1680621 - Warp: Check wasm argument types in CacheIR

Status: RESOLVED FIXED

(Core :: JavaScript Engine: JIT, task, P1)

Description

[Iain Ireland [:iain]]

When generating fast calls from Warp to wasm, we emit conversions in the transpiler that check the argument types, but don't generate equivalent guards in the baseline IC. This can cause bailout loops.

This patch moves the argument checks into CacheIR.

Comment 1

[Iain Ireland [:iain]]

Attachment: Bug 1680621: Move Wasm argument conversions into CacheIR r=jandem

The transpiler emits fallible conversions for wasm arguments when generating an optimized call into Wasm, but the baseline IC does not emit equivalent guards, which can cause bailout loops.

To fix this, this patch moves the argument conversion into CacheIR with a new GuardWasmArg op. In the baseline IC, GuardWasmArg verifies that the argument has a valid type. In the transpiler, GuardWasmArg generates the appropriate conversion.

Notes:

• For missing arguments, it's a little silly that emitCallWasmFunction creates a constant undefined node and feeds it into a conversion instead of generating the result of the conversion, but I didn't want to synthesize a BigInt in WarpBuilder. If the performance matters, we should fix it in MToInt64::foldsTo.
• CodeGenerator::visitValueToBigInt (used for wasm::ValType::I64) already has support for booleans, so I fixed tryAttachWasmCall to match.
• Code sharing between wasm call ICs will now be limited to calls with the same signature.

Comment 2

[Pulsebot]

Pushed by iireland@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/76ca4d5bab5c
Move Wasm argument conversions into CacheIR r=jandem

Comment 3

[Razvan Maries]

https://hg.mozilla.org/mozilla-central/rev/76ca4d5bab5c