RESOLVED FIXED 47356
ARM JIT generates undefined operations due to partially uninitialized ShiftTypeAndAmount 
https://bugs.webkit.org/show_bug.cgi?id=47356
Summary ARM JIT generates undefined operations due to partially uninitialized ShiftTy...
David Goodwin
Reported 2010-10-07 09:50:24 PDT
The generated instructions include operations like: ebb08f0c undefined which should be: ebb00f0c cmp.w r0, ip Note the 1-bit difference. This comes from high-order shift-amount bit which must be 0 in cmp and many other operations (apparently the undefined behavior when this is 1 is to just ignore the 1 and do the right thing, I assume that is why we aren't seeing any actual failure because of this). This stems from ShiftTypeAndAmount which stores shift type and amount as: union { struct { unsigned lo4 : 4; unsigned hi4 : 4; }; struct { unsigned type : 2; unsigned amount : 5; }; } m_u; Objects of this type are initialized with type = amount = 0, but note that this does not clear all hi4 bits. The attached patch increases amount to 6 bits to fix (we already ensure that the amount value is > 32).
Attachments
Fix partial uninitialization (1010 bytes, patch)
2010-10-07 10:01 PDT, David Goodwin 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
David Goodwin
Comment 1 2010-10-07 10:01:17 PDT
Created attachment 70105 [details] Fix partial uninitialization
WebKit Commit Bot
Comment 2 2010-10-07 14:20:09 PDT
Comment on attachment 70105 [details] Fix partial uninitialization Rejecting patch 70105 from commit-queue. Failed to run "['./WebKitTools/Scripts/webkit-patch', '--status-host=queues.webkit.org', 'build-and-test', '--no-clean', '--no-update', '--test', '--quiet', '--non-interactive']" exit_code: 2 Last 500 characters of output: l tests successful. Files=14, Tests=304, 1 wallclock secs ( 0.73 cusr + 0.17 csys = 0.90 CPU) Running build-dumprendertree Compiling Java tests make: Nothing to be done for `default'. Running tests from /Projects/CommitQueue/LayoutTests Testing 21483 test cases. java/lc3/JSObject/ToObject-001.html -> failed Exiting early after 1 failures. 17534 tests run. 282.36s total testing time 17533 test cases (99%) succeeded 1 test case (<1%) had incorrect layout 28 test cases (<1%) had stderr output Full output: http://queues.webkit.org/results/4162142
WebKit Commit Bot
Comment 3 2010-10-07 20:16:56 PDT
Comment on attachment 70105 [details] Fix partial uninitialization Clearing flags on attachment: 70105 Committed r69372: <http://trac.webkit.org/changeset/69372>
WebKit Commit Bot
Comment 4 2010-10-07 20:17:01 PDT
All reviewed patches have been landed. Closing bug.
David Tapuska
Comment 5 2011-01-24 07:57:33 PST
*** Bug 45669 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.