Closed Bug 609970 Opened 10 years ago Closed 10 years ago
JM: Register syncing bug with heavy pressure, pinned registers
This bug was exposed by a setelem test case with bug592976. Under heavy register pressure, x86/ARM use the "immutable sync" algorithm. This accidentally sees pinned registers as free, and clobbers them. For example: slot 0 is pinned in EAX, and unsynced. slot 1 is in memory. slot 2 is a copy of slot 1, and unsynced. Working backwards, we start syncing from slot 2. We need to allocate a register for the memory-to-memory move (slot 1 -> slot 2). It's okay to pick EAX, but only if we evict it first. Since it's pinned, we don't evict it, and simply clobber it. When we go to sync slot 0, however, we *do* notice that it's pinned, and assume it hasn't been clobbered. But it is, and we write garbage to the stack.
Attachment #488537 - Flags: review?(dmandelin) → review+
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.