|
 |
e93883 |
From 3122e0eae64c5ab494b29d0a9cadef902d93f1f9 Mon Sep 17 00:00:00 2001
|
|
|
e93883 |
From: Fedor Indutny <fedor@indutny.com>
|
|
|
e93883 |
Date: Fri, 22 Aug 2014 03:59:35 +0400
|
|
|
e93883 |
Subject: [PATCH] deps: fix up v8 after fd80a3
|
|
|
e93883 |
|
|
|
e93883 |
fd80a31e0697d6317ce8c2d289575399f4e06d21 has introduced a segfault
|
|
|
e93883 |
during redundant boundary check elimination (#8208).
|
|
|
e93883 |
|
|
|
e93883 |
The problem consists of two parts:
|
|
|
e93883 |
|
|
|
e93883 |
1. Abscense of instruction iterator in
|
|
|
e93883 |
`EliminateRedundantBoundsChecks`. It was present in recent v8, but
|
|
|
e93883 |
wasn't considered important at the time of backport. However, since
|
|
|
e93883 |
the function is changing instructions order in block, it is
|
|
|
e93883 |
important to not rely at `i->next()` at the end of the loop.
|
|
|
e93883 |
2. Too strict ASSERT in `MoveIndexIfNecessary`. It is essentially a
|
|
|
e93883 |
backport of a45c96ab from v8's upstream. See
|
|
|
e93883 |
https://github.com/v8/v8/commit/a45c96ab for details.
|
|
|
e93883 |
|
|
|
e93883 |
fix #8208
|
|
|
e93883 |
---
|
|
|
e93883 |
src/hydrogen.cc | 11 ++++++++---
|
|
|
e93883 |
1 file changed, 8 insertions(+), 3 deletions(-)
|
|
|
e93883 |
|
|
|
e93883 |
diff --git a/src/hydrogen.cc b/src/hydrogen.cc
|
|
|
e93883 |
index 50d8e49..18a6b60 100644
|
|
|
e93883 |
--- a/src/hydrogen.cc
|
|
|
e93883 |
+++ b/src/hydrogen.cc
|
|
|
e93883 |
@@ -3546,7 +3546,11 @@ class BoundsCheckBbData: public ZoneObject {
|
|
|
e93883 |
void MoveIndexIfNecessary(HValue* index_raw,
|
|
|
e93883 |
HBoundsCheck* insert_before,
|
|
|
e93883 |
HInstruction* end_of_scan_range) {
|
|
|
e93883 |
- ASSERT(index_raw->IsAdd() || index_raw->IsSub());
|
|
|
e93883 |
+ if (!index_raw->IsAdd() && !index_raw->IsSub()) {
|
|
|
e93883 |
+ // index_raw can be HAdd(index_base, offset), HSub(index_base, offset),
|
|
|
e93883 |
+ // or index_base directly. In the latter case, no need to move anything.
|
|
|
e93883 |
+ return;
|
|
|
e93883 |
+ }
|
|
|
e93883 |
HBinaryOperation* index =
|
|
|
e93883 |
HArithmeticBinaryOperation::cast(index_raw);
|
|
|
e93883 |
HValue* left_input = index->left();
|
|
|
e93883 |
@@ -3581,7 +3585,6 @@ class BoundsCheckBbData: public ZoneObject {
|
|
|
e93883 |
HBoundsCheck* tighter_check) {
|
|
|
e93883 |
ASSERT(original_check->length() == tighter_check->length());
|
|
|
e93883 |
MoveIndexIfNecessary(tighter_check->index(), original_check, tighter_check);
|
|
|
e93883 |
- original_check->ReplaceAllUsesWith(original_check->index());
|
|
|
e93883 |
original_check->SetOperandAt(0, tighter_check->index());
|
|
|
e93883 |
}
|
|
|
e93883 |
};
|
|
|
e93883 |
@@ -3624,7 +3627,9 @@ void HGraph::EliminateRedundantBoundsChecks(HBasicBlock* bb,
|
|
|
e93883 |
BoundsCheckTable* table) {
|
|
|
e93883 |
BoundsCheckBbData* bb_data_list = NULL;
|
|
|
e93883 |
|
|
|
e93883 |
- for (HInstruction* i = bb->first(); i != NULL; i = i->next()) {
|
|
|
e93883 |
+ HInstruction* next;
|
|
|
e93883 |
+ for (HInstruction* i = bb->first(); i != NULL; i = next) {
|
|
|
e93883 |
+ next = i->next();
|
|
|
e93883 |
if (!i->IsBoundsCheck()) continue;
|
|
|
e93883 |
|
|
|
e93883 |
HBoundsCheck* check = HBoundsCheck::cast(i);
|