Commit 18534a42 authored by Andreas Haas's avatar Andreas Haas Committed by Commit Bot

[wasm][liftoff] Fix index in the initialization of locals

There was a bug that only the last local with a reference type got
initialized to null, all other locals kept the initial value of 0. This
CL fixes this bug.

Additionally this CL optimizes the code slightly. Before this CL, the
null reference was loaded from the instance for every local with
reference type. Now the null reference is cached after the first load
and then used for all other locals.

R=thibaudm@chromium.org

Bug: chromium:1167587
Change-Id: Ic11fc76b650e6daa029491154744fc132778f70d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2632695
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: 's avatarThibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72139}
parent e3f8b5db
...@@ -695,13 +695,17 @@ class LiftoffCompiler { ...@@ -695,13 +695,17 @@ class LiftoffCompiler {
if (FLAG_experimental_liftoff_extern_ref) { if (FLAG_experimental_liftoff_extern_ref) {
// Initialize all reference type locals with ref.null. // Initialize all reference type locals with ref.null.
for (uint32_t param_idx = num_params; param_idx < __ num_locals(); Register null_ref_reg = no_reg;
++param_idx) { for (uint32_t local_index = num_params; local_index < __ num_locals();
ValueType type = decoder->local_type(param_idx); ++local_index) {
ValueType type = decoder->local_type(local_index);
if (type.is_reference_type()) { if (type.is_reference_type()) {
LiftoffRegister result = __ GetUnusedRegister(kGpReg, {}); if (null_ref_reg == no_reg) {
LoadNullValue(result.gp(), {}); null_ref_reg = __ GetUnusedRegister(kGpReg, {}).gp();
__ Spill(__ cache_state()->stack_state.back().offset(), result, type); LoadNullValue(null_ref_reg, {});
}
__ Spill(__ cache_state()->stack_state[local_index].offset(),
LiftoffRegister(null_ref_reg), type);
} }
} }
} }
......
...@@ -206,15 +206,18 @@ load("test/mjsunit/wasm/wasm-module-builder.js"); ...@@ -206,15 +206,18 @@ load("test/mjsunit/wasm/wasm-module-builder.js");
(function testExternRefLocalDefaultValue() { (function testExternRefLocalDefaultValue() {
print(arguments.callee.name); print(arguments.callee.name);
const builder = new WasmModuleBuilder(); const numLocals = 3;
builder.addFunction('main', kSig_r_v) for (let i = 0; i < numLocals; ++i) {
.addBody([kExprLocalGet, 0]) const builder = new WasmModuleBuilder();
.addLocals(kWasmExternRef, 1) builder.addFunction('main', kSig_r_v)
.exportFunc(); .addBody([kExprLocalGet, i])
.addLocals(kWasmExternRef, numLocals)
.exportFunc();
const instance = builder.instantiate(); const instance = builder.instantiate();
assertEquals(null, instance.exports.main()); assertEquals(null, instance.exports.main());
}
})(); })();
(function testImplicitReturnNullAsExternRef() { (function testImplicitReturnNullAsExternRef() {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment