diff --git a/patches/chromium/.patches b/patches/chromium/.patches index 9f772c0142d3..31fe6458f7b2 100644 --- a/patches/chromium/.patches +++ b/patches/chromium/.patches @@ -144,3 +144,4 @@ ui_add_missing_shortcut_text_for_vkey_command_on_linux.patch wayland_support_outgoing_dnd_sessions_with_no_offered_mime_types.patch cherry-pick-3a6ff45cc3f4.patch cherry-pick-a51e7ebb7663.patch +cherry-pick-f3300abe2fcd.patch diff --git a/patches/chromium/cherry-pick-f3300abe2fcd.patch b/patches/chromium/cherry-pick-f3300abe2fcd.patch new file mode 100644 index 000000000000..8b7954c90925 --- /dev/null +++ b/patches/chromium/cherry-pick-f3300abe2fcd.patch @@ -0,0 +1,255 @@ +From f3300abe2fcd0164794d7a782cc221d10c17f322 Mon Sep 17 00:00:00 2001 +From: Yoshisato Yanagisawa +Date: Mon, 06 Jan 2025 05:34:49 -0800 +Subject: [PATCH] [M130] Make AcceptLanguagesWatcher a weak persistent object + +DedicatedWorkerOrSharedWorkerFetchContext keeps on having a pointer +to the AcceptLanguagesWatcher as a raw_ptr. Even if the implementing +object gets garbage-collected, the pointer is kept. Therefore, +DedicatedWorkerOrSharedWorkerFetchContext may use it after the GC. + +This CL revised the raw_ptr to AcceptLanguagesWatcher to use +WeakPersistent so that the users of the object won't access it +after it gets GCed. + +(cherry picked from commit 9e7b77da977401361ef3bc9ad0f43e7563f49657) + +Bug: 379869752 +Change-Id: Ic3997fcf17aa93f45507241e0fc18a486efc1932 +Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6038980 +Reviewed-by: Michael Lippautz +Auto-Submit: Yoshisato Yanagisawa +Commit-Queue: Yoshisato Yanagisawa +Cr-Original-Commit-Position: refs/heads/main@{#1390151} +Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6148168 +Reviewed-by: Erhu Akpobaro +Commit-Queue: Daniel Yip +Auto-Submit: Daniel Yip +Owners-Override: Daniel Yip +Cr-Commit-Position: refs/branch-heads/6723@{#2761} +Cr-Branched-From: 985f2961df230630f9cbd75bd6fe463009855a11-refs/heads/main@{#1356013} +--- + +diff --git a/third_party/blink/public/platform/web_worker_fetch_context.h b/third_party/blink/public/platform/web_worker_fetch_context.h +index 6f2a2e9..cf8bfce4 100644 +--- a/third_party/blink/public/platform/web_worker_fetch_context.h ++++ b/third_party/blink/public/platform/web_worker_fetch_context.h +@@ -33,19 +33,12 @@ + + namespace blink { + ++class AcceptLanguagesWatcher; + class WebDocumentSubresourceFilter; + class URLLoaderFactory; + class WebURLRequest; + class URLLoaderThrottle; + +-// Helper class allowing DedicatedOrSharedWorkerFetchContextImpl to notify blink +-// upon an accept languages update. This class will be extended by +-// WorkerNavigator. +-class AcceptLanguagesWatcher { +- public: +- virtual void NotifyUpdate() = 0; +-}; +- + // WebWorkerFetchContext is a per-worker object created on the main thread, + // passed to a worker (dedicated, shared and service worker) and initialized on + // the worker thread by InitializeOnWorkerThread(). It contains information +diff --git a/third_party/blink/renderer/core/workers/worker_navigator.cc b/third_party/blink/renderer/core/workers/worker_navigator.cc +index 344382b..a4159a4 100644 +--- a/third_party/blink/renderer/core/workers/worker_navigator.cc ++++ b/third_party/blink/renderer/core/workers/worker_navigator.cc +@@ -61,4 +61,9 @@ + *Event::Create(event_type_names::kLanguagechange)); + } + ++void WorkerNavigator::Trace(Visitor* visitor) const { ++ NavigatorBase::Trace(visitor); ++ AcceptLanguagesWatcher::Trace(visitor); ++} ++ + } // namespace blink +diff --git a/third_party/blink/renderer/core/workers/worker_navigator.h b/third_party/blink/renderer/core/workers/worker_navigator.h +index ea07a96..ab622f8e 100644 +--- a/third_party/blink/renderer/core/workers/worker_navigator.h ++++ b/third_party/blink/renderer/core/workers/worker_navigator.h +@@ -29,6 +29,7 @@ + #include "third_party/blink/public/platform/web_worker_fetch_context.h" + #include "third_party/blink/renderer/core/core_export.h" + #include "third_party/blink/renderer/core/execution_context/navigator_base.h" ++#include "third_party/blink/renderer/platform/accept_languages_watcher.h" + #include "third_party/blink/renderer/platform/wtf/text/wtf_string.h" + + namespace blink { +@@ -46,6 +47,9 @@ + + // AcceptLanguagesWatcher override + void NotifyUpdate() override; ++ ++ // Both NavigatorLanguage and AcceptLanguagesWatcher override ++ void Trace(Visitor* visitor) const override; + }; + + } // namespace blink +diff --git a/third_party/blink/renderer/modules/service_worker/web_service_worker_fetch_context_impl.cc b/third_party/blink/renderer/modules/service_worker/web_service_worker_fetch_context_impl.cc +index 0815877..4930962 100644 +--- a/third_party/blink/renderer/modules/service_worker/web_service_worker_fetch_context_impl.cc ++++ b/third_party/blink/renderer/modules/service_worker/web_service_worker_fetch_context_impl.cc +@@ -18,6 +18,7 @@ + #include "third_party/blink/public/platform/url_loader_throttle_provider.h" + #include "third_party/blink/public/platform/web_url_request_extra_data.h" + #include "third_party/blink/public/platform/websocket_handshake_throttle_provider.h" ++#include "third_party/blink/renderer/platform/accept_languages_watcher.h" + #include "third_party/blink/renderer/platform/loader/fetch/url_loader/url_loader_factory.h" + #include "third_party/blink/renderer/platform/loader/internet_disconnected_url_loader.h" + +@@ -226,9 +227,12 @@ + + void WebServiceWorkerFetchContextImpl::NotifyUpdate( + const RendererPreferences& new_prefs) { +- DCHECK(accept_languages_watcher_); +- if (renderer_preferences_.accept_languages != new_prefs.accept_languages) +- accept_languages_watcher_->NotifyUpdate(); ++ // Reserving `watcher` on the stack ensures it is not GC'd within this scope. ++ auto* watcher = accept_languages_watcher_.Get(); ++ if (watcher && ++ renderer_preferences_.accept_languages != new_prefs.accept_languages) { ++ watcher->NotifyUpdate(); ++ } + renderer_preferences_ = new_prefs; + } + +diff --git a/third_party/blink/renderer/modules/service_worker/web_service_worker_fetch_context_impl.h b/third_party/blink/renderer/modules/service_worker/web_service_worker_fetch_context_impl.h +index a7c897de..c2f1c9d 100644 +--- a/third_party/blink/renderer/modules/service_worker/web_service_worker_fetch_context_impl.h ++++ b/third_party/blink/renderer/modules/service_worker/web_service_worker_fetch_context_impl.h +@@ -6,16 +6,16 @@ + #define THIRD_PARTY_BLINK_RENDERER_MODULES_SERVICE_WORKER_WEB_SERVICE_WORKER_FETCH_CONTEXT_IMPL_H_ + + #include "base/memory/raw_ptr.h" ++#include "base/task/single_thread_task_runner.h" + #include "mojo/public/cpp/bindings/pending_receiver.h" + #include "mojo/public/cpp/bindings/receiver.h" + #include "third_party/blink/public/common/renderer_preferences/renderer_preferences.h" + #include "third_party/blink/public/mojom/renderer_preference_watcher.mojom-blink.h" + #include "third_party/blink/public/mojom/service_worker/service_worker.mojom-forward.h" + #include "third_party/blink/public/mojom/worker/subresource_loader_updater.mojom-blink.h" +- +-#include "base/task/single_thread_task_runner.h" + #include "third_party/blink/public/platform/modules/service_worker/web_service_worker_fetch_context.h" + #include "third_party/blink/public/platform/web_common.h" ++#include "third_party/blink/renderer/platform/heap/persistent.h" + #include "third_party/blink/renderer/platform/weborigin/kurl.h" + #include "third_party/blink/renderer/platform/wtf/text/wtf_string.h" + #include "third_party/blink/renderer/platform/wtf/vector.h" +@@ -135,7 +135,7 @@ + // This is owned by ThreadedMessagingProxyBase on the main thread. + raw_ptr terminate_sync_load_event_ = nullptr; + +- raw_ptr accept_languages_watcher_ = nullptr; ++ WeakPersistent accept_languages_watcher_; + + Vector cors_exempt_header_list_; + bool is_offline_mode_ = false; +diff --git a/third_party/blink/renderer/platform/BUILD.gn b/third_party/blink/renderer/platform/BUILD.gn +index 5b8e391..12da20f 100644 +--- a/third_party/blink/renderer/platform/BUILD.gn ++++ b/third_party/blink/renderer/platform/BUILD.gn +@@ -341,6 +341,7 @@ + output_name = "blink_platform" + + sources = [ ++ "accept_languages_watcher.h", + "animation/animation_translation_util.cc", + "animation/animation_translation_util.h", + "animation/compositor_animation.cc", +diff --git a/third_party/blink/renderer/platform/accept_languages_watcher.h b/third_party/blink/renderer/platform/accept_languages_watcher.h +new file mode 100644 +index 0000000..7fd5de07f +--- /dev/null ++++ b/third_party/blink/renderer/platform/accept_languages_watcher.h +@@ -0,0 +1,22 @@ ++// Copyright 2024 The Chromium Authors ++// Use of this source code is governed by a BSD-style license that can be ++// found in the LICENSE file. ++ ++#ifndef THIRD_PARTY_BLINK_RENDERER_PLATFORM_ACCEPT_LANGUAGES_WATCHER_H_ ++#define THIRD_PARTY_BLINK_RENDERER_PLATFORM_ACCEPT_LANGUAGES_WATCHER_H_ ++ ++#include "third_party/blink/renderer/platform/heap/garbage_collected.h" ++ ++namespace blink { ++ ++// Helper class allowing DedicatedOrSharedWorkerFetchContextImpl to notify blink ++// upon an accept languages update. This class will be extended by ++// WorkerNavigator. ++class AcceptLanguagesWatcher : public GarbageCollectedMixin { ++ public: ++ virtual void NotifyUpdate() = 0; ++}; ++ ++} // namespace blink ++ ++#endif // THIRD_PARTY_BLINK_RENDERER_PLATFORM_ACCEPT_LANGUAGES_WATCHER_H_ +diff --git a/third_party/blink/renderer/platform/loader/fetch/url_loader/DEPS b/third_party/blink/renderer/platform/loader/fetch/url_loader/DEPS +index c8a92c06..7886b02 100644 +--- a/third_party/blink/renderer/platform/loader/fetch/url_loader/DEPS ++++ b/third_party/blink/renderer/platform/loader/fetch/url_loader/DEPS +@@ -28,4 +28,7 @@ + "web_url_loader_unittest.cc": [ + "+net/test/cert_test_util.h" + ], ++ "dedicated_or_shared_worker_fetch_context_impl.cc": [ ++ "+third_party/blink/renderer/platform/accept_languages_watcher.h", ++ ], + } +diff --git a/third_party/blink/renderer/platform/loader/fetch/url_loader/dedicated_or_shared_worker_fetch_context_impl.cc b/third_party/blink/renderer/platform/loader/fetch/url_loader/dedicated_or_shared_worker_fetch_context_impl.cc +index cc1954f6..c9f96ff 100644 +--- a/third_party/blink/renderer/platform/loader/fetch/url_loader/dedicated_or_shared_worker_fetch_context_impl.cc ++++ b/third_party/blink/renderer/platform/loader/fetch/url_loader/dedicated_or_shared_worker_fetch_context_impl.cc +@@ -28,6 +28,7 @@ + #include "third_party/blink/public/platform/web_security_origin.h" + #include "third_party/blink/public/platform/web_url_request_extra_data.h" + #include "third_party/blink/public/platform/websocket_handshake_throttle_provider.h" ++#include "third_party/blink/renderer/platform/accept_languages_watcher.h" + #include "third_party/blink/renderer/platform/loader/fetch/url_loader/url_loader.h" + #include "third_party/blink/renderer/platform/loader/fetch/url_loader/url_loader_factory.h" + #include "url/url_constants.h" +@@ -605,9 +606,13 @@ + + void DedicatedOrSharedWorkerFetchContextImpl::NotifyUpdate( + const RendererPreferences& new_prefs) { +- if (accept_languages_watcher_ && +- renderer_preferences_.accept_languages != new_prefs.accept_languages) +- accept_languages_watcher_->NotifyUpdate(); ++ // Reserving `accept_languages_watcher` on the stack ensures it is not GC'd ++ // within this scope. ++ auto* accept_languages_watcher = accept_languages_watcher_.Get(); ++ if (accept_languages_watcher && ++ renderer_preferences_.accept_languages != new_prefs.accept_languages) { ++ accept_languages_watcher->NotifyUpdate(); ++ } + renderer_preferences_ = new_prefs; + for (auto& watcher : child_preference_watchers_) + watcher->NotifyUpdate(new_prefs); +diff --git a/third_party/blink/renderer/platform/loader/fetch/url_loader/dedicated_or_shared_worker_fetch_context_impl.h b/third_party/blink/renderer/platform/loader/fetch/url_loader/dedicated_or_shared_worker_fetch_context_impl.h +index b95a25fe..d0387cf 100644 +--- a/third_party/blink/renderer/platform/loader/fetch/url_loader/dedicated_or_shared_worker_fetch_context_impl.h ++++ b/third_party/blink/renderer/platform/loader/fetch/url_loader/dedicated_or_shared_worker_fetch_context_impl.h +@@ -23,6 +23,7 @@ + #include "third_party/blink/public/platform/web_common.h" + #include "third_party/blink/public/platform/web_dedicated_or_shared_worker_fetch_context.h" + #include "third_party/blink/public/platform/web_string.h" ++#include "third_party/blink/renderer/platform/heap/persistent.h" + #include "third_party/blink/renderer/platform/wtf/casting.h" + #include "third_party/blink/renderer/platform/wtf/text/wtf_string.h" + #include "third_party/blink/renderer/platform/wtf/vector.h" +@@ -301,7 +302,7 @@ + std::unique_ptr + weak_wrapper_resource_load_info_notifier_; + +- raw_ptr accept_languages_watcher_ = nullptr; ++ WeakPersistent accept_languages_watcher_; + }; + + template <> diff --git a/patches/v8/.patches b/patches/v8/.patches index 39a27e4cd25b..251e9ae3665c 100644 --- a/patches/v8/.patches +++ b/patches/v8/.patches @@ -9,3 +9,6 @@ cherry-pick-d9893f4856af.patch merged_liftoff_fix_clobbered_scratch_register.patch cherry-pick-aad648bd2af9.patch cherry-pick-cb0d9e1d7b88.patch +merged_wasm_arm_tail-call_free_scratch_register_earlier.patch +merged_turboshaft_wasm_wasmgctypeanalyzer_fix_phi_input_for.patch +merged_turboshaft_wasm_wasmgctypeanalyzer_fix_single-block_loops.patch \ No newline at end of file diff --git a/patches/v8/merged_turboshaft_wasm_wasmgctypeanalyzer_fix_phi_input_for.patch b/patches/v8/merged_turboshaft_wasm_wasmgctypeanalyzer_fix_phi_input_for.patch new file mode 100644 index 000000000000..6b8a38b26b2a --- /dev/null +++ b/patches/v8/merged_turboshaft_wasm_wasmgctypeanalyzer_fix_phi_input_for.patch @@ -0,0 +1,83 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Jakob Kummerow +Date: Mon, 16 Dec 2024 20:34:29 +0100 +Subject: Merged: [turboshaft][wasm] WasmGCTypeAnalyzer: Fix phi input for + single-block loops +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Fixed: 383356864 +(cherry picked from commit f231d83cb3c08754413b3ee1aa249cebd4d5445f) + +Change-Id: I3247f6071a9a27eaef49ae8981b7eea93f83dc55 +Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6097632 +Reviewed-by: Eva Herencsárová +Auto-Submit: Jakob Kummerow +Commit-Queue: Eva Herencsárová +Commit-Queue: Jakob Kummerow +Cr-Commit-Position: refs/branch-heads/13.0@{#45} +Cr-Branched-From: 4be854bd71ea878a25b236a27afcecffa2e29360-refs/heads/13.0.245@{#1} +Cr-Branched-From: 1f5183f7ad6cca21029fd60653d075730c644432-refs/heads/main@{#96103} + +diff --git a/src/compiler/turboshaft/wasm-gc-typed-optimization-reducer.cc b/src/compiler/turboshaft/wasm-gc-typed-optimization-reducer.cc +index 25a78a7c74dcd4a2d64abd8dcf4430e3d587533a..58a94afcbeb9acd4241cc9f67ed90922e1d59125 100644 +--- a/src/compiler/turboshaft/wasm-gc-typed-optimization-reducer.cc ++++ b/src/compiler/turboshaft/wasm-gc-typed-optimization-reducer.cc +@@ -269,6 +269,28 @@ void WasmGCTypeAnalyzer::ProcessAllocateStruct( + wasm::ValueType::Ref(type_index)); + } + ++wasm::ValueType WasmGCTypeAnalyzer::GetTypeForPhiInput(const PhiOp& phi, ++ int input_index) { ++ OpIndex phi_id = graph_.Index(phi); ++ OpIndex input = ResolveAliases(phi.input(input_index)); ++ // If the input of the phi is in the same block as the phi and appears ++ // before the phi, don't use the predecessor value. ++ ++ if (current_block_->begin().id() <= input.id() && input.id() < phi_id.id()) { ++ // Phi instructions have to be at the beginning of the block, so this can ++ // only happen for inputs that are also phis. Furthermore, this is only ++ // possible in loop headers of loops with a single block (endless loops) and ++ // only for the backedge-input. ++ DCHECK(graph_.Get(input).Is()); ++ DCHECK(current_block_->IsLoop()); ++ DCHECK(current_block_->HasBackedge(graph_)); ++ DCHECK_EQ(current_block_->LastPredecessor(), current_block_); ++ DCHECK_EQ(input_index, 1); ++ return types_table_.Get(input); ++ } ++ return types_table_.GetPredecessorValue(input, input_index); ++} ++ + void WasmGCTypeAnalyzer::ProcessPhi(const PhiOp& phi) { + // The result type of a phi is the union of all its input types. + // If any of the inputs is the default value ValueType(), there isn't any type +@@ -281,12 +303,10 @@ void WasmGCTypeAnalyzer::ProcessPhi(const PhiOp& phi) { + RefineTypeKnowledge(graph_.Index(phi), GetResolvedType((phi.input(0)))); + return; + } +- wasm::ValueType union_type = +- types_table_.GetPredecessorValue(ResolveAliases(phi.input(0)), 0); ++ wasm::ValueType union_type = GetTypeForPhiInput(phi, 0); + if (union_type == wasm::ValueType()) return; + for (int i = 1; i < phi.input_count; ++i) { +- wasm::ValueType input_type = +- types_table_.GetPredecessorValue(ResolveAliases(phi.input(i)), i); ++ wasm::ValueType input_type = GetTypeForPhiInput(phi, i); + if (input_type == wasm::ValueType()) return; + // types have to be skipped as an unreachable predecessor doesn't + // change our type knowledge. +diff --git a/src/compiler/turboshaft/wasm-gc-typed-optimization-reducer.h b/src/compiler/turboshaft/wasm-gc-typed-optimization-reducer.h +index 56823cf991637f62fde4b86d35c83d248f712683..877490ecb3a926eda33e645a8f6ac5cd84b36e4a 100644 +--- a/src/compiler/turboshaft/wasm-gc-typed-optimization-reducer.h ++++ b/src/compiler/turboshaft/wasm-gc-typed-optimization-reducer.h +@@ -80,6 +80,8 @@ class WasmGCTypeAnalyzer { + void ProcessPhi(const PhiOp& phi); + void ProcessTypeAnnotation(const WasmTypeAnnotationOp& type_annotation); + ++ wasm::ValueType GetTypeForPhiInput(const PhiOp& phi, int input_index); ++ + void CreateMergeSnapshot(const Block& block); + bool CreateMergeSnapshot(base::Vector predecessors, + base::Vector reachable); diff --git a/patches/v8/merged_turboshaft_wasm_wasmgctypeanalyzer_fix_single-block_loops.patch b/patches/v8/merged_turboshaft_wasm_wasmgctypeanalyzer_fix_single-block_loops.patch new file mode 100644 index 000000000000..bf9e8ccb50bb --- /dev/null +++ b/patches/v8/merged_turboshaft_wasm_wasmgctypeanalyzer_fix_single-block_loops.patch @@ -0,0 +1,85 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Jakob Kummerow +Date: Mon, 16 Dec 2024 20:41:57 +0100 +Subject: Merged: [turboshaft][wasm] WasmGCTypeAnalyzer: Fix single-block loops + properly +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +While https://crrev.com/c/6087921 fixed a bug where the type in the +loop header revisit was reflecting "older" knowledge, it didn't address +the general issue of loop phis dependencies in single block loops where +it might require many iterations until all type information has +stabilized. + +The fix linked above also introduce too specific DCHECKs, as even +outside of single-block loops we can end up with phis where a phi input +appears in the same block before the phi itself. +The binaryen fuzzer found the following pattern: + v113 = Phi(v26, v113) + v114 = Phi(v26, v113) + +In follow-up changes it should be ensured that the useless phi v113 +doesn't get emitted, then v114 wouldn't have that issue (and it could +also be removed.) + +(cherry picked from commit c84e01e92bfd61d29541c59e378b9a15ba6fc891) + +Fixed: 383356864 +Bug: 383814042 +Change-Id: I222dc493bf0a2613d14ebb7df2bdeca931c8daa6 +Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6097772 +Auto-Submit: Jakob Kummerow +Commit-Queue: Eva Herencsárová +Reviewed-by: Eva Herencsárová +Commit-Queue: Jakob Kummerow +Cr-Commit-Position: refs/branch-heads/13.0@{#47} +Cr-Branched-From: 4be854bd71ea878a25b236a27afcecffa2e29360-refs/heads/13.0.245@{#1} +Cr-Branched-From: 1f5183f7ad6cca21029fd60653d075730c644432-refs/heads/main@{#96103} + +diff --git a/src/compiler/turboshaft/wasm-gc-typed-optimization-reducer.cc b/src/compiler/turboshaft/wasm-gc-typed-optimization-reducer.cc +index 58a94afcbeb9acd4241cc9f67ed90922e1d59125..6848d15e6190feaeb13bcbdb6315fcfe539a64dc 100644 +--- a/src/compiler/turboshaft/wasm-gc-typed-optimization-reducer.cc ++++ b/src/compiler/turboshaft/wasm-gc-typed-optimization-reducer.cc +@@ -45,9 +45,23 @@ void WasmGCTypeAnalyzer::Run() { + // defines more precise types than the previous iteration). + if (needs_revisit) { + block_to_snapshot_[loop_header.index()] = MaybeSnapshot(snapshot); +- // This will push the successors of the loop header to the iterator +- // stack, so the loop body will be visited in the next iteration. +- iterator.MarkLoopForRevisitSkipHeader(); ++ if (block.index() != loop_header.index()) { ++ // This will push the successors of the loop header to the iterator ++ // stack, so the loop body will be visited in the next iteration. ++ iterator.MarkLoopForRevisitSkipHeader(); ++ } else { ++ // A single-block loop doesn't have any successors which would be ++ // re-evaluated and which might trigger another re-evaluation of the ++ // loop header. ++ // TODO(mliedtke): This is not a great design: We don't just ++ // schedule revisiting the loop header but afterwards we revisit it ++ // once again to evaluate whether we need to revisit it more times, ++ // so for single block loops the revisitation count will always be a ++ // multiple of 2. While this is inefficient, single-block loops are ++ // rare and are either endless loops or need to trigger an exception ++ // (e.g. a wasm trap) to terminate. ++ iterator.MarkLoopForRevisit(); ++ } + } + } + } +@@ -279,12 +293,9 @@ wasm::ValueType WasmGCTypeAnalyzer::GetTypeForPhiInput(const PhiOp& phi, + if (current_block_->begin().id() <= input.id() && input.id() < phi_id.id()) { + // Phi instructions have to be at the beginning of the block, so this can + // only happen for inputs that are also phis. Furthermore, this is only +- // possible in loop headers of loops with a single block (endless loops) and +- // only for the backedge-input. ++ // possible in loop headers of loops and only for the backedge-input. + DCHECK(graph_.Get(input).Is()); + DCHECK(current_block_->IsLoop()); +- DCHECK(current_block_->HasBackedge(graph_)); +- DCHECK_EQ(current_block_->LastPredecessor(), current_block_); + DCHECK_EQ(input_index, 1); + return types_table_.Get(input); + } diff --git a/patches/v8/merged_wasm_arm_tail-call_free_scratch_register_earlier.patch b/patches/v8/merged_wasm_arm_tail-call_free_scratch_register_earlier.patch new file mode 100644 index 000000000000..2a5505ff6612 --- /dev/null +++ b/patches/v8/merged_wasm_arm_tail-call_free_scratch_register_earlier.patch @@ -0,0 +1,65 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Thibaud Michaud +Date: Wed, 18 Dec 2024 12:14:14 +0100 +Subject: Merged: [wasm][arm][tail-call] Free scratch register earlier + +In Liftoff's PrepareTailCall, we kept the UseScratchRegisterScope open +for longer than necessary. Close the scope earlier to ensure that we +don't run out of scratch registers in the last "sub" instruction if it +needs one. + +R=clemensb@chromium.org + +Fixed: 384565015 +(cherry picked from commit 7c9e628fd07a457635db098483f7a956ecfa385a) + +Change-Id: I0100569d5276aa9188ccbc3c7ee409a9dd49be31 +Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6148448 +Reviewed-by: Daniel Lehmann +Commit-Queue: Thibaud Michaud +Cr-Commit-Position: refs/branch-heads/13.0@{#49} +Cr-Branched-From: 4be854bd71ea878a25b236a27afcecffa2e29360-refs/heads/13.0.245@{#1} +Cr-Branched-From: 1f5183f7ad6cca21029fd60653d075730c644432-refs/heads/main@{#96103} + +diff --git a/src/wasm/baseline/arm/liftoff-assembler-arm-inl.h b/src/wasm/baseline/arm/liftoff-assembler-arm-inl.h +index d5964af013d7c38ba1d6592680480730b9960b2f..2d806f58aeb465f591d564369961aa71cb74a61f 100644 +--- a/src/wasm/baseline/arm/liftoff-assembler-arm-inl.h ++++ b/src/wasm/baseline/arm/liftoff-assembler-arm-inl.h +@@ -496,21 +496,23 @@ void LiftoffAssembler::CallFrameSetupStub(int declared_function_index) { + + void LiftoffAssembler::PrepareTailCall(int num_callee_stack_params, + int stack_param_delta) { +- UseScratchRegisterScope temps(this); +- Register scratch = temps.Acquire(); ++ { ++ UseScratchRegisterScope temps(this); ++ Register scratch = temps.Acquire(); + +- // Push the return address and frame pointer to complete the stack frame. +- sub(sp, sp, Operand(8)); +- ldr(scratch, MemOperand(fp, 4)); +- str(scratch, MemOperand(sp, 4)); +- ldr(scratch, MemOperand(fp, 0)); +- str(scratch, MemOperand(sp, 0)); +- +- // Shift the whole frame upwards. +- int slot_count = num_callee_stack_params + 2; +- for (int i = slot_count - 1; i >= 0; --i) { +- ldr(scratch, MemOperand(sp, i * 4)); +- str(scratch, MemOperand(fp, (i - stack_param_delta) * 4)); ++ // Push the return address and frame pointer to complete the stack frame. ++ sub(sp, sp, Operand(8)); ++ ldr(scratch, MemOperand(fp, 4)); ++ str(scratch, MemOperand(sp, 4)); ++ ldr(scratch, MemOperand(fp, 0)); ++ str(scratch, MemOperand(sp, 0)); ++ ++ // Shift the whole frame upwards. ++ int slot_count = num_callee_stack_params + 2; ++ for (int i = slot_count - 1; i >= 0; --i) { ++ ldr(scratch, MemOperand(sp, i * 4)); ++ str(scratch, MemOperand(fp, (i - stack_param_delta) * 4)); ++ } + } + + // Set the new stack and frame pointer.