
000014d4: andl $0x003ffff7, %eax : 25 F7 FF 3F 00
000014d9: jnz .+0x00000005 (0x000014e0) : 75 05
000014db: movl %ds:0x8(%edi), %edi : 8B 7F 08
000014de: jmp .+0xffffffe7 (0x000014c7) : EB E7
000014e0: movl %esi, %eax : 89 F0
000014e2: andl $0x00000003, %eax : 83 E0 03
000014e5: jnz .+0x0000000e (0x000014f5) : 75 0E
000014e7: movl %ds:(%esi), %eax : 8B 06
000014e9: andl $0x003ffff7, %eax : 25 F7 FF 3F 00
000014ee: jnz .+0x00000005 (0x000014f5) : 75 05
000014f0: movl %ds:0x8(%esi), %esi : 8B 76 08
000014f3: jmp .+0xffffffd2 (0x000014c7) : EB D2
forwarder checks
000014f5: movl $0x00100008=false, %esi : BE 08 00 10 00
000014fa: jmp .+0x00000005 (0x00001501) : EB 05
000014fc: movl $0x00100010=true, %esi : BE 10 00 10 00
Inlined version of #== that answers true or false on the simulated stack.
*Now we're in the branch logic (genJumpIf), not the #== logic
(genSpecialSelectorEqualsEquals)*
00001501: movl %esi, %eax : 89 F0
Here we get true or false, or some other result if this instruction is a
fixup.
00001503: movl %ds:0x40090, %edi : 8B 3D 90 00 04 00
00001509: subl $0x00010000, %edi : 81 EF 00 00 01 00
0000150f: jb .+0x0000001d (0x0000152e) : 72 1D
00001511: movl %edi, %ds:0x40090 : 89 3D 90 00 04 00
Here is the counter logic again, if we had tripped in #==, we trip again.
00001517: subl $0x00100008=false, %eax : 2D 08 00 10 00
0000151c: jz .+0x0000001e (0x0000153c) : 74 1E
0000151e: subl $0x00000001, %edi : 83 EF 01
00001521: movl %edi, %ds:0x40090 : 89 3D 90 00 04 00
00001527: cmpl $0x00000008, %eax : 83 F8 08
0000152a: jz .+0x00000009 (0x00001535) : 74 09
0000152c: xorl %edi, %edi : 31 FF
0000152e: call .+0xfffff9e5
(0x00000f18=ceSendMustBeBooleanAddFalseTrampoline) : E8 E5 F9 FF FF
HasBytecodePC bc 19/20:
This is the trampoline for mustBeBoolean and counterTrip.
00001533: jmp .+0xffffffce (0x00001503) : EB CE
After a tripping counter, we assume the counters are reset and we jump back
to the comparison. We have to jump back to the execution count counter
logic not to confuse the branch counter logic
*Now this is the push 1, jump and push 2 logic*
00001535: pushl $0x00000003 : 68 03 00 00 00
0000153a: jmp .+0x00000005 (0x00001541) : EB 05
0000153c: pushl $0x00000005 : 68 05 00 00 00
Here the two branches push 1 and 2 on stack
00001541: popl %edx : 5A
00001542: movl %ebp, %esp : 89 EC
00001544: popl %ebp : 5D
00001545: ret $0x0004 : C2 04 00
Return
Everything looks correct to me. The case you showed includes a and: so
there's the additional fixup, I can't explain here because the code is
twice longer and hard to follow, but I believe it is also correct.
>
> On Tue, Apr 28, 2015 at 5:12 PM, <commits at source.squeak.org> wrote:
>
>>
>> Eliot Miranda uploaded a new version of VMMaker to project VM Maker:
>> http://source.squeak.org/VMMaker/VMMaker.oscog-eem.1270.mcz
>>
>> ==================== Summary ====================
>>
>> Name: VMMaker.oscog-eem.1270
>> Author: eem
>> Time: 28 April 2015, 5:11:29.049 pm
>> UUID: a6737c7e-fb6b-4fe9-a44e-6b01396cff34
>> Ancestors: VMMaker.oscog-eem.1269
>>
>> Nuke obsolete printMcpc:Bcpc:on:
>>
>> Correct SistaStackToRegisterMappingCogit>>genJumpIf:to:
>> to reload counterReg instead of saving and
>> restoring it around counter callback trampoline.
>>
>> =============== Diff against VMMaker.oscog-eem.1269 ===============
>>
>> Item was removed:
>> - ----- Method: Cogit>>printMcpc:Bcpc:on: (in category 'method map') -----
>> - printMcpc: mcpc Bcpc: bcpc on: aStream
>> - <doNotGenerate>
>> - aStream ensureCr.
>> - mcpc printOn: aStream base: 16.
>> - aStream space; tab; print: bcpc; cr; flush.
>> - ^0!
>>
>> Item was changed:
>> ----- Method: SistaStackToRegisterMappingCogit>>genJumpIf:to: (in
>> category 'bytecode generator support') -----
>> genJumpIf: boolean to: targetBytecodePC
>> "The heart of performance counting in Sista. Conditional
>> branches are 6 times less
>> frequent than sends and can provide basic block frequencies
>> (send counters can't).
>> Each conditional has a 32-bit counter split into an upper 16
>> bits counting executions
>> and a lower half counting untaken executions of the branch.
>> Executing the branch
>> decrements the upper half, tripping if the count goes negative.
>> Not taking the branch
>> decrements the lower half. N.B. We *do not* eliminate dead
>> branches (true ifTrue:/true ifFalse:)
>> so that scanning for send and branch data is simplified and that
>> branch data is correct."
>> <inline: false>
>> | desc ok counterAddress countTripped retry counterReg |
>> <var: #ok type: #'AbstractInstruction *'>
>> <var: #desc type: #'CogSimStackEntry *'>
>> <var: #retry type: #'AbstractInstruction *'>
>> <var: #countTripped type: #'AbstractInstruction *'>
>>
>> (coInterpreter isOptimizedMethod: methodObj) ifTrue: [ ^ super
>> genJumpIf: boolean to: targetBytecodePC ].
>>
>> self ssFlushTo: simStackPtr - 1.
>> desc := self ssTop.
>> self ssPop: 1.
>> desc popToReg: TempReg.
>> +
>> -
>> "We prefer calleeSaved to avoid saving it across the trap trip
>> trampoline"
>> counterReg := self
>> allocateRegPreferringCalleeSavedNotConflictingWith: 0.
>> retry := self Label.
>> self
>> genExecutionCountLogicInto: [ :cAddress :countTripBranch |
>> counterAddress := cAddress.
>> countTripped := countTripBranch ]
>> counterReg: counterReg.
>> counterIndex := counterIndex + 1.
>> +
>> -
>> "Cunning trick by LPD. If true and false are contiguous subtract
>> the smaller.
>> Correct result is either 0 or the distance between them. If
>> result is not 0 or
>> their distance send mustBeBoolean."
>> self assert: (objectMemory objectAfter: objectMemory falseObject)
>> = objectMemory trueObject.
>> self annotate: (self SubCw: boolean R: TempReg) objRef: boolean.
>> self JumpZero: (self ensureFixupAt: targetBytecodePC - initialPC).
>>
>> self genFallsThroughCountLogicCounterReg: counterReg
>> counterAddress: counterAddress.
>>
>> self CmpCq: (boolean == objectMemory falseObject
>> ifTrue: [objectMemory trueObject
>> - objectMemory falseObject]
>> ifFalse: [objectMemory
>> falseObject - objectMemory trueObject])
>> R: TempReg.
>> ok := self JumpZero: 0.
>> self MoveCq: 0 R: counterReg. "if counterReg is 0 this is a
>> mustBeBoolean, not a counter trip."
>> +
>> + self flag: 'Hi Clément. You can''t just save things to the
>> Smalltalk stack. You can /only/ save things that execution expects to be
>> there on a context''s stack, because this frame may get mapped to a context
>> object and then back, and gc''ed etc. The counter reg does not contain an
>> object so is a complete no-no on the Smalltalk stack. On the C stack in
>> the trampoline is OK, not on the Smalltalk stack in method execution. So
>> instead of saving and restoring the counterReg around the call, something
>> we can''t do, we can reload it after the call'.
>> + false ifTrue:
>> + ["If counterReg is caller saved then save it"
>> + (self register: counterReg isInMask: callerSavedRegMask)
>> ifTrue: [ self PushR: counterReg ]].
>> +
>> -
>> - "If counterReg is caller saved then save it"
>> - (self register: counterReg isInMask: callerSavedRegMask) ifTrue:
>> [ self PushR: counterReg ].
>> -
>> countTripped jmpTarget:
>> (self CallRT: (boolean == objectMemory falseObject
>> ifTrue:
>> [ceSendMustBeBooleanAddFalseTrampoline]
>> ifFalse:
>> [ceSendMustBeBooleanAddTrueTrampoline])).
>>
>> "If we're in an image which hasn't got the Sista code loaded then
>> the ceCounterTripped:
>> trampoline will return directly to machine code, returning the
>> boolean. So the code should
>> jump back to the retry point. The trampoline makes sure that
>> TempReg has been reloaded."
>> self annotateBytecode: self Label.
>> +
>> + self flag: 'see above'.
>> + false ifTrue:
>> + ["If counterReg is caller saved then restore it"
>> + (self register: counterReg isInMask: callerSavedRegMask)
>> ifTrue: [ self PopR: counterReg ]].
>> +
>> + "Note we /can't/ save and restore the counterReg's contents
>> around the call since the stack can
>> + only contain what an interpreted context's stack would contain
>> at the corresponding point. The
>> + counter is not an object, so can't be written to the stack.
>> Hence we reload it after the call."
>> + self MoveAw: counterAddress R: counterReg.
>> +
>> -
>> - "If counterReg is caller saved then restore it"
>> - (self register: counterReg isInMask: callerSavedRegMask) ifTrue:
>> [ self PopR: counterReg ].
>> -
>> self Jump: retry.
>> ok jmpTarget: self Label.
>> ^0!
>>
>> Item was removed:
>> - ----- Method: SistaStackToRegisterMappingCogit>>printMcpc:Bcpc:on: (in
>> category 'method map') -----
>> - printMcpc: mcpc Bcpc: bcpc on: aStream
>> - <doNotGenerate>
>> - self shouldNotImplement!
>>
>>
>
>
> --
> best,
> Eliot
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/vm-dev/attachments/20150429/c1a4da11/attachment-0001.htm
More information about the Vm-dev
mailing list