[fastcall] Fix MachineType for FP TypedArray arguments

This CL fixes an issue in EffectControlLinearizer, where the primitive type of the argument of a fast C call was used to compute its MachineType even when the argument was actually a TypedArray, which should always be treated as a Tagged type. This resulted in Float32/64 typed arrays being passed in FP registers, leading to a crash in the register allocator. Drive-by fix: Fixed output from --trace-turbo-alloc so that all of its sub-parts are printed with PrintF, avoiding interleaved log lines. Bug: chromium:1260954 Change-Id: I249c8629daae3af437fb52f53f45211f3a214222 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3231341 Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/main@{#77521}
2021-10-19 17:20:56 +02:00 · 2021-10-19 17:20:56 +02:00 · e1f5e68ebb
commit e1f5e68ebb
parent d909af0895
5 changed files with 56 additions and 5 deletions
--- a/src/compiler/backend/register-allocator.cc
+++ b/src/compiler/backend/register-allocator.cc
@ -1150,7 +1150,8 @@ void LinearScanAllocator::PrintRangeRow(std::ostream& os,
  os << '\n';
 }

-void LinearScanAllocator::PrintRangeOverview(std::ostream& os) {
+void LinearScanAllocator::PrintRangeOverview() {
+  std::ostringstream os;
  PrintBlockRow(os, code()->instruction_blocks());
  for (auto const toplevel : data()->fixed_live_ranges()) {
    if (toplevel == nullptr) continue;
@ -1162,6 +1163,7 @@ void LinearScanAllocator::PrintRangeOverview(std::ostream& os) {
    if (rowcount++ % 10 == 0) PrintBlockRow(os, code()->instruction_blocks());
    PrintRangeRow(os, toplevel);
  }
+  PrintF("%s\n", os.str().c_str());
 }

 SpillRange::SpillRange(TopLevelLiveRange* parent, Zone* zone)
@ -3512,7 +3514,7 @@ void LinearScanAllocator::AllocateRegisters() {
  data()->ResetSpillState();

  if (data()->is_trace_alloc()) {
-    PrintRangeOverview(std::cout);
+    PrintRangeOverview();
  }

  const size_t live_ranges_size = data()->live_ranges().size();
@ -3756,7 +3758,7 @@ void LinearScanAllocator::AllocateRegisters() {
  }

  if (data()->is_trace_alloc()) {
-    PrintRangeOverview(std::cout);
+    PrintRangeOverview();
  }
 }

--- a/src/compiler/backend/register-allocator.h
+++ b/src/compiler/backend/register-allocator.h
@ -1505,7 +1505,7 @@ class LinearScanAllocator final : public RegisterAllocator {

  void PrintRangeRow(std::ostream& os, const TopLevelLiveRange* toplevel);

-  void PrintRangeOverview(std::ostream& os);
+  void PrintRangeOverview();

  UnhandledLiveRangeQueue unhandled_live_ranges_;
  ZoneVector<LiveRange*> active_live_ranges_;
--- a/src/compiler/effect-control-linearizer.cc
+++ b/src/compiler/effect-control-linearizer.cc
@ -5341,8 +5341,11 @@ Node* EffectControlLinearizer::LowerFastApiCall(Node* node) {
  MachineType return_type = MachineTypeFor(c_signature->ReturnInfo().GetType());
  builder.AddReturn(return_type);
  for (int i = 0; i < c_arg_count; ++i) {
+    CTypeInfo type = c_signature->ArgumentInfo(i);
    MachineType machine_type =
-        MachineTypeFor(c_signature->ArgumentInfo(i).GetType());
+        type.GetSequenceType() == CTypeInfo::SequenceType::kScalar
+            ? MachineTypeFor(type.GetType())
+            : MachineType::AnyTagged();
    builder.AddParam(machine_type);
  }
  if (c_signature->HasOptions()) {
--- a/src/d8/d8-test.cc
+++ b/src/d8/d8-test.cc
@ -576,6 +576,26 @@ Local<FunctionTemplate> Shell::CreateTestFastCApiTemplate(Isolate* isolate) {
            SideEffectType::kHasSideEffect,
            &add_all_uint32_typed_array_c_func));

+    CFunction add_all_float32_typed_array_c_func =
+        CFunction::Make(FastCApiObject::AddAllTypedArrayFastCallback<float>);
+    api_obj_ctor->PrototypeTemplate()->Set(
+        isolate, "add_all_float32_typed_array",
+        FunctionTemplate::New(
+            isolate, FastCApiObject::AddAllTypedArraySlowCallback,
+            Local<Value>(), signature, 1, ConstructorBehavior::kThrow,
+            SideEffectType::kHasSideEffect,
+            &add_all_float32_typed_array_c_func));
+
+    CFunction add_all_float64_typed_array_c_func =
+        CFunction::Make(FastCApiObject::AddAllTypedArrayFastCallback<double>);
+    api_obj_ctor->PrototypeTemplate()->Set(
+        isolate, "add_all_float64_typed_array",
+        FunctionTemplate::New(
+            isolate, FastCApiObject::AddAllTypedArraySlowCallback,
+            Local<Value>(), signature, 1, ConstructorBehavior::kThrow,
+            SideEffectType::kHasSideEffect,
+            &add_all_float64_typed_array_c_func));
+
    const CFunction add_all_overloads[] = {
        add_all_uint32_typed_array_c_func,
        add_all_seq_c_func,
--- a/test/mjsunit/compiler/fast-api-sequences.js
+++ b/test/mjsunit/compiler/fast-api-sequences.js
@ -147,6 +147,32 @@ for (let i = 0; i < 100; i++) {
  ExpectFastCall(uint32_test, 6);
 })();

+(function () {
+  function float32_test(should_fallback = false) {
+    let typed_array = new Float32Array([1.3, 2.4, 3.5]);
+    return fast_c_api.add_all_float32_typed_array(false /* should_fallback */,
+      typed_array);
+  }
+  if (fast_c_api.supports_fp_params) {
+    ExpectFastCall(float32_test, 7.2);
+  } else {
+    ExpectSlowCall(float32_test, 7.2);
+  }
+})();
+
+(function () {
+  function float64_test(should_fallback = false) {
+    let typed_array = new Float64Array([1.3, 2.4, 3.5]);
+    return fast_c_api.add_all_float64_typed_array(false /* should_fallback */,
+      typed_array);
+  }
+  if (fast_c_api.supports_fp_params) {
+    ExpectFastCall(float64_test, 7.2);
+  } else {
+    ExpectSlowCall(float64_test, 7.2);
+  }
+})();
+
 (function () {
  function detached_typed_array_test(should_fallback = false) {
    let typed_array = new Int32Array([-42, 1, 2, 3]);