Bug 238018 - [JSC] Add DoNotHaveTagRegisters mode to unboxDouble
Summary: [JSC] Add DoNotHaveTagRegisters mode to unboxDouble
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on: 238399
Blocks:
  Show dependency treegraph
 
Reported: 2022-03-17 03:33 PDT by Xan Lopez
Modified: 2022-04-06 03:14 PDT (History)
10 users (show)

See Also:

Attachments
v1 (4.59 KB, patch)
2022-03-17 03:35 PDT, Xan Lopez 		ysuzuki: review+
ews-feeder: commit-queue-
Details | Formatted Diff | Diff
v2 (5.52 KB, patch)
2022-03-23 04:57 PDT, Xan Lopez 		ews-feeder: commit-queue-
Details | Formatted Diff | Diff
v3 (4.50 KB, patch)
2022-04-05 00:06 PDT, Xan Lopez 		no flags Details | Formatted Diff | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Xan Lopez 2022-03-17 03:33:31 PDT 
This allows us to use it in WebAssembly and get rid of some duplicated code.
Comment 1 Xan Lopez 2022-03-17 03:35:05 PDT 
Created attachment 454950 [details]
v1
Comment 2 Radar WebKit Bug Importer 2022-03-22 09:10:10 PDT 
<rdar://problem/90639371>
Comment 3 Yusuke Suzuki 2022-03-22 13:42:20 PDT 
Comment on attachment 454950 [details]
v1

View in context: https://bugs.webkit.org/attachment.cgi?id=454950&action=review

r=me with comment.

> Source/JavaScriptCore/jit/AssemblyHelpers.h:1386
> +            GPRReg scratch = scratchRegister();
> +            move(TrustedImm64(JSValue::NumberTag), scratch);
> +            add64(scratch, gpr, resultGPR);

I think we should not use scratchRegister() in AssemblyHelpers if possible.
Can you instead add,

void MacroAssembler::add64(TrustedImm64, GPRReg, GPRReg)

function and use it instead here? And inside add64, we can use scratchRegister.
Comment 4 Xan Lopez 2022-03-23 04:57:29 PDT 
Created attachment 455489 [details]
v2
Comment 5 EWS 2022-03-23 07:14:04 PDT 
Committed r291745 (248777@main): <https://commits.webkit.org/248777@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 455489 [details].
Comment 7 WebKit Commit Bot 2022-03-25 16:33:17 PDT 
Re-opened since this is blocked by bug 238399
Comment 8 Yusuke Suzuki 2022-03-26 01:05:18 PDT 
Comment on attachment 455489 [details]
v2

View in context: https://bugs.webkit.org/attachment.cgi?id=455489&action=review

> Source/JavaScriptCore/wasm/js/WasmToJS.cpp:331
> -            jit.move(JIT::TrustedImm64(JSValue::NumberTag), GPRInfo::returnValueGPR2);
> -            jit.add64(GPRInfo::returnValueGPR2, GPRInfo::returnValueGPR);
> -            jit.move64ToDouble(GPRInfo::returnValueGPR, dest);
> +            jit.unboxDouble(GPRInfo::returnValueGPR, GPRInfo::returnValueGPR2, dest, DoNotHaveTagRegisters);

At this point, we cannot use scratchRegister().
Comment 9 Xan Lopez 2022-04-05 00:06:31 PDT 
Created attachment 456676 [details]
v3

Do not use a scratch register as suggested. This was not enough to get rid of the crash, it turned out the assertion in the vanilla unboxDouble call was at fault. So I'm using the WithoutAssertions call, which makes this patch 100% equivalent to the old code (literally just moving the identical lines to a common method). Not sure if the extra assertion is uncovering a bug/issue or if we were being too strict without motive, though.
Comment 10 Yusuke Suzuki 2022-04-06 01:21:51 PDT 
Comment on attachment 456676 [details]
v3

r=me
Comment 11 EWS 2022-04-06 03:14:42 PDT 
Committed r292457 (249308@main): <https://commits.webkit.org/249308@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 456676 [details].