10bbbf13a2
The mid-tier register allocator could not handle the case that the same virtual register was used for - the input corresponding to the 'same-as-input' output, and - another 'unique register' input. In this case, it cannot choose the already assigned register for the 'unique' register. Instead, it needs to allocate a new register and introduce a gap move to duplicate the input value in two different registers. FYI, the instruction where the current logic failed was: (v5(0), v6(R)) = IA32AddPair v7(R) v7(*) v8(R) v7(R) (where the last input was marked 'unique'). R=leszeks@chromium.org CC=thibaudm@chromium.org Bug: v8:12330, chromium:1272204 Change-Id: Ie4843aa9f5e027afe503e0481a4acdfa325dfe0e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3347821 Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#78411}
20 lines
660 B
JavaScript
20 lines
660 B
JavaScript
// Copyright 2021 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Flags: --no-liftoff --turbo-force-mid-tier-regalloc
|
|
|
|
d8.file.execute('test/mjsunit/wasm/wasm-module-builder.js');
|
|
|
|
const builder = new WasmModuleBuilder();
|
|
builder.addMemory(16, 32, false);
|
|
builder.addFunction(undefined, kSig_i_iii).addBody([
|
|
kExprI64Const, 0x7a, // i64.const
|
|
kExprI64Const, 0x7f, // i64.const
|
|
kExprI64Const, 0x7e, // i64.const
|
|
kExprI64Add, // i64.add
|
|
kExprI64DivS, // i64.div_s
|
|
kExprUnreachable, // unreachable
|
|
]);
|
|
builder.toModule();
|