47356 2010-10-07 09:50:24 -0700 ARM JIT generates undefined operations due to partially uninitialized ShiftTypeAndAmount 2011-01-24 07:57:33 -0800 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) Other OS X 10.5 RESOLVED FIXED P2 Normal --- 0 david_goodwin webkit-unassigned commit-queue dave+webkit ggaren oliver thomas oldest_to_newest 291063 0 david_goodwin 2010-10-07 09:50:24 -0700 The generated instructions include operations like: ebb08f0c undefined which should be: ebb00f0c cmp.w r0, ip Note the 1-bit difference. This comes from high-order shift-amount bit which must be 0 in cmp and many other operations (apparently the undefined behavior when this is 1 is to just ignore the 1 and do the right thing, I assume that is why we aren't seeing any actual failure because of this). This stems from ShiftTypeAndAmount which stores shift type and amount as: union { struct { unsigned lo4 : 4; unsigned hi4 : 4; }; struct { unsigned type : 2; unsigned amount : 5; }; } m_u; Objects of this type are initialized with type = amount = 0, but note that this does not clear all hi4 bits. The attached patch increases amount to 6 bits to fix (we already ensure that the amount value is > 32). 291079 1 70105 david_goodwin 2010-10-07 10:01:17 -0700 Created attachment 70105 Fix partial uninitialization 291252 2 70105 commit-queue 2010-10-07 14:20:09 -0700 Comment on attachment 70105 Fix partial uninitialization Rejecting patch 70105 from commit-queue. Failed to run "['./WebKitTools/Scripts/webkit-patch', '--status-host=queues.webkit.org', 'build-and-test', '--no-clean', '--no-update', '--test', '--quiet', '--non-interactive']" exit_code: 2 Last 500 characters of output: l tests successful. Files=14, Tests=304, 1 wallclock secs ( 0.73 cusr + 0.17 csys = 0.90 CPU) Running build-dumprendertree Compiling Java tests make: Nothing to be done for `default'. Running tests from /Projects/CommitQueue/LayoutTests Testing 21483 test cases. java/lc3/JSObject/ToObject-001.html -> failed Exiting early after 1 failures. 17534 tests run. 282.36s total testing time 17533 test cases (99%) succeeded 1 test case (<1%) had incorrect layout 28 test cases (<1%) had stderr output Full output: http://queues.webkit.org/results/4162142 291421 3 70105 commit-queue 2010-10-07 20:16:56 -0700 Comment on attachment 70105 Fix partial uninitialization Clearing flags on attachment: 70105 Committed r69372: <http://trac.webkit.org/changeset/69372> 291422 4 commit-queue 2010-10-07 20:17:01 -0700 All reviewed patches have been landed. Closing bug. 339016 5 dave+webkit 2011-01-24 07:57:33 -0800 *** Bug 45669 has been marked as a duplicate of this bug. *** 70105 2010-10-07 10:01:17 -0700 2010-10-07 20:16:56 -0700 Fix partial uninitialization 47356.txt text/plain 1010 david_goodwin SW5kZXg6IEphdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBKYXZhU2NyaXB0 Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDY5MzEzKQorKysgSmF2YVNjcmlwdENvcmUvQ2hhbmdl TG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTIgQEAKKzIwMTAtMTAtMDcgIERhdmlkIEdv b2R3aW4gIDxkYXZpZF9nb29kd2luQGFwcGxlLmNvbT4KKworICAgICAgICBSZXZpZXdlZCBieSBO T0JPRFkgKE9PUFMhKS4KKworICAgICAgICBBUk0gSklUIGdlbmVyYXRlcyB1bmRlZmluZWQgb3Bl cmF0aW9ucyBkdWUgdG8gcGFydGlhbGx5IHVuaW5pdGlhbGl6ZWQgU2hpZnRUeXBlQW5kQW1vdW50 CisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD00NzM1Ngor CisgICAgICAgICogYXNzZW1ibGVyL0FSTXY3QXNzZW1ibGVyLmg6CisKIDIwMTAtMTAtMDYgIENo cmlzIEV2YW5zICA8Y2V2YW5zQGdvb2dsZS5jb20+CiAKICAgICAgICAgUmV2aWV3ZWQgYnkgRGF2 aWQgTGV2aW4uCkluZGV4OiBKYXZhU2NyaXB0Q29yZS9hc3NlbWJsZXIvQVJNdjdBc3NlbWJsZXIu aAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09Ci0tLSBKYXZhU2NyaXB0Q29yZS9hc3NlbWJsZXIvQVJNdjdBc3NlbWJsZXIu aAkocmV2aXNpb24gNjkxOTcpCisrKyBKYXZhU2NyaXB0Q29yZS9hc3NlbWJsZXIvQVJNdjdBc3Nl bWJsZXIuaAkod29ya2luZyBjb3B5KQpAQCAtNDQwLDcgKzQ0MCw3IEBAIHByaXZhdGU6CiAgICAg ICAgIH07CiAgICAgICAgIHN0cnVjdCB7CiAgICAgICAgICAgICB1bnNpZ25lZCB0eXBlICAgOiAy OwotICAgICAgICAgICAgdW5zaWduZWQgYW1vdW50IDogNTsKKyAgICAgICAgICAgIHVuc2lnbmVk IGFtb3VudCA6IDY7CiAgICAgICAgIH07CiAgICAgfSBtX3U7CiB9Owo=