Commit 6b7bd995 authored by Igor Sheludko's avatar Igor Sheludko Committed by Commit Bot

Reland "[ptr-compr] Fix incorrectly used machine types"

This is a reland of b8e8b0de

Original change's description:
> [ptr-compr] Fix incorrectly used machine types
> 
> in TurboFan, CSA, Wasm and compiler tests. Tagged values decompression
> logic will depend on the machine type of the value being loaded so it must
> be correct.
> 
> Bug: v8:7703
> Change-Id: Ia9e7cc1e273e5a458d9de8aaa4adb0c970413b8b
> Reviewed-on: https://chromium-review.googlesource.com/c/1319573
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57280}

Bug: v8:7703
Change-Id: I2c740bab9a800520ebfb83334345bd5641b7e408
Reviewed-on: https://chromium-review.googlesource.com/c/1320850Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57314}
parent d6846787
......@@ -524,8 +524,7 @@ Node* ConstructorBuiltinsAssembler::EmitCreateShallowObjectLiteral(
{
// Copy over in-object properties.
Label continue_with_write_barrier(this), done_init(this);
VARIABLE(offset, MachineType::PointerRepresentation(),
IntPtrConstant(JSObject::kHeaderSize));
TVARIABLE(IntPtrT, offset, IntPtrConstant(JSObject::kHeaderSize));
// Mutable heap numbers only occur on 32-bit platforms.
bool may_use_mutable_heap_numbers =
FLAG_track_double_fields && !FLAG_unbox_double_fields;
......@@ -535,16 +534,21 @@ Node* ConstructorBuiltinsAssembler::EmitCreateShallowObjectLiteral(
Branch(WordEqual(offset.value(), instance_size), &done_init,
&continue_fast);
BIND(&continue_fast);
Node* field = LoadObjectField(boilerplate, offset.value());
if (may_use_mutable_heap_numbers) {
TNode<Object> field = LoadObjectField(boilerplate, offset.value());
Label store_field(this);
GotoIf(TaggedIsSmi(field), &store_field);
GotoIf(IsMutableHeapNumber(field), &continue_with_write_barrier);
GotoIf(IsMutableHeapNumber(CAST(field)), &continue_with_write_barrier);
Goto(&store_field);
BIND(&store_field);
}
StoreObjectFieldNoWriteBarrier(copy, offset.value(), field);
offset.Bind(IntPtrAdd(offset.value(), IntPtrConstant(kPointerSize)));
} else {
// Copy fields as raw data.
TNode<IntPtrT> field =
LoadObjectField<IntPtrT>(boilerplate, offset.value());
StoreObjectFieldNoWriteBarrier(copy, offset.value(), field);
}
offset = IntPtrAdd(offset.value(), IntPtrConstant(kPointerSize));
Branch(WordNotEqual(offset.value(), instance_size), &continue_fast,
&done_init);
}
......
......@@ -864,6 +864,13 @@ class V8_EXPORT_PRIVATE CodeStubAssembler : public compiler::CodeAssembler {
return UncheckedCast<Object>(
LoadObjectField(object, offset, MachineType::AnyTagged()));
}
template <class T, typename std::enable_if<
std::is_convertible<TNode<T>, TNode<UntaggedT>>::value,
int>::type = 0>
TNode<T> LoadObjectField(TNode<HeapObject> object, TNode<IntPtrT> offset) {
return UncheckedCast<T>(
LoadObjectField(object, offset, MachineTypeOf<T>::value));
}
// Load a SMI field and untag it.
TNode<IntPtrT> LoadAndUntagObjectField(SloppyTNode<HeapObject> object,
int offset);
......@@ -1231,6 +1238,15 @@ class V8_EXPORT_PRIVATE CodeStubAssembler : public compiler::CodeAssembler {
Node* StoreObjectFieldNoWriteBarrier(
Node* object, Node* offset, Node* value,
MachineRepresentation rep = MachineRepresentation::kTagged);
template <class T = Object>
TNode<T> StoreObjectFieldNoWriteBarrier(TNode<HeapObject> object,
TNode<IntPtrT> offset,
TNode<T> value) {
return UncheckedCast<T>(StoreObjectFieldNoWriteBarrier(
object, offset, value, MachineRepresentationOf<T>::value));
}
// Store the Map of an HeapObject.
Node* StoreMap(Node* object, Node* map);
Node* StoreMapNoWriteBarrier(Node* object, RootIndex map_root_index);
......
......@@ -2947,7 +2947,7 @@ Node* EffectControlLinearizer::LowerArgumentsFrame(Node* node) {
Node* frame = __ LoadFramePointer();
Node* parent_frame =
__ Load(MachineType::AnyTagged(), frame,
__ Load(MachineType::Pointer(), frame,
__ IntPtrConstant(StandardFrameConstants::kCallerFPOffset));
Node* parent_frame_type = __ Load(
MachineType::AnyTagged(), parent_frame,
......
......@@ -81,22 +81,33 @@ MachineType assert_size(int expected_size, MachineType type) {
#define WASM_INSTANCE_OBJECT_OFFSET(name) \
wasm::ObjectAccess::ToTagged(WasmInstanceObject::k##name##Offset)
#define LOAD_INSTANCE_FIELD(name, type) \
SetEffect(graph()->NewNode( \
mcgraph()->machine()->Load( \
assert_size(WASM_INSTANCE_OBJECT_SIZE(name), type)), \
instance_node_.get(), \
mcgraph()->Int32Constant(WASM_INSTANCE_OBJECT_OFFSET(name)), Effect(), \
#define LOAD_RAW(base_pointer, byte_offset, type) \
SetEffect(graph()->NewNode(mcgraph()->machine()->Load(type), base_pointer, \
mcgraph()->Int32Constant(byte_offset), Effect(), \
Control()))
#define LOAD_INSTANCE_FIELD(name, type) \
LOAD_RAW(instance_node_.get(), WASM_INSTANCE_OBJECT_OFFSET(name), \
assert_size(WASM_INSTANCE_OBJECT_SIZE(name), type))
#define LOAD_TAGGED_POINTER(base_pointer, byte_offset) \
SetEffect(graph()->NewNode( \
mcgraph()->machine()->Load(MachineType::TaggedPointer()), base_pointer, \
mcgraph()->Int32Constant(byte_offset), Effect(), Control()))
LOAD_RAW(base_pointer, byte_offset, MachineType::TaggedPointer())
#define LOAD_TAGGED_ANY(base_pointer, byte_offset) \
LOAD_RAW(base_pointer, byte_offset, MachineType::AnyTagged())
#define LOAD_FIXED_ARRAY_SLOT(array_node, index, type) \
LOAD_RAW(array_node, \
wasm::ObjectAccess::ElementOffsetInTaggedFixedArray(index), type)
#define LOAD_FIXED_ARRAY_SLOT_SMI(array_node, index) \
LOAD_FIXED_ARRAY_SLOT(array_node, index, MachineType::TaggedSigned())
#define LOAD_FIXED_ARRAY_SLOT_PTR(array_node, index) \
LOAD_FIXED_ARRAY_SLOT(array_node, index, MachineType::TaggedPointer())
#define LOAD_FIXED_ARRAY_SLOT(array_node, index) \
LOAD_TAGGED_POINTER( \
array_node, wasm::ObjectAccess::ElementOffsetInTaggedFixedArray(index))
#define LOAD_FIXED_ARRAY_SLOT_ANY(array_node, index) \
LOAD_FIXED_ARRAY_SLOT(array_node, index, MachineType::AnyTagged())
// This can be used to store tagged Smi values only.
#define STORE_FIXED_ARRAY_SLOT_SMI(array_node, index, value) \
......@@ -2179,11 +2190,11 @@ Node* WasmGraphBuilder::BuildDecodeException32BitValue(Node* values_array,
uint32_t* index) {
MachineOperatorBuilder* machine = mcgraph()->machine();
Node* upper =
BuildChangeSmiToInt32(LOAD_FIXED_ARRAY_SLOT(values_array, *index));
BuildChangeSmiToInt32(LOAD_FIXED_ARRAY_SLOT_SMI(values_array, *index));
(*index)++;
upper = graph()->NewNode(machine->Word32Shl(), upper, Int32Constant(16));
Node* lower =
BuildChangeSmiToInt32(LOAD_FIXED_ARRAY_SLOT(values_array, *index));
BuildChangeSmiToInt32(LOAD_FIXED_ARRAY_SLOT_SMI(values_array, *index));
(*index)++;
Node* value = graph()->NewNode(machine->Word32Or(), upper, lower);
return value;
......@@ -2223,7 +2234,7 @@ Node* WasmGraphBuilder::ExceptionTagEqual(Node* caught_tag,
Node* WasmGraphBuilder::LoadExceptionTagFromTable(uint32_t exception_index) {
Node* exceptions_table =
LOAD_INSTANCE_FIELD(ExceptionsTable, MachineType::TaggedPointer());
Node* tag = LOAD_FIXED_ARRAY_SLOT(exceptions_table, exception_index);
Node* tag = LOAD_FIXED_ARRAY_SLOT_PTR(exceptions_table, exception_index);
return tag;
}
......@@ -2259,7 +2270,7 @@ Node** WasmGraphBuilder::GetExceptionValues(
break;
}
case wasm::kWasmAnyRef:
value = LOAD_FIXED_ARRAY_SLOT(values_array, index);
value = LOAD_FIXED_ARRAY_SLOT_ANY(values_array, index);
++index;
break;
default:
......@@ -2659,7 +2670,8 @@ Node* WasmGraphBuilder::BuildImportCall(wasm::FunctionSig* sig, Node** args,
// Load the imported function refs array from the instance.
Node* imported_function_refs =
LOAD_INSTANCE_FIELD(ImportedFunctionRefs, MachineType::TaggedPointer());
Node* ref_node = LOAD_FIXED_ARRAY_SLOT(imported_function_refs, func_index);
Node* ref_node =
LOAD_FIXED_ARRAY_SLOT_PTR(imported_function_refs, func_index);
// Load the target from the imported_targets array at a known offset.
Node* imported_targets =
......@@ -4615,7 +4627,7 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
args[pos++] = callable_node; // target callable.
// Receiver.
if (sloppy_receiver) {
Node* global_proxy = LOAD_FIXED_ARRAY_SLOT(
Node* global_proxy = LOAD_FIXED_ARRAY_SLOT_PTR(
native_context, Context::GLOBAL_PROXY_INDEX);
args[pos++] = global_proxy;
} else {
......@@ -4678,7 +4690,7 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
// Receiver.
if (sloppy_receiver) {
Node* global_proxy = LOAD_FIXED_ARRAY_SLOT(
Node* global_proxy = LOAD_FIXED_ARRAY_SLOT_PTR(
native_context, Context::GLOBAL_PROXY_INDEX);
args[pos++] = global_proxy;
} else {
......@@ -5539,9 +5551,14 @@ AssemblerOptions WasmAssemblerOptions() {
#undef FATAL_UNSUPPORTED_OPCODE
#undef WASM_INSTANCE_OBJECT_SIZE
#undef WASM_INSTANCE_OBJECT_OFFSET
#undef LOAD_RAW
#undef LOAD_INSTANCE_FIELD
#undef LOAD_TAGGED_POINTER
#undef LOAD_TAGGED_ANY
#undef LOAD_FIXED_ARRAY_SLOT
#undef LOAD_FIXED_ARRAY_SLOT_SMI
#undef LOAD_FIXED_ARRAY_SLOT_PTR
#undef LOAD_FIXED_ARRAY_SLOT_ANY
#undef STORE_FIXED_ARRAY_SLOT_SMI
#undef STORE_FIXED_ARRAY_SLOT_ANY
......
......@@ -2337,7 +2337,7 @@ void AccessorAssembler::TryProbeStubCacheTable(
DCHECK_EQ(kPointerSize, stub_cache->value_reference(table).address() -
stub_cache->key_reference(table).address());
TNode<MaybeObject> handler = ReinterpretCast<MaybeObject>(
Load(MachineType::TaggedPointer(), key_base,
Load(MachineType::AnyTagged(), key_base,
IntPtrAdd(entry_offset, IntPtrConstant(kPointerSize))));
// We found the handler.
......
......@@ -94,6 +94,12 @@ class MachineType {
representation() == MachineRepresentation::kTaggedSigned ||
representation() == MachineRepresentation::kTagged;
}
constexpr bool IsTaggedSigned() const {
return representation() == MachineRepresentation::kTaggedSigned;
}
constexpr bool IsTaggedPointer() const {
return representation() == MachineRepresentation::kTaggedPointer;
}
constexpr static MachineRepresentation PointerRepresentation() {
return (kPointerSize == 4) ? MachineRepresentation::kWord32
: MachineRepresentation::kWord64;
......
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment