Hello everyone, I am debugging a bug in liftoff compiler on mips64 platform, but I'm not very familiar with the Wasm frames layout, so I want some help, any advice would be appreciated. Thanks in advance!
When *#enable-webassembly-baseline *and *#enable-webassembly-tiering *are *both* *enabled*, this Unity3d WebGL benchmark <https://files.unity3d.com/marcot/benchmarks2018.2.5f1/> would report a memory out of bound error on mips64 chromium 90. And I compared the mips64 and arm64's execution and found a difference that leading to the error on mips64 machine: They both load a 64-bit value from stack and compare it with another value (both are 1), but arm64 use 32-bit register to do the comparison, and mips64 use the full 64-bit register, which is because mips64 don't have 32-bit registers. arm64: Instructions: => 0x49c131d490: add w1, w10, #0x1 *0x49c131d494: ldr x10, [sp, #224]* 0x49c131d498: cmp w1, *w10* Stack values: 0xffffe2c756d0: 0x00000046085e8319 0x0000000000000008 0xffffe2c756e0: 0x0000ffffe2c75790 0x00000049c135d360 *0xffffe2c756f0: 0x0000000000000001 * 0x000000000165e760 0xffffe2c75700: 0x0000000000000004 0x0000000000000000 mips64: Instructions: 0xc4e3e8e010: addi t0, t1, 1(0x1) *0xc4e3e8e014: ld t1, fp,16(0x10)* 0xc4e3e8e018: bne t0, t1, -1540(0x3f9fc) Stack values: 0xfffb8389f0: 0x00000090b476a469 0x0000000000000008 0xfffb838a00: 0x000000fffb838aa0 0x0000003daed7909c *0xfffb838a10: 0x0000009000000001 * 0x000000000164bd70 0xfffb838a20: 0x000000ff00000004 0x0000000000000000 I found that the low 32 bits of mips64 are also 1, but the high 32 bits are not clean. So the questions are: 1) Should mips64 sign-extend the value before the comparison? Why would it load a double word, when it actually need a word comparison? 2) It seems that 32-bit values also take 64-bit slots, should the high 32 bits keep clean? 3) If the answer to 2) is yes, how do we ensure that? I could work around this bug by use double word store when storing 32-bit values in LiftoffStackSlots::Construct <https://source.chromium.org/chromium/chromium/src/+/main:v8/src/wasm/baseline/mips64/liftoff-assembler-mips64.h;l=3202>. But arm64 just use a 32-bit store, why it's high 32 bits are clean? Thanks inadvance! -- -- v8-dev mailing list v8-dev@googlegroups.com http://groups.google.com/group/v8-dev --- You received this message because you are subscribed to the Google Groups "v8-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to v8-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/v8-dev/27de5d50-12c5-4735-beee-67e04024b42dn%40googlegroups.com.
