160329 2016-07-28 17:03:06 -0700 ARM64: Fused left shift with a right shift can create NaNs from integers 2016-07-28 17:31:45 -0700 1 1 1 Unclassified WebKit JavaScriptCore WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 msaboff msaboff commit-queue keith_miller mark.lam saam oldest_to_newest 1215467 0 msaboff 2016-07-28 17:03:06 -0700 The function function signExtendByte(x) { return x << 24 >> 24; } Generates the wrong instructions when compiled with the FTL JIT. The shift left / shift right combination becomes a sign extend, which is fine except it sign extends to a 64 bit value and not a 32 bit value. Here is the code that the FTL generates for “x << 24 >> 24” (with my comments): 0x10695fdd8: ldur x0, [fp, #48] ; Load x_0 0x10695fddc: mov x1, #0xffff000000000000.; materialize tag 0x10695fde0: cmp x0, x1 ; Check for int 0x10695fde4: b.lo 0x10695feac 0x10695fde8: sxtb x0, w0 ; sign extend byte to 64 bits (oops should be 32 bits) 0x10695fdec: add x0, x0, x1 ; Add in tag The sxtb x0, w0 should be a sxtb w0, w0. 1215468 1 msaboff 2016-07-28 17:03:40 -0700 <rdar://problem/27299339> 1215471 2 284842 msaboff 2016-07-28 17:23:56 -0700 Created attachment 284842 Patch 1215474 3 284842 ggaren 2016-07-28 17:28:23 -0700 Comment on attachment 284842 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=284842&action=review r=me > Source/JavaScriptCore/ChangeLog:10 > + generate a sign extend byte instructions. On ARM64, we were sign extending instruction > Source/JavaScriptCore/ChangeLog:11 > + to a 64 bit quantity, when we really wanted to signn extend to a 32 bit quantity. sign 1215475 4 msaboff 2016-07-28 17:31:45 -0700 Committed r203851: <http://trac.webkit.org/changeset/203851> 284842 2016-07-28 17:23:56 -0700 2016-07-28 17:28:23 -0700 Patch 160329.patch text/plain 3185 msaboff SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMjAzODUwKQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDI2IEBA CisyMDE2LTA3LTI4ICBNaWNoYWVsIFNhYm9mZiAgPG1zYWJvZmZAYXBwbGUuY29tPgorCisgICAg ICAgIEFSTTY0OiBGdXNlZCBsZWZ0IHNoaWZ0IHdpdGggYSByaWdodCBzaGlmdCBjYW4gY3JlYXRl IE5hTnMgZnJvbSBpbnRlZ2VycworICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93 X2J1Zy5jZ2k/aWQ9MTYwMzI5CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISku CisKKyAgICAgICAgV2hlbiB3ZSBmdXNlIGEgbGVmdCBzaGlmdCBhbmQgYSByaWdodCBzaGlmdCBv ZiBpbnRlZ2VycyB3aGVyZSB0aGUgc2hpZnQgYW1vdW50cworICAgICAgICBhcmUgdGhlIHNhbWUg YW5kIHRoZSBzaXplIG9mIHRoZSBxdWFudGl0eSBiZWluZyBzaGlmdGVkIGlzIDggYml0cywgd2Ug cmlnaHRseQorICAgICAgICBnZW5lcmF0ZSBhIHNpZ24gZXh0ZW5kIGJ5dGUgaW5zdHJ1Y3Rpb25z LiAgT24gQVJNNjQsIHdlIHdlcmUgc2lnbiBleHRlbmRpbmcKKyAgICAgICAgdG8gYSA2NCBiaXQg cXVhbnRpdHksIHdoZW4gd2UgcmVhbGx5IHdhbnRlZCB0byBzaWdubiBleHRlbmQgdG8gYSAzMiBi aXQgcXVhbnRpdHkuCisKKyAgICAgICAgQ2hlY2tpbmcgdGhlIEFSTTY0IG1hcmNvIGFzc2VtYmxl ciBhbmQgd2Ugd2VyZSBleHRlbmRpbmcgdG8gNjQgYml0cyBmb3IgYWxsCisgICAgICAgIGZvdXIg Y29tYmluYXRpb25zIG9mIHplcm8gLyBzaWduIGFuZCA4IC8gMTYgYml0cy4KKyAgICAgICAgCisg ICAgICAgICogYXNzZW1ibGVyL01hY3JvQXNzZW1ibGVyQVJNNjQuaDoKKyAgICAgICAgKEpTQzo6 TWFjcm9Bc3NlbWJsZXJBUk02NDo6emVyb0V4dGVuZDE2VG8zMik6CisgICAgICAgIChKU0M6Ok1h Y3JvQXNzZW1ibGVyQVJNNjQ6OnNpZ25FeHRlbmQxNlRvMzIpOgorICAgICAgICAoSlNDOjpNYWNy b0Fzc2VtYmxlckFSTTY0Ojp6ZXJvRXh0ZW5kOFRvMzIpOgorICAgICAgICAoSlNDOjpNYWNyb0Fz c2VtYmxlckFSTTY0OjpzaWduRXh0ZW5kOFRvMzIpOgorICAgICAgICAqIHRlc3RzL3N0cmVzcy9y ZWdyZXNzLTE2MDMyOS5qczogTmV3IHRlc3QgYWRkZWQuCisgICAgICAgIChuYXJyb3cpOgorCiAy MDE2LTA3LTI4ICBNYXJrIExhbSAgPG1hcmsubGFtQGFwcGxlLmNvbT4KIAogICAgICAgICBTdHJp bmdWaWV3IHNob3VsZCBoYXZlIGFuIGV4cGxpY2l0IG1faXM4Qml0IGZpZWxkLgpJbmRleDogU291 cmNlL0phdmFTY3JpcHRDb3JlL2Fzc2VtYmxlci9NYWNyb0Fzc2VtYmxlckFSTTY0LmgKPT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PQotLS0gU291cmNlL0phdmFTY3JpcHRDb3JlL2Fzc2VtYmxlci9NYWNyb0Fzc2VtYmxlckFS TTY0LmgJKHJldmlzaW9uIDIwMzgyNikKKysrIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9hc3NlbWJs ZXIvTWFjcm9Bc3NlbWJsZXJBUk02NC5oCSh3b3JraW5nIGNvcHkpCkBAIC0xMTI1LDEyICsxMTI1 LDEyIEBAIHB1YmxpYzoKIAogICAgIHZvaWQgemVyb0V4dGVuZDE2VG8zMihSZWdpc3RlcklEIHNy YywgUmVnaXN0ZXJJRCBkZXN0KQogICAgIHsKLSAgICAgICAgbV9hc3NlbWJsZXIudXh0aDw2ND4o ZGVzdCwgc3JjKTsKKyAgICAgICAgbV9hc3NlbWJsZXIudXh0aDwzMj4oZGVzdCwgc3JjKTsKICAg ICB9CiAKICAgICB2b2lkIHNpZ25FeHRlbmQxNlRvMzIoUmVnaXN0ZXJJRCBzcmMsIFJlZ2lzdGVy SUQgZGVzdCkKICAgICB7Ci0gICAgICAgIG1fYXNzZW1ibGVyLnN4dGg8NjQ+KGRlc3QsIHNyYyk7 CisgICAgICAgIG1fYXNzZW1ibGVyLnN4dGg8MzI+KGRlc3QsIHNyYyk7CiAgICAgfQogCiAgICAg dm9pZCBsb2FkOChJbXBsaWNpdEFkZHJlc3MgYWRkcmVzcywgUmVnaXN0ZXJJRCBkZXN0KQpAQCAt MTE5MCwxMiArMTE5MCwxMiBAQCBwdWJsaWM6CiAKICAgICB2b2lkIHplcm9FeHRlbmQ4VG8zMihS ZWdpc3RlcklEIHNyYywgUmVnaXN0ZXJJRCBkZXN0KQogICAgIHsKLSAgICAgICAgbV9hc3NlbWJs ZXIudXh0Yjw2ND4oZGVzdCwgc3JjKTsKKyAgICAgICAgbV9hc3NlbWJsZXIudXh0YjwzMj4oZGVz dCwgc3JjKTsKICAgICB9CiAKICAgICB2b2lkIHNpZ25FeHRlbmQ4VG8zMihSZWdpc3RlcklEIHNy YywgUmVnaXN0ZXJJRCBkZXN0KQogICAgIHsKLSAgICAgICAgbV9hc3NlbWJsZXIuc3h0Yjw2ND4o ZGVzdCwgc3JjKTsKKyAgICAgICAgbV9hc3NlbWJsZXIuc3h0YjwzMj4oZGVzdCwgc3JjKTsKICAg ICB9CiAKICAgICB2b2lkIHN0b3JlNjQoUmVnaXN0ZXJJRCBzcmMsIEltcGxpY2l0QWRkcmVzcyBh ZGRyZXNzKQpJbmRleDogU291cmNlL0phdmFTY3JpcHRDb3JlL3Rlc3RzL3N0cmVzcy9yZWdyZXNz LTE2MDMyOS5qcwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvSmF2YVNjcmlwdENvcmUvdGVzdHMvc3Ry ZXNzL3JlZ3Jlc3MtMTYwMzI5LmpzCShub25leGlzdGVudCkKKysrIFNvdXJjZS9KYXZhU2NyaXB0 Q29yZS90ZXN0cy9zdHJlc3MvcmVncmVzcy0xNjAzMjkuanMJKHdvcmtpbmcgY29weSkKQEAgLTAs MCArMSwxNyBAQAorLy8gUmVncmVzc2lvbiB0ZXN0IGZvciAxNjAzMjkuIFRoaXMgdGVzdCBzaG91 bGQgbm90IGNyYXNoIG9yIHRocm93IGFuIGV4Y2VwdGlvbi4KKworZnVuY3Rpb24gbmFycm93KHgp IHsKKyAgICByZXR1cm4geCA8PCAyNCA+PiAyNDsKK30KKworbm9JbmxpbmUobmFycm93KTsKKwor Zm9yICh2YXIgaSA9IDA7IGkgPCAxMDAwMDAwOyBpKyspIHsKKyAgICBsZXQgZXhwZWN0ZWQgPSBp IDw8IDI0OworICAgIGxldCBnb3QgPSBuYXJyb3coaSk7CisgICAgZXhwZWN0ZWQgPSBleHBlY3Rl ZCA+PiAyNDsKKworICAgIGlmIChleHBlY3RlZCAhPSBnb3QpCisgICAgICAgIHRocm93ICJGQUlM VVJFLCBleHBlY3RlZDoiICsgZXhwZWN0ZWQgKyAiLCBnb3Q6IiArIGdvdDsKK30KKwo=