Add API to exempt function from being traced in JIT

[bwoebi]

Sometimes extensions need to do hideous stuff which is incompatible with JIT.
As such, I propose a simple API function to mark an op_array as blacklisted.

In the past we've been maintaining our own (https://github.com/DataDog/dd-trace-php/blob/master/zend_abstract_interface/jit_utils/jit_blacklist.c) solution to work around it, with a lot of dlsym and relying on JIT internals.

It would be great if that could be part of API of JIT itself.

[dstogov]

This is not a complete solution.

This will disable JIT only for traces started at function entry, but not for inner loops or the function inlining. This also won't disable the function JIT.

The function zend_jit_blacklist_function() exported from DLL, won't work on Windows.

Anyway, the idea makes sense. I would think about a special no-jit attribute and an ability to add this attribute at run-time. Then we may avoid function JIT compilation and set up of tracing JIT counters. Tracer also should be adjusted to stop the traces at enter/exit to no-jit functions.

[bwoebi]

@dstogov Thanks for pointing this out.

I was under the assumption that if you function inline, you'd include the start of the function, which ... contains that blacklisting point. But I admit I have little idea of the tracing JIT internals.
They honestly scare me :-) JIT itself is fine, but tracing JIT is scary.

I do just not know how to implement that properly then. Is this something you or maybe @iluuu1994 could actually help me out with?

I also do like the idea of special no-jit attributes, as it turns out that the JIT still has some stability issues despite being there for 4 years now, just to disable "known broken functions" as the user.

[dstogov]

I was under the assumption that if you function inline, you'd include the start of the function, which ... contains that blacklisting point. But I admit I have little idea of the tracing JIT internals. They honestly scare me :-) JIT itself is fine, but tracing JIT is scary.

There were a good paper about tracing jit - https://www.semanticscholar.org/paper/Trace-based-just-in-time-compilation-for-lazy-Schilling/8b47d69f96cbc08da737d1f78f3ffd4376f8e135
Unfortunately I don't see a public link now.

I do just not know how to implement that properly then. Is this something you or maybe @iluuu1994 could actually help me out with?

This should be simple. Tracer should stop the recording in case of entering/exiting to disabled function.
@iluuu1994 just made similar thing for property hooks.

[iluuu1994]

For context: 606eb84

[bwoebi]

@dstogov Is it possible for you to have a look at this?

[dstogov]

See comments.

Note, this will prevent JIT-ing of the function, but not the execution of the previously JIT-ed traces that are started in different functions and inline (or return to) the blacklisted one.

[dstogov]

Make a normal API not a yet another hack for your observer.

[bwoebi]

I don't understand what you mean? What would "a normal API" look like?

[dstogov]

• Make it work through use-level opcache_jit_blacklist() function (similar opcache_invalidate) or use "no-jit" PHP attribute, etc
• Describe the API (behavior should not be driven by implementation details, it should satisfy the requirements).

[dstogov]

How this is related to the API?

[bwoebi]

Note, this will prevent JIT-ing of the function, but not the execution of the previously JIT-ed traces that are started in different functions and inline (or return to) the blacklisted one.

Yes, that's how this is related. It's an escape hatch how I am manually able to force-skip manually disabled functions by returning EG(vm_interrupt) in an observer. I have no better idea on how to achieve that short of keeping a mapping on what functions are inlined in what trace and using that to clear existing traces or such...

[dstogov]

So you insert additional interrupt check just to check if the function was blacklisted at run-time and invalidate the current trace. How do you do this?

• why can't you do this "black work" in jit_observer_fcall_begin()?
• you still miss the case when trace ir returned to blacklisted function.

[bwoebi]

jit_observer_fcall_begin is also use by ICALLs, but for ICALL this is in the middle of the opcode. There's no way to safely resume there - the de-optimization has to point either at the ICALL opcode or the one after. In the former case it'll run observers twice (that's bad) or it'll bypass the internal handle call completely and skip the end handlers (that's bad too).

you still miss the case when trace ir returned to blacklisted function.

Yes. I'm not sure whether that's a problem though. But I also have no idea on how to avoid that.

[dstogov]

I think, the thing you are trying to achieve is - "lazy deoptimization".
There were some related V8 papers/presentations.

[bwoebi]

Yeah, but actually doing it properly is fully overkill for our needs :-)

[dstogov]

You may use jit_extension->func_info.flags check to stop tracing.
Just remove ZEND_FUNC_JIT_ON_HOT_TRACE flag.

[dstogov]

you should check jit_extension->func_info.flags not the opline flags.

[dstogov]

This should be done with lock and SHM unprotectd.

[dstogov]

Reset ZEND_FUNC_JIT_ON_HOT_TRACE in jit_extension->func_info.flags instead.

[bwoebi]

@dstogov Is the current iteration more in line with your expectations? I'd still like to retain the zend_jit_blacklist_function() as an API to use via dlsym() - as it's naturally much less overhead to directly pass the op_array than having to fetch it somehow.

[dstogov]

This looks better, but probably the big part of the patch is not necessary now. Se the comments.
I don't care about dlsym() usage a lot.

[dstogov]

Is it possible to support other JIT triggers? (function JIT)

[bwoebi]

I have no idea how that works. Gladly, I'd do it, if I knew how.

[dstogov]

This is relatively easy for functions that are not JIT-ed yet. See zend_jit_op_array() in zend_jit.c. It creates different zend_jit_op_array*_extension structures for different triggers. The trigger may be determined through corresponding flag in jit_extension->func_info.flags``. So for different triggers you should just restore the original handlers. This should work for ZEND_JIT_ON_FIRST_EXEC, ZEND_JIT_ON_PROF_REQUEST (only one handler should be reverted), and ZEND_JIT_ON_HOT_COUNTERS (all handlers should be reverted).

For ZEND_JIT_ON_SCRIPT_LOAD trigger and op_arrays JIT-ed because of ZEND_JIT_ON_FIRST_EXEC, ZEND_JIT_ON_PROF_REQUEST and ZEND_JIT_ON_HOT_COUNTERS we should use zend_jit_op_array_extension structure with ZEND_JIT_ON_SCRIPT_LOAD flag and single entry handler. It's possible to create it in zend_real_jit_func or zend_jit.

Anyway, this looks not trivial and may delay this PR for edges.

[dstogov]

ZendAccelerator.c first do this in opposite order. First SHM_UNPROTECT() then zend_shared_alloc_lock().
This was done to allow usage of spin-locks. I'm not sure if this makes any difference, but it's better to use the same order everywhere.

[bwoebi]

I'm copying the logic from zend_jit_blacklist_root_trace where it's first alloc_lock, then SHM_UNPROTECT?

[dstogov]

OK. This is not a big problem.

[dstogov]

This code is not necessary anymore.
You may stop tracing checking (jit_extension->func_info.flags & ZEND_FUNC_JIT_ON_HOT_TRACE).
If you need to make difference between stop = ZEND_JIT_TRACE_STOP_INTERPRETER and ZEND_JIT_TRACE_STOP_BLACK_LIST you may add another flag into jit_extension->func_info.flags.

[dstogov]

I'm not completely sure if this is the right place to stop tracing.
Now you prevent code-generation for the call sequence INIT_FCALL, SEND*, DO_FCALL

I think it should be stopped at the point where we record ZEND_JIT_TRACE_ENTER.
Actually this should already work out of the box because of ZEND_FUNC_JIT_ON_HOT_TRACE check at

php-src/ext/opcache/jit/zend_jit_vm_helpers.c

Line 944 in 1b9568d

|| UNEXPECTED(!(jit_extension->func_info.flags & ZEND_FUNC_JIT_ON_HOT_TRACE))) {

I'm not completely sure...
This should also take care about termination at the point where we record ZEND_JIT_TRACE_BACK, that you missed previously.

Probably you may safely remove your changes in zend_jit_trace_execute() and zend_jit_trace_record_fake_init_call_ex()

[bwoebi]

I wanted to do the same changes here than around lines 515 (see above), but forgot about it. Pushed the correction.

[dstogov]

I don't see critical problems any more.

[dstogov]

It would be good to have a least one test for this function.
I suppose, it can't be called at this moment... :)

There is a big question about usability of this API.
It can prevent and revert JIT-ing of already cached functions, but it can't disable setting JIT counters at the first place.

[bwoebi]

It can be called, but not really tested for its functionality, unless you have a way how to check whether a function is actually executed under jit without looking at it in gdb.
So added a very basic test, just calling it in a JIT scenario, to make sure it doesn't crash. Manually verified it works, too.

[dstogov]

Oh, sorry, my mistake. I forgot about automatic registration through opcache.stub.php.