From 3122e0eae64c5ab494b29d0a9cadef902d93f1f9 Mon Sep 17 00:00:00 2001 From: Fedor Indutny Date: Fri, 22 Aug 2014 03:59:35 +0400 Subject: [PATCH] deps: fix up v8 after fd80a3 fd80a31e0697d6317ce8c2d289575399f4e06d21 has introduced a segfault during redundant boundary check elimination (#8208). The problem consists of two parts: 1. Abscense of instruction iterator in `EliminateRedundantBoundsChecks`. It was present in recent v8, but wasn't considered important at the time of backport. However, since the function is changing instructions order in block, it is important to not rely at `i->next()` at the end of the loop. 2. Too strict ASSERT in `MoveIndexIfNecessary`. It is essentially a backport of a45c96ab from v8's upstream. See https://github.com/v8/v8/commit/a45c96ab for details. fix #8208 --- src/hydrogen.cc | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/hydrogen.cc b/src/hydrogen.cc index 50d8e49..18a6b60 100644 --- a/src/hydrogen.cc +++ b/src/hydrogen.cc @@ -3546,7 +3546,11 @@ class BoundsCheckBbData: public ZoneObject { void MoveIndexIfNecessary(HValue* index_raw, HBoundsCheck* insert_before, HInstruction* end_of_scan_range) { - ASSERT(index_raw->IsAdd() || index_raw->IsSub()); + if (!index_raw->IsAdd() && !index_raw->IsSub()) { + // index_raw can be HAdd(index_base, offset), HSub(index_base, offset), + // or index_base directly. In the latter case, no need to move anything. + return; + } HBinaryOperation* index = HArithmeticBinaryOperation::cast(index_raw); HValue* left_input = index->left(); @@ -3581,7 +3585,6 @@ class BoundsCheckBbData: public ZoneObject { HBoundsCheck* tighter_check) { ASSERT(original_check->length() == tighter_check->length()); MoveIndexIfNecessary(tighter_check->index(), original_check, tighter_check); - original_check->ReplaceAllUsesWith(original_check->index()); original_check->SetOperandAt(0, tighter_check->index()); } }; @@ -3624,7 +3627,9 @@ void HGraph::EliminateRedundantBoundsChecks(HBasicBlock* bb, BoundsCheckTable* table) { BoundsCheckBbData* bb_data_list = NULL; - for (HInstruction* i = bb->first(); i != NULL; i = i->next()) { + HInstruction* next; + for (HInstruction* i = bb->first(); i != NULL; i = next) { + next = i->next(); if (!i->IsBoundsCheck()) continue; HBoundsCheck* check = HBoundsCheck::cast(i);