| commit | 6e172df323742377d65dda4e20d47830f70f497e | |
| author | Yu-Jung Lo <ylo@fb.com> | |
| Mon, 10 Jun 2019 22:16:50 +0000 (10 15:16 -0700) | ||
| committer | Hhvm Bot <hhvm-bot@users.noreply.github.com> | |
| Mon, 10 Jun 2019 22:24:07 +0000 (10 15:24 -0700) | ||
| tree | 090ae9ae1c2ece16c7ab63f230c2486ec788c2a0 | treesnapshot (tar.gz zip) |
| parent | ef2ada6be3f6aa691ea9bd430effad534e6a87b7 | commitdiff |
Fix CallBuiltin memory-effect
Summary:
`CallBuiltin` should also consider RDS memory effects.
Take `hphp/test/slow/object_method/call_user_func.php` in this diff for example.
Without this change, the generated assembly of optimized code is like
```
0x20e00666: callq 0x16dc6e12 ; HPHP::f_call_user_func_array at ext_std_function.cpp:76
....
0x20e006e9: movb 0x2ff9d10(%r12), %al
0x20e006f1: movq 0x2ff9d08(%r12), %rcx # NOTE: r12 is request, 0x2ff9d08 is offset of ObjectMethod736::$trace in each request; *rcx has ObjectMethod736::$trace
0x20e006f9: cmpb $0x6, %r14b
0x20e006fd: jne 0x22200947
0x20e00703: cmpb $-0x2, %al
0x20e00706: jb 0x22200828
0x20e0070c: cmpl $0x0, (%rcx)
0x20e0070f: jl 0x20e00713
0x20e00711: incl (%rcx)
0x20e00713: movl $0x232006c0, %edi ; imm = 0x232006C0
0x20e00718: movq %r15, %rsi
0x20e0071b: movq %rcx, %r14 # NOTE: *r14 has ObjectMethod736::$trace; *rcx no longer has ObjectMethod736::$trace because rcx is caller-save register
.....
0x20e007a4: callq 0x16dc6e12 ; HPHP::f_call_user_func_array at ext_std_function.cpp:76
....
0x20e00816: cmpl $0x0, (%r14) # NOTE: *r14 was not updated from *(r12+0x2ff9d08) after second f_call_user_func_array invocation
0x20e0081a: jl 0x20e0081f
```
As we can see above, *r14 was not updated from *(r12+0x2ff9d08) after second f_call_user_func_array invocation; however, the address that r14 holds has been freed.
Reviewed By: paulbiss, markw65
Differential Revision: D15733989
fbshipit-source-id: 08c4029b3fc6221d998531fcca19339f724390da
Summary:
`CallBuiltin` should also consider RDS memory effects.
Take `hphp/test/slow/object_method/call_user_func.php` in this diff for example.
Without this change, the generated assembly of optimized code is like
```
0x20e00666: callq 0x16dc6e12 ; HPHP::f_call_user_func_array at ext_std_function.cpp:76
....
0x20e006e9: movb 0x2ff9d10(%r12), %al
0x20e006f1: movq 0x2ff9d08(%r12), %rcx # NOTE: r12 is request, 0x2ff9d08 is offset of ObjectMethod736::$trace in each request; *rcx has ObjectMethod736::$trace
0x20e006f9: cmpb $0x6, %r14b
0x20e006fd: jne 0x22200947
0x20e00703: cmpb $-0x2, %al
0x20e00706: jb 0x22200828
0x20e0070c: cmpl $0x0, (%rcx)
0x20e0070f: jl 0x20e00713
0x20e00711: incl (%rcx)
0x20e00713: movl $0x232006c0, %edi ; imm = 0x232006C0
0x20e00718: movq %r15, %rsi
0x20e0071b: movq %rcx, %r14 # NOTE: *r14 has ObjectMethod736::$trace; *rcx no longer has ObjectMethod736::$trace because rcx is caller-save register
.....
0x20e007a4: callq 0x16dc6e12 ; HPHP::f_call_user_func_array at ext_std_function.cpp:76
....
0x20e00816: cmpl $0x0, (%r14) # NOTE: *r14 was not updated from *(r12+0x2ff9d08) after second f_call_user_func_array invocation
0x20e0081a: jl 0x20e0081f
```
As we can see above, *r14 was not updated from *(r12+0x2ff9d08) after second f_call_user_func_array invocation; however, the address that r14 holds has been freed.
Reviewed By: paulbiss, markw65
Differential Revision: D15733989
fbshipit-source-id: 08c4029b3fc6221d998531fcca19339f724390da
| hphp/runtime/vm/jit/memory-effects.cpp | diffblobblamehistory | |
| hphp/test/slow/object_method/call_user_func.php | [new file with mode: 0644] | blob |
| hphp/test/slow/object_method/call_user_func.php.expectf | [new file with mode: 0644] | blob |