[Webkit-unassigned] [Bug 160329] New: ARM64: Fused left shift with a right shift can create NaNs from integers
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jul 28 17:03:06 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=160329
Bug ID: 160329
Summary: ARM64: Fused left shift with a right shift can create
NaNs from integers
Classification: Unclassified
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: msaboff at apple.com
The function
function signExtendByte(x) {
return x << 24 >> 24;
}
Generates the wrong instructions when compiled with the FTL JIT. The shift left / shift right combination becomes a sign extend, which is fine except it sign extends to a 64 bit value and not a 32 bit value.
Here is the code that the FTL generates for âx << 24 >> 24â (with my comments):
0x10695fdd8: ldur x0, [fp, #48] ; Load x_0
0x10695fddc: mov x1, #0xffff000000000000.; materialize tag
0x10695fde0: cmp x0, x1 ; Check for int
0x10695fde4: b.lo 0x10695feac
0x10695fde8: sxtb x0, w0 ; sign extend byte to 64 bits (oops should be 32 bits)
0x10695fdec: add x0, x0, x1 ; Add in tag
The sxtb x0, w0 should be a sxtb w0, w0.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160729/0869b8bc/attachment.html>
More information about the webkit-unassigned
mailing list