Support verified heap pointer writes on x64.

runtime/vm/stub_code_x64.cc

 // Copyright (c) 2013, the Dart project authors.  Please see the AUTHORS file
 // for details. All rights reserved. Use of this source code is governed by a
 // BSD-style license that can be found in the LICENSE file.
 
 #include "vm/globals.h"
 #if defined(TARGET_ARCH_X64)
 
 #include "vm/assembler.h"
 #include "vm/compiler.h"
 #include "vm/dart_entry.h"
@@ skipping 348 matching lines @@
   // RAX: newly allocated array.
   // R10: length of the array (was preserved by the stub).
   __ pushq(RAX);  // Array is in RAX and on top of stack.
   __ leaq(R12, Address(RBP, R10, TIMES_8, kParamEndSlotFromFp * kWordSize));
   __ leaq(RBX, FieldAddress(RAX, Array::data_offset()));
   // R12: address of first argument on stack.
   // RBX: address of first argument in array.
   Label loop, loop_condition;
   __ jmp(&loop_condition, Assembler::kNearJump);
   __ Bind(&loop);
-  __ movq(RAX, Address(R12, 0));
-  __ movq(Address(RBX, 0), RAX);
+  __ movq(RDI, Address(R12, 0));
+  // No generational barrier needed, since array is in new space.
+  __ StoreIntoObjectNoBarrier(RAX, Address(RBX, 0), RDI);
   __ addq(RBX, Immediate(kWordSize));
   __ subq(R12, Immediate(kWordSize));
   __ Bind(&loop_condition);
   __ decq(R10);
   __ j(POSITIVE, &loop, Assembler::kNearJump);
 }
 
 
 DECLARE_LEAF_RUNTIME_ENTRY(intptr_t, DeoptimizeCopyFrame,
                            intptr_t deopt_reason,
@@ skipping 264 matching lines @@
   // RCX: new object end address.
   // RDI: iterator which initially points to the start of the variable
   // data area to be initialized.
   __ LoadObject(R12, Object::null_object(), PP);
   __ leaq(RDI, FieldAddress(RAX, sizeof(RawArray)));
   Label done;
   Label init_loop;
   __ Bind(&init_loop);
   __ cmpq(RDI, RCX);
   __ j(ABOVE_EQUAL, &done, Assembler::kNearJump);
-  __ movq(Address(RDI, 0), R12);
+  // No generational barrier needed, since we are storing null.
+  __ StoreIntoObjectNoBarrier(RAX, Address(RDI, 0), R12);
   __ addq(RDI, Immediate(kWordSize));
   __ jmp(&init_loop, Assembler::kNearJump);
   __ Bind(&done);
   __ ret();  // returns the newly allocated object in RAX.
 
   // Unable to allocate the array using the fast inline code, just call
   // into the runtime.
   __ Bind(&slow_case);
   // Create a stub frame as we are pushing some objects on the stack before
   // calling into the runtime.
@@ skipping 212 matching lines @@
     }
 
     // Setup up number of context variables field.
     // RAX: new object.
     // R10: number of context variables as integer value (not object).
     __ movq(FieldAddress(RAX, Context::num_variables_offset()), R10);
 
     // Setup the parent field.
     // RAX: new object.
     // R10: number of context variables.
-    __ movq(FieldAddress(RAX, Context::parent_offset()), R12);
+    // No generational barrier needed, since we are storing null.
+    __ StoreIntoObjectNoBarrier(RAX,
+                                FieldAddress(RAX, Context::parent_offset()),
+                                R12);
 
     // Initialize the context variables.
     // RAX: new object.
     // R10: number of context variables.
     {
       Label loop, entry;
       __ leaq(R13, FieldAddress(RAX, Context::variable_offset(0)));
 
       __ jmp(&entry, Assembler::kNearJump);
       __ Bind(&loop);
       __ decq(R10);
-      __ movq(Address(R13, R10, TIMES_8, 0), R12);
+      // No generational barrier needed, since we are storing null.
+      __ StoreIntoObjectNoBarrier(RAX,
+                                  Address(R13, R10, TIMES_8, 0),
+                                  R12);
       __ Bind(&entry);
       __ cmpq(R10, Immediate(0));
       __ j(NOT_EQUAL, &loop, Assembler::kNearJump);
     }
 
     // Done allocating and initializing the context.
     // RAX: new object.
     __ ret();
 
     __ Bind(&slow_case);
@@ skipping 120 matching lines @@
     __ movq(R13, Immediate(heap->EndAddress(space)));
     __ cmpq(RBX, Address(R13, 0));
     if (FLAG_use_slow_path) {
       __ jmp(&slow_case);
     } else {
       __ j(ABOVE_EQUAL, &slow_case);
     }
     __ movq(Address(RCX, 0), RBX);
     __ UpdateAllocationStats(cls.id(), space);
 
-    // RAX: new object start.
+    // RAX: new object start (untagged).
     // RBX: next object start.
     // RDX: new object type arguments (if is_cls_parameterized).
     // Set the tags.
     uword tags = 0;
     tags = RawObject::SizeTag::update(instance_size, tags);
     ASSERT(cls.id() != kIllegalCid);
     tags = RawObject::ClassIdTag::update(cls.id(), tags);
     __ movq(Address(RAX, Instance::tags_offset()), Immediate(tags));
+    __ addq(RAX, Immediate(kHeapObjectTag));
 
     // Initialize the remaining words of the object.
-    // RAX: new object start.
+    // RAX: new object (tagged).
     // RBX: next object start.
     // RDX: new object type arguments (if is_cls_parameterized).
     // R12: raw null.
     // First try inlining the initialization without a loop.
     if (instance_size < (kInlineInstanceSize * kWordSize)) {
       // Check if the object contains any non-header fields.
       // Small objects are initialized using a consecutive set of writes.
       for (intptr_t current_offset = Instance::NextFieldOffset();
            current_offset < instance_size;
            current_offset += kWordSize) {
-        __ movq(Address(RAX, current_offset), R12);
+        __ StoreIntoObjectNoBarrier(RAX,
+                                    FieldAddress(RAX, current_offset),
+                                    R12);
       }
     } else {
-      __ leaq(RCX, Address(RAX, Instance::NextFieldOffset()));
+      __ leaq(RCX, FieldAddress(RAX, Instance::NextFieldOffset()));
       // Loop until the whole object is initialized.
-      // RAX: new object.
+      // RAX: new object (tagged).
       // RBX: next object start.
       // RCX: next word to be initialized.
       // RDX: new object type arguments (if is_cls_parameterized).
       Label init_loop;
       Label done;
       __ Bind(&init_loop);
       __ cmpq(RCX, RBX);
       __ j(ABOVE_EQUAL, &done, Assembler::kNearJump);
-      __ movq(Address(RCX, 0), R12);
+      __ StoreIntoObjectNoBarrier(RAX, Address(RCX, 0), R12);
       __ addq(RCX, Immediate(kWordSize));
       __ jmp(&init_loop, Assembler::kNearJump);
       __ Bind(&done);
     }
     if (is_cls_parameterized) {
       // RDX: new object type arguments.
       // Set the type arguments in the new object.
-      __ movq(Address(RAX, cls.type_arguments_field_offset()), RDX);
+      intptr_t offset = cls.type_arguments_field_offset();
+      __ StoreIntoObjectNoBarrier(RAX, FieldAddress(RAX, offset), RDX);
     }
     // Done allocating and initializing the instance.
-    // RAX: new object.
-    __ addq(RAX, Immediate(kHeapObjectTag));
+    // RAX: new object (tagged).
     __ ret();
 
     __ Bind(&slow_case);
   }
   // If is_cls_parameterized:
   // RDX: new object type arguments.
   // Create a stub frame.
   __ EnterStubFrame(true);  // Uses PP to access class object.
   __ pushq(R12);  // Setup space on stack for return value.
   __ PushObject(cls, PP);  // Push class of object to be allocated.
@@ skipping 89 matching lines @@
   if (FLAG_throw_on_javascript_int_overflow) {
     // The overflow check is more complex than implemented below.
     return;
   }
   ASSERT(num_args == 2);
   __ movq(RCX, Address(RSP, + 1 * kWordSize));  // Right
   __ movq(RAX, Address(RSP, + 2 * kWordSize));  // Left.
   __ movq(R12, RCX);
   __ orq(R12, RAX);
   __ testq(R12, Immediate(kSmiTagMask));
-  __ j(NOT_ZERO, not_smi_or_overflow, Assembler::kNearJump);
+#if defined(DEBUG)
+  const bool jump_length = Assembler::kFarJump;
+#else
+  const bool jump_length = Assembler::kNearJump;
+#endif
+  __ j(NOT_ZERO, not_smi_or_overflow, jump_length);
   switch (kind) {
     case Token::kADD: {
       __ addq(RAX, RCX);
-      __ j(OVERFLOW, not_smi_or_overflow, Assembler::kNearJump);
+      __ j(OVERFLOW, not_smi_or_overflow, jump_length);
       break;
     }
     case Token::kSUB: {
       __ subq(RAX, RCX);
-      __ j(OVERFLOW, not_smi_or_overflow, Assembler::kNearJump);
+      __ j(OVERFLOW, not_smi_or_overflow, jump_length);
       break;
     }
     case Token::kEQ: {
       Label done, is_true;
       __ cmpq(RAX, RCX);
       __ j(EQUAL, &is_true, Assembler::kNearJump);
       __ LoadObject(RAX, Bool::False(), PP);
       __ jmp(&done, Assembler::kNearJump);
       __ Bind(&is_true);
       __ LoadObject(RAX, Bool::True(), PP);
@@ skipping 21 matching lines @@
   __ Stop("Incorrect IC data");
   __ Bind(&ok);
 #endif
 
   const intptr_t count_offset = ICData::CountIndexFor(num_args) * kWordSize;
   // Update counter.
   __ movq(R8, Address(R12, count_offset));
   __ addq(R8, Immediate(Smi::RawValue(1)));
   __ movq(R9, Immediate(Smi::RawValue(Smi::kMaxValue)));
   __ cmovnoq(R9, R8);
-  __ movq(Address(R12, count_offset), R9);
+  __ StoreIntoSmiField(Address(R12, count_offset), R9);
 
   __ ret();
 }
 
 
 // Generate inline cache check for 'num_args'.
 //  RBX: Inline cache data object.
 //  TOS(0): return address
 // Control flow:
 // - If receiver is null -> jump to IC miss.
@@ skipping 121 matching lines @@
   // R12: Pointer to an IC data check group.
   const intptr_t target_offset = ICData::TargetIndexFor(num_args) * kWordSize;
   const intptr_t count_offset = ICData::CountIndexFor(num_args) * kWordSize;
   __ movq(RAX, Address(R12, target_offset));
 
   // Update counter.
   __ movq(R8, Address(R12, count_offset));
   __ addq(R8, Immediate(Smi::RawValue(1)));
   __ movq(R9, Immediate(Smi::RawValue(Smi::kMaxValue)));
   __ cmovnoq(R9, R8);
-  __ movq(Address(R12, count_offset), R9);
+  __ StoreIntoSmiField(Address(R12, count_offset), R9);
 
   __ Bind(&call_target_function);
   // RAX: Target function.
   Label is_compiled;
   __ movq(RCX, FieldAddress(RAX, Function::instructions_offset()));
   __ addq(RCX, Immediate(Instructions::HeaderSize() - kHeapObjectTag));
   __ jmp(RCX);
 
   __ Bind(&stepping);
   __ EnterStubFrame();
@@ skipping 125 matching lines @@
   __ leaq(R12, FieldAddress(R12, Array::data_offset()));
   // R12: points directly to the first ic data array element.
   const intptr_t target_offset = ICData::TargetIndexFor(0) * kWordSize;
   const intptr_t count_offset = ICData::CountIndexFor(0) * kWordSize;
 
   // Increment count for this call.
   __ movq(R8, Address(R12, count_offset));
   __ addq(R8, Immediate(Smi::RawValue(1)));
   __ movq(R9, Immediate(Smi::RawValue(Smi::kMaxValue)));
   __ cmovnoq(R9, R8);
-  __ movq(Address(R12, count_offset), R9);
+  __ StoreIntoSmiField(Address(R12, count_offset), R9);
 
   // Load arguments descriptor into R10.
   __ movq(R10, FieldAddress(RBX, ICData::arguments_descriptor_offset()));
 
   // Get function and call it, if possible.
   __ movq(RAX, Address(R12, target_offset));
   __ movq(RCX, FieldAddress(RAX, Function::instructions_offset()));
   // RCX: Target instructions.
   __ addq(RCX, Immediate(Instructions::HeaderSize() - kHeapObjectTag));
   __ jmp(RCX);
@@ skipping 402 matching lines @@
 
   __ movq(left, Address(RSP, 2 * kWordSize));
   __ movq(right, Address(RSP, 1 * kWordSize));
   GenerateIdenticalWithNumberCheckStub(assembler, left, right);
   __ ret();
 }
 
 }  // namespace dart
 
 #endif  // defined TARGET_ARCH_X64