[webkit-changes] [WebKit/WebKit] 59f3af: [JSC] GreedyRegAlloc: handle use/def count overflo...

Wed, 05 Nov 2025 08:20:24 -0800 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 59f3afb044ea756dd8beaaca10ebd6262ce10646
      
https://github.com/WebKit/WebKit/commit/59f3afb044ea756dd8beaaca10ebd6262ce10646
  Author: Dan Hecht <[email protected]>
  Date:   2025-11-05 (Wed, 05 Nov 2025)

  Changed paths:
    A JSTests/wasm/stress/deeply-nested-loops-use-counts.js
    M Source/JavaScriptCore/b3/air/AirAllocateRegistersByGreedy.cpp

  Log Message:
  -----------
  [JSC] GreedyRegAlloc: handle use/def count overflow gracefully
rdar://163797828
https://bugs.webkit.org/show_bug.cgi?id=301962

Reviewed by Yusuke Suzuki.

B3::Air::UseCounts stores its counts in a float array. The basic
block frequency estimator code uses a factor of 10 for each level
of loop nesting. So, if a function has more than around 40 levels
of nested loops, the use/def counts can overflow and become infinity.

This inf value flows into the register allocator's spill cost heuristic,
causing the spill cost to be inf. Inf is used to represent the cost
of unspillable Tmps, so if there is enough register pressure, the
register allocator can get confused and decide it's run out of
registers and fail.

To fix this, cap the maximum spill cost of spillable Tmps.

Bonus fix: due to how the high 64-bit clobbers of SIMD vector registers
are modeled, these clobbers are not represented as true live ranges.
This caused an assert to trigger when trying to dump the register
allocator state in the above situation. The assert is not valid
for register Tmps for that reason - a register Tmp can have no live
ranges yet still conflict because of these high 64 vector clobbers.
Move the assert slightly for this reason.

Bonus cleanup: remove the !spillCostDivideBySize heuristic; there's no need
to keep the other side of this experiment around.

Test: JSTests/wasm/stress/deeply-nested-loops-use-counts.js
* JSTests/wasm/stress/deeply-nested-loops-use-counts.js: Added.
(generateNestedLoops):
(async test):
* Source/JavaScriptCore/b3/air/AirAllocateRegistersByGreedy.cpp:
(JSC::B3::Air::Greedy::TmpData::spillCost):

Canonical link: https://commits.webkit.org/302588@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to