I just landed an ARM simulator for JIT code, imported from V8 (bug 959597 [0]).
This means if you build an x86 shell and pass --enable-arm-simulator to configure, it will still compile an x86 shell but with the ARM JIT backend for Baseline, Ion, Odin and YARR. When we enter JIT code, we run it inside a simulator (interpreter) for ARM code. Note that this only works with 32-bit builds (64-bit has a different Value format etc). There are new JS_CODEGEN_* defines that you should use in most cases for JIT backend stuff instead of JS_CPU_*. On real hardware there's no difference but a simulator build will have JS_CPU_X86 and JS_CODEGEN_ARM. Emulating an ARM processor may seem crazy and complicated, but the simulator itself is < 3000 lines of code, most of it pretty straight-forward and of course NPOTB (I'll try to get a Linux32 shell build on TBPL so that we don't regress it). The code was imported from V8, with many changes to make it integrate well with SpiderMonkey (style), mfbt etc. I added support for some missing (float32) instructions, but other than that the code was very stable and complete. It's also reasonably fast: an --enable-debug --enable-optimize build can run jit-tests in 2-3 minutes on my laptop. The simulator is not useful for performance testing of course and is not as reliable as real hardware, but for most changes it should be sufficient. It also has some nice features like its own debugger so that you can set breakpoints and disassemble code (I didn't import V8's disassembler, instead we run llvm-mc), an icache checker and it verifies JIT code does not modify callee-saved registers etc (this caught a real bug, bug 964005 [1]). I hope this will make it easier for our JIT hackers and fuzzers to improve/test our ARM backend. Thanks to V8 for the simulator code, to Nicolas, Mike and Gerv for reviews and Douglas for many useful suggestions and patches. Jan [0] https://bugzilla.mozilla.org/show_bug.cgi?id=959597 [1] https://bugzilla.mozilla.org/show_bug.cgi?id=964005 _______________________________________________ dev-tech-js-engine-internals mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-js-engine-internals
