[Webkit-unassigned] [Bug 163264] B3->Air lowering needs the same defenses in effectiveAddr() that it has in tryAppendLea()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Oct 11 09:26:24 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=163264
--- Comment #1 from Filip Pizlo <fpizlo at apple.com> ---
Yup, this test generates wrong code and crashes:
void testLoadBaseIndexShift32()
{
Procedure proc;
BasicBlock* root = proc.addBlock();
root->appendNew<Value>(
proc, Return, Origin(),
root->appendNew<MemoryValue>(
proc, Load, Int32, Origin(),
root->appendNew<Value>(
proc, Add, Origin(),
root->appendNew<ArgumentRegValue>(proc, Origin(), GPRInfo::argumentGPR0),
root->appendNew<Value>(
proc, Shl, Origin(),
root->appendNew<ArgumentRegValue>(proc, Origin(), GPRInfo::argumentGPR1),
root->appendNew<Const32Value>(proc, Origin(), 32)))));
auto code = compile(proc);
int32_t value = 12341234;
char* ptr = bitwise_cast<char*>(&value);
for (unsigned i = 0; i < 10; ++i)
CHECK_EQ(invoke<int32_t>(*code, ptr - (static_cast<intptr_t>(1) << static_cast<intptr_t>(32)) * i, i), 12341234);
}
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20161011/8242886f/attachment.html>
More information about the webkit-unassigned
mailing list