More accurate tracing JIT for RETURN with unknown return address

dstogov · dstogov · commit 9af2f0fa78d6 · 2020-05-07T22:01:59.000+03:00
diff --git a/ext/opcache/jit/zend_jit_internal.h b/ext/opcache/jit/zend_jit_internal.h
@@ -271,7 +271,6 @@ typedef struct _zend_jit_trace_rec {
 		};
 		struct {
 			union {
-				uint8_t   recursive; /* part of recursive return sequence for ZEND_JIT_TRACE_BACK */
 				int8_t    return_value_used; /* for ZEND_JIT_TRACE_ENTER */
 				uint8_t   fake; /* for ZEND_JIT_TRACE_INIT_CALL */
 			};
@@ -382,18 +381,17 @@ struct _zend_jit_trace_stack_frame {
 #define TRACE_FRAME_MASK_RETURN_VALUE_USED   0x00000008
 #define TRACE_FRAME_MASK_RETURN_VALUE_UNUSED 0x00000010
 #define TRACE_FRAME_MASK_THIS_CHECKED        0x00000020
+#define TRACE_FRAME_MASK_UNKNOWN_RETURN      0x00000040
 
 
-#define TRACE_FRAME_INIT(frame, _func, nested, num_args) do { \
+#define TRACE_FRAME_INIT(frame, _func, _flags, num_args) do { \
 		zend_jit_trace_stack_frame *_frame = (frame); \
 		_frame->call = NULL; \
 		_frame->prev = NULL; \
 		_frame->func = (const zend_function*)_func; \
 		_frame->call_level = 0; \
 		_frame->_info = (((uint32_t)(num_args)) << TRACE_FRAME_SHIFT_NUM_ARGS) & TRACE_FRAME_MASK_NUM_ARGS; \
-		if (nested) { \
-			_frame->_info |= TRACE_FRAME_MASK_NESTED; \
-		}; \
+		_frame->_info |= _flags; \
 	} while (0)
 
 #define TRACE_FRAME_RETURN_SSA_VAR(frame) \
@@ -412,6 +410,8 @@ struct _zend_jit_trace_stack_frame {
 	((frame)->_info & TRACE_FRAME_MASK_RETURN_VALUE_UNUSED)
 #define TRACE_FRAME_IS_THIS_CHECKED(frame) \
 	((frame)->_info & TRACE_FRAME_MASK_THIS_CHECKED)
+#define TRACE_FRAME_IS_UNKNOWN_RETURN(frame) \
+	((frame)->_info & TRACE_FRAME_MASK_UNKNOWN_RETURN)
 
 #define TRACE_FRAME_SET_RETURN_SSA_VAR(frame, var) do { \
 		(frame)->_info = var; \
diff --git a/ext/opcache/jit/zend_jit_trace.c b/ext/opcache/jit/zend_jit_trace.c
@@ -307,7 +307,7 @@ static int zend_jit_trace_may_exit(const zend_op_array *op_array, const zend_op
 		case ZEND_RETURN_BY_REF:
 		case ZEND_RETURN:
 			/* return */
-			return trace->op == ZEND_JIT_TRACE_BACK && trace->recursive;
+			return !JIT_G(current_frame) || TRACE_FRAME_IS_UNKNOWN_RETURN(JIT_G(current_frame));
 		default:
 			break;
 	}
@@ -2479,7 +2479,7 @@ static const void *zend_jit_trace(zend_jit_trace_rec *trace_buffer, uint32_t par
 	op_array = p->op_array;
 	frame = JIT_G(current_frame);
 	top = zend_jit_trace_call_frame(frame, op_array);
-	TRACE_FRAME_INIT(frame, op_array, 0, -1);
+	TRACE_FRAME_INIT(frame, op_array, TRACE_FRAME_MASK_UNKNOWN_RETURN, -1);
 	stack = frame->stack;
 
 	opline = ((zend_jit_trace_start_rec*)p)->opline;
@@ -3872,7 +3872,7 @@ static const void *zend_jit_trace(zend_jit_trace_rec *trace_buffer, uint32_t par
 				ZEND_ASSERT(&frame->func->op_array == op_array);
 			} else {
 				frame = zend_jit_trace_ret_frame(frame, op_array);
-				TRACE_FRAME_INIT(frame, op_array, 0, -1);
+				TRACE_FRAME_INIT(frame, op_array, TRACE_FRAME_MASK_UNKNOWN_RETURN, -1);
 				stack = frame->stack;
 				for (i = 0; i < op_array->last_var + op_array->T; i++) {
 					/* Initialize abstract stack using SSA */
@@ -3917,7 +3917,7 @@ static const void *zend_jit_trace(zend_jit_trace_rec *trace_buffer, uint32_t par
 			}
 
 			call = top;
-			TRACE_FRAME_INIT(call, p->func, 1, num_args);
+			TRACE_FRAME_INIT(call, p->func, TRACE_FRAME_MASK_NESTED, num_args);
 			call->prev = frame->call;
 			if (!p->fake) {
 				TRACE_FRAME_SET_LAST_SEND_BY_VAL(call);
diff --git a/ext/opcache/jit/zend_jit_vm_helpers.c b/ext/opcache/jit/zend_jit_vm_helpers.c
@@ -367,9 +367,8 @@ ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_jit_loop_trace_helper(ZEND_OPCODE_HAN
 		break; \
 	}
 
-#define TRACE_RECORD_BACK(_op, _recursive, _ptr) \
+#define TRACE_RECORD_BACK(_op, _ptr) \
 	trace_buffer[idx].op = _op; \
-	trace_buffer[idx].recursive = _recursive; \
 	trace_buffer[idx].ptr = _ptr; \
 	idx++; \
 	if (idx >= ZEND_JIT_TRACE_MAX_LENGTH - 1) { \
@@ -545,7 +544,7 @@ zend_jit_trace_stop ZEND_FASTCALL zend_jit_trace_execute(zend_execute_data *ex,
 	zend_execute_data *save_execute_data = execute_data;
 	const zend_op *save_opline = opline;
 #endif
-	const zend_op *orig_opline;
+	const zend_op *orig_opline, *end_opline;
 	zend_jit_trace_stop stop = ZEND_JIT_TRACE_STOP_ERROR;
 	int level = 0;
 	int ret_level = 0;
@@ -757,7 +756,7 @@ zend_jit_trace_stop ZEND_FASTCALL zend_jit_trace_execute(zend_execute_data *ex,
 							stop = ZEND_JIT_TRACE_STOP_TOO_DEEP_RET;
 							break;
 						}
-						TRACE_RECORD_BACK(ZEND_JIT_TRACE_BACK, 1, &EX(func)->op_array);
+						TRACE_RECORD_BACK(ZEND_JIT_TRACE_BACK, &EX(func)->op_array);
 						count = zend_jit_trace_recursive_ret_count(&EX(func)->op_array, unrolled_calls, ret_level);
 						if (opline == orig_opline) {
 							if (count + 1 >= ZEND_JIT_TRACE_MAX_RECURSION) {
@@ -791,7 +790,7 @@ zend_jit_trace_stop ZEND_FASTCALL zend_jit_trace_execute(zend_execute_data *ex,
 					}
 				} else {
 					level--;
-					TRACE_RECORD_BACK(ZEND_JIT_TRACE_BACK, 0, &EX(func)->op_array);
+					TRACE_RECORD_BACK(ZEND_JIT_TRACE_BACK, &EX(func)->op_array);
 				}
 			}
 #ifdef HAVE_GCC_GLOBAL_REGS
@@ -877,14 +876,17 @@ zend_jit_trace_stop ZEND_FASTCALL zend_jit_trace_execute(zend_execute_data *ex,
 		}
 	}
 
+	end_opline = opline;
 	if (!ZEND_JIT_TRACE_STOP_OK(stop)) {
 		if (backtrack_recursion > 0) {
 			idx = backtrack_recursion;
 			stop = ZEND_JIT_TRACE_STOP_RECURSIVE_CALL;
+			end_opline = orig_opline;
 		} else if (backtrack_ret_recursion > 0) {
 			idx = backtrack_ret_recursion;
 			ret_level = backtrack_ret_recursion_level;
 			stop = ZEND_JIT_TRACE_STOP_RECURSIVE_RET;
+			end_opline = orig_opline;
 		}
 	}
 
@@ -895,7 +897,7 @@ zend_jit_trace_stop ZEND_FASTCALL zend_jit_trace_execute(zend_execute_data *ex,
 		}
 	}
 
-	TRACE_END(ZEND_JIT_TRACE_END, stop, opline);
+	TRACE_END(ZEND_JIT_TRACE_END, stop, end_opline);
 
 #ifdef HAVE_GCC_GLOBAL_REGS
 	if (stop != ZEND_JIT_TRACE_STOP_HALT) {
diff --git a/ext/opcache/jit/zend_jit_x86.dasc b/ext/opcache/jit/zend_jit_x86.dasc
@@ -9477,7 +9477,7 @@ static int zend_jit_leave_func(dasm_State **Dst, const zend_op *opline, const ze
 	|9:
 	if (trace) {
 		if (trace->op != ZEND_JIT_TRACE_END
-		 && (trace->op != ZEND_JIT_TRACE_BACK || !trace->recursive)) {
+		 && (JIT_G(current_frame) && !TRACE_FRAME_IS_UNKNOWN_RETURN(JIT_G(current_frame)))) {
 			zend_jit_reset_opline(Dst, NULL);
 		} else {
 			// TODO: exception handling for tracing JIT ???
@@ -9487,9 +9487,8 @@ static int zend_jit_leave_func(dasm_State **Dst, const zend_op *opline, const ze
 
 		|8:
 
-		if (opline->opcode == ZEND_RETURN
-		 && trace->op == ZEND_JIT_TRACE_BACK
-		 && trace->recursive) {
+		if (trace->op == ZEND_JIT_TRACE_BACK
+		 && (!JIT_G(current_frame) || TRACE_FRAME_IS_UNKNOWN_RETURN(JIT_G(current_frame)))) {
 			const zend_op *next_opline = trace->opline;
 			uint32_t exit_point;
 			const void *exit_addr;

Original file line number	Diff line number	Diff line change
`@@ -367,9 +367,8 @@ ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL zend_jit_loop_trace_helper(ZEND_OPCODE_HAN`
`367`	`367`	`break; \`
`368`	`368`	`}`
`369`	`369`
`370`		`-#define TRACE_RECORD_BACK(_op, _recursive, _ptr) \`
	`370`	`+#define TRACE_RECORD_BACK(_op, _ptr) \`
`371`	`371`	`trace_buffer[idx].op = _op; \`
`372`		`- trace_buffer[idx].recursive = _recursive; \`
`373`	`372`	`trace_buffer[idx].ptr = _ptr; \`
`374`	`373`	`idx++; \`
`375`	`374`	`if (idx >= ZEND_JIT_TRACE_MAX_LENGTH - 1) { \`
`@@ -545,7 +544,7 @@ zend_jit_trace_stop ZEND_FASTCALL zend_jit_trace_execute(zend_execute_data *ex,`
`545`	`544`	`zend_execute_data *save_execute_data = execute_data;`
`546`	`545`	`const zend_op *save_opline = opline;`
`547`	`546`	`#endif`
`548`		`- const zend_op *orig_opline;`
	`547`	`+ const zend_op orig_opline, end_opline;`
`549`	`548`	`zend_jit_trace_stop stop = ZEND_JIT_TRACE_STOP_ERROR;`
`550`	`549`	`int level = 0;`
`551`	`550`	`int ret_level = 0;`
`@@ -757,7 +756,7 @@ zend_jit_trace_stop ZEND_FASTCALL zend_jit_trace_execute(zend_execute_data *ex,`
`757`	`756`	`stop = ZEND_JIT_TRACE_STOP_TOO_DEEP_RET;`
`758`	`757`	`break;`
`759`	`758`	`}`
`760`		`- TRACE_RECORD_BACK(ZEND_JIT_TRACE_BACK, 1, &EX(func)->op_array);`
	`759`	`+ TRACE_RECORD_BACK(ZEND_JIT_TRACE_BACK, &EX(func)->op_array);`
`761`	`760`	`count = zend_jit_trace_recursive_ret_count(&EX(func)->op_array, unrolled_calls, ret_level);`
`762`	`761`	`if (opline == orig_opline) {`
`763`	`762`	`if (count + 1 >= ZEND_JIT_TRACE_MAX_RECURSION) {`
`@@ -791,7 +790,7 @@ zend_jit_trace_stop ZEND_FASTCALL zend_jit_trace_execute(zend_execute_data *ex,`
`791`	`790`	`}`
`792`	`791`	`} else {`
`793`	`792`	`level--;`
`794`		`- TRACE_RECORD_BACK(ZEND_JIT_TRACE_BACK, 0, &EX(func)->op_array);`
	`793`	`+ TRACE_RECORD_BACK(ZEND_JIT_TRACE_BACK, &EX(func)->op_array);`
`795`	`794`	`}`
`796`	`795`	`}`
`797`	`796`	`#ifdef HAVE_GCC_GLOBAL_REGS`
`@@ -877,14 +876,17 @@ zend_jit_trace_stop ZEND_FASTCALL zend_jit_trace_execute(zend_execute_data *ex,`
`877`	`876`	`}`
`878`	`877`	`}`
`879`	`878`
	`879`	`+ end_opline = opline;`
`880`	`880`	`if (!ZEND_JIT_TRACE_STOP_OK(stop)) {`
`881`	`881`	`if (backtrack_recursion > 0) {`
`882`	`882`	`idx = backtrack_recursion;`
`883`	`883`	`stop = ZEND_JIT_TRACE_STOP_RECURSIVE_CALL;`
	`884`	`+ end_opline = orig_opline;`
`884`	`885`	`} else if (backtrack_ret_recursion > 0) {`
`885`	`886`	`idx = backtrack_ret_recursion;`
`886`	`887`	`ret_level = backtrack_ret_recursion_level;`
`887`	`888`	`stop = ZEND_JIT_TRACE_STOP_RECURSIVE_RET;`
	`889`	`+ end_opline = orig_opline;`
`888`	`890`	`}`
`889`	`891`	`}`
`890`	`892`
`@@ -895,7 +897,7 @@ zend_jit_trace_stop ZEND_FASTCALL zend_jit_trace_execute(zend_execute_data *ex,`
`895`	`897`	`}`
`896`	`898`	`}`
`897`	`899`
`898`		`- TRACE_END(ZEND_JIT_TRACE_END, stop, opline);`
	`900`	`+ TRACE_END(ZEND_JIT_TRACE_END, stop, end_opline);`
`899`	`901`
`900`	`902`	`#ifdef HAVE_GCC_GLOBAL_REGS`
`901`	`903`	`if (stop != ZEND_JIT_TRACE_STOP_HALT) {`