[webkit-changes] [WebKit/WebKit] a820d8: SIMD values should be saved during OSR entry.
Justin Michaud
noreply at github.com
Thu Dec 22 21:17:04 PST 2022
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: a820d89ad9983a5a3430269d43b048f0026eb855
https://github.com/WebKit/WebKit/commit/a820d89ad9983a5a3430269d43b048f0026eb855
Author: Justin Michaud <justin_michaud at apple.com>
Date: 2022-12-22 (Thu, 22 Dec 2022)
Changed paths:
M JSTests/wasm/stress/simd-exception.js
A JSTests/wasm/stress/simd-osr-many-vectors.js
M JSTests/wasm/stress/simd-osr.js
M JSTests/wasm/v8/liftoff-simd-params.js
M JSTests/wasm/v8/multi-value-simd.js
M JSTests/wasm/v8/simd-call.js
M JSTests/wasm/v8/simd-errors.js
M JSTests/wasm/v8/simd-globals.js
M JSTests/wasm/v8/simd-i64x2-mul.js
M Source/JavaScriptCore/assembler/MacroAssembler.h
M Source/JavaScriptCore/assembler/MacroAssemblerARM64.cpp
M Source/JavaScriptCore/assembler/MacroAssemblerARMv7.cpp
M Source/JavaScriptCore/assembler/MacroAssemblerMIPS.cpp
M Source/JavaScriptCore/assembler/MacroAssemblerRISCV64.cpp
M Source/JavaScriptCore/assembler/MacroAssemblerX86Common.cpp
M Source/JavaScriptCore/assembler/ProbeContext.h
M Source/JavaScriptCore/b3/B3LowerToAir.cpp
M Source/JavaScriptCore/b3/B3MoveConstants.cpp
M Source/JavaScriptCore/wasm/WasmAirIRGenerator64.cpp
M Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h
M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp
M Source/JavaScriptCore/wasm/WasmBBQPlan.cpp
M Source/JavaScriptCore/wasm/WasmCallee.h
M Source/JavaScriptCore/wasm/WasmIRGeneratorHelpers.h
M Source/JavaScriptCore/wasm/WasmOperations.cpp
M Source/JavaScriptCore/wasm/WasmOperations.h
Log Message:
-----------
SIMD values should be saved during OSR entry.
https://bugs.webkit.org/show_bug.cgi?id=249509
Reviewed by Yusuke Suzuki.
We update the masm probe, b3 and air generators to have a separate
osr entry path that saves the full value of vector registers.
A CPUState can now either have packed fprs or packed vectors, depending on
if the context's Air::Code has usesSIMD == true. This ensures that we
can still load/store pair in the common case, but we do waste some space.
The entry scratch buffer size is doubled when SIMD is used. While this is
wasteful, it is less likely to have bugs. Since this will only regress SIMD
functions, it is hopefully not too bad.
* JSTests/wasm/stress/simd-osr.js:
* Source/JavaScriptCore/assembler/MacroAssembler.h:
* Source/JavaScriptCore/assembler/MacroAssemblerARM64.cpp:
(JSC::MacroAssembler::probe):
* Source/JavaScriptCore/assembler/ProbeContext.h:
(JSC::Probe::CPUState::fpr):
(JSC::Probe::CPUState::vector):
(JSC::Probe::Context::vector):
* Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h:
(JSC::Wasm::ExpressionType>::finalizeEntrypoints):
(JSC::Wasm::ExpressionType>::emitLoopTierUpCheck):
* Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp:
(JSC::Wasm::B3IRGenerator::emitLoopTierUpCheck):
(JSC::Wasm::B3IRGenerator::nextIndexInBuffer):
(JSC::Wasm::B3IRGenerator::loadFromScratchBuffer):
* Source/JavaScriptCore/wasm/WasmBBQPlan.cpp:
(JSC::Wasm::BBQPlan::work):
(JSC::Wasm::BBQPlan::initializeCallees):
* Source/JavaScriptCore/wasm/WasmCallee.h:
* Source/JavaScriptCore/wasm/WasmIRGeneratorHelpers.h:
(JSC::Wasm::buildEntryBufferForCatch):
(JSC::Wasm::buildEntryBufferForCatchSIMD):
(JSC::Wasm::buildEntryBufferForCatchNoSIMD):
(JSC::Wasm::emitCatchPrologueShared):
* Source/JavaScriptCore/wasm/WasmOperations.cpp:
(JSC::Wasm::loadValuesIntoBuffer):
(JSC::Wasm::doOSREntry):
* Source/JavaScriptCore/wasm/WasmOperations.h:
Canonical link: https://commits.webkit.org/258282@main
More information about the webkit-changes
mailing list