diff options
| author | Mike Pall <mike> | 2021-03-23 00:43:07 +0100 |
|---|---|---|
| committer | Mike Pall <mike> | 2021-03-23 00:43:07 +0100 |
| commit | 33e3f4badfde8cd9c202cedd1f4ed9275bc92e7d (patch) | |
| tree | 61d4f1338a8589e3a846ca3e1d69589cca8bd338 /src | |
| parent | 5ccfe94f4ed27b8f9b899ed9e40e8d872bb83371 (diff) | |
| download | luajit2-33e3f4badfde8cd9c202cedd1f4ed9275bc92e7d.tar.gz | |
Detect inconsistent renames even in the presence of sunk values.
Reported by Igor Munkin.
Diffstat (limited to 'src')
| -rw-r--r-- | src/lj_asm.c | 25 |
1 files changed, 12 insertions, 13 deletions
diff --git a/src/lj_asm.c b/src/lj_asm.c index aa19087d..41006873 100644 --- a/src/lj_asm.c +++ b/src/lj_asm.c @@ -71,6 +71,7 @@ typedef struct ASMState { IRRef snaprename; /* Rename highwater mark for snapshot check. */ SnapNo snapno; /* Current snapshot number. */ SnapNo loopsnapno; /* Loop snapshot number. */ + BloomFilter snapfilt1, snapfilt2; /* Filled with snapshot refs. */ IRRef fuseref; /* Fusion limit (loopref, 0 or FUSE_DISABLED). */ IRRef sectref; /* Section base reference (loopref or 0). */ @@ -825,7 +826,10 @@ static int asm_sunk_store(ASMState *as, IRIns *ira, IRIns *irs) static void asm_snap_alloc1(ASMState *as, IRRef ref) { IRIns *ir = IR(ref); - if (!irref_isk(ref) && (!(ra_used(ir) || ir->r == RID_SUNK))) { + if (!irref_isk(ref) && ir->r != RID_SUNK) { + bloomset(as->snapfilt1, ref); + bloomset(as->snapfilt2, hashrot(ref, ref + HASH_BIAS)); + if (ra_used(ir)) return; if (ir->r == RID_SINK) { ir->r = RID_SUNK; #if LJ_HASFFI @@ -882,6 +886,7 @@ static void asm_snap_alloc(ASMState *as) SnapShot *snap = &as->T->snap[as->snapno]; SnapEntry *map = &as->T->snapmap[snap->mapofs]; MSize n, nent = snap->nent; + as->snapfilt1 = as->snapfilt2 = 0; for (n = 0; n < nent; n++) { SnapEntry sn = map[n]; IRRef ref = snap_ref(sn); @@ -904,18 +909,12 @@ static void asm_snap_alloc(ASMState *as) */ static int asm_snap_checkrename(ASMState *as, IRRef ren) { - SnapShot *snap = &as->T->snap[as->snapno]; - SnapEntry *map = &as->T->snapmap[snap->mapofs]; - MSize n, nent = snap->nent; - for (n = 0; n < nent; n++) { - SnapEntry sn = map[n]; - IRRef ref = snap_ref(sn); - if (ref == ren || (LJ_SOFTFP && (sn & SNAP_SOFTFPNUM) && ++ref == ren)) { - IRIns *ir = IR(ref); - ra_spill(as, ir); /* Register renamed, so force a spill slot. */ - RA_DBGX((as, "snaprensp $f $s", ref, ir->s)); - return 1; /* Found. */ - } + if (bloomtest(as->snapfilt1, ren) && + bloomtest(as->snapfilt2, hashrot(ren, ren + HASH_BIAS))) { + IRIns *ir = IR(ren); + ra_spill(as, ir); /* Register renamed, so force a spill slot. */ + RA_DBGX((as, "snaprensp $f $s", ren, ir->s)); + return 1; /* Found. */ } return 0; /* Not found. */ } |