From 5724068b1c851e6bdd46143feb5586afffd8990a Mon Sep 17 00:00:00 2001 From: Paulo Andrade Date: Tue, 3 Feb 2015 15:19:21 -0200 Subject: [PATCH] Correct wrong check in simplify_stxi. * lib/lightning.c: Correct wrong check in simplify_stxi. The test was incorrectly comparing the target register and the displacement offset. This was a time bomb bug, that would trigger in code like: stxi Im0 Rb0 Rt0 stxi Im1 Rb1 Rt1 if Rb0 == Rb1 && Rt0 == Rt1 && Im0 == Rt1, that is, the wrong check was Im0 == Rt1, instead of the supposed Im0 == Imm1 (that was what the code mean't to do). It was removing the second stxi assuming it was redundantly generated; as that is not uncommon pattern on translators generating jit. --- ChangeLog | 15 +++++++++++++++ lib/lightning.c | 2 +- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index d352f0c5c..0f6530d85 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,18 @@ +2015-02-03 Paulo Andrade + + * lib/lightning.c: Correct wrong check in simplify_stxi. + The test was incorrectly comparing the target register + and the displacement offset. This was a time bomb bug, + that would trigger in code like: + stxi Im0 Rb0 Rt0 + stxi Im1 Rb1 Rt1 + if Rb0 == Rb1 && Rt0 == Rt1 && Im0 == Rt1, that is, + the wrong check was Im0 == Rt1, instead of the supposed + Im0 == Imm1 (that was what the code mean't to do). It + was removing the second stxi assuming it was redundantly + generated; as that is not uncommon pattern on + translators generating jit. + 2015-02-02 Paulo Andrade * configure.ac, include/lightning/jit_private.h, diff --git a/lib/lightning.c b/lib/lightning.c index b9173b70e..d22a95c7f 100644 --- a/lib/lightning.c +++ b/lib/lightning.c @@ -2790,7 +2790,7 @@ _simplify_stxi(jit_state_t *_jit, jit_node_t *prev, jit_node_t *node) /* check for redundant store after load */ if (value->kind == jit_kind_code && value->code == node->code && value->base.q.l == right && value->base.q.h == _jitc->gen[right] && - node->w.w == value->disp.w) { + node->u.w == value->disp.w) { del_node(prev, node); return (1); }