Commit cfb8279f authored by Shu-yu Guo's avatar Shu-yu Guo Committed by V8 LUCI CQ

Revert "Fix speculation poisoning on x64"

This reverts commit 7dce6a26.

Reason for revert: Performance regressions for x64 Octane --no-opt

Original change's description:
> Fix speculation poisoning on x64
>
> Pointer cage reserved another register and inadvertently broke
> speculation poisoning by aliasing kSpeculationPoisonRegister with
> kInterpreterBytecodeArrayRegister (r12).
>
> This CL changes kInterpreterBytecodeArrayRegister to r11. Note that this
> changes it from being callee-save to caller-save, which required code
> reshuffling in a baseline builtin.
>
> Bug: v8:11726
> Change-Id: Ic2a1bd6b3a2cb4c480c84375dd3274f2efedc81f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2869985
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74364}

TBR=leszeks@chromium.org

Bug: v8:11726
Change-Id: Ic59b602e5519b05ad06890e409761f5138230b92
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2886544Reviewed-by: 's avatarShu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74491}
parent 6d9138be
...@@ -1234,11 +1234,10 @@ void Builtins::Generate_InterpreterEntryTrampoline(MacroAssembler* masm) { ...@@ -1234,11 +1234,10 @@ void Builtins::Generate_InterpreterEntryTrampoline(MacroAssembler* masm) {
__ Move( __ Move(
kInterpreterDispatchTableRegister, kInterpreterDispatchTableRegister,
ExternalReference::interpreter_dispatch_table_address(masm->isolate())); ExternalReference::interpreter_dispatch_table_address(masm->isolate()));
__ movzxbq(kScratchRegister, __ movzxbq(r11, Operand(kInterpreterBytecodeArrayRegister,
Operand(kInterpreterBytecodeArrayRegister,
kInterpreterBytecodeOffsetRegister, times_1, 0)); kInterpreterBytecodeOffsetRegister, times_1, 0));
__ movq(kJavaScriptCallCodeStartRegister, __ movq(kJavaScriptCallCodeStartRegister,
Operand(kInterpreterDispatchTableRegister, kScratchRegister, Operand(kInterpreterDispatchTableRegister, r11,
times_system_pointer_size, 0)); times_system_pointer_size, 0));
__ call(kJavaScriptCallCodeStartRegister); __ call(kJavaScriptCallCodeStartRegister);
masm->isolate()->heap()->SetInterpreterEntryReturnPCOffset(masm->pc_offset()); masm->isolate()->heap()->SetInterpreterEntryReturnPCOffset(masm->pc_offset());
...@@ -1258,7 +1257,7 @@ void Builtins::Generate_InterpreterEntryTrampoline(MacroAssembler* masm) { ...@@ -1258,7 +1257,7 @@ void Builtins::Generate_InterpreterEntryTrampoline(MacroAssembler* masm) {
kInterpreterBytecodeOffsetRegister, times_1, 0)); kInterpreterBytecodeOffsetRegister, times_1, 0));
AdvanceBytecodeOffsetOrReturn(masm, kInterpreterBytecodeArrayRegister, AdvanceBytecodeOffsetOrReturn(masm, kInterpreterBytecodeArrayRegister,
kInterpreterBytecodeOffsetRegister, rbx, rcx, kInterpreterBytecodeOffsetRegister, rbx, rcx,
r8, &do_return); r11, &do_return);
__ jmp(&do_dispatch); __ jmp(&do_dispatch);
__ bind(&do_return); __ bind(&do_return);
...@@ -1557,11 +1556,10 @@ static void Generate_InterpreterEnterBytecode(MacroAssembler* masm) { ...@@ -1557,11 +1556,10 @@ static void Generate_InterpreterEnterBytecode(MacroAssembler* masm) {
} }
// Dispatch to the target bytecode. // Dispatch to the target bytecode.
__ movzxbq(kScratchRegister, __ movzxbq(r11, Operand(kInterpreterBytecodeArrayRegister,
Operand(kInterpreterBytecodeArrayRegister,
kInterpreterBytecodeOffsetRegister, times_1, 0)); kInterpreterBytecodeOffsetRegister, times_1, 0));
__ movq(kJavaScriptCallCodeStartRegister, __ movq(kJavaScriptCallCodeStartRegister,
Operand(kInterpreterDispatchTableRegister, kScratchRegister, Operand(kInterpreterDispatchTableRegister, r11,
times_system_pointer_size, 0)); times_system_pointer_size, 0));
__ jmp(kJavaScriptCallCodeStartRegister); __ jmp(kJavaScriptCallCodeStartRegister);
} }
...@@ -1587,7 +1585,7 @@ void Builtins::Generate_InterpreterEnterAtNextBytecode(MacroAssembler* masm) { ...@@ -1587,7 +1585,7 @@ void Builtins::Generate_InterpreterEnterAtNextBytecode(MacroAssembler* masm) {
Label if_return; Label if_return;
AdvanceBytecodeOffsetOrReturn(masm, kInterpreterBytecodeArrayRegister, AdvanceBytecodeOffsetOrReturn(masm, kInterpreterBytecodeArrayRegister,
kInterpreterBytecodeOffsetRegister, rbx, rcx, kInterpreterBytecodeOffsetRegister, rbx, rcx,
r8, &if_return); r11, &if_return);
__ bind(&enter_bytecode); __ bind(&enter_bytecode);
// Convert new bytecode offset to a Smi and save in the stackframe. // Convert new bytecode offset to a Smi and save in the stackframe.
...@@ -1617,23 +1615,12 @@ void Builtins::Generate_InterpreterEnterAtBytecode(MacroAssembler* masm) { ...@@ -1617,23 +1615,12 @@ void Builtins::Generate_InterpreterEnterAtBytecode(MacroAssembler* masm) {
// static // static
void Builtins::Generate_BaselineOutOfLinePrologue(MacroAssembler* masm) { void Builtins::Generate_BaselineOutOfLinePrologue(MacroAssembler* masm) {
Register feedback_vector = r8;
Register optimization_state = rcx;
Register return_address = r15;
#ifdef DEBUG
for (auto reg : BaselineOutOfLinePrologueDescriptor::registers()) {
DCHECK(
!AreAliased(feedback_vector, optimization_state, return_address, reg));
}
#endif
auto descriptor = Builtins::CallInterfaceDescriptorFor( auto descriptor = Builtins::CallInterfaceDescriptorFor(
Builtins::kBaselineOutOfLinePrologue); Builtins::kBaselineOutOfLinePrologue);
Register closure = descriptor.GetRegisterParameter( Register closure = descriptor.GetRegisterParameter(
BaselineOutOfLinePrologueDescriptor::kClosure); BaselineOutOfLinePrologueDescriptor::kClosure);
// Load the feedback vector from the closure. // Load the feedback vector from the closure.
Register feedback_vector = r11;
__ LoadTaggedPointerField( __ LoadTaggedPointerField(
feedback_vector, FieldOperand(closure, JSFunction::kFeedbackCellOffset)); feedback_vector, FieldOperand(closure, JSFunction::kFeedbackCellOffset));
__ LoadTaggedPointerField(feedback_vector, __ LoadTaggedPointerField(feedback_vector,
...@@ -1644,6 +1631,7 @@ void Builtins::Generate_BaselineOutOfLinePrologue(MacroAssembler* masm) { ...@@ -1644,6 +1631,7 @@ void Builtins::Generate_BaselineOutOfLinePrologue(MacroAssembler* masm) {
} }
// Check for an optimization marker. // Check for an optimization marker.
Register optimization_state = rcx;
Label has_optimized_code_or_marker; Label has_optimized_code_or_marker;
LoadOptimizationStateAndJumpIfNeedsProcessing( LoadOptimizationStateAndJumpIfNeedsProcessing(
masm, optimization_state, feedback_vector, &has_optimized_code_or_marker); masm, optimization_state, feedback_vector, &has_optimized_code_or_marker);
...@@ -1652,6 +1640,8 @@ void Builtins::Generate_BaselineOutOfLinePrologue(MacroAssembler* masm) { ...@@ -1652,6 +1640,8 @@ void Builtins::Generate_BaselineOutOfLinePrologue(MacroAssembler* masm) {
__ incl( __ incl(
FieldOperand(feedback_vector, FeedbackVector::kInvocationCountOffset)); FieldOperand(feedback_vector, FeedbackVector::kInvocationCountOffset));
Register return_address = r15;
__ RecordComment("[ Frame Setup"); __ RecordComment("[ Frame Setup");
// Save the return address, so that we can push it to the end of the newly // Save the return address, so that we can push it to the end of the newly
// set-up frame once we're done setting it up. // set-up frame once we're done setting it up.
...@@ -1731,8 +1721,8 @@ void Builtins::Generate_BaselineOutOfLinePrologue(MacroAssembler* masm) { ...@@ -1731,8 +1721,8 @@ void Builtins::Generate_BaselineOutOfLinePrologue(MacroAssembler* masm) {
// return since we may do a runtime call along the way that requires the // return since we may do a runtime call along the way that requires the
// stack to only contain valid frames. // stack to only contain valid frames.
__ Drop(1); __ Drop(1);
MaybeOptimizeCodeOrTailCallOptimizedCodeSlot( MaybeOptimizeCodeOrTailCallOptimizedCodeSlot(masm, rcx, feedback_vector,
masm, optimization_state, feedback_vector, JumpMode::kPushAndReturn); JumpMode::kPushAndReturn);
__ Trap(); __ Trap();
__ RecordComment("]"); __ RecordComment("]");
} }
...@@ -4436,18 +4426,6 @@ void Generate_BaselineEntry(MacroAssembler* masm, bool next_bytecode, ...@@ -4436,18 +4426,6 @@ void Generate_BaselineEntry(MacroAssembler* masm, bool next_bytecode,
// Get bytecode array from the stack frame. // Get bytecode array from the stack frame.
__ movq(kInterpreterBytecodeArrayRegister, __ movq(kInterpreterBytecodeArrayRegister,
MemOperand(rbp, InterpreterFrameConstants::kBytecodeArrayFromFp)); MemOperand(rbp, InterpreterFrameConstants::kBytecodeArrayFromFp));
if (is_osr) {
// Reset the OSR loop nesting depth to disarm back edges. Do this before the
// call to the get_baseline_pc C function below, as the interpreter
// registers may be caller-save.
// TODO(pthier): Separate baseline Sparkplug from TF arming and don't disarm
// Sparkplug here.
__ movw(FieldOperand(kInterpreterBytecodeArrayRegister,
BytecodeArray::kOsrNestingLevelOffset),
Immediate(0));
}
{ {
FrameScope scope(masm, StackFrame::INTERNAL); FrameScope scope(masm, StackFrame::INTERNAL);
__ PrepareCallCFunction(3); __ PrepareCallCFunction(3);
...@@ -4461,6 +4439,12 @@ void Generate_BaselineEntry(MacroAssembler* masm, bool next_bytecode, ...@@ -4461,6 +4439,12 @@ void Generate_BaselineEntry(MacroAssembler* masm, bool next_bytecode,
__ popq(kInterpreterAccumulatorRegister); __ popq(kInterpreterAccumulatorRegister);
if (is_osr) { if (is_osr) {
// Reset the OSR loop nesting depth to disarm back edges.
// TODO(pthier): Separate baseline Sparkplug from TF arming and don't disarm
// Sparkplug here.
__ movw(FieldOperand(kInterpreterBytecodeArrayRegister,
BytecodeArray::kOsrNestingLevelOffset),
Immediate(0));
Generate_OSREntry(masm, code_obj); Generate_OSREntry(masm, code_obj);
} else { } else {
__ jmp(code_obj); __ jmp(code_obj);
......
...@@ -215,7 +215,7 @@ constexpr Register kAllocateSizeRegister = rdx; ...@@ -215,7 +215,7 @@ constexpr Register kAllocateSizeRegister = rdx;
constexpr Register kSpeculationPoisonRegister = r12; constexpr Register kSpeculationPoisonRegister = r12;
constexpr Register kInterpreterAccumulatorRegister = rax; constexpr Register kInterpreterAccumulatorRegister = rax;
constexpr Register kInterpreterBytecodeOffsetRegister = r9; constexpr Register kInterpreterBytecodeOffsetRegister = r9;
constexpr Register kInterpreterBytecodeArrayRegister = r11; constexpr Register kInterpreterBytecodeArrayRegister = r12;
constexpr Register kInterpreterDispatchTableRegister = r15; constexpr Register kInterpreterDispatchTableRegister = r15;
constexpr Register kJavaScriptCallArgCountRegister = rax; constexpr Register kJavaScriptCallArgCountRegister = rax;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment