Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: f2c901e82e1fc3713764dd38d90f9afd4d261d0a
https://github.com/WebKit/WebKit/commit/f2c901e82e1fc3713764dd38d90f9afd4d261d0a
Author: Dan Hecht <[email protected]>
Date: 2025-02-19 (Wed, 19 Feb 2025)
Changed paths:
M Source/JavaScriptCore/b3/air/AirAllocateRegistersByGreedy.cpp
Log Message:
-----------
[JSC][GreedyRegAlloc] Don't add Tmp to its own coalescable set
https://bugs.webkit.org/show_bug.cgi?id=288008
rdar://145169136
Reviewed by Yusuke Suzuki.
If the IR before register allocation contains a 'Move a, a'
instruction, then, if there is another def of 'a', this will
trip up the pruneCoalescable() logic. The nested removeAllMatching
will remove the element out from under the outer's lambda. Fix it by
not adding identity to this set, which makes sense since Tmp 'a'
and Tmp 'a' will always trivially get the same register regardless.
JSC doesn't seem to produce such code (at least during tests)
but testb3 was able to find this bug.
* Source/JavaScriptCore/b3/air/AirAllocateRegistersByGreedy.cpp:
(JSC::B3::Air::Greedy::GreedyAllocator::validateAssignments):
(JSC::B3::Air::Greedy::GreedyAllocator::buildLiveRanges):
Canonical link: https://commits.webkit.org/290658@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
