7f851cd42c
This is a reland of ada648006b, fixed
for 32 bit architectures (register pairs).
Original change's description:
> [Liftoff] Fix register use count
>
> In {SetLocalFromStackSlot}, we decrement the use count of the register
> in the target slot without updating this slot, and then call
> {GetUnusedRegister}. At that point, the register use counts do not
> match the cache state, which leads to errors later on.
> This CL fixes this by marking the target slot as a stack slot after
> reducing the register use count.
>
> It also adds a Validation which helped to find that error and will
> catch similar errors earlier.
>
> R=titzer@chromium.org
>
> Bug: chromium:854050, v8:6600
> Change-Id: I74d3a5aa947ec4247d7b4557567f642bf4082316
> Reviewed-on: https://chromium-review.googlesource.com/1111958
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53976}
TBR=titzer@chromium.org
Bug: chromium:854050, v8:6600
Change-Id: Ibc8801737e9604a8490382c569b0378585625376
Reviewed-on: https://chromium-review.googlesource.com/1112238
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53981}
29 lines
1.1 KiB
JavaScript
29 lines
1.1 KiB
JavaScript
// Copyright 2018 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
load('test/mjsunit/wasm/wasm-constants.js');
|
|
load('test/mjsunit/wasm/wasm-module-builder.js');
|
|
|
|
const builder = new WasmModuleBuilder();
|
|
builder.addFunction(undefined, makeSig([kWasmI32, kWasmF32], []))
|
|
.addLocals({i32_count: 7})
|
|
.addBody([
|
|
kExprGetLocal, 0, // get_local
|
|
kExprI32Const, 0, // i32.const 0
|
|
kExprIf, kWasmStmt, // if
|
|
kExprUnreachable, // unreachable
|
|
kExprEnd, // end if
|
|
kExprGetLocal, 4, // get_local
|
|
kExprTeeLocal, 8, // tee_local
|
|
kExprBrIf, 0, // br_if depth=0
|
|
kExprTeeLocal, 7, // tee_local
|
|
kExprTeeLocal, 0, // tee_local
|
|
kExprTeeLocal, 2, // tee_local
|
|
kExprTeeLocal, 8, // tee_local
|
|
kExprDrop, // drop
|
|
kExprLoop, kWasmStmt, // loop
|
|
kExprEnd, // end loop
|
|
]);
|
|
builder.instantiate();
|