Tail call VM [2]

[arnaud-lb]

Related:

• This is the second part of Tail call VM #17849
• First part was Pass opline as argument to opcode handlers in CALL VM #17952

This part takes tail-calling and preserve_none from #17849:

• Opcode handlers dispatch directly to the next handler by tail-calling, which reduces function call overhead and avoids returning to the executor loop
• preserve_none reduces register saving overhead in opcode handlers

This also implements JIT support.

Non-dispatching opcode handlers

JIT needs non-dispatching opcode handlers (opcode handlers that return instead of calling the next one). I've tried two approaches for this:

• Generate a second, non-dispatching, variant of each handler. Use the variant as call_handler
• Use indirect dispatch similarly to the hybrid VM: zend_op->handler is a function that calls the real handler and dispatches.

I've tried both approach (the first one in this branch, and the second one in master...arnaud-lb:php-src:hybrid-tailcall.

The second approach resulted in a slightly slower VM due to indirect dispatching, and JIT generated more spilling when calling handlers as they clobber all registers.

Therefore I've taken the first approach in this PR.

A 3rd approach would be to control dispatching via an additional handler parameter, or to pass a dispatch function to handlers, but I suspect this would have been slower.

Fixed regs and preserved regs

Thanks to the preserve_none convention, JIT'ed code only has to preserve rbp, which reduces the size of prologue/epilogue. Instead of preserving it, I add it to the set of fixed registers, so it's not used. This results in faster code.

Also, quite conveniently, preserve_none receives its first arguments via registers that are callee-saved in sysv. Therefore we can use the arg1 and arg2 regs as our fixed registers. This avoids moving arg1 and arg2 to SP/IP in prologue, or setting arg1/arg2 when tail-calling other handlers.

Benchmarks:

Benchmark	Mode	vs base	vs gcc	vs valgrind
bench.php	JIT	-4%	-0%	-5%
bench.php	Non-JIT	-44%	+3%
symfony demo	JIT	-0%	-0%
symfony demo	Non-JIT	-2.8%	-0%

base: Clang build of master, wall time
gcc: GCC build of master, wall time
valgrind: Clang build of master, valgrind instructions

Conclusion: Clang builds are now as fast GCC builds on the Symfony Demo benchmark in both JIT and non-JIT modes.

Issues

• The preserve_none calling convention is documented as unstable. JIT would break if it changed. I suggest checking this at build time, and disabling this optimization (tailcalling + preserve_none) if preserve_none changed.
• Clang currently fails to build PHP when using preserve_none and ASAN, therefore we disable this if ASAN is enabled. Edit: This seems to be fixed in recent Clang versions.

TODO

• x86
• aarch64
• IR PRs
• preserve_none configure check

[arnaud-lb]

Added basic preserve_none support to IR.

What's missing:

• Tail-calling is supported, but not normal calls
• Var args

I will submit this as a proper PR separately

[arnaud-lb]

This fixes a bug where TAILCALL() op2 would be overridden by epilogue before the call.

I will submit this as a proper PR separately.

[arnaud-lb]

Typed handler pointers in a few places to prevent confusion between orig handler and call handlers (zend_vm_opcode_handler_t / zend_vm_opcode_handler_func_t).

[arnaud-lb]

Tail-calling was not possible due to the extra arg in zend_jit_trace_counter_helper, so I removed it.

Alternative would be to define these handlers in IR, as we do for the hybrid JIT.

[dstogov]

I didn't understand why extra_arg became a problem

[arnaud-lb]

Clang ˋmusttailˋ disallows calling functions with a different signature. Presumably this is to garantee portability. This is discussed here: https://blog.reverberate.org/2025/02/10/tail-call-updates.html

[arnaud-lb]

@dstogov this is still a WIP, but I would like to have your opinion on this. This is the same ideas as #17849, but with JIT support which implies a few things described above. I would like your opinion before handling the items in the todo list.

[dstogov]

The idea makes sense and the benchmark results look promising.
It's also interesting how it affects the VM code size.

Unfortunately at this moment I can't review a huge path like this in all details.
Anyway, I think it makes sense to finalize and land it.

[dstogov]

Originally zend_vm.h was an abstraction layer API over the actual VM implementation.
Including zend_vm_opcodes.h breaks this decision.
This is not a huge problem, just a note.

[dstogov]

C standard doesn't require returning content of struct in a pair of registers.
x86_64 ABI does this, but all other ABIs have to be checked (x86, Windows64, ...).

[dstogov]

It makes sense to merge this separately.

[dstogov]

It would be better to assign a temporary register during register allocation/assignment phase.
Why can't we select a good op2_reg in the first place?

[arnaud-lb]

I think adding a constraint will sometimes result in less efficient code. E.g. if op2 is RLOAD(x), with x not in the used preserved regs, we might emit a mov when it's not necessary.

We can use a hint, but then we still need to also handle it in emit.

One difficulty either way is we don't know the set of used preserved registers when assigning hints / constraints. (Except when it's fixed.)

That being said I'm not familiar with the RA so there may be a solution I'm not seeing. Do you have hints / pointers?

[dstogov]

In general, if you request for a temporary register (like here https://github.com/dstogov/ir/blob/master/ir_x86.dasc#L1186), RA should select one that doesn't interfere with other used registers. This may don't take into account the epilogue code assumed by TAILCALL.

[dstogov]

fixed_regs are the registers reserved for the register variables.
I remember there were some problems with RBP usage, but I don't remember the exact problem.

[arnaud-lb]

In this case I add the register only to prevent the RA from using it. This is less expensive than adding it to the set of preserved registers. The same thing is done for the HYBRID VM a few lines below.

[dstogov]

I didn't understand why extra_arg became a problem