search

riscv-collab / v8

Port of Google v8 engine to RISC-V.
https://github.com/v8-riscv/v8/wiki
Other
237 stars 31 forks source link

Run and pass add1.js #570

Closed qjivy closed 2 years ago

qjivy commented 2 years ago

After pass add.js and hello.js, we can try this one:

function test(v2) {
return v2+66;
}
%PrepareFunctionForOptimization(test);
test(55);
%OptimizeFunctionOnNextCall(test);
test(77);
%DebugPrint(test);
%PrepareFunctionForOptimization(test);
test(55.1);
%OptimizeFunctionOnNextCall(test);
test(77.2);
%DebugPrint(test);
qjivy commented 2 years ago

Run with cmd:

./d8 --allow-natives-syntax add1.js

Error happens, log:

#
# Fatal error in ../../src/heap/heap.cc, line 7191
# Debug check failed: ReadOnlyHeap::Contains( HeapObject::FromAddress(inner_pointer & ~kHeapObjectTagMask)).
#
#
#
#FailureMessage Object: 0xffd4f808
==== C stack trace ===============================

    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8_libbase.so(v8::base::debug::StackTrace::StackTrace()+0x2c) [0xf353892c]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8_libplatform.so(+0x515fe) [0xf34855fe]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8_libbase.so(V8_Fatal(char const*, int, char const*, ...)+0x134) [0xf34fe294]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8_libbase.so(std::__Cr::enable_if<!std::is_function<std::__Cr::remove_pointer<char>::type>::value && !std::is_enum<char>::value && has_output_operator<char, v8::base::CheckMessageStream>::value, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char> > >::type v8::base::PrintCheckOperand<char>(char)+0) [0xf34fdc10]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8_libbase.so(V8_Dcheck(char const*, int, char const*)+0x39) [0xf34fe379]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(v8::internal::Heap::GcSafeFindCodeForInnerPointer(unsigned int)+0x266) [0xf5f7af76]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(v8::internal::Isolate::FindCodeObject(unsigned int)+0x4b) [0xf5da338b]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(v8::internal::Deoptimizer::FindOptimizedCode()+0x8b) [0xf5c88a6b]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(v8::internal::Deoptimizer::Deoptimizer(v8::internal::Isolate*, v8::internal::JSFunction, v8::internal::DeoptimizeKind, unsigned int, int)+0x2a9) [0xf5c88159]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(v8::internal::Deoptimizer::New(unsigned int, v8::internal::DeoptimizeKind, unsigned int, int, v8::internal::Isolate*)+0xb1) [0xf5c84d11]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(v8::internal::Simulator::SoftwareInterrupt()+0xfa5) [0xf724eac5]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(v8::internal::Simulator::DecodeRVIType()+0x11ea) [0xf7258b8a]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(v8::internal::Simulator::InstructionDecode(v8::internal::Instruction*)+0x274) [0xf724b2d4]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(v8::internal::Simulator::Execute()+0xe3) [0xf725d563]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(v8::internal::Simulator::CallInternal(unsigned int)+0x5b5) [0xf725db55]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(v8::internal::Simulator::CallImpl(unsigned int, int, int const*)+0x4de) [0xf725ec1e]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(unsigned int v8::internal::SimulatorBase::VariadicCall<unsigned int, v8::internal::Simulator, int (v8::internal::Simulator::*)(unsigned int, int, int const*), unsigned int, unsigned int, unsigned int, unsigned int, int, unsigned int**>(v8::internal::Simulator*, int (v8::internal::Simulator::*)(unsigned int, int, int const*), unsigned int, unsigned int, unsigned int, unsigned int, unsigned int, int, unsigned int**)+0x146) [0xf5d62cb6]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(unsigned int v8::internal::Simulator::Call<unsigned int, unsigned int, unsigned int, unsigned int, unsigned int, int, unsigned int**>(unsigned int, unsigned int, unsigned int, unsigned int, unsigned int, int, unsigned int**)+0xaa) [0xf5d62b5a]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(v8::internal::GeneratedCode<unsigned int, unsigned int, unsigned int, unsigned int, unsigned int, int, unsigned int**>::Call(unsigned int, unsigned int, unsigned int, unsigned int, int, unsigned int**)+0x96) [0xf5d62676]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(+0x28187a3) [0xf5d5e7a3]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(v8::internal::Execution::CallScript(v8::internal::Isolate*, v8::internal::Handle<v8::internal::JSFunction>, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>)+0x23c) [0xf5d5f09c]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(v8::Script::Run(v8::Local<v8::Context>, v8::Local<v8::Data>)+0xbbe) [0xf57a956e]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(v8::Script::Run(v8::Local<v8::Context>)+0x5f) [0xf57a899f]
    ./d8(v8::Shell::ExecuteString(v8::Isolate*, v8::Local<v8::String>, v8::Local<v8::String>, v8::Shell::PrintResult, v8::Shell::ReportExceptions, v8::Shell::ProcessMessageQueue)+0xd75) [0x566368d5]
    ./d8(v8::SourceGroup::Execute(v8::Isolate*)+0x5d9) [0x566514f9]
    ./d8(v8::Shell::RunMain(v8::Isolate*, bool)+0x2a7) [0x566558f7]
    ./d8(v8::Shell::Main(int, char**)+0x17d8) [0x56657d88]
    ./d8(main+0x32) [0x56658412]
    /lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf1) [0xf2d67fa1]
    ./d8(_start+0x31) [0x56609b81]
luyahan commented 2 years ago

Run with cmd:

./d8 --allow-natives-syntax add1.js

Error happens, log:

#
# Fatal error in ../../src/heap/heap.cc, line 7191
# Debug check failed: ReadOnlyHeap::Contains( HeapObject::FromAddress(inner_pointer & ~kHeapObjectTagMask)).
#
#
#
#FailureMessage Object: 0xffd4f808
==== C stack trace ===============================

    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8_libbase.so(v8::base::debug::StackTrace::StackTrace()+0x2c) [0xf353892c]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8_libplatform.so(+0x515fe) [0xf34855fe]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8_libbase.so(V8_Fatal(char const*, int, char const*, ...)+0x134) [0xf34fe294]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8_libbase.so(std::__Cr::enable_if<!std::is_function<std::__Cr::remove_pointer<char>::type>::value && !std::is_enum<char>::value && has_output_operator<char, v8::base::CheckMessageStream>::value, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char> > >::type v8::base::PrintCheckOperand<char>(char)+0) [0xf34fdc10]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8_libbase.so(V8_Dcheck(char const*, int, char const*)+0x39) [0xf34fe379]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(v8::internal::Heap::GcSafeFindCodeForInnerPointer(unsigned int)+0x266) [0xf5f7af76]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(v8::internal::Isolate::FindCodeObject(unsigned int)+0x4b) [0xf5da338b]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(v8::internal::Deoptimizer::FindOptimizedCode()+0x8b) [0xf5c88a6b]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(v8::internal::Deoptimizer::Deoptimizer(v8::internal::Isolate*, v8::internal::JSFunction, v8::internal::DeoptimizeKind, unsigned int, int)+0x2a9) [0xf5c88159]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(v8::internal::Deoptimizer::New(unsigned int, v8::internal::DeoptimizeKind, unsigned int, int, v8::internal::Isolate*)+0xb1) [0xf5c84d11]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(v8::internal::Simulator::SoftwareInterrupt()+0xfa5) [0xf724eac5]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(v8::internal::Simulator::DecodeRVIType()+0x11ea) [0xf7258b8a]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(v8::internal::Simulator::InstructionDecode(v8::internal::Instruction*)+0x274) [0xf724b2d4]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(v8::internal::Simulator::Execute()+0xe3) [0xf725d563]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(v8::internal::Simulator::CallInternal(unsigned int)+0x5b5) [0xf725db55]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(v8::internal::Simulator::CallImpl(unsigned int, int, int const*)+0x4de) [0xf725ec1e]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(unsigned int v8::internal::SimulatorBase::VariadicCall<unsigned int, v8::internal::Simulator, int (v8::internal::Simulator::*)(unsigned int, int, int const*), unsigned int, unsigned int, unsigned int, unsigned int, int, unsigned int**>(v8::internal::Simulator*, int (v8::internal::Simulator::*)(unsigned int, int, int const*), unsigned int, unsigned int, unsigned int, unsigned int, unsigned int, int, unsigned int**)+0x146) [0xf5d62cb6]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(unsigned int v8::internal::Simulator::Call<unsigned int, unsigned int, unsigned int, unsigned int, unsigned int, int, unsigned int**>(unsigned int, unsigned int, unsigned int, unsigned int, unsigned int, int, unsigned int**)+0xaa) [0xf5d62b5a]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(v8::internal::GeneratedCode<unsigned int, unsigned int, unsigned int, unsigned int, unsigned int, int, unsigned int**>::Call(unsigned int, unsigned int, unsigned int, unsigned int, int, unsigned int**)+0x96) [0xf5d62676]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(+0x28187a3) [0xf5d5e7a3]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(v8::internal::Execution::CallScript(v8::internal::Isolate*, v8::internal::Handle<v8::internal::JSFunction>, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>)+0x23c) [0xf5d5f09c]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(v8::Script::Run(v8::Local<v8::Context>, v8::Local<v8::Data>)+0xbbe) [0xf57a956e]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(v8::Script::Run(v8::Local<v8::Context>)+0x5f) [0xf57a899f]
    ./d8(v8::Shell::ExecuteString(v8::Isolate*, v8::Local<v8::String>, v8::Local<v8::String>, v8::Shell::PrintResult, v8::Shell::ReportExceptions, v8::Shell::ProcessMessageQueue)+0xd75) [0x566368d5]
    ./d8(v8::SourceGroup::Execute(v8::Isolate*)+0x5d9) [0x566514f9]
    ./d8(v8::Shell::RunMain(v8::Isolate*, bool)+0x2a7) [0x566558f7]
    ./d8(v8::Shell::Main(int, char**)+0x17d8) [0x56657d88]
    ./d8(main+0x32) [0x56658412]
    /lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf1) [0xf2d67fa1]
    ./d8(_start+0x31) [0x56609b81]

src/builtins/riscv32/builtins-riscv32.cc: Generate_DeoptimizationEntry

  // Allocate a new deoptimizer object.
  __ PrepareCallCFunction(5, a4);
  // Pass five arguments, according to n64 ABI.
  __ Move(a0, zero_reg);
  Label context_check;
  __ Lw(a1, MemOperand(fp, CommonFrameConstants::kContextOrFrameTypeOffset));
  __ JumpIfSmi(a1, &context_check);
  __ Lw(a0, MemOperand(fp, StandardFrameConstants::kFunctionOffset));
  __ bind(&context_check);
  __ li(a1, Operand(static_cast<int64_t>(deopt_kind)));
  // a2: code object address
  // a3: fp-to-sp delta
  __ li(a4, ExternalReference::isolate_address(isolate));

  // Call Deoptimizer::New().
  {
    AllowExternalCallThatCantCauseGC scope(masm);
    __ CallCFunction(ExternalReference::new_deoptimizer_function(), 5);
  }

may be abi error

luyahan commented 2 years ago

After pr #576

Call to host function Deoptimizer::ComputeOutputFrames() at 0xf5c77050 args 58c56660 , e9e0feec , e9e0fef0 , 58c568f0 , 3829375d , 00000050 , e9e0ff10 , 382835d1 , e9e0feec , 58c56660 , 000000003829375d , 000000003829381d , 0000000021c82341 , 00000000000000a0 , 0000000038293769 , 0000000000000002 , 00000000382937d9 , 00000000382835d1 , 00000000e9e0ff28 , 00000000f4ec0d60 
malloc(): unsorted double linked list corrupted
Received signal 6

==== C stack trace ===============================

 [0x0000f352992c]
 [0x0000f3529845]
 [0x0000f7f65b70]
 [0x0000f7f65b49]
 [0x0000f2d61426]
luyahan commented 2 years ago 
[New Thread 0xea772b40 (LWP 1096563)]
malloc(): unsorted double linked list corrupted

Thread 1 "d8" received signal SIGABRT, Aborted.
0xf7fd0b49 in __kernel_vsyscall ()
(gdb) bt
#0  0xf7fd0b49 in __kernel_vsyscall ()
#1  0xf2dcb426 in raise () from /lib/i386-linux-gnu/libc.so.6
#2  0xf2db33f7 in abort () from /lib/i386-linux-gnu/libc.so.6
#3  0xf2e1040c in ?? () from /lib/i386-linux-gnu/libc.so.6
#4  0xf2e186bf in ?? () from /lib/i386-linux-gnu/libc.so.6
#5  0xf2e1b7db in ?? () from /lib/i386-linux-gnu/libc.so.6
#6  0xf2e1cee0 in malloc () from /lib/i386-linux-gnu/libc.so.6
#7  0xf31cb070 in operator new (size=4080) at ../../buildtools/third_party/libc++/trunk/src/new.cpp:67
#8  0xf57d016f in std::__Cr::__libcpp_operator_new<unsigned int> (__args=4080) at ../../buildtools/third_party/libc++/trunk/include/new:235
#9  0xf57d0142 in std::__Cr::__libcpp_allocate (__size=4080, __align=4) at ../../buildtools/third_party/libc++/trunk/include/new:261
#10 0xf5cf30d2 in std::__Cr::allocator<v8::internal::TranslatedValue>::allocate (this=0x56c2f8e0, __n=204)
    at ../../buildtools/third_party/libc++/trunk/include/__memory/allocator.h:82
#11 0xf5cf1f1b in std::__Cr::allocator_traits<std::__Cr::allocator<v8::internal::TranslatedValue> >::allocate (__a=..., __n=204)
    at ../../buildtools/third_party/libc++/trunk/include/__memory/allocator_traits.h:261
#12 0xf5cf16b6 in std::__Cr::deque<v8::internal::TranslatedValue, std::__Cr::allocator<v8::internal::TranslatedValue> >::__add_back_capacity (this=0x56c2f8cc)
    at ../../buildtools/third_party/libc++/trunk/include/deque:2606
#13 0xf5cf138c in std::__Cr::deque<v8::internal::TranslatedValue, std::__Cr::allocator<v8::internal::TranslatedValue> >::push_back (this=0x56c2f8cc, __v=...)
    at ../../buildtools/third_party/libc++/trunk/include/deque:1932
#14 0xf5cec96e in v8::internal::TranslatedFrame::Add (this=0x56c2f8b0, value=...) at ../../src/deoptimizer/translated-state.h:312
#15 0xf5d00356 in v8::internal::TranslatedState::CreateNextTranslatedValue (this=0x56c9c5cc, frame_index=0, iterator=0xffffb178, literal_array=..., fp=1456064480, 
    registers=0x56c9c638, trace_file=0x0) at ../../src/deoptimizer/translated-state.cc:1168
#16 0xf5d017f3 in v8::internal::TranslatedState::Init (this=0x56c9c5cc, isolate=0x56bda120, input_frame_pointer=1456064480, stack_frame_pointer=3924270816, iterator=0xffffb178, 
    literal_array=..., registers=0x56c9c638, trace_file=0x0, formal_parameter_count=1, actual_argument_count=-1091707220) at ../../src/deoptimizer/translated-state.cc:1355
#17 0xf5ce1a13 in v8::internal::Deoptimizer::DoComputeOutputFrames (this=0x56c9c580) at ../../src/deoptimizer/deoptimizer.cc:822
#18 0xf5ce144f in v8::internal::Deoptimizer::ComputeOutputFrames (deoptimizer=0x56c9c580) at ../../src/deoptimizer/deoptimizer.cc:456
#19 0xf72a5775 in v8::internal::Simulator::SoftwareInterrupt (this=0x56c07e20) at ../../src/execution/riscv32/simulator-riscv32.cc:2958
#20 0xf72afa6a in v8::internal::Simulator::DecodeRVIType (this=0x56c07e20) at ../../src/execution/riscv32/simulator-riscv32.cc:4556
#21 0xf72a1f64 in v8::internal::Simulator::InstructionDecode (this=0x56c07e20, instr=0x566da0d4) at ../../src/execution/riscv32/simulator-riscv32.cc:6891
#22 0xf72b4635 in v8::internal::Simulator::Execute (this=0x56c07e20) at ../../src/execution/riscv32/simulator-riscv32.cc:6969
#23 0xf72b4c1e in v8::internal::Simulator::CallInternal (this=0x56c07e20, entry=4109544064) at ../../src/execution/riscv32/simulator-riscv32.cc:7021
#24 0xf72b5cee in v8::internal::Simulator::CallImpl (this=0x56c07e20, entry=4109544064, argument_count=6, arguments=0xffffbf10)
    at ../../src/execution/riscv32/simulator-riscv32.cc:7098
#25 0xf5dbd006 in v8::internal::SimulatorBase::VariadicCall<unsigned int, v8::internal::Simulator, int (v8::internal::Simulator::*)(unsigned int, int, int const*), unsigned int, unsigned int, unsigned int, unsigned int, int, unsigned int**> (sim=0x56c07e20, call=
    (int (v8::internal::Simulator::*)(v8::internal::Simulator * const, unsigned int, int, const int *)) 0xf72b5810 <v8::internal::Simulator::CallImpl(unsigned int, int, int const*)>, entry=4109544064, args=0xffffc3f0, args=0xffffc3f0, args=0xffffc3f0, args=0xffffc3f0, args=0xffffc3f0, args=0xffffc3f0) at ../../src/execution/simulator-base.h:49
#26 0xf5dbceaa in v8::internal::Simulator::Call<unsigned int, unsigned int, unsigned int, unsigned int, unsigned int, int, unsigned int**> (this=0x56c07e20, entry=4109544064, 
    args=0xffffc3f0, args=0xffffc3f0, args=0xffffc3f0, args=0xffffc3f0, args=0xffffc3f0, args=0xffffc3f0) at ../../src/execution/riscv32/simulator-riscv32.h:473
#27 0xf5dbc9c6 in v8::internal::GeneratedCode<unsigned int, unsigned int, unsigned int, unsigned int, unsigned int, int, unsigned int**>::Call (this=0xffffc128, 
    args=0xffffc3f0, args=0xffffc3f0, args=0xffffc3f0, args=0xffffc3f0, args=0xffffc3f0, args=0xffffc3f0) at ../../src/execution/simulator.h:134
#28 0xf5db8af3 in v8::internal::(anonymous namespace)::Invoke (isolate=0x56bda120, params=...) at ../../src/execution/execution.cc:425
#29 0xf5db93ec in v8::internal::Execution::CallScript (isolate=0x56bda120, script_function=..., receiver=..., host_defined_options=...) at ../../src/execution/execution.cc:534
#30 0xf58038ce in v8::Script::Run (this=0x56c0a5b4, context=..., host_defined_options=...) at ../../src/api/api.cc:2153
#31 0xf5802cff in v8::Script::Run (this=0x56c0a5b4, context=...) at ../../src/api/api.cc:2096
--Type <RET> for more, q to quit, c to continue without paging--q
qjivy commented 2 years ago

Trim the add1.js case into:

function test(v2) {
return v2+66;
}
%PrepareFunctionForOptimization(test);
test(55);
%OptimizeFunctionOnNextCall(test);
test(77);
test(55.1);

Still fail. Error log:

#
# Fatal error in gen/torque-generated/src/objects/contexts-tq-inl.inc, line 203 
# Check failed: !v8::internal::FLAG_enable_slow_asserts || (IsContext_NonInline(*this)).
#
#
#
#FailureMessage Object: 0xffba8ab8
==== C stack trace ===============================

    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8_libbase.so(v8::base::debug::StackTrace::StackTrace()+0x2c) [0xf354392c]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8_libplatform.so(+0x515fe) [0xf34905fe]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8_libbase.so(V8_Fatal(char const*, int, char const*, ...)+0x134) [0xf3509294]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(v8::internal::TorqueGeneratedContext<v8::internal::Context, v8::internal::HeapObject>::TorqueGeneratedContext(unsigned int)+0xa6) [0xf5795286]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(v8::internal::Context::Context(unsigned int)+0x2b) [0xf57a08eb]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(v8::internal::TorqueGeneratedContext<v8::internal::Context, v8::internal::HeapObject>::cast(v8::internal::Object)+0x3c) [0xf582f49c]
    /work/qjivy/rv32v8/another/v8/out/riscv32.debug/libv8.so(+0x35f6c52) [0xf6b47c52]

It seems that when the third call of test with a float poing argument other than "SMI", the error happen. So perhaps we had error handling for deoptimization. Using "--trace-deopt-verbose" to trace the process for both RV64 and RV32 to see what's the different.

For RV32G, deopt trace is:

[bailout (kind: deopt-eager, reason: not a Smi): begin. deoptimizing 0x1029386d <JSFunction test (sfi = 0x102936f5)>, opt id 0, node id 57, bytecode offset 2, deopt exit 0, FP to SP delta 16, caller SP 0xe9e3eef0, pc 0x2b2841d0]
            ;;; deoptimize at <1.js:2:10> 
  reading input frame test => bytecode_offset=2, args=2, height=0, retval=0(#0); inputs:
      0: 0x00000002 ;  [fp -   8]  1
      1: 0x102835d1 ;  [fp +   8]  0x102835d1 <NativeContext[271]>
      2: 0x10293745 ; a2 0x10293745 <HeapNumber 55.1>
      3: 0x102835d1 ;  [fp -  16]  0x102835d1 <NativeContext[271]>
      4: 0x10293745 ; a2 0x10293745 <HeapNumber 55.1>
  translating interpreted frame test => bytecode_offset=2, variable_frame_size=4, frame_size=40
    0xe9e3eeec: [top +  36] <- 0x10293745 <HeapNumber 55.1> ;  stack parameter (input #2)
    0xe9e3eee8: [top +  32] <- 0x102835d1 <NativeContext[271]> ;  stack parameter (input #1)
    -------------------------
    0xe9e3eee4: [top +  28] <- 0xbeeddead ;  bottommost caller's pc
    0xe9e3eee0: [top +  24] <- 0x1029386d ;  caller's fp
    0xe9e3eedc: [top +  20] <- 0x102835d1 <NativeContext[271]> ;  context (input #3)
    0xe9e3eed8: [top +  16] <- 0x00000002 <Smi 1> ;  function (input #0)
    0xe9e3eed4: [top +  12] <- 0xbeeddead ;  actual argument count
    0xe9e3eed0: [top +   8] <- 0x102938fd <BytecodeArray[6]> ;  bytecode array
    0xe9e3eecc: [top +   4] <- 0x00000046 <Smi 35> ;  bytecode offset
    -------------------------
    0xe9e3eec8: [top +   0] <- 0x10293745 <HeapNumber 55.1> ;  accumulator (input #4)
[bailout end. took 0.454 ms]

For RV64, the deopt trace is:

[bailout (kind: deopt-eager, reason: not a Smi): begin. deoptimizing 0x001df6be2ee9 <JSFunction test (sfi = 0x1df6be2c99)>, opt id 0, node id 58, bytecode offset 2, deopt exit 0, FP to SP delta 32, caller SP 0x7fbe2722ae40, pc 0x7fbe1f0831c8]
            ;;; deoptimize at <1.js:2:10>
  reading input frame test => bytecode_offset=2, args=2, height=0, retval=0(#0); inputs:
      0: 0x001df6be2ee9 ;  [fp -  16]  0x001df6be2ee9 <JSFunction test (sfi = 0x1df6be2c99)>
      1: 0x001df6bc38c1 ;  [fp +  16]  0x001df6bc38c1 <JSGlobalProxy>
      2: 0x001df6be2d19 ; a2 0x001df6be2d19 <HeapNumber 55.1>
      3: 0x001df6bc38e1 ;  [fp -  32]  0x001df6bc38e1 <NativeContext[271]>
      4: 0x001df6be2d19 ; a2 0x001df6be2d19 <HeapNumber 55.1>
  translating interpreted frame test => bytecode_offset=2, variable_frame_size=8, frame_size=80
    0x7fbe2722ae38: [top +  72] <- 0x001df6be2d19 <HeapNumber 55.1> ;  stack parameter (input #2) 
    0x7fbe2722ae30: [top +  64] <- 0x001df6bc38c1 <JSGlobalProxy> ;  stack parameter (input #1) 
    -------------------------
    0x7fbe2722ae28: [top +  56] <- 0x7fbe32fb7ac4 ;  bottommost caller's pc
    0x7fbe2722ae20: [top +  48] <- 0x7fbe2722ae80 ;  caller's fp
    0x7fbe2722ae18: [top +  40] <- 0x001df6bc38e1 <NativeContext[271]> ;  context (input #3) 
    0x7fbe2722ae10: [top +  32] <- 0x001df6be2ee9 <JSFunction test (sfi = 0x1df6be2c99)> ;  function (input #0) 
    0x7fbe2722ae08: [top +  24] <- 0x000000000002 ;  actual argument count
    0x7fbe2722ae00: [top +  16] <- 0x001df6be3009 <BytecodeArray[6]> ;  bytecode array
    0x7fbe2722adf8: [top +   8] <- 0x003700000000 <Smi 55> ;  bytecode offset
    -------------------------
    0x7fbe2722adf0: [top +   0] <- 0x001df6be2d19 <HeapNumber 55.1> ;  accumulator (input #4) 
[bailout end. took 0.577 ms]

Seems the content in the stack frame is different between them.

RV32: [fp-8: 1] [fp+8: NativeContext[271]] [top+12: 0xbeeddead] ... RV64: [fp-16:JSFunction test] [fp+16: JSGlobalProxy] ...

Also paste arm's deopt trace:

[bailout (kind: deopt-eager, reason: not a Smi): begin. deoptimizing 0x4ef5386d <JSFunction test (sfi = 0x4ef536f5)>, opt id 0, node id 57, bytecode offset 2, deopt exit 0, FP to SP delta 16, caller SP 0xe9f7df04, pc 0x3080417c]
            ;;; deoptimize at <1.js:2:10>
  reading input frame test => bytecode_offset=2, args=2, height=0, retval=0(#0); inputs:
      0: 0x4ef5386d ;  [fp -   8]  0x4ef5386d <JSFunction test (sfi = 0x4ef536f5)>
      1: 0x4ef435c1 ;  [fp +   8]  0x4ef435c1 <JSGlobalProxy>
      2: 0x4ef53745 ; r2 0x4ef53745 <HeapNumber 55.1>
      3: 0x4ef435d1 ;  [fp -  16]  0x4ef435d1 <NativeContext[271]>
      4: 0x4ef53745 ; r2 0x4ef53745 <HeapNumber 55.1>
  translating interpreted frame test => bytecode_offset=2, variable_frame_size=4, frame_size=40
    0xe9f7df00: [top +  36] <- 0x4ef53745 <HeapNumber 55.1> ;  stack parameter (input #2)
    0xe9f7defc: [top +  32] <- 0x4ef435c1 <JSGlobalProxy> ;  stack parameter (input #1)
    -------------------------
    0xe9f7def8: [top +  28] <- 0xf5029df4 ;  bottommost caller's pc
    0xe9f7def4: [top +  24] <- 0xe9f7df24 ;  caller's fp
    0xe9f7def0: [top +  20] <- 0x4ef435d1 <NativeContext[271]> ;  context (input #3)
    0xe9f7deec: [top +  16] <- 0x4ef5386d <JSFunction test (sfi = 0x4ef536f5)> ;  function (input #0)
    0xe9f7dee8: [top +  12] <- 0x00000002 ;  actual argument count
    0xe9f7dee4: [top +   8] <- 0x4ef538fd <BytecodeArray[6]> ;  bytecode array
    0xe9f7dee0: [top +   4] <- 0x00000046 <Smi 35> ;  bytecode offset
    -------------------------
    0xe9f7dedc: [top +   0] <- 0x4ef53745 <HeapNumber 55.1> ;  accumulator (input #4)
[bailout end. took 0.607 ms]
qjivy commented 2 years ago

With #620, it passes now!