From fdb4a0c170cf3661276966ee013c508d5077b7e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C3=ABl=20Zasso?= Date: Sat, 17 Apr 2021 16:28:45 +0200 Subject: [PATCH] deps: V8: cherry-pick 5c6c99a8dc72 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Original commit message: Merged: [liftoff][arm] Release temp registers after use The {ParallelRegisterMove} at the end of {AtomicLoad} might need a temporary scratch register for spilling values to the stack. Make sure that one is available by giving up the scratch register used for the address of the atomic access. TBR=​ahaas@chromium.org (cherry picked from commit 63166010061d2af4fef6a713d448ebf074a9d2cb) (cherry picked from commit 953f7a9dcb1425616e3be67fdfe6ef8d820f0daa) Bug: chromium:1153442 Change-Id: Ie312b37857e226058581b300b5adb1f14476c155 No-Try: true No-Presubmit: true No-Tree-Checks: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2584959 Reviewed-by: Clemens Backes Commit-Queue: Clemens Backes Cr-Original-Commit-Position: refs/branch-heads/8.7@{#60} Cr-Original-Branched-From: 0d81cd72688512abcbe1601015baee390c484a6a-refs/heads/8.7.220@{#1} Cr-Original-Branched-From: 942c2ef85caef00fcf02517d049f05e9a3d4b440-refs/heads/master@{#70196} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2656263 Reviewed-by: Victor-Gabriel Savu Commit-Queue: Artem Sumaneev Cr-Commit-Position: refs/branch-heads/8.6@{#58} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: https://github.com/v8/v8/commit/5c6c99a8dc720936c07cd97b1eec12514dca9116 PR-URL: https://github.com/nodejs/node/pull/38275 Reviewed-By: Matteo Collina Reviewed-By: Jiawen Geng Reviewed-By: Shelley Vohr --- common.gypi | 2 +- .../wasm/baseline/arm/liftoff-assembler-arm.h | 14 ++--- .../mjsunit/regress/wasm/regress-1153442.js | 61 +++++++++++++++++++ 3 files changed, 69 insertions(+), 8 deletions(-) create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-1153442.js diff --git a/common.gypi b/common.gypi index a1c01c922d0d42..414d4ea32ce19b 100644 --- a/common.gypi +++ b/common.gypi @@ -36,7 +36,7 @@ # Reset this number to 0 on major V8 upgrades. # Increment by one for each non-official patch applied to deps/v8. - 'v8_embedder_string': '-node.42', + 'v8_embedder_string': '-node.43', ##### V8 defaults for Node.js ##### diff --git a/deps/v8/src/wasm/baseline/arm/liftoff-assembler-arm.h b/deps/v8/src/wasm/baseline/arm/liftoff-assembler-arm.h index eb91b79ea55a95..9aeffbab576983 100644 --- a/deps/v8/src/wasm/baseline/arm/liftoff-assembler-arm.h +++ b/deps/v8/src/wasm/baseline/arm/liftoff-assembler-arm.h @@ -880,11 +880,13 @@ void LiftoffAssembler::AtomicLoad(LiftoffRegister dst, Register src_addr, if (cache_state()->is_used(LiftoffRegister(dst_high))) { SpillRegister(LiftoffRegister(dst_high)); } - UseScratchRegisterScope temps(this); - Register actual_addr = liftoff::CalculateActualAddress( - this, &temps, src_addr, offset_reg, offset_imm); - ldrexd(dst_low, dst_high, actual_addr); - dmb(ISH); + { + UseScratchRegisterScope temps(this); + Register actual_addr = liftoff::CalculateActualAddress( + this, &temps, src_addr, offset_reg, offset_imm); + ldrexd(dst_low, dst_high, actual_addr); + dmb(ISH); + } LiftoffAssembler::ParallelRegisterMoveTuple reg_moves[]{ {dst, LiftoffRegister::ForPair(dst_low, dst_high), kWasmI64}}; @@ -1196,12 +1198,10 @@ void LiftoffAssembler::Move(DoubleRegister dst, DoubleRegister src, } void LiftoffAssembler::Spill(int offset, LiftoffRegister reg, ValueType type) { -#ifdef DEBUG // The {str} instruction needs a temp register when the immediate in the // provided MemOperand does not fit into 12 bits. This happens for large stack // frames. This DCHECK checks that the temp register is available when needed. DCHECK(UseScratchRegisterScope{this}.CanAcquire()); -#endif DCHECK_LT(0, offset); RecordUsedSpillOffset(offset); MemOperand dst(fp, -offset); diff --git a/deps/v8/test/mjsunit/regress/wasm/regress-1153442.js b/deps/v8/test/mjsunit/regress/wasm/regress-1153442.js new file mode 100644 index 00000000000000..989da11a25b85f --- /dev/null +++ b/deps/v8/test/mjsunit/regress/wasm/regress-1153442.js @@ -0,0 +1,61 @@ +// Copyright 2020 the V8 project authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// Flags: --experimental-wasm-threads + +load('test/mjsunit/wasm/wasm-module-builder.js'); + +const builder = new WasmModuleBuilder(); +builder.addMemory(1, 1, false, true); +builder.addGlobal(kWasmI32, 1); +builder.addGlobal(kWasmI32, 1); +builder.addType(makeSig([kWasmI32, kWasmI64, kWasmI32], [])); +// Generate function 1 (out of 1). +builder.addFunction(undefined, 0 /* sig */) + .addLocals(kWasmI32, 10) + .addBodyWithEnd([ +// signature: v_ili +// body: +kExprI32Const, 0x00, // i32.const +kExprLocalSet, 0x04, // local.set +kExprI32Const, 0x01, // i32.const +kExprLocalSet, 0x05, // local.set +kExprBlock, kWasmStmt, // block @11 + kExprBr, 0x00, // br depth=0 + kExprEnd, // end @15 +kExprGlobalGet, 0x01, // global.get +kExprLocalSet, 0x03, // local.set +kExprLocalGet, 0x03, // local.get +kExprI32Const, 0x01, // i32.const +kExprI32Sub, // i32.sub +kExprLocalSet, 0x06, // local.set +kExprI64Const, 0x01, // i64.const +kExprLocalSet, 0x01, // local.set +kExprI32Const, 0x00, // i32.const +kExprI32Eqz, // i32.eqz +kExprLocalSet, 0x07, // local.set +kExprBlock, kWasmStmt, // block @36 + kExprBr, 0x00, // br depth=0 + kExprEnd, // end @40 +kExprGlobalGet, 0x01, // global.get +kExprLocalSet, 0x08, // local.set +kExprI32Const, 0x01, // i32.const +kExprI32Const, 0x01, // i32.const +kExprI32Sub, // i32.sub +kExprLocalSet, 0x09, // local.set +kExprLocalGet, 0x00, // local.get +kExprLocalSet, 0x0a, // local.set +kExprGlobalGet, 0x00, // global.get +kExprLocalSet, 0x0b, // local.set +kExprI32Const, 0x00, // i32.const +kExprI32Const, 0x0f, // i32.const +kExprI32And, // i32.and +kExprLocalSet, 0x0c, // local.set +kExprI32Const, 0x00, // i32.const +kAtomicPrefix, kExprI64AtomicLoad, 0x03, 0x04, // i64.atomic.load64 +kExprDrop, // drop +kExprUnreachable, // unreachable +kExprEnd, // end @75 +]); +builder.toModule();