swb: fix AllocateArray annotations

Jianchun Xu · Jianchun Xu · commit 77dfebad4012 · 2016-11-23T19:11:28.000-08:00
RecyclerChecker plugin was not able to detect (write barriered) types
allocated through AllocateArray because AllocateArray was an inlined
function. The plugin works by checking "new" operators.

Fixed by enhancing the plugin to check AllocateArray. (Originally
attempted to revert AllocateArray back to macro, but run into prefast
failures.)

Fixed a plugin bug introduced in last commit that results in over
annotating. I was checking wrong bits and ended up requiring any Recycler
allocation including leaf annotation to be annotated. Fixed the bits.

Annotated newly discovered types from AllocateArray.
diff --git a/build.sh b/build.sh
@@ -413,9 +413,10 @@ else
 fi
 
 echo Generating $BUILD_TYPE makefiles
+# -DCMAKE_EXPORT_COMPILE_COMMANDS=ON useful for clang-query tool
 cmake $CMAKE_GEN $CC_PREFIX $ICU_PATH $LTO $STATIC_LIBRARY $ARCH \
     -DCMAKE_BUILD_TYPE=$BUILD_TYPE $SANITIZE $NO_JIT $WITHOUT_FEATURES \
-    $WB_FLAG $WB_ARGS \
+    $WB_FLAG $WB_ARGS -DCMAKE_EXPORT_COMPILE_COMMANDS=ON \
     ../..
 
 _RET=$?
diff --git a/lib/Backend/Encoder.cpp b/lib/Backend/Encoder.cpp
@@ -490,7 +490,7 @@ Encoder::Encode()
                 equivalentTypeGuardOffsets->guards[i].cache.record.propertyOffset = NativeCodeData::GetDataTotalOffset(cache->record.properties);
                 for (int j = 0; j < EQUIVALENT_TYPE_CACHE_SIZE; j++)
                 {
-                    equivalentTypeGuardOffsets->guards[i].cache.types[j] = (intptr_t)cache->types[j];
+                    equivalentTypeGuardOffsets->guards[i].cache.types[j] = (intptr_t)PointerValue(cache->types[j]);
                 }
                 i++;
             });
diff --git a/lib/Backend/GlobOpt.cpp b/lib/Backend/GlobOpt.cpp
@@ -2900,8 +2900,6 @@ BOOL GlobOpt::PreloadPRECandidate(Loop *loop, GlobHashBucket* candidate)
     IR::Instr * ldInstr = this->prePassInstrMap->Lookup(propertySym->m_id, nullptr);
     Assert(ldInstr);
 
-    JITTypeHolder propertyType(nullptr);
-
     // Create instr to put in landing pad for compensation
     Assert(IsPREInstrCandidateLoad(ldInstr->m_opcode));
     IR::SymOpnd *ldSrc = ldInstr->GetSrc1()->AsSymOpnd();
@@ -2928,11 +2926,6 @@ BOOL GlobOpt::PreloadPRECandidate(Loop *loop, GlobHashBucket* candidate)
         IR::PropertySymOpnd *propSymOpnd = ldSrc->AsPropertySymOpnd();
         IR::PropertySymOpnd *newPropSymOpnd;
 
-        if (propSymOpnd->IsMonoObjTypeSpecCandidate())
-        {
-            propertyType = propSymOpnd->GetType();
-        }
-
         newPropSymOpnd = propSymOpnd->AsPropertySymOpnd()->CopyWithoutFlowSensitiveInfo(this->func);
         ldInstr->ReplaceSrc1(newPropSymOpnd);
     }
@@ -4191,7 +4184,7 @@ GlobOpt::OptArguments(IR::Instr *instr)
         {
             instr->usesStackArgumentsObject = true;
         }
-        
+
         break;
     }
 
diff --git a/lib/Backend/JITObjTypeSpecFldInfo.cpp b/lib/Backend/JITObjTypeSpecFldInfo.cpp
@@ -302,7 +302,7 @@ JITObjTypeSpecFldInfo::BuildObjTypeSpecFldInfoArray(
         Js::FixedFieldInfo * ffInfo = objTypeSpecInfo[i]->GetFixedFieldInfoArray();
         for (uint16 j = 0; j < jitData[i].fixedFieldInfoArraySize; ++j)
         {
-            jitData[i].fixedFieldInfoArray[j].fieldValue = (intptr_t)ffInfo[j].fieldValue;
+            jitData[i].fixedFieldInfoArray[j].fieldValue = (intptr_t)PointerValue(ffInfo[j].fieldValue);
             jitData[i].fixedFieldInfoArray[j].nextHasSameFixedField = ffInfo[j].nextHasSameFixedField;
             if (ffInfo[j].fieldValue != nullptr && Js::JavascriptFunction::Is(ffInfo[j].fieldValue))
             {
diff --git a/lib/Backend/JITTimeConstructorCache.cpp b/lib/Backend/JITTimeConstructorCache.cpp
@@ -32,7 +32,7 @@ JITTimeConstructorCache::JITTimeConstructorCache(const JITTimeConstructorCache*
     Assert(other->GetRuntimeCacheAddr() != 0);
     m_data.runtimeCacheAddr = other->GetRuntimeCacheAddr();
     m_data.runtimeCacheGuardAddr = other->GetRuntimeCacheGuardAddr();
-    m_data.type = *(TypeIDL*)other->GetType().t;
+    m_data.type = *(TypeIDL*)PointerValue(other->GetType().t);
     m_data.slotCount = other->GetSlotCount();
     m_data.inlineSlotCount = other->GetInlineSlotCount();
     m_data.skipNewScObject = other->SkipNewScObject();
diff --git a/lib/Backend/JITType.h b/lib/Backend/JITType.h
@@ -32,7 +32,9 @@ class JITType
 class JITTypeHolder
 {
 public:
-    JITType * t;
+    // SWB-TODO: Fix this. JITTypeHolder is used both as GC object and also
+    // background JIT stack object. The later cannot use write barrier currently.
+    FieldNoBarrier(JITType *) t;
 
     JITTypeHolder();
     JITTypeHolder(JITType * t);
diff --git a/lib/Common/Memory/RecyclerPointers.h b/lib/Common/Memory/RecyclerPointers.h
@@ -495,7 +495,7 @@ template <class Policy>
 struct _QuickSortImpl
 {
     template<class T, class Comparer>
-    static void qsort_s(T* arr, size_t count, const Comparer& comparer, void* context)
+    static void Sort(T* arr, size_t count, const Comparer& comparer, void* context)
     {
         // by default use system qsort_s
         ::qsort_s(arr, count, sizeof(T), comparer, context);
@@ -505,7 +505,7 @@ template <>
 struct _QuickSortImpl<_write_barrier_policy>
 {
     template<class T, class Comparer>
-    static void qsort_s(T* arr, size_t count, const Comparer& comparer, void* context)
+    static void Sort(T* arr, size_t count, const Comparer& comparer, void* context)
     {
         // Use custom implementation if policy needs write barrier
         JsUtil::QuickSort<T, Comparer>::Sort(arr, arr + count - 1, comparer, context);
@@ -517,7 +517,7 @@ void qsort_s(T* arr, size_t count, const Comparer& comparer, void* context)
 {
     // Note use of "_ArrayItemWriteBarrierPolicy".
     typedef typename _ArrayItemWriteBarrierPolicy<PolicyType>::Policy Policy;
-    _QuickSortImpl<Policy>::qsort_s(arr, count, comparer, context);
+    _QuickSortImpl<Policy>::Sort(arr, count, comparer, context);
 }
 template<class T, class Comparer>
 void qsort_s(WriteBarrierPtr<T>* _Base, size_t _NumOfElements, size_t _SizeOfElements,
diff --git a/lib/JITIDL/JITTypes.h b/lib/JITIDL/JITTypes.h
@@ -632,11 +632,11 @@ typedef struct XProcNumberPageSegment
 
 typedef struct PolymorphicInlineCacheIDL
 {
-    unsigned short size;
+    IDL_Field(unsigned short) size;
     IDL_PAD2(0)
     X64_PAD4(1)
-    CHAKRA_PTR addr;
-    CHAKRA_PTR inlineCachesAddr;
+    IDL_Field(CHAKRA_PTR) addr;
+    IDL_Field(CHAKRA_PTR) inlineCachesAddr;
 } PolymorphicInlineCacheIDL;
 
 typedef struct PolymorphicInlineCacheInfoIDL
diff --git a/lib/Parser/Parse.cpp b/lib/Parser/Parse.cpp
@@ -31,11 +31,11 @@ bool Parser::IsES6DestructuringEnabled() const
 
 struct DeferredFunctionStub
 {
-    RestorePoint restorePoint;
-    uint fncFlags;
-    uint nestedCount;
-    DeferredFunctionStub *deferredStubs;
-    charcount_t ichMin;
+    Field(RestorePoint) restorePoint;
+    Field(uint) fncFlags;
+    Field(uint) nestedCount;
+    Field(DeferredFunctionStub *) deferredStubs;
+    Field(charcount_t) ichMin;
 };
 
 struct StmtNest
diff --git a/lib/Parser/Scan.h b/lib/Parser/Scan.h
@@ -326,17 +326,17 @@ typedef HRESULT (*CommentCallback)(void *data, OLECHAR firstChar, OLECHAR second
 // Restore point defined using a relative offset rather than a pointer.
 struct RestorePoint
 {
-    charcount_t m_ichMinTok;
-    charcount_t m_ichMinLine;
-    size_t m_cMinTokMultiUnits;
-    size_t m_cMinLineMultiUnits;
-    charcount_t m_line;
-    uint functionIdIncrement;
-    size_t lengthDecr;
-    BOOL m_fHadEol;
+    Field(charcount_t) m_ichMinTok;
+    Field(charcount_t) m_ichMinLine;
+    Field(size_t) m_cMinTokMultiUnits;
+    Field(size_t) m_cMinLineMultiUnits;
+    Field(charcount_t) m_line;
+    Field(uint) functionIdIncrement;
+    Field(size_t) lengthDecr;
+    Field(BOOL) m_fHadEol;
 
 #ifdef DEBUG
-    size_t m_cMultiUnits;
+    Field(size_t) m_cMultiUnits;
 #endif
 
     RestorePoint()
diff --git a/lib/Runtime/Base/FunctionBody.h b/lib/Runtime/Base/FunctionBody.h
@@ -1179,19 +1179,19 @@ namespace Js
     struct LoopHeader
     {
     private:
-        LoopEntryPointList* entryPoints;
+        Field(LoopEntryPointList*) entryPoints;
 
     public:
-        uint startOffset;
-        uint endOffset;
-        uint interpretCount;
-        uint profiledLoopCounter;
-        bool isNested;
-        bool isInTry;
-        FunctionBody * functionBody;
+        Field(uint) startOffset;
+        Field(uint) endOffset;
+        Field(uint) interpretCount;
+        Field(uint) profiledLoopCounter;
+        Field(bool) isNested;
+        Field(bool) isInTry;
+        Field(FunctionBody *) functionBody;
 
 #if DBG_DUMP
-        uint nativeCount;
+        Field(uint) nativeCount;
 #endif
         static const uint NoLoop = (uint)-1;
 
diff --git a/lib/Runtime/Language/AsmJsModule.h b/lib/Runtime/Language/AsmJsModule.h
@@ -349,31 +349,32 @@ namespace Js {
         /// proxy of asmjs module
         struct ModuleVar
         {
-            RegSlot location;
-            AsmJsVarType::Which type;
-            union
+            Field(RegSlot) location;
+            Field(AsmJsVarType::Which) type;
+            union InitialiserType
             {
-                int intInit;
-                float floatInit;
-                double doubleInit;
-                AsmJsSIMDValue simdInit;
-            } initialiser;
-            bool isMutable;
+                Field(int) intInit;
+                Field(float) floatInit;
+                Field(double) doubleInit;
+                Field(AsmJsSIMDValue) simdInit;
+            };
+            Field(InitialiserType) initialiser;
+            Field(bool) isMutable;
         };
         struct ModuleVarImport
         {
-            RegSlot location;
-            AsmJsVarType::Which type;
-            PropertyId field;
+            Field(RegSlot) location;
+            Field(AsmJsVarType::Which) type;
+            Field(PropertyId) field;
         };
         struct ModuleFunctionImport
         {
-            RegSlot location;
-            PropertyId field;
+            Field(RegSlot) location;
+            Field(PropertyId) field;
         };
         struct ModuleFunction
         {
-            RegSlot location;
+            Field(RegSlot) location;
         };
         struct ModuleExport
         {
@@ -382,8 +383,8 @@ namespace Js {
         };
         struct ModuleFunctionTable
         {
-            uint size;
-            RegSlot* moduleFunctionIndex;
+            Field(uint) size;
+            Field(RegSlot*) moduleFunctionIndex;
         };
 
         typedef JsUtil::BaseDictionary<PropertyId, AsmJsSlot*, Memory::Recycler> AsmJsSlotMap;
diff --git a/lib/Runtime/Language/ObjTypeSpecFldInfo.h b/lib/Runtime/Language/ObjTypeSpecFldInfo.h
@@ -17,9 +17,9 @@ namespace Js
 
     struct FixedFieldInfo
     {
-        Var fieldValue;
-        Type* type;
-        bool nextHasSameFixedField; // set to true if the next entry in the FixedFieldInfo array on ObjTypeSpecFldInfo has the same type
+        Field(Var) fieldValue;
+        Field(Type*) type;
+        Field(bool) nextHasSameFixedField; // set to true if the next entry in the FixedFieldInfo array on ObjTypeSpecFldInfo has the same type
     };
 
     // Union with uint16 flags for fast default initialization
diff --git a/lib/Runtime/Library/JavascriptObject.cpp b/lib/Runtime/Library/JavascriptObject.cpp
@@ -1668,9 +1668,9 @@ namespace Js
         size_t descCount = 0;
         struct DescriptorMap
         {
-            PropertyRecord const * propRecord;
-            PropertyDescriptor descriptor;
-            Var originalVar;
+            Field(PropertyRecord const *) propRecord;
+            Field(PropertyDescriptor) descriptor;
+            Field(Var) originalVar;
         };
 
         JavascriptStaticEnumerator enumerator;
@@ -1764,8 +1764,8 @@ namespace Js
         size_t descCount = 0;
         struct DescriptorMap
         {
-            PropertyRecord const * propRecord;
-            PropertyDescriptor descriptor;
+            Field(PropertyRecord const *) propRecord;
+            Field(PropertyDescriptor) descriptor;
         };
 
         //3.  Let keys be props.[[OwnPropertyKeys]]().
diff --git a/tools/RecyclerChecker/RecyclerChecker.cpp b/tools/RecyclerChecker/RecyclerChecker.cpp
diff --git a/tools/RecyclerChecker/RecyclerChecker.h b/tools/RecyclerChecker/RecyclerChecker.h

Original file line number	Diff line number	Diff line change
`@@ -490,7 +490,7 @@ Encoder::Encode()`
`490`	`490`	`equivalentTypeGuardOffsets->guards[i].cache.record.propertyOffset = NativeCodeData::GetDataTotalOffset(cache->record.properties);`
`491`	`491`	`for (int j = 0; j < EQUIVALENT_TYPE_CACHE_SIZE; j++)`
`492`	`492`	`{`
`493`		`- equivalentTypeGuardOffsets->guards[i].cache.types[j] = (intptr_t)cache->types[j];`
	`493`	`+ equivalentTypeGuardOffsets->guards[i].cache.types[j] = (intptr_t)PointerValue(cache->types[j]);`
`494`	`494`	`}`
`495`	`495`	`i++;`
`496`	`496`	`});`
Original file line number	Diff line number	Diff line change
`@@ -302,7 +302,7 @@ JITObjTypeSpecFldInfo::BuildObjTypeSpecFldInfoArray(`
`302`	`302`	`Js::FixedFieldInfo * ffInfo = objTypeSpecInfo[i]->GetFixedFieldInfoArray();`
`303`	`303`	`for (uint16 j = 0; j < jitData[i].fixedFieldInfoArraySize; ++j)`
`304`	`304`	`{`
`305`		`- jitData[i].fixedFieldInfoArray[j].fieldValue = (intptr_t)ffInfo[j].fieldValue;`
	`305`	`+ jitData[i].fixedFieldInfoArray[j].fieldValue = (intptr_t)PointerValue(ffInfo[j].fieldValue);`
`306`	`306`	`jitData[i].fixedFieldInfoArray[j].nextHasSameFixedField = ffInfo[j].nextHasSameFixedField;`
`307`	`307`	`if (ffInfo[j].fieldValue != nullptr && Js::JavascriptFunction::Is(ffInfo[j].fieldValue))`
`308`	`308`	`{`
Original file line number	Diff line number	Diff line change
`@@ -495,7 +495,7 @@ template <class Policy>`
`495`	`495`	`struct _QuickSortImpl`
`496`	`496`	`{`
`497`	`497`	`template<class T, class Comparer>`
`498`		`- static void qsort_s(T* arr, size_t count, const Comparer& comparer, void* context)`
	`498`	`+ static void Sort(T* arr, size_t count, const Comparer& comparer, void* context)`
`499`	`499`	`{`
`500`	`500`	`// by default use system qsort_s`
`501`	`501`	`::qsort_s(arr, count, sizeof(T), comparer, context);`
`@@ -505,7 +505,7 @@ template <>`
`505`	`505`	`struct _QuickSortImpl<_write_barrier_policy>`
`506`	`506`	`{`
`507`	`507`	`template<class T, class Comparer>`
`508`		`- static void qsort_s(T* arr, size_t count, const Comparer& comparer, void* context)`
	`508`	`+ static void Sort(T* arr, size_t count, const Comparer& comparer, void* context)`
`509`	`509`	`{`
`510`	`510`	`// Use custom implementation if policy needs write barrier`
`511`	`511`	`JsUtil::QuickSort<T, Comparer>::Sort(arr, arr + count - 1, comparer, context);`
`@@ -517,7 +517,7 @@ void qsort_s(T* arr, size_t count, const Comparer& comparer, void* context)`
`517`	`517`	`{`
`518`	`518`	`// Note use of "_ArrayItemWriteBarrierPolicy".`
`519`	`519`	`typedef typename _ArrayItemWriteBarrierPolicy<PolicyType>::Policy Policy;`
`520`		`- _QuickSortImpl<Policy>::qsort_s(arr, count, comparer, context);`
	`520`	`+ _QuickSortImpl<Policy>::Sort(arr, count, comparer, context);`
`521`	`521`	`}`
`522`	`522`	`template<class T, class Comparer>`
`523`	`523`	`void qsort_s(WriteBarrierPtr<T>* _Base, size_t _NumOfElements, size_t _SizeOfElements,`