AirLowerAfterRegAlloc may incorrectly use a callee save that's live as a scratch...
authorsbarati@apple.com <sbarati@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 18 Jul 2017 22:07:43 +0000 (22:07 +0000)
committersbarati@apple.com <sbarati@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 18 Jul 2017 22:07:43 +0000 (22:07 +0000)
commit9dc57f9774917fa38fae2f43fc0ec5917bdccc3c
tree8f17a92e40f01b0198b95c6bd5f73222ffa49418
parentccc2f4fe9c6b01115d8007e0374fae9c5c8e4ce4
AirLowerAfterRegAlloc may incorrectly use a callee save that's live as a scratch register
https://bugs.webkit.org/show_bug.cgi?id=174515
<rdar://problem/33358092>

Reviewed by Filip Pizlo.

AirLowerAfterRegAlloc was computing the set of available scratch
registers incorrectly. It was always excluding callee save registers
from the set of live registers. It did not guarantee that live callee save
registers were not in the set of scratch registers that could
get clobbered. That's incorrect as the shuffling code is free
to overwrite whatever is in the scratch register it gets passed.

* b3/air/AirLowerAfterRegAlloc.cpp:
(JSC::B3::Air::lowerAfterRegAlloc):
* b3/testb3.cpp:
(JSC::B3::functionNineArgs):
(JSC::B3::testShuffleDoesntTrashCalleeSaves):
(JSC::B3::run):
* jit/RegisterSet.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@219633 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/b3/air/AirLowerAfterRegAlloc.cpp
Source/JavaScriptCore/b3/testb3.cpp
Source/JavaScriptCore/jit/RegisterSet.h