Last Comment Bug 716753 - IonMonkey: Stack allocation bugs in GRA
: IonMonkey: Stack allocation bugs in GRA
Status: RESOLVED FIXED
:
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: unspecified
: All All
: -- normal (vote)
: ---
Assigned To: David Anderson [:dvander]
:
: Jason Orendorff [:jorendorff]
Mentors:
Depends on:
Blocks: 677337
  Show dependency treegraph
 
Reported: 2012-01-09 17:42 PST by David Anderson [:dvander]
Modified: 2012-01-11 17:09 PST (History)
1 user (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
fixes (2.58 KB, patch)
2012-01-09 17:43 PST, David Anderson [:dvander]
sstangl: review+
Details | Diff | Splinter Review

Description David Anderson [:dvander] 2012-01-09 17:42:14 PST
Two more bugs in GRA stack allocation:
 (1) uses in snapshots are not held live across loops
 (2) we can accidentally free half of a nunbox as a normal stack slot (they must be freed as a whole)
Comment 1 David Anderson [:dvander] 2012-01-09 17:43:01 PST
Created attachment 587218 [details] [diff] [review]
fixes
Comment 2 Sean Stangl [:sstangl] 2012-01-11 15:14:36 PST
Comment on attachment 587218 [details] [diff] [review]
fixes

Review of attachment 587218 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/src/ion/GreedyAllocator.cpp
@@ +793,5 @@
> +            if (!a->isUse())
> +                continue;
> +            VirtualRegister *vr = getVirtualRegister(a->toUse());
> +            if (vr->def->virtualRegister() < lowerBound || vr->def->virtualRegister() > upperBound)
> +                allocateStack(vr);

Duplicates code above, which isn't fashionable.
void findLoopCarriedUses(LAllocation *, uint32, uint32)?
Comment 3 David Anderson [:dvander] 2012-01-11 17:09:59 PST
http://hg.mozilla.org/projects/ionmonkey/rev/0a8aee9639cf w/ nits

Note You need to log in before you can comment on or make changes to this bug.