Closed
Bug 570214
Opened 15 years ago
Closed 14 years ago
MIPS variable shift instructions corrupts registers
Categories
(Core Graveyard :: Nanojit, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: chris, Assigned: wmaddox)
Details
(Whiteboard: fixed-in-nanojit, fixed-in-tracemonkey, fixed-in-tamarin)
Attachments
(1 file, 1 obsolete file)
|
1.23 KB,
patch
|
stejohns
:
review+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.9) Gecko/20100402 Ubuntu/9.10 (karmic) Firefox/3.5.9
Build Identifier:
The MIPS backend masks the shift amount before using it for a shift.
This is both unnecessary and can corrupt a register that may still be in use.
Reproducible: Always
Steps to Reproduce:
Shows up in the random testcase as a segmentation fault:
-sh-4.0# bin/lirasm --execute --random 100000 --optimize
Segmentation fault
|
Reporter | |
Comment 1•15 years ago
|
||
Tested in nanojit-central and tamarin-redux
|
||
Updated•15 years ago
|
Attachment #449339 -
Flags: review?(edwsmith)
|
||
Updated•15 years ago
|
Attachment #449339 -
Flags: review?(edwsmith) → review+
|
|
||
Comment 3•15 years ago
|
||
Comment on attachment 449339 [details] [diff] [review]
Removes unnecessary mask in variable shift opcodes
I do see how the code could corrupt a register, and how the patch won't do that anymore. I have to take it on faith that the MIPS shift instructions only consider the low order 5 bits of the shift amount.
|
|
Reporter | |
Comment 4•15 years ago
|
||
(In reply to comment #3)
> I have to take it on faith that the MIPS shift instructions only
> consider the low order 5 bits of the shift amount.
That's correct. The variable shift instructions only use the bottom 5 bits of the shift amount register.
|
||
Comment 5•15 years ago
|
||
(In reply to comment #4)
> That's correct. The variable shift instructions only use the bottom 5 bits of
> the shift amount register.
Perhaps we should capture that in comments in the source, to prevent someone trying to helpfully re-add masking in the future.
|
|
Reporter | |
Comment 6•15 years ago
|
||
Added comments to make it clear that no additional
masking of the shift amount is required as it is handled by the
individual instructions.
Attachment #449339 -
Attachment is obsolete: true
|
|
Reporter | |
Updated•15 years ago
|
Attachment #449657 -
Flags: review?(stejohns)
|
|
||
Updated•15 years ago
|
Attachment #449657 -
Flags: review?(stejohns) → review+
|
Assignee | |
Comment 7•14 years ago
|
||
Pushed to nanojit-central:
http://hg.mozilla.org/projects/nanojit-central/rev/8986dba933c6
Assignee: nobody → wmaddox
Whiteboard: fixed-in-nanojit
|
|
Assignee | |
Updated•14 years ago
|
Status: NEW → ASSIGNED
|
||
Comment 8•14 years ago
|
||
Whiteboard: fixed-in-nanojit → fixed-in-nanojit, fixed-in-tracemonkey
|
|
||
Comment 9•14 years ago
|
||
Whiteboard: fixed-in-nanojit, fixed-in-tracemonkey → fixed-in-nanojit, fixed-in-tracemonkey, fixed-in-tamarin
|
|
Assignee | |
Updated•14 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
|
||
Updated•11 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•