Arm64: Ensure that csp is always aligned to 16 byte values even if jssp is not.

src/arm64/macro-assembler-arm64-inl.h

Index: src/arm64/macro-assembler-arm64-inl.h
diff --git a/src/arm64/macro-assembler-arm64-inl.h b/src/arm64/macro-assembler-arm64-inl.h
index f8286797bdb44dfa4b556072f903553326cfcc5a..058dd857a6fb3049b2c13149c964f4f1d4f65ef1 100644
--- a/src/arm64/macro-assembler-arm64-inl.h
+++ b/src/arm64/macro-assembler-arm64-inl.h
@@ -1247,29 +1247,48 @@ void MacroAssembler::Uxtw(const Register& rd, const Register& rn) {
 
 void MacroAssembler::BumpSystemStackPointer(const Operand& space) {
   ASSERT(!csp.Is(sp_));
-  // TODO(jbramley): Several callers rely on this not using scratch registers,
-  // so we use the assembler directly here. However, this means that large
-  // immediate values of 'space' cannot be handled cleanly. (Only 24-bits
-  // immediates or values of 'space' that can be encoded in one instruction are
-  // accepted.) Once we implement our flexible scratch register idea, we could
-  // greatly simplify this function.
-  InstructionAccurateScope scope(this);
-  if ((space.IsImmediate()) && !is_uint12(space.immediate())) {
-    // The subtract instruction supports a 12-bit immediate, shifted left by
-    // zero or 12 bits. So, in two instructions, we can subtract any immediate
-    // between zero and (1 << 24) - 1.
-    int64_t imm = space.immediate();
-    ASSERT(is_uint24(imm));
-
-    int64_t imm_top_12_bits = imm >> 12;
-    sub(csp, StackPointer(), imm_top_12_bits << 12);
-    imm -= imm_top_12_bits << 12;
-    if (imm > 0) {
-      sub(csp, csp, imm);
+  { InstructionAccurateScope scope(this);
+    if (!TmpList()->IsEmpty()) {
+      UseScratchRegisterScope temps(this);
+      Register temp = temps.AcquireX();
+      sub(temp, StackPointer(), space);
+      bic(temp, temp, 0xf);
+      sub(csp, temp, 0x10);
+    } else {
+      // TODO(jbramley): Several callers rely on this not using scratch

[jbramley, 2014/05/01 15:17:10]

Since we added UseScratchRegisterScope, I don't think this is true. It used to
be important so we could do `Push(..., ip0, ...)`, but we don't do that any more
unless we first acquire ip0 (making it unavailable). It might be worth checking
that now, since it would greatly simplify this function.

[rmcilroy, 2014/05/01 18:29:11]

Yes I had hoped that was true and tried it originally, however, unfortunately we
still reach here with no remaining temp registers in
LCodeGen::PushSafepointRegistersScope. 

+      // registers, so we use the assembler directly here. However, this means
+      // that large immediate values of 'space' cannot be handled cleanly. (Only
+      // 24-bits immediates or values of 'space' that can be encoded in one
+      // instruction are accepted.) Once we implement our flexible scratch
+      // register idea, we could greatly simplify this function.
+      ASSERT(space.IsImmediate());
+      // Align to 16 bytes and add 16 bytes to counteract mask of StackPointer
+      // below.
+      uint64_t imm = RoundUp(space.immediate(), 0x10) + 0x10;
+      ASSERT(is_uint24(imm));
+
+      bic(csp, StackPointer(), 0xf);

[jbramley, 2014/05/01 15:17:10]

This will generate two extra instructions (bic + sub) for every push, instead of
one (sub), so it will slow down the processors that don't care about the value
in csp. For that reason alone, I have to give this 'not lgtm'.

Could you do this change only on the affected platform? Can we detect it at
runtime? I know this kind of thing is ugly, but the csp-maintenance is
abstracted enough that we wouldn't have to have too many alternative code paths.

[rmcilroy, 2014/05/01 18:29:11]

Sure I understand your concern.  We are not yet sure whether this CL will be
necessary (it has a very big impact currently, but there may be other ways
around the issue.   I will investigate whether this can be gated on the platform
if we decide to land this.

+      if (!is_uint12(imm)) {
+        int64_t imm_top_12_bits = imm >> 12;
+        sub(csp, csp, imm_top_12_bits << 12);
+        imm -= imm_top_12_bits << 12;
+      }
+      if (imm > 0) {
+        sub(csp, csp, imm);
+      }
     }
-  } else {
-    sub(csp, StackPointer(), space);
   }
+  AssertStackConsistency();
+}
+
+
+void MacroAssembler::SyncSystemStackPointer() {

[jbramley, 2014/05/01 15:17:10]

This is never _necessary_, so it might be a good idea to
ASSERT(emit_debug_code()) just to make sure that we don't emit unnecessary code.

Also, since this is debug code, we don't need to worry about performance, and
can just Mov(csp, StackPointer()).

[rmcilroy, 2014/05/01 18:29:11]

Done.

+  ASSERT(!csp.Is(sp_));
+  { InstructionAccurateScope scope(this);
+    bic(csp, StackPointer(), 0xf);
+    sub(csp, csp, 0x10);

[jbramley, 2014/05/01 15:17:10]

Why is the sub necessary? Isn't the bic enough?

[rmcilroy, 2014/05/01 18:29:11]

You are right, the bic is enough (this is an artifact of a previous approach I
was using to align). Done.

+  }
+  AssertStackConsistency();
 }
 
 
@@ -1541,7 +1560,7 @@ void MacroAssembler::Drop(uint64_t count, uint64_t unit_size) {
     // It is safe to leave csp where it is when unwinding the JavaScript stack,
     // but if we keep it matching StackPointer, the simulator can detect memory
     // accesses in the now-free part of the stack.
-    Mov(csp, StackPointer());
+    SyncSystemStackPointer();
   }
 }
 
@@ -1563,7 +1582,7 @@ void MacroAssembler::Drop(const Register& count, uint64_t unit_size) {
     // It is safe to leave csp where it is when unwinding the JavaScript stack,
     // but if we keep it matching StackPointer, the simulator can detect memory
     // accesses in the now-free part of the stack.
-    Mov(csp, StackPointer());
+    SyncSystemStackPointer();
   }
 }
 
@@ -1585,7 +1604,7 @@ void MacroAssembler::DropBySMI(const Register& count_smi, uint64_t unit_size) {
     // It is safe to leave csp where it is when unwinding the JavaScript stack,
     // but if we keep it matching StackPointer, the simulator can detect memory
     // accesses in the now-free part of the stack.
-    Mov(csp, StackPointer());
+    SyncSystemStackPointer();
   }
 }