AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

[compiler] Only spill SIMD reg if valid

Browse Source 
The allocatable registers have holes, so not all FP registers are one
half of a valid SIMD register. Thus check if {GetAliases} returned an
allocatable SIMD register before looking up if that register is being
used. Otherwise we run into a DCHECK because {simd_reg} is invalid.

The bug was only introduced recently: https://crrev.com/c/3404780

R=thibaudm@chromium.org

Bug: chromium:1290079, v8:12330
Change-Id: I99df1645cfeec375daec82dbf41c110b5474339c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3412075
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78742}
This commit is contained in:
Clemens Backes 2022-01-24 15:13:32 +01:00 committed by V8 LUCI CQ
parent c8cda40b6e
commit 9d0222424e
3 changed files with 51 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/compiler/backend/mid-tier-register-allocator.cc
View File

@ -1905,8 +1905,9 @@ void SinglePassRegisterAllocator::SpillRegisterAtMerge(
(rep == MachineRepresentation::kFloat64 ? 1 : 2));
RegisterIndex simd_reg =
FromRegCode(simd_reg_code, MachineRepresentation::kSimd128);
DCHECK(simd_reg == reg || simdSibling(simd_reg) == reg);
if (reg_state->IsAllocated(simd_reg)) {
DCHECK(!simd_reg.is_valid() || simd_reg == reg ||
simdSibling(simd_reg) == reg);
if (simd_reg.is_valid() && reg_state->IsAllocated(simd_reg)) {
int virtual_register = reg_state->VirtualRegisterForRegister(simd_reg);
VirtualRegisterData& vreg_data =
data_->VirtualRegisterDataFor(virtual_register);

1
test/mjsunit/mjsunit.status
View File

@ -1549,6 +1549,7 @@
'regress/wasm/regress-1286253': [SKIP],
'regress/wasm/regress-1283395': [SKIP],
'regress/wasm/regress-1289678': [SKIP],
'regress/wasm/regress-1290079': [SKIP],
}], # no_simd_hardware == True
##############################################################################

47
test/mjsunit/regress/wasm/regress-1290079.js Normal file
View File

@ -0,0 +1,47 @@
// Copyright 2022 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --no-liftoff --turbo-force-mid-tier-regalloc
d8.file.execute('test/mjsunit/wasm/wasm-module-builder.js');
const builder = new WasmModuleBuilder();
builder.addFunction(undefined, makeSig([], [kWasmS128]))
.addBody([
...wasmS128Const(new Array(16).fill(0)), // s128.const
...wasmS128Const(new Array(16).fill(0)), // s128.const
...wasmS128Const(new Array(16).fill(0)), // s128.const
kExprI32Const, 0x00, // i32.const
kSimdPrefix, kExprI8x16ReplaceLane, 0x00, // i8x16.replace_lane
kSimdPrefix, kExprI8x16GtS, // i8x16.gt_s
kSimdPrefix, kExprI16x8Ne, // i16x8.ne
...wasmS128Const(new Array(16).fill(1)), // s128.const
kExprI32Const, 0x00, // i32.const
kSimdPrefix, kExprI8x16ReplaceLane, 0x00, // i8x16.replace_lane
kExprI32Const, 0x00, // i32.const
kSimdPrefix, kExprI8x16ReplaceLane, 0x00, // i8x16.replace_lane
...wasmS128Const(new Array(16).fill(2)), // s128.const
kSimdPrefix, kExprI16x8Eq, // i16x8.eq
kSimdPrefix, kExprI16x8Ne, // i16x8.ne
...wasmS128Const(new Array(16).fill(1)), // s128.const
...wasmS128Const(new Array(16).fill(1)), // s128.const
...wasmS128Const(new Array(16).fill(0)), // s128.const
kSimdPrefix, kExprI16x8AddSatU, 0x01, // i16x8.add_sat_u
...wasmS128Const(new Array(16).fill(0)), // s128.const
...wasmS128Const(new Array(16).fill(0)), // s128.const
kSimdPrefix, kExprI16x8Sub, 0x01, // i16x8.sub
kSimdPrefix, kExprI64x2ExtMulHighI32x4U, 0x01, // i64x2.extmul_high_i32x4_u
kSimdPrefix, kExprI64x2ExtMulLowI32x4S, 0x01, // i64x2.extmul_low_i32x4_s
kExprF32Const, 0x00, 0x00, 0x00, 0x00, // f32.const
kExprF32Const, 0x00, 0x00, 0x00, 0x00, // f32.const
kExprF32Mul, // f32.mul
kExprF32Const, 0x00, 0x00, 0x00, 0x00, // f32.const
...wasmS128Const(new Array(16).fill(0)), // s128.const
kSimdPrefix, kExprI16x8ExtractLaneS, 0x00, // i16x8.extract_lane_s
kExprSelect, // select
kNumericPrefix, kExprI32SConvertSatF32, // i32.trunc_sat_f32_s
kSimdPrefix, kExprI8x16ReplaceLane, 0x00, // i8x16.replace_lane
kSimdPrefix, kExprI16x8Ne, // i16x8.ne
]);
builder.toModule();