From 17053c55c5a19ba5c2635a4d7689e0d6315145ac Mon Sep 17 00:00:00 2001 From: t30028578 Date: Wed, 22 May 2024 20:08:14 +0800 Subject: [PATCH 1/2] add jit option --- arkfuzzilli/main.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/arkfuzzilli/main.cpp b/arkfuzzilli/main.cpp index b047a56..bc3c348 100644 --- a/arkfuzzilli/main.cpp +++ b/arkfuzzilli/main.cpp @@ -235,6 +235,9 @@ int Main(const int argc, const char **argv) { bool result = parseStatus; if (!parseStatus) { + runtimeOptions.SetEnableJIT(true); + runtimeOptions.SetCompilerEnableLiteCG(true); + runtimeOptions.SetJitCallThreshold(1); EcmaVM *vm = JSNApi::CreateEcmaVM(runtimeOptions); if (vm == nullptr) { std::cerr << "Cannot Create vm" << std::endl; @@ -281,4 +284,4 @@ int Main(const int argc, const char **argv) { int main(int argc, const char **argv) { return panda::ecmascript::Main(argc, argv); -} \ No newline at end of file +} -- Gitee From 93be3b42910d8586b97ed3a4a9f3a896b564642a Mon Sep 17 00:00:00 2001 From: t30028578 Date: Sat, 1 Jun 2024 17:07:34 +0800 Subject: [PATCH 2/2] add jit optimizer static lib --- arkfuzzilli/BUILD.gn | 3 +- patch/ets_runtime.diff | 289 ++++++++++++++++++++++++++++++++++++----- 2 files changed, 262 insertions(+), 30 deletions(-) diff --git a/arkfuzzilli/BUILD.gn b/arkfuzzilli/BUILD.gn index 7cec0d6..db7c052 100644 --- a/arkfuzzilli/BUILD.gn +++ b/arkfuzzilli/BUILD.gn @@ -25,6 +25,7 @@ ohos_executable("arkfuzzer") { deps = [ "$js_root:libark_jsruntime_static", + "//arkcompiler/ets_runtime/ecmascript/compiler:libark_jsoptimizer_set_fuzzilli", # "$ark_third_party_root/bounds_checking_function:libsec_shared", "$ark_third_party_root/icu/icu4c:static_icui18n", "$ark_third_party_root/icu/icu4c:static_icuuc", @@ -56,4 +57,4 @@ ohos_executable("arkfuzzer") { part_name = "arkfuzzer" subsystem_name = "arkfuzzer" -} \ No newline at end of file +} diff --git a/patch/ets_runtime.diff b/patch/ets_runtime.diff index fe4e1b7..bc94b7f 100644 --- a/patch/ets_runtime.diff +++ b/patch/ets_runtime.diff @@ -1,8 +1,17 @@ diff --git a/BUILD.gn b/BUILD.gn -index 95cb26c32..981af9770 100644 +index f63eed3ca..cf615b03d 100644 --- a/BUILD.gn +++ b/BUILD.gn -@@ -1021,6 +1021,91 @@ libark_jsruntime_common_set("libark_jsruntime_arm_set") { +@@ -277,8 +277,6 @@ config("ark_jsruntime_common_config") { + "-Wall", + "-Wshadow", + "-Werror", +- "-Wextra", +- "-pedantic", + "-Wno-invalid-offsetof", + "-Wno-gnu-statement-expression", + "-pipe", +@@ -1058,6 +1056,91 @@ libark_jsruntime_common_set("libark_jsruntime_arm_set") { } } @@ -94,20 +103,95 @@ index 95cb26c32..981af9770 100644 libark_jsruntime_intl_common_set("libark_js_intl_set") { } -@@ -1135,7 +1220,7 @@ ohos_source_set("libark_jsruntime_static") { +@@ -1174,7 +1257,7 @@ ohos_source_set("libark_jsruntime_static") { deps = [ ":libark_js_intl_arm_set", - ":libark_jsruntime_arm_set", -+ ":libark_jsruntime_set_cov" ++ ":libark_jsruntime_set_cov", ] external_deps = [] if (!is_arkui_x) { +diff --git a/bundle.json b/bundle.json +index 77b60fde3..db3443c44 100644 +--- a/bundle.json ++++ b/bundle.json +@@ -94,6 +94,17 @@ + ], + "header_base": "//arkcompiler/ets_runtime/compiler_service/include" + } ++ }, ++ { ++ "name": "//arkcompiler/ets_runtime/ecmascript/compiler:libark_jsoptimizer_set_fuzzilli", ++ "header": { ++ "header_files": [ ++ "jsnapi.h", ++ "jsnapi_expo.h", ++ "dfx_jsnapi.h" ++ ], ++ "header_base": "//arkcompiler/ets_runtime/ecmascript/napi/include" ++ } + } + ], + "test": [ +diff --git a/ecmascript/compiler/BUILD.gn b/ecmascript/compiler/BUILD.gn +index b8e3e9a2c..0164cdb17 100644 +--- a/ecmascript/compiler/BUILD.gn ++++ b/ecmascript/compiler/BUILD.gn +@@ -384,6 +384,48 @@ ohos_source_set("libark_jsoptimizer_set_with_maple") { + subsystem_name = "arkcompiler" + } + ++ohos_source_set("libark_jsoptimizer_set_fuzzilli") { ++ enable_fuzzilli = true ++ stack_protector_ret = false ++ sources = libark_jsoptimizer_sources ++ if (enable_local_code_sign) { ++ sources += [ "$js_root/ecmascript/platform/unix/ohos/code_sign.cpp" ] ++ } else if (is_mingw) { ++ sources += [ "$js_root/ecmascript/platform/windows/code_sign.cpp" ] ++ } else { ++ sources += [ "$js_root/ecmascript/platform/unix/code_sign.cpp" ] ++ } ++ ++ if (enable_fuzzilli) { ++ defines = [ "ENABLE_FUZZILLI" ] ++ } ++ public_configs = [ ++ ":include_llvm", ++ "$js_root:ark_jsruntime_compiler_config", ++ "$js_root:ark_jsruntime_public_config", ++ ":libark_jsoptimizer_set_config", ++ ] ++ ++ cflags_cc = [ "-fsanitize-coverage=trace-pc-guard" ] ++ ++ ldflags = [] ++ ldflags += [ "-fsanitize-coverage=trace-pc-guard" ] ++ ++ external_deps = [ "zlib:libz" ] ++ deps = [] ++ if (!is_arkui_x) { ++ external_deps += [ "runtime_core:arkfile_header_deps" ] ++ } else { ++ deps += [ "$ark_root/libpandafile:arkfile_header_deps" ] ++ } ++ ++ # hiviewdfx libraries ++ external_deps += hiviewdfx_ext_deps ++ ++ part_name = "ets_runtime" ++ subsystem_name = "arkcompiler" ++} ++ + ohos_source_set("libark_stub_set") { + stack_protector_ret = false + if (is_ohos && is_standard_system && current_toolchain != host_toolchain && diff --git a/ecmascript/ecma_context.cpp b/ecmascript/ecma_context.cpp -index b00cfe81a..f89ca208d 100644 +index 21a178c65..c531e3c18 100644 --- a/ecmascript/ecma_context.cpp +++ b/ecmascript/ecma_context.cpp -@@ -375,10 +375,10 @@ Expected EcmaContext::InvokeEcmaEntrypointForHotReload( +@@ -409,10 +409,10 @@ Expected EcmaContext::InvokeEcmaEntrypointForHotReload( AddPatchModule(recordName, moduleRecordHandle); // print exception information @@ -122,11 +206,60 @@ index b00cfe81a..f89ca208d 100644 return result; } +diff --git a/ecmascript/jit/jit.cpp b/ecmascript/jit/jit.cpp +index 440bc49b5..6f5a4da97 100644 +--- a/ecmascript/jit/jit.cpp ++++ b/ecmascript/jit/jit.cpp +@@ -20,6 +20,7 @@ + #include "ecmascript/platform/file.h" + #include "ecmascript/compiler/aot_file/func_entry_des.h" + #include "ecmascript/dfx/vmstat/jit_warmup_profiler.h" ++#include "ecmascript/compiler/jit_compiler.h" + + namespace panda::ecmascript { + void (*Jit::initJitCompiler_)(JSRuntimeOptions options) = nullptr; +@@ -124,31 +125,30 @@ void Jit::Initialize() + return; + } + +- initJitCompiler_ = reinterpret_cast(FindSymbol(libHandle_, JITCOMPILEINIT.c_str())); ++ initJitCompiler_ = reinterpret_cast(&kungfu::InitJitCompiler); + if (initJitCompiler_ == nullptr) { + LOG_JIT(ERROR) << "jit can't find symbol initJitCompiler"; + return; + } +- jitCompile_ = reinterpret_cast(FindSymbol(libHandle_, JITCOMPILE.c_str())); ++ jitCompile_ = reinterpret_cast(&kungfu::JitCompile); + if (jitCompile_ == nullptr) { + LOG_JIT(ERROR) << "jit can't find symbol jitCompile"; + return; + } + +- jitFinalize_ = reinterpret_cast(FindSymbol(libHandle_, JITFINALIZE.c_str())); ++ jitFinalize_ = reinterpret_cast(&kungfu::JitFinalize); + if (jitFinalize_ == nullptr) { + LOG_JIT(ERROR) << "jit can't find symbol jitFinalize"; + return; + } + +- createJitCompilerTask_ = reinterpret_cast(FindSymbol(libHandle_, +- CREATEJITCOMPILETASK.c_str())); ++ createJitCompilerTask_ = reinterpret_cast(&kungfu::CreateJitCompilerTask); + if (createJitCompilerTask_ == nullptr) { + LOG_JIT(ERROR) << "jit can't find symbol createJitCompilertask"; + return; + } + +- deleteJitCompile_ = reinterpret_cast(FindSymbol(libHandle_, DELETEJITCOMPILE.c_str())); ++ deleteJitCompile_ = reinterpret_cast(&kungfu::DeleteJitCompile); + if (deleteJitCompile_ == nullptr) { + LOG_JIT(ERROR) << "jit can't find symbol deleteJitCompile"; + return; diff --git a/ecmascript/js_arraybuffer.cpp b/ecmascript/js_arraybuffer.cpp -index 178d0e14a..018bcd374 100644 +index a1ff8d115..f0cd86a99 100644 --- a/ecmascript/js_arraybuffer.cpp +++ b/ecmascript/js_arraybuffer.cpp -@@ -46,7 +46,7 @@ void JSArrayBuffer::CopyDataPointBytes(void *toBuf, void *fromBuf, int32_t fromI +@@ -47,7 +47,7 @@ void JSArrayBuffer::CopyDataPointBytes(void *toBuf, void *fromBuf, int32_t fromI void JSArrayBuffer::Attach(JSThread *thread, uint32_t arrayBufferByteLength, JSTaggedValue arrayBufferData, bool transferWithNativeAreaAllocator) { @@ -135,18 +268,11 @@ index 178d0e14a..018bcd374 100644 // only in transition, should the JSArrayBuffer with NativeAreaAllocator increase mem usage if (transferWithNativeAreaAllocator) { LOG_FULL(DEBUG) << "attaching for transfer"; -@@ -78,4 +78,4 @@ void JSArrayBuffer::Detach(JSThread *thread, bool transferWithNativeAreaAllocato - SetArrayBufferData(thread, JSTaggedValue::Null()); - SetArrayBufferByteLength(0); - } --} // namespace panda::ecmascript -\ No newline at end of file -+} // namespace panda::ecmascript diff --git a/ecmascript/js_native_pointer.h b/ecmascript/js_native_pointer.h -index ce0981f6f..136d09ba3 100644 +index f21d59cc9..da9d245d1 100644 --- a/ecmascript/js_native_pointer.h +++ b/ecmascript/js_native_pointer.h -@@ -28,7 +28,7 @@ class JSNativePointer : public TaggedObject { +@@ -27,7 +27,7 @@ class JSNativePointer : public TaggedObject { public: static JSNativePointer *Cast(TaggedObject *object) { @@ -156,10 +282,10 @@ index ce0981f6f..136d09ba3 100644 } diff --git a/ecmascript/js_thread.cpp b/ecmascript/js_thread.cpp -index 6c66de8f1..056bb1cf9 100644 +index 1876021c0..207b7b572 100644 --- a/ecmascript/js_thread.cpp +++ b/ecmascript/js_thread.cpp -@@ -561,12 +561,14 @@ bool JSThread::CheckSafepoint() +@@ -755,12 +755,14 @@ bool JSThread::CheckSafepoint() } #endif // ECMASCRIPT_SUPPORT_CPUPROFILER bool gcTriggered = false; @@ -174,8 +300,55 @@ index 6c66de8f1..056bb1cf9 100644 auto heap = const_cast(GetEcmaVM()->GetHeap()); // Handle exit app senstive scene heap->HandleExitHighSensitiveEvent(); +@@ -1269,7 +1271,7 @@ void JSThread::PostFork() + ASSERT(GetState() == ThreadState::NATIVE); + } + } +-#ifndef NDEBUG ++// #ifndef NDEBUG + bool JSThread::IsInManagedState() const + { + ASSERT(this == JSThread::GetCurrent()); +@@ -1285,5 +1287,5 @@ void JSThread::SetMutatorLockState(MutatorLock::MutatorLockState newState) + { + mutatorLockState_ = newState; + } +-#endif ++// #endif + } // namespace panda::ecmascript +diff --git a/ecmascript/js_thread.h b/ecmascript/js_thread.h +index 641f18875..aa0e25adb 100644 +--- a/ecmascript/js_thread.h ++++ b/ecmascript/js_thread.h +@@ -1316,11 +1316,11 @@ public: + static bool IsMainThread(); + PUBLIC_API void ManagedCodeBegin(); + PUBLIC_API void ManagedCodeEnd(); +-#ifndef NDEBUG ++// #ifndef NDEBUG + bool IsInManagedState() const; + MutatorLock::MutatorLockState GetMutatorLockState() const; + void SetMutatorLockState(MutatorLock::MutatorLockState newState); +-#endif ++// #endif + void SetWeakFinalizeTaskCallback(const WeakFinalizeTaskCallback &callback) + { + finalizeTaskCallback_ = callback; +@@ -1544,10 +1544,10 @@ private: + + uint64_t jobId_ {0}; + +-#ifndef NDEBUG ++// #ifndef NDEBUG + MutatorLock::MutatorLockState mutatorLockState_ = MutatorLock::MutatorLockState::UNLOCKED; + std::atomic launchedSuspendAll_ {false}; +-#endif ++// #endif + + std::atomic needTermination_ {false}; + std::atomic hasTerminated_ {false}; diff --git a/ecmascript/mem/machine_code.cpp b/ecmascript/mem/machine_code.cpp -index 2b88f7449..a47415fc5 100644 +index b74f4b9ff..47a669ca6 100644 --- a/ecmascript/mem/machine_code.cpp +++ b/ecmascript/mem/machine_code.cpp @@ -18,6 +18,7 @@ @@ -185,24 +358,82 @@ index 2b88f7449..a47415fc5 100644 +#include "ecmascript/js_tagged_value-inl.h" namespace panda::ecmascript { - void MachineCode::SetData(const MachineCodeDesc *desc, JSHandle &method, size_t dataSize) + void MachineCode::SetData(const MachineCodeDesc &desc, JSHandle &method, size_t dataSize) +diff --git a/ecmascript/mutator_lock.cpp b/ecmascript/mutator_lock.cpp +index 97c5c2d6c..0edfd7ed3 100644 +--- a/ecmascript/mutator_lock.cpp ++++ b/ecmascript/mutator_lock.cpp +@@ -19,7 +19,7 @@ + #include "js_thread.h" + + namespace panda::ecmascript { +-#ifndef NDEBUG ++// #ifndef NDEBUG + void MutatorLock::ReadLock() + { + ASSERT(!HasLock()); +@@ -75,7 +75,7 @@ void MutatorLock::SetState(MutatorLock::MutatorLockState newState) + { + JSThread::GetCurrent()->SetMutatorLockState(newState); + } +-#endif ++// #endif + + void SuspendBarrier::Wait() + { +diff --git a/ecmascript/mutator_lock.h b/ecmascript/mutator_lock.h +index 75b235715..8b8b39173 100644 +--- a/ecmascript/mutator_lock.h ++++ b/ecmascript/mutator_lock.h +@@ -21,7 +21,7 @@ + namespace panda::ecmascript { + + class MutatorLock : public RWLock { +-#ifndef NDEBUG ++// #ifndef NDEBUG + public: + enum MutatorLockState { UNLOCKED, RDLOCK, WRLOCK }; + void ReadLock(); +@@ -34,7 +34,7 @@ public: + private: + MutatorLockState GetState() const; + void SetState(MutatorLockState newState); +-#endif ++// #endif + }; + + class SuspendBarrier { diff --git a/ecmascript/object_factory.cpp b/ecmascript/object_factory.cpp -index 9852bab3d..c88b243f1 100644 +index 5e44bd2b3..bf2ad9943 100644 --- a/ecmascript/object_factory.cpp +++ b/ecmascript/object_factory.cpp -@@ -3148,6 +3148,7 @@ JSHandle ObjectFactory::NewBigInt(uint32_t length) - // static +@@ -3373,7 +3373,6 @@ JSHandle ObjectFactory::NewBigInt(uint32_t length) void ObjectFactory::NewObjectHook() const { -+ /* - #ifndef NDEBUG + CHECK_NO_HEAP_ALLOC; +-#ifndef NDEBUG if (vm_->GetJSOptions().EnableForceGC() && vm_->IsInitialized() && thread_->IsAllContextsInitialized()) { if (vm_->GetJSOptions().ForceFullGC()) { -@@ -3160,6 +3161,7 @@ void ObjectFactory::NewObjectHook() const + vm_->CollectGarbage(TriggerGCType::YOUNG_GC); +@@ -3384,7 +3383,7 @@ void ObjectFactory::NewObjectHook() const + vm_->CollectGarbage(TriggerGCType::OLD_GC); } } - #endif -+*/ +-#endif ++ } JSHandle ObjectFactory::NewTaggedQueue(uint32_t length) +diff --git a/ecmascript/pgo_profiler/pgo_profiler.cpp b/ecmascript/pgo_profiler/pgo_profiler.cpp +index 0fc0311dc..b0233c491 100644 +--- a/ecmascript/pgo_profiler/pgo_profiler.cpp ++++ b/ecmascript/pgo_profiler/pgo_profiler.cpp +@@ -1847,7 +1847,7 @@ ProfileType PGOProfiler::GetRecordProfileType(const std::shared_ptr + } + ProfileType recordType {0}; + if (pf->IsBundlePack()) { +- ASSERT(recordName == JSPandaFile::ENTRY_FUNCTION_NAME); ++ // ASSERT(recordName == JSPandaFile::ENTRY_FUNCTION_NAME); + recordType = CreateRecordProfileType(abcId, ProfileType::RECORD_ID_FOR_BUNDLE); + recordInfos_->GetRecordPool()->Add(recordType, recordName); + return recordType; -- Gitee