ZJIT: Keep a frame pointer and use it for memory params #14019
Merged
+220
−111
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Previously, ZJIT miscompiled the following because of native SP
interference.
def a(n1,n2,n3,n4,n5,n6,n7,n8) = [n8]
a(0,0,0,0,0,0,0, :ok)
Commented problematic disassembly:
; call rb_ary_new_capa
mov x0, #1
mov x16, #0x1278
movk x16, #0x4bc, lsl #16
movk x16, #1, lsl #32
blr x16
; call rb_ary_push
mov x1, x0
str x1, [sp, #-0x10]! ; c_push() from alloc_regs()
mov x0, x1 ; arg0, the array
ldur x1, [sp] ; meant to be arg1=n8, but sp just moved!
mov x16, #0x3968
movk x16, #0x4bc, lsl #16
movk x16, #1, lsl #32
blr x16
Since the frame pointer stays constant in the body of the function,
static offsets based on it don't run the risk of being invalidated by SP
movements.
Pass the registers to preserve through Insn::FrameSetup. This allows ARM
to use STP and waste no gaps between EC, SP, and CFP.
x86 now preserves and restores RBP since we use it as the frame pointer.
Since all arches now have a frame pointer, remove offset based SP
movement in the epilogue and restore registers using the frame pointer.
81fc63c to
cbd7445
Compare
k0kubun
reviewed
Jul 28, 2025
| mov(cb, RBP, RSP); | ||
| push(cb, RBP); | ||
| // and to allow push and pops in the function. | ||
| &Insn::FrameSetup { preserved, mut slot_count } => { |
There was a problem hiding this comment.
To make it a bit more consistent with total_slots, I'm tempted to call it num_slots instead of slot_count.
There was a problem hiding this comment.
Ayy unless you feel strongly about this I'm going to keep it as is since I prefer noun adjective form for public-ish things like function names and field names.
k0kubun
approved these changes
Jul 28, 2025
Could you file issues for them? I'm particularly interested in how the removal of the extra frame setup works, but this PR is probably not the right place to discuss that. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
ZJIT: Keep a frame pointer and use it for memory params
Previously, ZJIT miscompiled the following because of native SP
interference.
Commented problematic disassembly:
Since the frame pointer stays constant in the body of the function,
static offsets based on it don't run the risk of being invalidated by SP
movements.
Pass the registers to preserve through Insn::FrameSetup. This allows ARM
to use STP and waste no gaps between EC, SP, and CFP.
x86 now preserves and restores RBP since we use it as the frame pointer.
Since all arches now have a frame pointer, remove offset based SP
movement in the epilogue and restore registers using the frame pointer.
Closes #14009.
Frame pointers are in fashion. This opens up a couple future optimizations. We can jump into instead of call into the body of functions in gen_entry(), which gets rid of the extra frame that bb0 sets up. It also completely gets rid of the
asm.frame_setup(&[])frame type, and the funky param write adjustment code in gen_entry(). Also, since frames modulopreserved_regsnow have identical epilogue, we can tail dedup them to save memory.