[Webkit-unassigned] [Bug 164432] New: [JSC] The implementation of 8 bit operation in MacroAssembler should care about uint8_t / int8_t
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Nov 4 14:11:29 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=164432
Bug ID: 164432
Summary: [JSC] The implementation of 8 bit operation in
MacroAssembler should care about uint8_t / int8_t
Classification: Unclassified
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: utatane.tea at gmail.com
In r203331, we fixed some bugs.
But the behavior is not changed. We just drop the meaningless assertions.
However, MacroAssembler still has a bug.
In ARM, ARM64 assemblers, 8bit operations are implementation like this.
Jump branch8(RelationCondition cord, Address left, TrustedImm32 right)
{
TrustedImm32 right8(static_cast<int8_t>(right.m_value));
load8(left, getCachedMemoryTempRegisterIDAndInvalidate());
return branch32(cone, memoryTempRegister, right8);
}
The problem is, load8 does not perform sign extension. So if you pass signed 8bit value in |right|, the above code has a bad time. 32bit extended values becomes different. One is sign extended, another is not.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20161104/9b93a489/attachment.html>
More information about the webkit-unassigned
mailing list