d757cd5c63
If an output operand has "same as input" policy, we cannot assume that
it's input 0. Instead we should look at the {input_index}.
The bug manifests on Wasm select instructions, where the input index is
actually 2 and not 0.
In order to test this better, we introduce the a new
--turbo-force-mid-tier-regalloc flag, which always uses the mid-tier
register allocator. Otherwise the bug would only manifest on huge
functions.
R=mslekova@chromium.org
CC=thibaudm@chromium.org
Bug: v8:12330
Change-Id: I6a005a48bbd2aba354dc99fed587bffce24c8839
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3234722
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77495}
28 lines
848 B
JavaScript
28 lines
848 B
JavaScript
// Copyright 2021 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Flags: --turbo-force-mid-tier-regalloc
|
|
|
|
d8.file.execute('test/mjsunit/wasm/wasm-module-builder.js');
|
|
|
|
const builder = new WasmModuleBuilder();
|
|
builder.addType(makeSig([], [kWasmF32]));
|
|
builder.addFunction(undefined, 0 /* sig */)
|
|
.addLocals(kWasmI32, 1)
|
|
.addBodyWithEnd([
|
|
// signature: f_v
|
|
// body:
|
|
kExprLoop, 0x7d, // loop @3 f32
|
|
kExprI32Const, 0x9a, 0x7f, // i32.const
|
|
kExprI32Const, 0x01, // i32.const
|
|
kExprLocalGet, 0x00, // local.get
|
|
kExprSelect, // select
|
|
kExprLocalTee, 0x00, // local.tee
|
|
kExprBrIf, 0x00, // br_if depth=0
|
|
kExprF32Const, 0x4e, 0x03, 0xf1, 0xff, // f32.const
|
|
kExprEnd, // end @22
|
|
kExprEnd, // end @23
|
|
]);
|
|
builder.toModule();
|