[webkit-changes] [197037] trunk/Source/JavaScriptCore

[fpizlo]

Title: [197037] trunk/Source/_javascript_Core

Revision

197037

Author

fpi...@apple.com

Date

2016-02-24 10:49:45 -0800 (Wed, 24 Feb 2016)

Log Message

Stackmaps have problems with double register constraints
https://bugs.webkit.org/show_bug.cgi?id=154643

Reviewed by Geoffrey Garen.

This is currently a benign bug. I found it while playing.

* b3/B3LowerToAir.cpp:
(JSC::B3::Air::LowerToAir::fillStackmap):
* b3/testb3.cpp:
(JSC::B3::testURShiftSelf64):
(JSC::B3::testPatchpointDoubleRegs):
(JSC::B3::zero):
(JSC::B3::run):

Modified Paths

• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/b3/B3LowerToAir.cpp
• trunk/Source/_javascript_Core/b3/testb3.cpp

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (197036 => 197037)

--- trunk/Source/_javascript_Core/ChangeLog	2016-02-24 18:14:41 UTC (rev 197036)
+++ trunk/Source/_javascript_Core/ChangeLog	2016-02-24 18:49:45 UTC (rev 197037)
@@ -1,3 +1,20 @@
+2016-02-24  Filip Pizlo  <fpi...@apple.com>
+
+        Stackmaps have problems with double register constraints
+        https://bugs.webkit.org/show_bug.cgi?id=154643
+
+        Reviewed by Geoffrey Garen.
+
+        This is currently a benign bug. I found it while playing.
+
+        * b3/B3LowerToAir.cpp:
+        (JSC::B3::Air::LowerToAir::fillStackmap):
+        * b3/testb3.cpp:
+        (JSC::B3::testURShiftSelf64):
+        (JSC::B3::testPatchpointDoubleRegs):
+        (JSC::B3::zero):
+        (JSC::B3::run):
+
 2016-02-24  Skachkov Oleksandr  <gskach...@gmail.com>
 
         [ES6] Arrow function syntax. Emit loading&putting this/super only if they are used in arrow function

Modified: trunk/Source/_javascript_Core/b3/B3LowerToAir.cpp (197036 => 197037)

--- trunk/Source/_javascript_Core/b3/B3LowerToAir.cpp	2016-02-24 18:14:41 UTC (rev 197036)
+++ trunk/Source/_javascript_Core/b3/B3LowerToAir.cpp	2016-02-24 18:49:45 UTC (rev 197037)
@@ -991,7 +991,7 @@
             case ValueRep::Register:
                 stackmap->earlyClobbered().clear(value.rep().reg());
                 arg = Tmp(value.rep().reg());
-                append(Move, immOrTmp(value.value()), arg);
+                append(relaxedMoveForType(value.value()->type()), immOrTmp(value.value()), arg);
                 break;
             case ValueRep::StackArgument:
                 arg = Arg::callArg(value.rep().offsetFromSP());

Modified: trunk/Source/_javascript_Core/b3/testb3.cpp (197036 => 197037)

--- trunk/Source/_javascript_Core/b3/testb3.cpp	2016-02-24 18:14:41 UTC (rev 197036)
+++ trunk/Source/_javascript_Core/b3/testb3.cpp	2016-02-24 18:49:45 UTC (rev 197037)
@@ -10426,6 +10426,30 @@
     check(64);
 }
 
+void testPatchpointDoubleRegs()
+{
+    Procedure proc;
+    BasicBlock* root = proc.addBlock();
+
+    Value* arg = root->appendNew<ArgumentRegValue>(proc, Origin(), FPRInfo::argumentFPR0);
+    
+    PatchpointValue* patchpoint = root->appendNew<PatchpointValue>(proc, Double, Origin());
+    patchpoint->append(arg, ValueRep(FPRInfo::fpRegT0));
+    patchpoint->resultConstraint = ValueRep(FPRInfo::fpRegT0);
+
+    unsigned numCalls = 0;
+    patchpoint->setGenerator(
+        [&] (CCallHelpers&, const StackmapGenerationParams&) {
+            numCalls++;
+        });
+
+    root->appendNew<ControlValue>(proc, Return, Origin(), patchpoint);
+
+    auto code = compile(proc);
+    CHECK(numCalls == 1);
+    CHECK(invoke<double>(*code, 42.5) == 42.5);
+}
+
 // Make sure the compiler does not try to optimize anything out.
 NEVER_INLINE double zero()
 {
@@ -11842,6 +11866,8 @@
     RUN(testURShiftSelf64());
     RUN(testLShiftSelf64());
 
+    RUN(testPatchpointDoubleRegs());
+
     if (tasks.isEmpty())
         usage();
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes