Bug 1300546: IonMonkey: Make sure the registers of lhs and rhs don't overlap during ALU, r=bbouvier
☠☠ backed out by 1988bdcb4fe4 ☠ ☠
authorHannes Verschore <hv1989@gmail.com>
Tue, 20 Sep 2016 14:48:52 +0200
changeset 314626 73ac0ad42d6397641ea1b7a3158374054d442393
parent 314625 5caa69daaa2a7fd394e2d28c6fbba9ad4a15cc6d
child 314627 416c73ba796b2d0a5f4c6ce8f8cd4ab6029b9f81
push id30732
push usercbook@mozilla.com
push dateWed, 21 Sep 2016 10:04:03 +0000
treeherdermozilla-central@560b2c805bf7 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbbouvier
bugs1300546
milestone52.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1300546: IonMonkey: Make sure the registers of lhs and rhs don't overlap during ALU, r=bbouvier
js/src/jit-test/tests/wasm/regress/bug1300546.js
js/src/jit/arm/Lowering-arm.cpp
js/src/jit/x86/Lowering-x86.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/wasm/regress/bug1300546.js
@@ -0,0 +1,33 @@
+// |jit-test| error: TypeError
+
+load(libdir + "wasm.js");
+
+setJitCompilerOption('wasm.test-mode', 1);
+
+wasmEvalText(`
+
+(module
+  (type $type0 (func))
+  (func $func0
+      (nop)
+      (f64.load offset=59 align=1 (i32.const 0))
+      (current_memory)
+      (current_memory)
+      (current_memory)
+      (current_memory)
+      (current_memory)
+      (current_memory)
+      (current_memory)
+      (current_memory)
+      (i64.rem_s (i64.const 17) (i64.xor (i64.const 17) (i64.xor (i64.const 17) (i64.xor (i64.xor (i64.const 17) (i64.const 17)) (i64.xor (i64.const 17) (i64.const 17))))))
+
+     (i64.rem_s
+      (i64.const 17)
+      (i64.xor
+        (i64.rem_s (i64.const 17) (i64.const 17))
+        (i64.xor (i64.rem_s (i64.const 17) (i64.const 17)) (i64.xor (i64.const 17) (i64.const 17)))))
+  )
+  (memory 1 1)
+)
+
+`)(createI64(41));
--- a/js/src/jit/arm/Lowering-arm.cpp
+++ b/js/src/jit/arm/Lowering-arm.cpp
@@ -198,18 +198,17 @@ LIRGeneratorARM::lowerForALU(LInstructio
     define(ins, mir, LDefinition(LDefinition::TypeFrom(mir->type()), LDefinition::REGISTER));
 }
 
 void
 LIRGeneratorARM::lowerForALUInt64(LInstructionHelper<INT64_PIECES, 2 * INT64_PIECES, 0>* ins,
                                   MDefinition* mir, MDefinition* lhs, MDefinition* rhs)
 {
     ins->setInt64Operand(0, useInt64RegisterAtStart(lhs));
-    ins->setInt64Operand(INT64_PIECES,
-                         lhs != rhs ? useInt64OrConstant(rhs) : useInt64OrConstantAtStart(rhs));
+    ins->setInt64Operand(INT64_PIECES, useInt64OrConstant(rhs));
     defineInt64ReuseInput(ins, mir, 0);
 }
 
 void
 LIRGeneratorARM::lowerForMulInt64(LMulI64* ins, MMul* mir, MDefinition* lhs, MDefinition* rhs)
 {
     bool needsTemp = true;
 
--- a/js/src/jit/x86/Lowering-x86.cpp
+++ b/js/src/jit/x86/Lowering-x86.cpp
@@ -204,18 +204,17 @@ LIRGeneratorX86::lowerInt64PhiInput(MPhi
     high->setOperand(inputPosition, LUse(operand->virtualRegister() + INT64HIGH_INDEX, LUse::ANY));
 }
 
 void
 LIRGeneratorX86::lowerForALUInt64(LInstructionHelper<INT64_PIECES, 2 * INT64_PIECES, 0>* ins,
                                   MDefinition* mir, MDefinition* lhs, MDefinition* rhs)
 {
     ins->setInt64Operand(0, useInt64RegisterAtStart(lhs));
-    ins->setInt64Operand(INT64_PIECES,
-                         lhs != rhs ? useInt64OrConstant(rhs) : useInt64OrConstantAtStart(rhs));
+    ins->setInt64Operand(INT64_PIECES, useInt64OrConstant(rhs));
     defineInt64ReuseInput(ins, mir, 0);
 }
 
 void
 LIRGeneratorX86::lowerForMulInt64(LMulI64* ins, MMul* mir, MDefinition* lhs, MDefinition* rhs)
 {
     bool needsTemp = true;