diff options
| author | Björn Gustavsson <[email protected]> | 2016-05-31 22:49:42 +0200 |
|---|---|---|
| committer | Björn Gustavsson <[email protected]> | 2016-06-01 10:09:20 +0200 |
| commit | aab1db16d0a732823fa9e2964c6a52b109c61742 (patch) | |
| tree | 3ba6111af79e023fc1476dc815a14f9f95faa69a /lib/compiler/src/beam_block.erl | |
| parent | ac927e00f82b3df962abe082393f45197de49156 (diff) | |
| download | otp-aab1db16d0a732823fa9e2964c6a52b109c61742.tar.gz otp-aab1db16d0a732823fa9e2964c6a52b109c61742.tar.bz2 otp-aab1db16d0a732823fa9e2964c6a52b109c61742.zip | |
beam_block: Eliminate crash in beam_utils
Somewhat simplified, beam_block would rewrite the target for
the first instruction in this code sequence:
move x(0) => y(1)
gc_bif '+' 1 x(0) => y(0)
move y(1) => x(1)
move nil => x(0)
call 2 local_function/2
The resulting code would be:
move x(0) => x(1) %% Changed target.
gc_bif '+' 1 x(0) => y(0)
move x(1) => y(1) %% Operands swapped (see 02d6135813).
move nil => x(0)
call 2 local_function/2
The resulting code is not safe because the x(1) will be killed
by the gc_bif instruction.
7a47b20c3a cleaned up move optimizations and would reject the
optimization if the target was an X register and an allocating
instruction was found. To avoid this bug, the optimization must be
rejected even if the target is a Y register.
Diffstat (limited to 'lib/compiler/src/beam_block.erl')
| -rw-r--r-- | lib/compiler/src/beam_block.erl | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/lib/compiler/src/beam_block.erl b/lib/compiler/src/beam_block.erl index a8cfdffdf3..85d332c56e 100644 --- a/lib/compiler/src/beam_block.erl +++ b/lib/compiler/src/beam_block.erl @@ -262,12 +262,17 @@ opt_move_1(R, [{set,[D],[R],move}|Is0], Acc) -> {yes,Is} -> opt_move_rev(D, Acc, Is); no -> not_possible end; -opt_move_1({x,_}, [{set,_,_,{alloc,_,_}}|_], _) -> - %% The optimization is not possible. If the X register is not - %% killed by allocation, the optimization would not be safe. - %% If the X register is killed, it means that there cannot - %% follow a 'move' instruction with this X register as the - %% source. +opt_move_1(_R, [{set,_,_,{alloc,_,_}}|_], _) -> + %% The optimization is either not possible or not safe. + %% + %% If R is an X register killed by allocation, the optimization is + %% not safe. On the other hand, if the X register is killed, there + %% will not follow a 'move' instruction with this X register as + %% the source. + %% + %% If R is a Y register, the optimization is still not safe + %% because the new target register is an X register that cannot + %% safely pass the alloc instruction. not_possible; opt_move_1(R, [{set,_,_,_}=I|Is], Acc) -> %% If the source register is either killed or used by this |