New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 613507 link

Starred by 1 user
Status: Fixed
Owner:
danno@chromium.org
Closed: Jun 2016
Cc:
bmeu...@chromium.org
jarin@chromium.org
ishell@chromium.org
epertoso@chromium.org
mstarzinger@chromium.org
danno@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Bug



Sign in to add a comment

CodeStubAssembler generates invalid phi.

Project Member Reported by ishell@chromium.org, May 20 2016 
Attempt to build a loop with phis in deferred block makes register allocator unhappy.
Repro CL: https://codereview.chromium.org/1999003002/

#
# Fatal error in ../src/compiler/register-allocator.cc, line 2325
# Check failed: hint.second->IsResolved().
#

==== C stack trace ===============================

 1: V8_Fatal
 2: v8::internal::compiler::LiveRangeBuilder::Verify() const
 3: v8::internal::compiler::LiveRangeBuilder::BuildLiveRanges()
 4: v8::internal::compiler::BuildLiveRangesPhase::Run(v8::internal::compiler::PipelineData*, v8::internal::Zone*)
 5: void v8::internal::compiler::PipelineImpl::Run<v8::internal::compiler::BuildLiveRangesPhase>()
 6: v8::internal::compiler::PipelineImpl::AllocateRegisters(v8::internal::RegisterConfiguration const*, v8::internal::compiler::CallDescriptor*, bool)
 7: v8::internal::compiler::PipelineImpl::ScheduleAndSelectInstructions(v8::internal::compiler::Linkage*)
 8: v8::internal::compiler::PipelineImpl::ScheduleAndGenerateCode(v8::internal::compiler::CallDescriptor*)
 9: v8::internal::compiler::Pipeline::GenerateCodeForCodeStub(v8::internal::Isolate*, v8::internal::compiler::CallDescriptor*, v8::internal::compiler::Graph*, v8::internal::compiler::Schedule*, unsigned int, char const*)
10: v8::internal::compiler::CodeAssembler::GenerateCode()
11: v8::internal::TurboFanCodeStub::GenerateCode()
12: v8::internal::CodeStub::GetCode()
13: v8::internal::CodeFactory::HasProperty(v8::internal::Isolate*)
14: v8::internal::interpreter::Interpreter::DoTestIn(v8::internal::interpreter::InterpreterAssembler*)
15: v8::internal::interpreter::Interpreter::Initialize()
16: v8::internal::Isolate::Init(v8::internal::Deserializer*)
17: v8::V8::CreateSnapshotDataBlob(char const*)

Comment 1 by ishell@chromium.org, May 20 2016

Cc: ishell@chromium.org
Same happens when we jump to a normal block1 from deferred block.

Comment 2 by mtrofin@chromium.org, May 20 2016 

This isn't a register allocator issue. The input IR is incorrect: v0 isn't defined. 

Based on what Boom() seems to intend to do, the phi should be v1 = v2 v1 (or something like that).

(lldb) p code()->Print()
IMM#0: RPO2
IMM#1: -1l
IMM#2: RPO2
IMM#3: RPO1
CST#0: v2 = 0l
B0: AO#0 (no frame)  instructions: [0, 1)
  predecessors:
       0: gap () () 
          ArchJmp [immediate:3]
 B1
B1: AO#2 (deferred) (no frame)  instructions: [1, 3)
  predecessors: B0
       1: gap () () 
          [constant:2] = ArchNop
       2: gap () (v1 = v2(-);) 
          ArchJmp [immediate:2]
 B2
B2: AO#1 (no frame) loop blocks: [2, 3)  instructions: [3, 5)
  predecessors: B1 B2
     phi: v1 = v2 v0
       3: gap () () 
          v0(R) = X64Movq : MRI v1(R) [immediate:1]
       4: gap () (v1 = v0(-);) 
          ArchJmp [immediate:0]
 B2

Comment 3 by ishell@chromium.org, May 20 2016

Cc: epertoso@chromium.org

Comment 4 by ishell@chromium.org, May 20 2016

Cc: danno@chromium.org

Comment 5 by mtrofin@chromium.org, May 23 2016

Status: WontFix (was: Assigned)

Comment 6 by ishell@chromium.org, May 27 2016

Owner: epertoso@chromium.org
Status: Assigned (was: WontFix)

Comment 7 by ishell@chromium.org, May 27 2016

Summary: CodeStubAssembler generates invalid phi. (was: Register allocator crash in CodeStubAssembler)

Comment 8 by ishell@chromium.org, Jun 3 2016

Owner: danno@chromium.org
Status: Fixed (was: Assigned)
Fixed by https://codereview.chromium.org/2030463003

Sign in to add a comment