[webkit-changes] [WebKit/WebKit] 2dfc93: Handle wide Air::Arg offsets

aoikonomopoulos noreply at github.com
Wed Feb 26 06:32:52 PST 2025 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 2dfc93f6bfab85c3e93186f2e065c0232911b677
      https://github.com/WebKit/WebKit/commit/2dfc93f6bfab85c3e93186f2e065c0232911b677
  Author: Angelos Oikonomopoulos <angelos at igalia.com>
  Date:   2025-02-26 (Wed, 26 Feb 2025)

  Changed paths:
    M Source/JavaScriptCore/b3/B3Common.cpp
    M Source/JavaScriptCore/b3/air/AirAllocateRegistersAndStackAndGenerateCode.cpp
    M Source/JavaScriptCore/b3/air/AirAllocateRegistersAndStackAndGenerateCode.h
    M Source/JavaScriptCore/b3/air/AirCode.cpp
    M Source/JavaScriptCore/b3/air/AirLowerStackArgs.cpp
    M Source/JavaScriptCore/b3/testb3_5.cpp

  Log Message:
  -----------
  Handle wide Air::Arg offsets
https://bugs.webkit.org/show_bug.cgi?id=282490

Reviewed by Yusuke Suzuki and Justin Michaud.

Contrary to the -O1 and -O2 register allocators,
AirAllocateRegistersAndStackAndGenerateCode.cpp calls lowerStackArgs()
first and then does register allocation and code generation in a single
pass.

In that file, callFrameAddr uses the extendedOffsetAddrRegister() as a
scratch register in order to access FP/SP offsets that are too wide for
an immediate offset. However, extendedOffsetAddrRegister() may be live,
since it's also used by lowerStackArgs(). This trivially crashes
testCallFunctionWithHellaArguments3 on ARMv7, but a slightly modified
version of this test will also crash on ARM64.

Specifically, this commit modifies testCallFunctionWithHellaArguments3
to use a number of constant values that are not representable as
immediates on ARM64 (otherwise they become Imm Air::Args), resulting in
a crashing test at O0.

This doesn't affect the other register allocators, as they spill
registers by means of Arg::stack() and only later lowerStackArgs() to
handle these.

We fix this by naively spilling (and immediately reloading)
extendedOffsetAddrRegister() whenever we need to use it to access a wide
offset in callFrameAddr().

With the fix in place, this patch switches ARMv7 to use the same code
paths as ARM64 for handling Air::Args with a wide offset.

* Source/JavaScriptCore/b3/B3Common.cpp:
(JSC::B3::extendedOffsetAddrRegister):
* Source/JavaScriptCore/b3/air/AirAllocateRegistersAndStackAndGenerateCode.cpp:
(JSC::B3::Air::GenerateAndAllocateRegisters::callFrameAddr):
(JSC::B3::Air::GenerateAndAllocateRegisters::withCallFrameAddr):
(JSC::B3::Air::GenerateAndAllocateRegisters::flush):
(JSC::B3::Air::GenerateAndAllocateRegisters::alloc):
(JSC::B3::Air::GenerateAndAllocateRegisters::prepareForGeneration):
(JSC::B3::Air::GenerateAndAllocateRegisters::generate):
(JSC::B3::Air::callFrameAddr): Deleted.
* Source/JavaScriptCore/b3/air/AirAllocateRegistersAndStackAndGenerateCode.h:
* Source/JavaScriptCore/b3/air/AirCode.cpp:
(JSC::B3::Air::Code::Code):
* Source/JavaScriptCore/b3/air/AirLowerStackArgs.cpp:
(JSC::B3::Air::lowerStackArgs):
* Source/JavaScriptCore/b3/testb3_5.cpp:
(JSC_DEFINE_NOEXCEPT_JIT_OPERATION):
(testCallFunctionWithHellaArguments3):

Canonical link: https://commits.webkit.org/291111@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list