Closed Bug 1735772 Opened 3 years ago Closed 3 years ago

[MIPS64] 32-bit values sign-extend/zero-extend issue

Categories

(Core :: JavaScript Engine: JIT, defect)

Other
Unspecified
defect

Tracking

()

RESOLVED FIXED
95 Branch
Tracking Status
firefox95 --- fixed

People

(Reporter: zhaojiazhong-hf, Assigned: zhaojiazhong-hf)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

User Agent: Mozilla/5.0 (X11; Linux loongarch64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.217 Safari/537.36

Steps to reproduce:

According to [SMDOC] Code generation invariants, when 64-bit GPRs carrying 32-bit values, the upper bits are the sign extension of the lower bits on MIPS64, and RISCV64 may have the same feature.
But there are some operations mixed 64-bit instructions and 32-bit-instructions, and didn't maintain the invariant. Such as in MacroAssembler::prepareHashBigInt :

  loadPtr(Address(temp2, 0), temp3); 
  {
    // Compute |AddToHash(AddToHash(hash, data), sizeof(Digit))|.

#if JS_PUNBOX64
    // Hash the lower 32-bits.
    addU32ToHash(temp3); 

    // Hash the upper 32-bits.
    rshift64(Imm32(32), Register64(temp3));
    addU32ToHash(temp3);
#else
    addU32ToHash(temp3);
#endif
  }

loadPtr will load a 64-bit value to temp3 register, but addU32ToHash contains some 32-bit instructions, and needs temp3 to be a sign-extended 32-bit value.

Blocks: 1639895
Hardware: Unspecified → Other

On mips64, when 64-bit GPRs carrying 32-bit values, the upper bits are the sign extension
of the lower bits, and 32-bit instructions will check this invariant.
But on x64 and arm64, the upper bits are zero, and 32-bit instructions don't care about
the upper 32 bits of the inputs.

So when some 32-bit operations like mul32 are used, we should keep the inputs sign-extended.
And if we want a zero-extended 32-bit value, like for some bitwise operations, an explicit
zero-extension is needed.

Assignee: nobody → zhaojiazhong-hf
Pushed by andre.bargull@gmail.com: https://hg.mozilla.org/integration/autoland/rev/428726ea261a Fix some 32-bit value sign-extension issues when computing hash. r=anba
Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → 95 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: