src · ec772a4fd8b6e9a79506328787218459b733606c · Linshizhi / V8

Restrict range for int64_t to immediate conversions · ec772a4f

Eric Holk authored Apr 20, 2017

The included test case illustrates the problem. It subtracts (16 << 27)
from another number. The Machine Operator Reducer would replace the
shift computation with 0x0000000080000000, and then change the subtract
to an add of -(0x0000000080000000), which is 0xffffffff80000000.
The instruction selector would determine that this value could be an
immediate, because it fits in 32 bits, so it would select the lea
instruction. Finally, the code generator would detect that the
immediate was less than 0, flip the sign and replace the add with a
subtract of 0x80000000. Because the x64 subtract instruction's
immediate field is 32 bits, the processor would interpret this as
0xffffffff80000000 instead of an unsigned value.

This change fixes the issue by making the CanBeImmediate check
explicitly compare against INT_MIN and INT_MAX. We disallow INT_MIN
as an immediate precisely because we cannot tell 0x0000000080000000
from 0xffffffff80000000 when truncated to 32 bits.

Bug: chromium:711203
Change-Id: Ie371b8ea290684a6bb723bae9c693a866f961850
Reviewed-on: https://chromium-review.googlesource.com/482448
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44758}

ec772a4f

Name	Last commit	Last update
..
arm		Loading commit data...
arm64		Loading commit data...
asmjs		Loading commit data...
ast		Loading commit data...
base		Loading commit data...
builtins		Loading commit data...
compiler		Loading commit data...
compiler-dispatcher		Loading commit data...
crankshaft		Loading commit data...
debug		Loading commit data...
extensions		Loading commit data...
ffi		Loading commit data...
full-codegen		Loading commit data...
heap		Loading commit data...
ia32		Loading commit data...
ic		Loading commit data...
inspector		Loading commit data...
interpreter		Loading commit data...
js		Loading commit data...
libplatform		Loading commit data...
libsampler		Loading commit data...
mips		Loading commit data...
mips64		Loading commit data...
objects		Loading commit data...
parsing		Loading commit data...
ppc		Loading commit data...
profiler		Loading commit data...
regexp		Loading commit data...
runtime		Loading commit data...
s390		Loading commit data...
snapshot		Loading commit data...
third_party		Loading commit data...
tracing		Loading commit data...
trap-handler		Loading commit data...
wasm		Loading commit data...
x64		Loading commit data...
x87		Loading commit data...
zone		Loading commit data...
DEPS		Loading commit data...
OWNERS		Loading commit data...
accessors.cc		Loading commit data...
accessors.h		Loading commit data...
address-map.cc		Loading commit data...
address-map.h		Loading commit data...
allocation-site-scopes.cc		Loading commit data...
allocation-site-scopes.h		Loading commit data...
allocation.cc		Loading commit data...
allocation.h		Loading commit data...
api-arguments-inl.h		Loading commit data...
api-arguments.cc		Loading commit data...
api-arguments.h		Loading commit data...
api-natives.cc		Loading commit data...
api-natives.h		Loading commit data...
api.cc		Loading commit data...
api.h		Loading commit data...
arguments.cc		Loading commit data...
arguments.h		Loading commit data...
assembler-inl.h		Loading commit data...
assembler.cc		Loading commit data...
assembler.h		Loading commit data...
assert-scope.cc		Loading commit data...
assert-scope.h		Loading commit data...
background-parsing-task.cc		Loading commit data...
background-parsing-task.h		Loading commit data...
bailout-reason.cc		Loading commit data...
bailout-reason.h		Loading commit data...
base.isolate		Loading commit data...
basic-block-profiler.cc		Loading commit data...
basic-block-profiler.h		Loading commit data...
bignum-dtoa.cc		Loading commit data...
bignum-dtoa.h		Loading commit data...
bignum.cc		Loading commit data...
bignum.h		Loading commit data...
bit-vector.cc		Loading commit data...
bit-vector.h		Loading commit data...
bootstrapper.cc		Loading commit data...
bootstrapper.h		Loading commit data...
cached-powers.cc		Loading commit data...
cached-powers.h		Loading commit data...
callable.h		Loading commit data...
cancelable-task.cc		Loading commit data...
cancelable-task.h		Loading commit data...
char-predicates-inl.h		Loading commit data...
char-predicates.cc		Loading commit data...
char-predicates.h		Loading commit data...
checks.h		Loading commit data...
code-events.h		Loading commit data...
code-factory.cc		Loading commit data...
code-factory.h		Loading commit data...
code-stub-assembler.cc		Loading commit data...
code-stub-assembler.h		Loading commit data...
code-stubs-hydrogen.cc		Loading commit data...
code-stubs-utils.h		Loading commit data...
code-stubs.cc		Loading commit data...
code-stubs.h		Loading commit data...
codegen.cc		Loading commit data...
codegen.h		Loading commit data...
collector.h		Loading commit data...
compilation-cache.cc		Loading commit data...
compilation-cache.h		Loading commit data...
compilation-dependencies.cc		Loading commit data...
compilation-dependencies.h		Loading commit data...
compilation-info.cc		Loading commit data...
compilation-info.h		Loading commit data...
compilation-statistics.cc		Loading commit data...
compilation-statistics.h		Loading commit data...
compiler.cc		Loading commit data...
compiler.h		Loading commit data...
contexts-inl.h		Loading commit data...
contexts.cc		Loading commit data...
contexts.h		Loading commit data...
conversions-inl.h		Loading commit data...
conversions.cc		Loading commit data...
conversions.h		Loading commit data...
counters-inl.h		Loading commit data...
counters.cc		Loading commit data...
counters.h		Loading commit data...
d8-posix.cc		Loading commit data...
d8-windows.cc		Loading commit data...
d8.cc		Loading commit data...
d8.gyp		Loading commit data...
d8.h		Loading commit data...
d8.isolate		Loading commit data...
d8.js		Loading commit data...
date.cc		Loading commit data...
date.h		Loading commit data...
dateparser-inl.h		Loading commit data...
dateparser.cc		Loading commit data...
dateparser.h		Loading commit data...
deoptimize-reason.cc		Loading commit data...
deoptimize-reason.h		Loading commit data...
deoptimizer.cc		Loading commit data...
deoptimizer.h		Loading commit data...
disasm.h		Loading commit data...
disassembler.cc		Loading commit data...
disassembler.h		Loading commit data...
diy-fp.cc		Loading commit data...
diy-fp.h		Loading commit data...
double.h		Loading commit data...
dtoa.cc		Loading commit data...
dtoa.h		Loading commit data...
effects.h		Loading commit data...
eh-frame.cc		Loading commit data...
eh-frame.h		Loading commit data...
elements-kind.cc		Loading commit data...
elements-kind.h		Loading commit data...
elements.cc		Loading commit data...
elements.h		Loading commit data...
execution.cc		Loading commit data...
execution.h		Loading commit data...
external-reference-table.cc		Loading commit data...
external-reference-table.h		Loading commit data...
factory.cc		Loading commit data...
factory.h		Loading commit data...
fast-dtoa.cc		Loading commit data...
fast-dtoa.h		Loading commit data...
feedback-vector-inl.h		Loading commit data...
feedback-vector.cc		Loading commit data...
feedback-vector.h		Loading commit data...
field-index-inl.h		Loading commit data...
field-index.h		Loading commit data...
field-type.cc		Loading commit data...
field-type.h		Loading commit data...
find-and-replace-pattern.h		Loading commit data...
fixed-dtoa.cc		Loading commit data...
fixed-dtoa.h		Loading commit data...
flag-definitions.h		Loading commit data...
flags.cc		Loading commit data...
flags.h		Loading commit data...
frames-inl.h		Loading commit data...
frames.cc		Loading commit data...
frames.h		Loading commit data...
futex-emulation.cc		Loading commit data...
futex-emulation.h		Loading commit data...
gdb-jit.cc		Loading commit data...
gdb-jit.h		Loading commit data...
global-handles.cc		Loading commit data...
global-handles.h		Loading commit data...
globals.h		Loading commit data...
handles-inl.h		Loading commit data...
handles.cc		Loading commit data...
handles.h		Loading commit data...
heap-symbols.h		Loading commit data...
i18n.cc		Loading commit data...
i18n.h		Loading commit data...
icu_util.cc		Loading commit data...
icu_util.h		Loading commit data...
identity-map.cc		Loading commit data...
identity-map.h		Loading commit data...
interface-descriptors.cc		Loading commit data...
interface-descriptors.h		Loading commit data...
isolate-inl.h		Loading commit data...
isolate.cc		Loading commit data...
isolate.h		Loading commit data...
json-parser.cc		Loading commit data...
json-parser.h		Loading commit data...
json-stringifier.cc		Loading commit data...
json-stringifier.h		Loading commit data...
keys.cc		Loading commit data...
keys.h		Loading commit data...
label.h		Loading commit data...
layout-descriptor-inl.h		Loading commit data...
layout-descriptor.cc		Loading commit data...
layout-descriptor.h		Loading commit data...
list-inl.h		Loading commit data...
list.h		Loading commit data...
locked-queue-inl.h		Loading commit data...
locked-queue.h		Loading commit data...
log-inl.h		Loading commit data...
log-utils.cc		Loading commit data...
log-utils.h		Loading commit data...
log.cc		Loading commit data...
log.h		Loading commit data...
lookup-cache-inl.h		Loading commit data...
lookup-cache.cc		Loading commit data...
lookup-cache.h		Loading commit data...
lookup.cc		Loading commit data...
lookup.h		Loading commit data...
machine-type.cc		Loading commit data...
machine-type.h		Loading commit data...
macro-assembler-inl.h		Loading commit data...
macro-assembler.h		Loading commit data...
managed.h		Loading commit data...
map-updater.cc		Loading commit data...
map-updater.h		Loading commit data...
messages.cc		Loading commit data...
messages.h		Loading commit data...
msan.h		Loading commit data...
objects-body-descriptors-inl.h		Loading commit data...
objects-body-descriptors.h		Loading commit data...
objects-debug.cc		Loading commit data...
objects-inl.h		Loading commit data...
objects-printer.cc		Loading commit data...
objects.cc		Loading commit data...
objects.h		Loading commit data...
ostreams.cc		Loading commit data...
ostreams.h		Loading commit data...
pending-compilation-error-handler.cc		Loading commit data...
pending-compilation-error-handler.h		Loading commit data...
perf-jit.cc		Loading commit data...
perf-jit.h		Loading commit data...
property-descriptor.cc		Loading commit data...
property-descriptor.h		Loading commit data...
property-details.h		Loading commit data...
property.cc		Loading commit data...
property.h		Loading commit data...
prototype.h		Loading commit data...
register-configuration.cc		Loading commit data...
register-configuration.h		Loading commit data...
runtime-profiler.cc		Loading commit data...
runtime-profiler.h		Loading commit data...
safepoint-table.cc		Loading commit data...
safepoint-table.h		Loading commit data...
setup-isolate-deserialize.cc		Loading commit data...
setup-isolate-full.cc		Loading commit data...
setup-isolate.h		Loading commit data...
signature.h		Loading commit data...
simulator.h		Loading commit data...
small-pointer-list.h		Loading commit data...
source-position-table.cc		Loading commit data...
source-position-table.h		Loading commit data...
source-position.cc		Loading commit data...
source-position.h		Loading commit data...
splay-tree-inl.h		Loading commit data...
splay-tree.h		Loading commit data...
startup-data-util.cc		Loading commit data...
startup-data-util.h		Loading commit data...
string-builder.cc		Loading commit data...
string-builder.h		Loading commit data...
string-case.cc		Loading commit data...
string-case.h		Loading commit data...
string-search.h		Loading commit data...
string-stream.cc		Loading commit data...
string-stream.h		Loading commit data...
strtod.cc		Loading commit data...
strtod.h		Loading commit data...
transitions-inl.h		Loading commit data...
transitions.cc		Loading commit data...
transitions.h		Loading commit data...
type-hints.cc		Loading commit data...
type-hints.h		Loading commit data...
type-info.cc		Loading commit data...
type-info.h		Loading commit data...
unicode-cache-inl.h		Loading commit data...
unicode-cache.h		Loading commit data...
unicode-decoder.cc		Loading commit data...
unicode-decoder.h		Loading commit data...
unicode-inl.h		Loading commit data...
unicode.cc		Loading commit data...
unicode.h		Loading commit data...
uri.cc		Loading commit data...
uri.h		Loading commit data...
utils-inl.h		Loading commit data...
utils.cc		Loading commit data...
utils.h		Loading commit data...
v8.cc		Loading commit data...
v8.gyp		Loading commit data...
v8.h		Loading commit data...
v8dll-main.cc		Loading commit data...
v8memory.h		Loading commit data...
v8threads.cc		Loading commit data...
v8threads.h		Loading commit data...
value-serializer.cc		Loading commit data...
value-serializer.h		Loading commit data...
vector.h		Loading commit data...
version.cc		Loading commit data...
version.h		Loading commit data...
vm-state-inl.h		Loading commit data...
vm-state.h		Loading commit data...