[Webkit-unassigned] [Bug 160329] New: ARM64: Fused left shift with a right shift can create NaNs from integers

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jul 28 17:03:06 PDT 2016


https://bugs.webkit.org/show_bug.cgi?id=160329

            Bug ID: 160329
           Summary: ARM64: Fused left shift with a right shift can create
                    NaNs from integers
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: msaboff at apple.com

The function 
function signExtendByte(x) {
    return x << 24 >> 24;
}

Generates the wrong instructions when compiled with the FTL JIT.  The shift left / shift right combination becomes a sign extend, which is fine except it sign extends to a 64 bit value and not a 32 bit value.
Here is the code that the FTL generates for “x << 24 >> 24” (with my comments):
         0x10695fdd8:    ldur   x0, [fp, #48]           ; Load x_0
         0x10695fddc:    mov    x1, #0xffff000000000000.; materialize tag
         0x10695fde0:    cmp    x0, x1                  ; Check for int
         0x10695fde4:    b.lo   0x10695feac
         0x10695fde8:    sxtb   x0, w0                  ; sign extend byte to 64 bits (oops should be 32 bits)
         0x10695fdec:    add    x0, x0, x1              ; Add in tag

The sxtb x0, w0 should be a sxtb w0, w0.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160729/0869b8bc/attachment.html>


More information about the webkit-unassigned mailing list