[Webkit-unassigned] [Bug 47356] New: ARM JIT generates undefined operations due to partially uninitialized ShiftTypeAndAmount
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Oct 7 09:50:24 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=47356
Summary: ARM JIT generates undefined operations due to
partially uninitialized ShiftTypeAndAmount
Product: WebKit
Version: 528+ (Nightly build)
Platform: Other
OS/Version: Mac OS X 10.5
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: david_goodwin at apple.com
The generated instructions include operations like:
ebb08f0c undefined
which should be:
ebb00f0c cmp.w r0, ip
Note the 1-bit difference. This comes from high-order shift-amount bit which must be 0 in cmp and many other operations (apparently the undefined behavior when this is 1 is to just ignore the 1 and do the right thing, I assume that is why we aren't seeing any actual failure because of this). This stems from ShiftTypeAndAmount which stores shift type and amount as:
union {
struct {
unsigned lo4 : 4;
unsigned hi4 : 4;
};
struct {
unsigned type : 2;
unsigned amount : 5;
};
} m_u;
Objects of this type are initialized with type = amount = 0, but note that this does not clear all hi4 bits. The attached patch increases amount to 6 bits to fix (we already ensure that the amount value is > 32).
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list