+use std::cell::Cell;

+/// Ephemeral code generation state.

+/// Represents a [core::Block] while we build it.

+ /// Instruction sequence for the compiling block

+ /// The iseq index of the first instruction in the block

+ starting_insn_idx: IseqIdx,

+

+ /// The [Context] entering into the first instruction of the block

+ starting_ctx: Context,

+

+ /// The placement for the machine code of the [Block]

+ output_ptr: CodePtr,

+ /// Index of the current instruction being compiled

+ insn_idx: IseqIdx,

+

+ /// Opcode for the instruction being compiled

+ /// PC of the instruction being compiled

+ /// Side exit to the instruction being compiled. See :side-exit:.

+ /// Execution context when compilation started

+ /// This allows us to peek at run-time values

+ /// The outgoing branches the block will have

+ pub pending_outgoing: Vec<PendingBranchRef>,

+

+ // --- Fields for block invalidation and invariants tracking below:

+ // Public mostly so into_block defined in the sibling module core

+ // can partially move out of Self.

+ /// Whether we need to record the code address at

+ /// the end of this bytecode instruction for global invalidation

+ pub record_boundary_patch_point: bool,

+ /// Code for immediately exiting upon entry to the block.

+ /// Required for invalidation.

+ pub block_entry_exit: Option<CodePtr>,

+

+ /// A list of callable method entries that must be valid for the block to be valid.

+ pub method_lookup_assumptions: Vec<CmePtr>,

+

+ /// A list of basic operators that not be redefined for the block to be valid.

+ pub bop_assumptions: Vec<(RedefinitionFlag, ruby_basic_operators)>,

+

+ /// A list of constant expression path segments that must have

+ /// not been written to for the block to be valid.

+ pub stable_constant_names_assumption: Option<*const ID>,

+

+ /// When true, the block is valid only when there is a total of one ractor running

+ pub block_assumes_single_ractor: bool,

+ pub fn new(blockid: BlockId, starting_ctx: Context, output_ptr: CodePtr, ec: EcPtr) -> Self {

+ iseq: blockid.iseq,

+ starting_insn_idx: blockid.idx,

+ starting_ctx,

+ output_ptr,

+ pending_outgoing: vec![],

+ block_entry_exit: None,

+ method_lookup_assumptions: vec![],

+ bop_assumptions: vec![],

+ stable_constant_names_assumption: None,

+ block_assumes_single_ractor: false,

+ pub fn get_insn_idx(&self) -> IseqIdx {

+ pub fn get_starting_insn_idx(&self) -> IseqIdx {

+ self.starting_insn_idx

+ }

+

+ pub fn get_block_entry_exit(&self) -> Option<CodePtr> {

+ self.block_entry_exit

+ }

+

+ pub fn get_starting_ctx(&self) -> Context {

+ self.starting_ctx.clone()

+ }

+

+ pub fn assume_method_lookup_stable(&mut self, ocb: &mut OutlinedCb, cme: CmePtr) {

+ jit_ensure_block_entry_exit(self, ocb);

+ self.method_lookup_assumptions.push(cme);

+ }

+

+ pub fn assume_stable_constant_names(&mut self, ocb: &mut OutlinedCb, id: *const ID) {

+ jit_ensure_block_entry_exit(self, ocb);

+ self.stable_constant_names_assumption = Some(id);

+ pub fn queue_outgoing_branch(&mut self, branch: PendingBranchRef) {

+ self.pending_outgoing.push(branch)

+ if jit.block_entry_exit.is_some() {

+ let block_starting_context = &jit.get_starting_ctx();

+

+ if jit.insn_idx == jit.starting_insn_idx {

+ let entry_exit = get_side_exit(jit, ocb, block_starting_context).unwrap_code_ptr();

+ jit.block_entry_exit = Some(entry_exit);

+ let block_entry_pc = unsafe { rb_iseq_pc_at_idx(jit.iseq, jit.starting_insn_idx.into()) };

+ jit.block_entry_exit = Some(gen_outlined_exit(block_entry_pc, block_starting_context, ocb));

+ // Save machine code placement of the block. `cb` might page switch when we

+ // generate code in `ocb`.

+ let block_start_addr = cb.get_write_ptr();

+

+ let mut jit = JITState::new(blockid, ctx.clone(), cb.get_write_ptr(), ec);

+ if opcode == YARVINSN_opt_getconstant_path.as_usize() && insn_idx > jit.starting_insn_idx {

+ // If this is the first instruction in the block, then

+ // the entry address is the address for block_entry_exit

+ if insn_idx == jit.starting_insn_idx {

+ jit.block_entry_exit = Some(jit.output_ptr);

+ let end_insn_idx = insn_idx;

+ // We currently can't handle cases where the request is for a block that

+ // doesn't go to the next instruction in the same iseq.

+ assert!(!jit.record_boundary_patch_point);

+ // Pad the block if it has the potential to be invalidated

+ if jit.block_entry_exit.is_some() {

+ asm.pad_inval_patch();

+ // Compile code into the code block

+ let gc_offsets = asm.compile(cb);

+ let end_addr = cb.get_write_ptr();

+ Ok(jit.into_block(end_insn_idx, block_start_addr, end_addr, gc_offsets))

+ BranchGenFn::BranchIf(Cell::new(BranchShape::Default)),

+ BranchGenFn::BranchUnless(Cell::new(BranchShape::Default)),

+ BranchGenFn::BranchNil(Cell::new(BranchShape::Default)),

+ jit.assume_method_lookup_stable(ocb, target_cme);

+ jit.assume_method_lookup_stable(ocb, cme);

+ jit.assume_method_lookup_stable(ocb, cme);

+ jit.assume_method_lookup_stable(ocb, me);

+ jit.assume_method_lookup_stable(ocb, cme);

+ jit.assume_stable_constant_names(ocb, idlist);

+ JITState::new(

+ BlockId { iseq: std::ptr::null(), idx: 0 },

+ Context::default(),

+ cb.get_write_ptr(),

+ ptr::null(), // No execution context in tests. No peeking!

+ ),

+//! Code versioning, retained live control flow graph mutations, type tracking, etc.

+use std::fmt;

+use std::ops::Range;

+use std::rc::Rc;

+use mem::MaybeUninit;

+use std::ptr;

+use ptr::NonNull;

+use crate::invariants::*;

+/// An index into `ISEQ_BODY(iseq)->iseq_encoded`. Points

+/// to a YARV instruction or an instruction operand.

+pub type IseqIdx = u16;

+

+#[derive(Clone, Debug, Eq, PartialEq)]

+ BranchIf(Cell<BranchShape>),

+ BranchNil(Cell<BranchShape>),

+ BranchUnless(Cell<BranchShape>),

+ JumpToTarget0(Cell<BranchShape>),

+ pub fn call(&self, asm: &mut Assembler, target0: CodePtr, target1: Option<CodePtr>) {

+ match shape.get() {

+ match shape.get() {

+ match shape.get() {

+ if shape.get() == BranchShape::Next1 {

+ if shape.get() == BranchShape::Default {

+ pub fn get_shape(&self) -> BranchShape {

+ BranchGenFn::JumpToTarget0(shape) => shape.get(),

+ pub fn set_shape(&self, new_shape: BranchShape) {

+ shape.set(new_shape);

+ shape.set(new_shape);

+#[derive(Debug, Clone)]

+ BranchTarget::Block(blockref) => Some(unsafe { blockref.as_ref() }.start_addr),

+ BranchTarget::Stub(stub) => BlockId { iseq: stub.iseq.get(), idx: stub.iseq_idx },

+ BranchTarget::Block(blockref) => unsafe { blockref.as_ref() }.get_blockid(),

+ BranchTarget::Block(blockref) => unsafe { blockref.as_ref() }.ctx.clone(),

+ BranchTarget::Block(blockref) => Some(*blockref),

+ fn set_iseq(&self, iseq: IseqPtr) {

+ BranchTarget::Stub(stub) => stub.iseq.set(iseq),

+ BranchTarget::Block(blockref) => unsafe { blockref.as_ref() }.iseq.set(iseq),

+#[derive(Debug, Clone)]

+ iseq: Cell<IseqPtr>,

+ iseq_idx: IseqIdx,

+ start_addr: CodePtr,

+ end_addr: Cell<CodePtr>, // exclusive

+ targets: [Cell<Option<Box<BranchTarget>>>; 2],

+/// A [Branch] for a [Block] that is under construction.

+/// Fields correspond, but may be `None` during construction.

+pub struct PendingBranch {

+ /// Allocation holder for the address of the constructed branch

+ /// in error paths Box deallocates it.

+ uninit_branch: Box<MaybeUninit<Branch>>,

+

+ /// Branch code generation function

+ gen_fn: BranchGenFn,

+

+ /// Positions where the generated code starts and ends

+ start_addr: Cell<Option<CodePtr>>,

+ end_addr: Cell<Option<CodePtr>>, // exclusive

+

+ /// Branch target blocks and their contexts

+ targets: [Cell<Option<Box<BranchTarget>>>; 2],

+}

+

+ (self.end_addr.get().raw_ptr() as usize) - (self.start_addr.raw_ptr() as usize)

+ unsafe {

+ self.targets[target_idx]

+ .ref_unchecked()

+ .as_ref()

+ .and_then(|target| target.get_address())

+ }

+ for target in self.targets.iter() {

+ if unsafe {

+ // SAFETY: no mutation

+ matches!(

+ target.ref_unchecked().as_ref().map(Box::as_ref),

+ Some(BranchTarget::Stub(_))

+ )

+ } {

+impl std::fmt::Debug for Branch {

+ // Can't derive this because `targets: !Copy` due to Cell.

+ fn fmt(&self, formatter: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {

+ let targets = unsafe {

+ // SAFETY:

+ // While the references are live for the result of this function,

+ // no mutation happens because we are only calling derived fmt::Debug functions.

+ [self.targets[0].as_ptr().as_ref().unwrap(), self.targets[1].as_ptr().as_ref().unwrap()]

+ };

+

+ formatter

+ .debug_struct("Branch")

+ .field("block", &self.block)

+ .field("start", &self.start_addr)

+ .field("end", &self.end_addr)

+ .field("targets", &targets)

+ .field("gen_fn", &self.gen_fn)

+ .finish()

+ }

+}

+

+impl PendingBranch {

+ /// Set up a branch target at `target_idx`. Find an existing block to branch to

+ /// or generate a stub for one.

+ fn set_target(

+ &self,

+ target_idx: u32,

+ target: BlockId,

+ ctx: &Context,

+ ocb: &mut OutlinedCb,

+ ) -> Option<CodePtr> {

+ // If the block already exists

+ if let Some(blockref) = find_block_version(target, ctx) {

+ let block = unsafe { blockref.as_ref() };

+

+ // Fill out the target with this block

+ self.targets[target_idx.as_usize()]

+ .set(Some(Box::new(BranchTarget::Block(blockref))));

+ return Some(block.start_addr);

+ }

+

+ // The branch struct is uninitialized right now but as a stable address.

+ // We make sure the stub runs after the branch is initialized.

+ let branch_struct_addr = self.uninit_branch.as_ptr() as usize;

+ let stub_addr = gen_call_branch_stub_hit(ocb, branch_struct_addr, target_idx);

+

+ if let Some(stub_addr) = stub_addr {

+ // Fill the branch target with a stub

+ self.targets[target_idx.as_usize()].set(Some(Box::new(BranchTarget::Stub(Box::new(BranchStub {

+ address: Some(stub_addr),

+ iseq: Cell::new(target.iseq),

+ iseq_idx: target.idx,

+ ctx: ctx.clone(),

+ })))));

+ }

+

+ stub_addr

+ }

+

+ // Construct the branch and wire it up in the grpah

+ fn into_branch(mut self, uninit_block: BlockRef) -> BranchRef {

+ // Make the branch

+ let branch = Branch {

+ block: uninit_block,

+ start_addr: self.start_addr.get().unwrap(),

+ end_addr: Cell::new(self.end_addr.get().unwrap()),

+ targets: self.targets,

+ gen_fn: self.gen_fn,

+ };

+ // Move it to the designated place on

+ // the heap and unwrap MaybeUninit.

+ self.uninit_branch.write(branch);

+ let raw_branch: *mut MaybeUninit<Branch> = Box::into_raw(self.uninit_branch);

+ let branchref = NonNull::new(raw_branch as *mut Branch).expect("no null from Box");

+

+ // SAFETY: just allocated it

+ let branch = unsafe { branchref.as_ref() };

+ // For block branch targets, put the new branch in the

+ // appropriate incoming list.

+ for target in branch.targets.iter() {

+ // SAFETY: no mutation

+ let out_block: Option<BlockRef> = unsafe {

+ target.ref_unchecked().as_ref().and_then(|target| target.get_block())

+ };

+

+ if let Some(out_block) = out_block {

+ // SAFETY: These blockrefs come from set_target() which only puts blocks from

+ // ISeqs, which are all initialized. Note that uninit_block isn't in any ISeq

+ // payload yet.

+ unsafe { out_block.as_ref() }.incoming.push(branchref);

+ }

+ }

+

+ branchref

+ }

+}

+

+#[derive(Debug)]

+ // The byte code instruction sequence this is a version of.

+ // Can change due to moving GC.

+ iseq: Cell<IseqPtr>,

+ // Index range covered by this version in `ISEQ_BODY(iseq)->iseq_encoded`.

+ iseq_range: Range<IseqIdx>,

+ end_addr: Cell<CodePtr>,

+ incoming: MutableBranchList,

+ cme_dependencies: Box<[Cell<CmePtr>]>,

+ entry_exit: Option<CodePtr>,

+}

+

+/// Pointer to a [Block].

+///

+/// # Safety

+///

+/// _Never_ derive a `&mut Block` from this and always use

+/// [std::ptr::NonNull::as_ref] to get a `&Block`. `&'a mut`

+/// in Rust asserts that there are no other references live

+/// over the lifetime `'a`. This uniqueness assertion does

+/// not hold in many situations for us, even when you ignore

+/// the fact that our control flow graph can have cycles.

+/// Here are just two examples where we have overlapping references:

+/// - Yielding to a different OS thread within the same

+/// ractor during compilation

+/// - The GC calling [rb_yjit_iseq_mark] during compilation

+///

+/// Technically, for soundness, we also need to ensure that

+/// the we have the VM lock while the result of `as_ref()`

+/// is live, so that no deallocation happens while the

+/// shared reference is live. The vast majority of our code run while

+/// holding the VM lock, though.

+pub type BlockRef = NonNull<Block>;

+

+/// Pointer to a [Branch]. See [BlockRef] for notes about

+/// proper usage.

+pub type BranchRef = NonNull<Branch>;

+/// [Interior mutability][1] wrapper for a list of branches.

+/// O(n) insertion, but space efficient. We generally expect

+/// blocks to have only a few branches.

+///

+/// [1]: https://doc.rust-lang.org/std/cell/struct.UnsafeCell.html

+#[repr(transparent)]

+struct MutableBranchList(Cell<Box<[BranchRef]>>);

+impl MutableBranchList {

+ fn push(&self, branch: BranchRef) {

+ // Temporary move the boxed slice out of self.

+ // oom=abort is load bearing here...

+ let mut current_list = self.0.take().into_vec();

+ current_list.push(branch);

+ self.0.set(current_list.into_boxed_slice());

+impl fmt::Debug for MutableBranchList {

+ fn fmt(&self, formatter: &mut fmt::Formatter<'_>) -> fmt::Result {

+ // SAFETY: the derived Clone for boxed slices does not mutate this Cell

+ let branches = unsafe { self.0.ref_unchecked().clone() };

+ formatter.debug_list().entries(branches.into_iter()).finish()

+ // Free all blocks in version_map. The GC doesn't free running iseqs.

+ // SAFETY: blocks in the version_map are always well connected

+ unsafe { free_block(*block, true) };

+

+ // Free dead blocks

+ for block in payload.dead_blocks {

+ unsafe { free_block(block, false) };

+ }

+

+ // Increment the freed iseq count

+ incr_counter!(freed_iseq_count);

+ // SAFETY: all blocks inside version_map are initialized.

+ let block = unsafe { block.as_ref() };

+ unsafe { rb_gc_mark_movable(block.iseq.get().into()) };

+ for cme_dep in block.cme_dependencies.iter() {

+ unsafe { rb_gc_mark_movable(cme_dep.get().into()) };

+ let branch = unsafe { branch.as_ref() };

+ for target in branch.targets.iter() {

+ // SAFETY: no mutation inside unsafe

+ let target_iseq = unsafe { target.ref_unchecked().as_ref().map(|target| target.get_blockid().iseq) };

+

+ if let Some(target_iseq) = target_iseq {

+ unsafe { rb_gc_mark_movable(target_iseq.into()) };

+ }

+ // SAFETY: all blocks inside version_map are initialized

+ let block = unsafe { version.as_ref() };

+ block.iseq.set(unsafe { rb_gc_location(block.iseq.get().into()) }.as_iseq());

+ for cme_dep in block.cme_dependencies.iter() {

+ let cur_cme: VALUE = cme_dep.get().into();

+ let new_cme = unsafe { rb_gc_location(cur_cme) }.as_cme();

+ cme_dep.set(new_cme);

+ for branch in block.outgoing.iter() {

+ let branch = unsafe { branch.as_ref() };

+ for target in branch.targets.iter() {

+ // SAFETY: no mutation inside unsafe

+ let current_iseq = unsafe { target.ref_unchecked().as_ref().map(|target| target.get_blockid().iseq) };

+

+ if let Some(current_iseq) = current_iseq {

+ let updated_iseq = unsafe { rb_gc_location(current_iseq.into()) }

+ .as_iseq();

+ // SAFETY: the Cell::set is not on the reference given out

+ // by ref_unchecked.

+ unsafe { target.ref_unchecked().as_ref().unwrap().set_iseq(updated_iseq) };

+ }

+ blocks.push(*version);

+ for blockref in versions.iter() {

+ let block = unsafe { blockref.as_ref() };

+

+ best_version = Some(*blockref);

+/// Install a block version into its [IseqPayload], letting the GC track its

+/// lifetime, and allowing it to be considered for use for other

+/// blocks we might generate. Uses `cb` for running write barriers.

+///

+/// # Safety

+///

+/// The block must be fully initialized. Its incoming and outgoing edges,

+/// if there are any, must point to initialized blocks, too.

+///

+/// Note that the block might gain edges after this function returns,

+/// as can happen during [gen_block_series]. Initialized here doesn't mean

+/// ready to be consumed or that the machine code tracked by the block is

+/// ready to be run.

+///

+/// Due to this transient state where a block is tracked by the GC by

+/// being inside an [IseqPayload] but not ready to be executed, it's

+/// generally unsound to call any Ruby methods during codegen. That has

+/// the potential to run blocks which are not ready.

+unsafe fn add_block_version(blockref: BlockRef, cb: &CodeBlock) {

+ // SAFETY: caller ensures initialization

+ let block = unsafe { blockref.as_ref() };

+ assert!(!(block.iseq_range.start == 0 && block.ctx.stack_size > 0));

+ let version_list = get_or_create_version_list(block.get_blockid());

+ version_list.push(blockref);

+ let iseq: VALUE = block.iseq.get().into();

+ for dep in block.iter_cme_deps() {

+ let iseq_payload = get_iseq_payload(block.iseq.get()).unwrap();

+ for page in cb.addrs_to_pages(block.start_addr, block.end_addr.get()) {

+ let block = unsafe { blockref.as_ref() };

+ let version_list = match get_version_list(block.get_blockid()) {

+impl JITState {

+ // Finish compiling and turn a jit state into a block

+ // note that the block is still not in shape.

+ pub fn into_block(self, end_insn_idx: IseqIdx, start_addr: CodePtr, end_addr: CodePtr, gc_obj_offsets: Vec<u32>) -> BlockRef {

+ // Allocate the block and get its pointer

+ let blockref: *mut MaybeUninit<Block> = Box::into_raw(Box::new(MaybeUninit::uninit()));

+ incr_counter_by!(num_gc_obj_refs, gc_obj_offsets.len());

+

+ // Make the new block

+ let block = MaybeUninit::new(Block {

+ iseq: Cell::new(self.get_iseq()),

+ iseq_range: self.get_starting_insn_idx()..end_insn_idx,

+ ctx: self.get_starting_ctx(),

+ end_addr: Cell::new(end_addr),

+ incoming: MutableBranchList(Cell::default()),

+ gc_obj_offsets: gc_obj_offsets.into_boxed_slice(),

+ entry_exit: self.get_block_entry_exit(),

+ cme_dependencies: self.method_lookup_assumptions.into_iter().map(Cell::new).collect(),

+ // Pending branches => actual branches

+ outgoing: self.pending_outgoing.into_iter().map(|pending_out| {

+ let pending_out = Rc::try_unwrap(pending_out)

+ .ok().expect("all PendingBranchRefs should be unique when ready to construct a Block");

+ pending_out.into_branch(NonNull::new(blockref as *mut Block).expect("no null from Box"))

+ }).collect()

+ });

+ // Initialize it on the heap

+ // SAFETY: allocated with Box above

+ unsafe { ptr::write(blockref, block) };

+ // Block is initialized now. Note that MaybeUnint<T> has the same layout as T.

+ let blockref = NonNull::new(blockref as *mut Block).expect("no null from Box");

+ // Track all the assumptions the block makes as invariants

+ if self.block_assumes_single_ractor {

+ track_single_ractor_assumption(blockref);

+ }

+ for bop in self.bop_assumptions {

+ track_bop_assumption(blockref, bop);

+ }

+ // SAFETY: just allocated it above

+ for cme in unsafe { blockref.as_ref() }.cme_dependencies.iter() {

+ track_method_lookup_stability_assumption(blockref, cme.get());

+ }

+ if let Some(idlist) = self.stable_constant_names_assumption {

+ track_stable_constant_names_assumption(blockref, idlist);

+ }

+

+ blockref

+}

+impl Block {

+ pub fn get_blockid(&self) -> BlockId {

+ BlockId { iseq: self.iseq.get(), idx: self.iseq_range.start }

+ pub fn get_end_idx(&self) -> IseqIdx {

+ self.iseq_range.end

+ // SAFETY: &self implies it's initialized

+ count += unsafe { branch.as_ref() }.get_stub_count();

+ pub fn get_end_addr(&self) -> CodePtr {

+ self.end_addr.get()

+ pub fn iter_cme_deps(&self) -> impl Iterator<Item = CmePtr> + '_ {

+ self.cme_dependencies.iter().map(Cell::get)

+ fn push_incoming(&self, branch: BranchRef) {

+ (self.end_addr.get().into_usize()) - (self.start_addr.into_usize())

+ batch.push(first_block); // Keep track of this block version

+ unsafe { add_block_version(first_block, cb) };

+ let mut last_blockref = first_block;

+ let last_block = unsafe { last_blockref.as_ref() };

+ Some(branch) => *branch,

+ let last_branch = unsafe { last_branchref.as_ref() };

+

+ incr_counter!(block_next_count);

+ // SAFETY: no mutation inside the unsafe block

+ let (requested_blockid, requested_ctx) = unsafe {

+ match (last_branch.targets[0].ref_unchecked(), last_branch.targets[1].ref_unchecked()) {

+ (Some(last_target), None) if last_target.get_address().is_none() => {

+ (last_target.get_blockid(), last_target.get_ctx())

+ }

+ _ => {

+ // We're done when no fallthrough block is requested

+ break;

+ }

+ }

+ for blockref in batch {

+ remove_block_version(&blockref);

+ // SAFETY: block was well connected because it was in a version_map

+ unsafe { free_block(blockref, false) };

+ unsafe { add_block_version(new_blockref, cb) };

+ last_branch.targets[0].set(Some(Box::new(BranchTarget::Block(new_blockref))));

+ unsafe { new_blockref.as_ref().incoming.push(last_branchref) };

+ batch.push(new_blockref);

+ let iseq_location = iseq_get_location(blockid.iseq, blockid.idx);

+ let last_block = unsafe { last_blockref.as_ref() };

+ let iseq_range = &last_block.iseq_range;

+ println!("Compiling {} block(s) for {}, ISEQ offsets [{}, {})", batch.len(), iseq_location, iseq_range.start, iseq_range.end);

+ print!("{}", disasm_iseq_insn_range(blockid.iseq, iseq_range.start, iseq_range.end));

+ let block = unsafe { block.as_ref() };

+ if block.iseq_range.is_empty() {

+fn regenerate_branch(cb: &mut CodeBlock, branch: &Branch) {

+ cb.remove_comments(branch.start_addr, branch.end_addr.get());

+ // SAFETY: having a &Branch implies branch.block is initialized.

+ let block = unsafe { branch.block.as_ref() };

+

+ let branch_terminates_block = branch.end_addr.get() == block.get_end_addr();

+ cb.set_write_ptr(branch.start_addr);

+ let new_end_addr = cb.get_write_ptr();

+ branch.end_addr.set(new_end_addr);

+ block.end_addr.set(new_end_addr);

+pub type PendingBranchRef = Rc<PendingBranch>;

+/// Create a new outgoing branch entry for a block

+fn new_pending_branch(jit: &mut JITState, gen_fn: BranchGenFn) -> PendingBranchRef {

+ let branch = Rc::new(PendingBranch {

+ uninit_branch: Box::new(MaybeUninit::uninit()),

+ start_addr: Cell::new(None),

+ end_addr: Cell::new(None),

+ targets: [Cell::new(None), Cell::new(None)],

+ });

+

+ incr_counter!(compiled_branch_count); // TODO not true. count at finalize time

+ jit.queue_outgoing_branch(branch.clone());

+ branch

+ /// See [gen_call_branch_stub_hit].

+ let branch_ref = NonNull::<Branch>::new(branch_ptr as *mut Branch)

+ .expect("Branches should not be null");

+ // SAFETY: We have the VM lock, and the branch is initialized by the time generated

+ // code calls this function.

+ let branch = unsafe { branch_ref.as_ref() };

+ let housing_block = unsafe { branch.block.as_ref() };

+ let (target_blockid, target_ctx): (BlockId, Context) = unsafe {

+ // SAFETY: no mutation of the target's Cell. Just reading out data.

+ let target = branch.targets[target_idx].ref_unchecked().as_ref().unwrap();

+

+ // If this branch has already been patched, return the dst address

+ // Note: recursion can cause the same stub to be hit multiple times

+ if let BranchTarget::Block(_) = target.as_ref() {

+ return target.get_address().unwrap().raw_ptr();

+ }

+

+ (target.get_blockid(), target.get_ctx())

+ };

+

+ let mut branch_modified = false;

+

+ if cb.get_write_ptr() == branch.end_addr.get() {

+ assert!(branch.end_addr == housing_block.end_addr);

+ regenerate_branch(cb, branch);

+ cb.set_write_ptr(branch.end_addr.get());

+ regenerate_branch(cb, branch);

+ Some(new_block) => {

+ let new_block = unsafe { new_block.as_ref() };

+ assert!(!(branch.gen_fn.get_shape() == target_branch_shape && new_block.start_addr != branch.end_addr.get()));

+ new_block.push_incoming(branch_ref);

+ branch.targets[target_idx].set(Some(Box::new(BranchTarget::Block(new_block.into()))));

+ regenerate_branch(cb, branch);

+ new_block.start_addr

+ branch.start_addr.raw_ptr(), branch_size_on_entry, new_branch_size,

+/// Generate a "stub", a piece of code that calls the compiler back when run.

+/// A piece of code that redeems for more code; a thunk for code.

+fn gen_call_branch_stub_hit(

+ branch_struct_address: usize,

+ target_idx: u32,

+) -> Option<CodePtr> {

+ //

+ // branch_stub_hit(branch_ptr, target_idx, ec)

+ //

+ // Bake pointer to Branch into output code.

+ // We make sure the block housing the branch is still alive when branch_stub_hit() is running.

+ asm.mov(C_ARG_OPNDS[0], branch_struct_address.into());

+ None

+ Some(stub_addr)

+ fn mark_branch_start(&mut self, branchref: &PendingBranchRef)

+ branchref.start_addr.set(Some(code_ptr));

+ fn mark_branch_end(&mut self, branchref: &PendingBranchRef)

+ branchref.end_addr.set(Some(code_ptr));

+ let branch = new_pending_branch(jit, gen_fn);

+ let target0_addr = branch.set_target(0, target0, ctx0, ocb);

+ let target1_addr = if let Some(ctx) = ctx1 {

+ let addr = branch.set_target(1, target1.unwrap(), ctx, ocb);

+ if addr.is_none() {

+ // target1 requested but we're out of memory.

+ // Avoid unwrap() in gen_fn()

+ return;

+

+ addr

+ } else { None };

+ asm.mark_branch_start(&branch);

+ if let Some(dst_addr) = target0_addr {

+ branch.gen_fn.call(asm, dst_addr, target1_addr);

+ asm.mark_branch_end(&branch);

+ let branch = new_pending_branch(jit, BranchGenFn::JumpToTarget0(Cell::new(BranchShape::Default)));

+ let new_target = if let Some(blockref) = maybe_block {

+ let block = unsafe { blockref.as_ref() };

+ asm.mark_branch_start(&branch);

+ asm.mark_branch_end(&branch);

+ BranchTarget::Block(blockref)

+ } else {

+ asm.mark_branch_start(&branch);

+ asm.mark_branch_end(&branch);

+ branch.gen_fn.set_shape(BranchShape::Next0);

+

+ // `None` in new_target.address signals gen_block_series() to

+ // compile the target block right after this one (fallthrough).

+ BranchTarget::Stub(Box::new(BranchStub {

+ address: None,

+ ctx: ctx.clone(),

+ iseq: Cell::new(target0.iseq),

+ iseq_idx: target0.idx,

+ }))

+ };

+ branch.targets[0].set(Some(Box::new(new_target)));

+ let branch = new_pending_branch(jit, BranchGenFn::JumpToTarget0(Cell::new(BranchShape::Default)));

+ iseq: jit.get_iseq(),

+

+ // Likely a stub due to the increased chain depth

+ let target0_address = branch.set_target(0, blockid, &next_ctx, ocb);

+ asm.mark_branch_start(&branch);

+ if let Some(dst_addr) = target0_address {

+ asm.mark_branch_end(&branch);

+ if jit.get_starting_insn_idx() == jit.get_insn_idx() {

+/// Remove a block from the live control flow graph.

+/// Block must be initialized and incoming/outgoing edges

+/// must also point to initialized blocks.

+unsafe fn remove_from_graph(blockref: BlockRef) {

+ let block = unsafe { blockref.as_ref() };

+ for pred_branchref in block.incoming.0.take().iter() {

+ let pred_branch = unsafe { pred_branchref.as_ref() };

+ for target_idx in 0..pred_branch.targets.len() {

+ // SAFETY: no mutation inside unsafe

+ let target_is_us = unsafe {

+ pred_branch.targets[target_idx]

+ .ref_unchecked()

+ .as_ref()

+ .and_then(|target| target.get_block())

+ .and_then(|target_block| (target_block == blockref).then(|| ()))

+ .is_some()

+ };

+

+ if target_is_us {

+ pred_branch.targets[target_idx].set(None);

+ let out_branch = unsafe { out_branchref.as_ref() };

+ for out_target in out_branch.targets.iter() {

+ // SAFETY: copying out an Option<BlockRef>. No mutation.

+ let succ_block: Option<BlockRef> = unsafe {

+ out_target.ref_unchecked().as_ref().and_then(|target| target.get_block())

+ };

+

+ if let Some(succ_block) = succ_block {

+ // SAFETY: caller promises the block has valid outgoing edges.

+ let succ_block = unsafe { succ_block.as_ref() };

+ // Temporarily move out of succ_block.incoming.

+ let succ_incoming = succ_block.incoming.0.take();

+ let mut succ_incoming = succ_incoming.into_vec();

+ succ_incoming.retain(|branch| branch != out_branchref);

+ succ_block.incoming.0.set(succ_incoming.into_boxed_slice()); // allocs. Rely on oom=abort

+/// Tear down a block and deallocate it.

+/// Caller has to ensure that the code tracked by the block is not

+/// running, as running code may hit [branch_stub_hit] who exepcts

+/// [Branch] to be live.

+///

+/// We currently ensure this through the `jit_cont` system in cont.c

+/// and sometimes through the GC calling [rb_yjit_iseq_free]. The GC

+/// has proven that an ISeq is not running if it calls us to free it.

+///

+/// For delayed deallocation, since dead blocks don't keep

+/// blocks they refer alive, by the time we get here their outgoing

+/// edges may be dangling. Pass `graph_intact=false` such these cases.

+pub unsafe fn free_block(blockref: BlockRef, graph_intact: bool) {

+ // Careful with order here.

+ // First, remove all pointers to the referent block

+ unsafe {

+ block_assumptions_free(blockref);

+

+ if graph_intact {

+ remove_from_graph(blockref);

+ }

+ }

+ // SAFETY: we should now have a unique pointer to the block

+ unsafe { dealloc_block(blockref) }

+}

+/// Deallocate a block and its outgoing branches. Blocks own their outgoing branches.

+/// Caller must ensure that we have unique ownership for the referent block

+unsafe fn dealloc_block(blockref: BlockRef) {

+ unsafe {

+ for outgoing in blockref.as_ref().outgoing.iter() {

+ // this Box::from_raw matches the Box::into_raw from PendingBranch::into_branch

+ mem::drop(Box::from_raw(outgoing.as_ptr()));

+ }

+ }

+ // Deallocate the referent Block

+ unsafe {

+ // this Box::from_raw matches the Box::into_raw from JITState::into_block

+ mem::drop(Box::from_raw(blockref.as_ptr()));

+ }

+ let block = unsafe { (*blockref).as_ref() };

+ let id_being_invalidated = block.get_blockid();

+ verify_blockid(id_being_invalidated);

+ let iseq_range = &block.iseq_range;

+ let iseq_location = iseq_get_location(block.iseq.get(), iseq_range.start);

+ println!("Invalidating block from {}, ISEQ offsets [{}, {})", iseq_location, iseq_range.start, iseq_range.end);

+ let block_end = block.get_end_addr();

+ for branchref in block.incoming.0.take().iter() {

+ let branch = unsafe { branchref.as_ref() };

+ // SAFETY: no mutation.

+ unsafe {

+ let incoming_target = branch.targets[target_idx].ref_unchecked().as_ref().unwrap();

+ assert_eq!(Some(block_start), incoming_target.get_address());

+ if let Some(incoming_block) = &incoming_target.get_block() {

+ assert_eq!(blockref, incoming_block);

+ }

+ // Create a stub for this branch target

+ let stub_addr = gen_call_branch_stub_hit(ocb, branchref.as_ptr() as usize, target_idx as u32);

+ // In case we were unable to generate a stub (e.g. OOM). Use the block's

+ // exit instead of a stub for the block. It's important that we

+ // still patch the branch in this situation so stubs are unique

+ // to branches. Think about what could go wrong if we run out of

+ // memory in the middle of this loop.

+ let stub_addr = stub_addr.unwrap_or(block_entry_exit);

+

+ // Fill the branch target with a stub

+ branch.targets[target_idx].set(Some(Box::new(BranchTarget::Stub(Box::new(BranchStub {

+ address: Some(stub_addr),

+ iseq: block.iseq.clone(),

+ iseq_idx: block.iseq_range.start,

+ ctx: block.ctx.clone(),

+ })))));

+ let target_next = block.start_addr == branch.end_addr.get();

+ regenerate_branch(cb, branch);

+ branch.start_addr.raw_ptr(), old_branch_size, branch.code_size()

+ if block.iseq_range.start == 0 {

+ unsafe { rb_iseq_reset_jit_func(block.iseq.get()) };

+ // SAFETY: This block was in a version_map earlier

+ // in this function before we removed it, so it's well connected.

+ unsafe { remove_from_graph(*blockref) };

+

+ delayed_deallocation(*blockref);

+// # 1.times{} to use a cfunc to avoid exiting from the

+// # frame which will use the retained return address

+pub fn delayed_deallocation(blockref: BlockRef) {

+ let payload = get_iseq_payload(unsafe { blockref.as_ref() }.iseq.get()).unwrap();

+ payload.dead_blocks.push(blockref);

+}

+

+trait RefUnchecked {

+ type Contained;

+ unsafe fn ref_unchecked(&self) -> &Self::Contained;

+}

+

+impl<T> RefUnchecked for Cell<T> {

+ type Contained = T;

+ /// Gives a reference to the contents of a [Cell].

+ /// Dangerous; please include a SAFETY note.

+ ///

+ /// An easy way to use this without triggering Undefined Behavior is to

+ /// 1. ensure there is transitively no Cell/UnsafeCell mutation in the `unsafe` block

+ /// 2. ensure the `unsafe` block does not return any references, so our

+ /// analysis is lexically confined. This is trivially true if the block

+ /// returns a `bool`, for example. Aggregates that store references have

+ /// explicit lifetime parameters that look like `<'a>`.

+ ///

+ /// There are other subtler situations that don't follow these rules yet

+ /// are still sound.

+ /// See `test_miri_ref_unchecked()` for examples. You can play with it

+ /// with `cargo +nightly miri test miri`.

+ unsafe fn ref_unchecked(&self) -> &Self::Contained {

+ // SAFETY: pointer is dereferenceable because it's from a &Cell.

+ // It's up to the caller to follow aliasing rules with the output

+ // reference.

+ unsafe { self.as_ptr().as_ref().unwrap() }

+ }

+

+ #[test]

+ fn test_miri_ref_unchecked() {

+ let blockid = BlockId {

+ iseq: ptr::null(),

+ idx: 0,

+ };

+ let cb = CodeBlock::new_dummy(1024);

+ let dumm_addr = cb.get_write_ptr();

+ let block = JITState::new(blockid, Context::default(), dumm_addr, ptr::null())

+ .into_block(0, dumm_addr, dumm_addr, vec![]);

+ let _dropper = BlockDropper(block);

+

+ // Outside of brief moments during construction,

+ // we're always working with &Branch (a shared reference to a Branch).

+ let branch: &Branch = &Branch {

+ gen_fn: BranchGenFn::JZToTarget0,

+ block,

+ start_addr: dumm_addr,

+ end_addr: Cell::new(dumm_addr),

+ targets: [Cell::new(None), Cell::new(Some(Box::new(BranchTarget::Stub(Box::new(BranchStub {

+ iseq: Cell::new(ptr::null()),

+ iseq_idx: 0,

+ address: None,

+ ctx: Context::default(),

+ })))))]

+ };

+ // For easier soundness reasoning, make sure the reference returned does not out live the

+ // `unsafe` block! It's tempting to do, but it leads to non-local issues.

+ // Here is an example where it goes wrong:

+ if false {

+ for target in branch.targets.iter().as_ref() {

+ if let Some(btarget) = unsafe { target.ref_unchecked() } {

+ // btarget is derived from the usnafe block!

+ target.set(None); // This drops the contents of the cell...

+ assert!(btarget.get_address().is_none()); // but `btarget` is still live! UB.

+ }

+ }

+ }

+

+ // Do something like this instead. It's not pretty, but it's easier to vet for UB this way.

+ for target in branch.targets.iter().as_ref() {

+ // SAFETY: no mutation within unsafe

+ if unsafe { target.ref_unchecked().is_none() } {

+ continue;

+ }

+ // SAFETY: no mutation within unsafe

+ assert!(unsafe { target.ref_unchecked().as_ref().unwrap().get_address().is_none() });

+ target.set(None);

+ }

+

+ // A more subtle situation where we do Cell/UnsafeCell mutation over the

+ // lifetime of the reference released by ref_unchecked().

+ branch.targets[0].set(Some(Box::new(BranchTarget::Stub(Box::new(BranchStub {

+ iseq: Cell::new(ptr::null()),

+ iseq_idx: 0,

+ address: None,

+ ctx: Context::default(),

+ })))));

+ // Invalid ISeq; we never dereference it.

+ let secret_iseq = NonNull::<rb_iseq_t>::dangling().as_ptr();

+ unsafe {

+ if let Some(branch_target) = branch.targets[0].ref_unchecked().as_ref() {

+ if let BranchTarget::Stub(stub) = branch_target.as_ref() {

+ // SAFETY:

+ // This is a Cell mutation, but it mutates the contents

+ // of a a Cell<IseqPtr>, which is a different type

+ // from the type of Cell found in `Branch::targets`, so

+ // there is no chance of mutating the Cell that we called

+ // ref_unchecked() on above.

+ Cell::set(&stub.iseq, secret_iseq);

+ }

+ }

+ };

+ // Check that we indeed changed the iseq of the stub

+ // Cell::take moves out of the cell.

+ assert_eq!(

+ secret_iseq as usize,

+ branch.targets[0].take().unwrap().get_blockid().iseq as usize

+ );

+

+ struct BlockDropper(BlockRef);

+ impl Drop for BlockDropper {

+ fn drop(&mut self) {

+ // SAFETY: we have ownership because the test doesn't stash

+ // the block away in any global structure.

+ // Note that the test being self-contained is also why we

+ // use dealloc_block() over free_block(), as free_block() touches

+ // the global invariants tables unavailable in tests.

+ unsafe { dealloc_block(self.0) };

+ }

+ }

+ }

+ let out_string = with_vm_lock(src_loc!(), || disasm_iseq_insn_range(iseq, 0, 9999));

+/// Only call while holding the VM lock.

+ let block_list = get_or_create_iseq_block_list(iseq);

+ let mut block_list: Vec<&Block> = block_list.into_iter().map(|blockref| {

+ // SAFETY: We have the VM lock here and all the blocks on iseqs are valid.

+ unsafe { blockref.as_ref() }

+ }).collect();

+ let addr_a = a.get_start_addr().raw_ptr();

+ let addr_b = b.get_start_addr().raw_ptr();

+ total_code_size += blockref.code_size();

+ for (block_idx, block) in block_list.iter().enumerate() {

+ let end_addr = block.get_end_addr();

+ let next_block = block_list[block_idx + 1];

+ // SAFETY: Called as part of a Ruby method, which ensures the graph is

+ // well connected for the given iseq.

+ let block = unsafe { blockref.as_ref() };

+// assume_single_ractor_mode()

+// track_stable_constant_names_assumption()

+/// Mark the pending block as assuming that certain basic operators (e.g. Integer#==)

+/// have not been redefined.

+#[must_use]

+ jit.bop_assumptions.push((klass, bop));

+/// Track that a block is only valid when a certain basic operator has not been redefined

+/// since the block's inception.

+pub fn track_bop_assumption(uninit_block: BlockRef, bop: (RedefinitionFlag, ruby_basic_operators)) {

+ let invariants = Invariants::get_instance();

+ invariants

+ .basic_operator_blocks

+ .entry(bop)

+ .or_default()

+ .insert(uninit_block);

+ invariants

+ .block_basic_operators

+ .entry(uninit_block)

+ .or_default()

+ .insert(bop);

+}

+

+/// Track that a block will assume that `cme` is valid (false == METHOD_ENTRY_INVALIDATED(cme)).

+/// [rb_yjit_cme_invalidate] invalidates the block when `cme` is invalidated.

+pub fn track_method_lookup_stability_assumption(

+ uninit_block: BlockRef,

+ .insert(uninit_block);

+) -> bool {

+ jit.assume_method_lookup_stable(ocb, cme);

+ jit.block_assumes_single_ractor = true;

+

+/// Track that the block will assume single ractor mode.

+pub fn track_single_ractor_assumption(uninit_block: BlockRef) {

+ Invariants::get_instance()

+ .single_ractor

+ .insert(uninit_block);

+}

+

+/// Track that a block will assume that the name components of a constant path expression

+/// has not changed since the block's full initialization.

+pub fn track_stable_constant_names_assumption(uninit_block: BlockRef, idlist: *const ID) {

+ uninit_block: BlockRef,

+ .insert(uninit_block);

+ .entry(uninit_block)

+ id => assume_stable_constant_name(uninit_block, id),

+/// For safety, the block has to be initialized and the vm lock must be held.

+/// However, outgoing/incoming references to the block does _not_ need to be valid.

+pub fn block_assumptions_free(blockref: BlockRef) {

+ // SAFETY: caller ensures that this reference is valid

+ let block = unsafe { blockref.as_ref() };

+ if let Some(blockset) = invariants.cme_validity.get_mut(&dep) {

+ blockset.remove(&blockref);

+ invariants.cme_validity.remove(&dep);

+ delayed_deallocation(block);

+ // Since we're freeing _all_ blocks, we don't need to keep the graph well formed

+ unsafe { free_block(block, false) };

+ .into_iter()

+ .for_each(|block| unsafe { free_block(block, false) });

+ count += unsafe { block.as_ref() }.get_ctx_count();

+ count += unsafe { block.as_ref() }.get_ctx_count();