Closed
Bug 536643
Opened 15 years ago
Closed 14 years ago
TM: insufficient integer demotion in bitwise-and.js
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: n.nethercote, Assigned: n.nethercote)
References
Details
From bug 536630: this is bitwise-and.js: bitwiseAndValue = 4294967296; for (var i = 0; i < 600000; i++) bitwiseAndValue = bitwiseAndValue & i; The LIR looks like this (instructions indented to the right are optimised away by StackFilter or dead-code elimination): 00: start 01: ebx = iparam 0 ebx 02: esi = iparam 1 esi 03: edi = iparam 2 edi 04: state = iparam 0 ecx 05: label1: 06: sp = ld state[8] 07: rp = ld state[24] 08: cx = ld state[0] 09: eos = ld state[12] 10: eor = ld state[28] 11: ld1 = ld cx[0] 12: 0 = int 0 13: eq1 = eq ld1, 0 14: xf1: xf eq1 -> pc=0x30cba6 imacpc=0x0 sp+0 rp+0 (GuardID=001) 15: obj = int 2961408 16: sti sp[0] = obj 17: ld2 = ld cx[148] 18: ld3 = ld ld2[56] 19: map = ld ld3[0] 20: ld4 = ld eos[664] 21: $global0 = i2f ld4 22: sti sp[8] = ld4 23: ld5 = ld eos[656] 24: $global1 = i2f ld5 25: sti sp[16] = ld5 26: and1 = and ld4, ld5 27: i2f1 = i2f and1 28: sti sp[8] = and1 29: map = ld obj[0] 30: sti eos[664] = and1 31: 1 = float 1 32: 1 = int 1 33: add1 = add ld5, 1 34: ov1 = ov add1 35: xt1: xt ov1 -> pc=0x30cbb5 imacpc=0x0 sp+0 rp+0 (GuardID=002) 36: i2f2 = i2f add1 37: sti sp[0] = ld5 38: sti eos[656] = add1 39: sti sp[0] = add1 40: 600000 = float 600000 41: 600000 = int 600000 42: sti sp[8] = 600000 43: flt1 = flt i2f2, 600000 44: xf2: xf flt1 -> pc=0x30cbc0 imacpc=0x0 sp+16 rp+0 (GuardID=003) 45: sti eos[664] = and1 46: sti eos[656] = add1 47: j -> label1 48: live state 49: x1: x -> pc=0x30cba6 imacpc=0x0 sp+0 rp+0 (GuardID=004) Using a FP comparison (instruction 44) is bad, we should use integer comparison. I tried a simpler piece of code: sum = 0; for (var i = 0; i < 600000; i++) sum = sum + i; and it successful used an integer comparison, so maybe there is something about 'i' being used in a bitwise-and that's causing problems.
|
Assignee | |
Comment 1•14 years ago
|
||
This appears to have been fixed, though I don't know how or when. The code now looks like this:
start
ebx = parami 0 ebx
esi = parami 1 esi
edi = parami 2 edi
state = parami 0 ecx
label1:
sp = ldi.o state[8]
rp = ldi.o state[24]
cx = ldi.o state[0]
eos = ldi.o state[12]
eor = ldi.o state[28]
ldi1 = ldi.csro cx[0]
immi1 = immi 0
eqi1 = eqi ldi1, immi1/*0*/
xf1: xf eqi1 -> pc=0x9c127a6 imacpc=(nil) sp+0 rp+0 (GuardID=001)
obj = immi -152035328
sti.s sp[0] = obj/*-152035328*/
ldi2 = ldi.o eos[1376]
$global0 = i2d ldi2
sti.s sp[8] = ldi2
ldi3 = ldi.o eos[1368]
$global1 = i2d ldi3
sti.s sp[16] = ldi3
andi1 = andi ldi2, ldi3
i2d1 = i2d andi1
sti.s sp[8] = andi1
sti.o eos[1376] = andi1
immd1 = immd 1
immi2 = immi 1
addxovi1 = addxovi ldi3, immi2/*1*/ -> pc=0x9c127b5 imacpc=(nil) sp+0 rp+0 (GuardID=002)
i2d2 = i2d addxovi1
sti.s sp[0] = ldi3
sti.o eos[1368] = addxovi1
sti.s sp[0] = addxovi1
immd2 = immd 600000
immi3 = immi 600000
sti.s sp[8] = immi3/*600000*/
lti1 = lti addxovi1, immi3/*600000*/
xf2: xf lti1 -> pc=0x9c127c0 imacpc=(nil) sp+16 rp+0 (GuardID=003)
j -> label1
livei state
x1: x -> pc=0x9c127a6 imacpc=(nil) sp+0 rp+0 (GuardID=004)Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•