Fix several register allocation issues revealed by fuzzer:

- LIsObject had incorrect contraint for value input; - Temporaries had incorrect lifetime intervals; - Live ranges for live_out values was not covering the whole block. Review URL: http://codereview.chromium.org/5899002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6038 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix several register allocation issues revealed by fuzzer:
- LIsObject had incorrect contraint for value input; - Temporaries had incorrect lifetime intervals; - Live ranges for live_out values was not covering the whole block. Review URL: http://codereview.chromium.org/5899002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6038 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
ed59e772 · vegorov@chromium.org · 7a3fd2aa · ed59e772 · ed59e772 · ed59e772
Commit ed59e772 authored Dec 15, 2010 by vegorov@chromium.org
Show whitespace changes
Inline Side-by-side

Showing with 8 additions and 13 deletions

lithium-ia32.cc src/ia32/lithium-ia32.cc +1 -1

lithium-allocator.cc src/lithium-allocator.cc +6 -11

fuzz-natives.js test/mjsunit/fuzz-natives.js +1 -1

No files found.
--- a/src/ia32/lithium-ia32.cc
+++ b/src/ia32/lithium-ia32.cc
@@ -1650,7 +1650,7 @@ LInstruction* LChunkBuilder::DoIsNull(HIsNull* instr) {
 LInstruction* LChunkBuilder::DoIsObject(HIsObject* instr) {
  ASSERT(instr->value()->representation().IsTagged());
-  LOperand* value = UseRegisterAtStart(instr->value());
+  LOperand* value = UseRegister(instr->value());
  return DefineAsRegister(new LIsObject(value, TempRegister()));
 }

--- a/src/lithium-allocator.cc
+++ b/src/lithium-allocator.cc
@@ -585,17 +585,12 @@ void LAllocator::AddInitialIntervals(HBasicBlock* block,
  LifetimePosition start = LifetimePosition::FromInstructionIndex(
      block->first_instruction_index());
  LifetimePosition end = LifetimePosition::FromInstructionIndex(
-      block->last_instruction_index());
+      block->last_instruction_index()).NextInstruction();
  BitVector::Iterator iterator(live_out);
  while (!iterator.Done()) {
    int operand_index = iterator.Current();
    LiveRange* range = LiveRangeFor(operand_index);
-    if (!range->IsEmpty() &&
-        range->Start().Value() == end.NextInstruction().Value()) {
-      range->AddUseInterval(start, end.NextInstruction());
-    } else {
    range->AddUseInterval(start, end);
-    }
    iterator.Advance();
  }
 }
@@ -978,8 +973,8 @@ void LAllocator::ProcessInstructions(HBasicBlock* block, BitVector* live) {
              }
            }
          }
-          Use(block_start_position, curr_position, temp, NULL);
+          Use(block_start_position, curr_position.InstructionEnd(), temp, NULL);
-          Define(curr_position.PrevInstruction(), temp, NULL);
+          Define(curr_position, temp, NULL);
        }
      }
    }
@@ -1832,7 +1827,7 @@ bool LAllocator::TryAllocateFreeReg(LiveRange* current) {
  // Register reg is available at the range start and is free until
  // the range end.
  ASSERT(pos.Value() >= current->End().Value());
-  TraceAlloc("Assigning reg %s to live range %d\n",
+  TraceAlloc("Assigning free reg %s to live range %d\n",
             RegisterName(reg),
             current->id());
  current->set_assigned_register(reg, mode_);
@@ -1922,7 +1917,7 @@ void LAllocator::AllocateBlockedReg(LiveRange* current) {
  // Register reg is not blocked for the whole range.
  ASSERT(block_pos[reg].Value() >= current->End().Value());
-  TraceAlloc("Assigning reg %s to live range %d\n",
+  TraceAlloc("Assigning blocked reg %s to live range %d\n",
             RegisterName(reg),
             current->id());
  current->set_assigned_register(reg, mode_);

--- a/test/mjsunit/fuzz-natives.js
+++ b/test/mjsunit/fuzz-natives.js
@@ -25,7 +25,7 @@
 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-// Flags: --allow-natives-syntax --noalways-opt
+// Flags: --allow-natives-syntax
 var RUN_WITH_ALL_ARGUMENT_ENTRIES = false;
 var kOnManyArgumentsRemove = 5;