Fix an array out-of-bound read in the JIT compiler.

Without the fix the compiler is still safe since the offending memory access is a read, though the hoisted distance is non-deterministic. The easiest and safest fix is to unconditionally hoist a load when it can reach the scheduling barrier. Change-Id: I021161cb2a6e011301ab65ba62bc2a74af1cb552 Signed-off-by: Douglas Leung <douglas@mips.com>
author: Douglas Leung <douglas@mips.com> 2012-08-01 12:00:33 -0700
committer: Raghu Gandham <raghu@mips.com> 2012-08-01 14:14:30 -0700
commit: bd1b0d74bbf40c69e47863fab7ea99eac418c515 (patch)
tree: 7cf04615071232c70fbc0fd873470adcf0721de1 /vm/compiler/codegen
parent: 5b861ab5541e9806d6255f17769acad3c2b4029b (diff)
download: android_dalvik-bd1b0d74bbf40c69e47863fab7ea99eac418c515.tar.gz
android_dalvik-bd1b0d74bbf40c69e47863fab7ea99eac418c515.tar.bz2
android_dalvik-bd1b0d74bbf40c69e47863fab7ea99eac418c515.zip
1 files changed, 10 insertions, 4 deletions
diff --git a/vm/compiler/codegen/mips/LocalOptimizations.cpp b/vm/compiler/codegen/mips/LocalOptimizations.cpp
index 2ccd40dcd..1ef0d1744 100644
--- a/vm/compiler/codegen/mips/LocalOptimizations.cpp
+++ b/vm/compiler/codegen/mips/LocalOptimizations.cpp
@@ -400,7 +400,10 @@ static void applyLoadHoisting(CompilationUnit *cUnit,
                 MipsLIR *curLIR = prevInstList[slot];
                 MipsLIR *prevLIR = prevInstList[slot+1];
 
-                /* Check the highest instruction */
+                /*
+                 * Check the highest instruction.
+                 * ENCODE_ALL represents a scheduling barrier.
+                 */
                 if (prevLIR->defMask == ENCODE_ALL) {
                     /*
                      * If the first instruction is a load, don't hoist anything
@@ -408,10 +411,13 @@ static void applyLoadHoisting(CompilationUnit *cUnit,
                      */
                     if (EncodingMap[curLIR->opcode].flags & IS_LOAD) continue;
                     /*
-                     * If the remaining number of slots is less than LD_LATENCY,
-                     * insert the hoisted load here.
+                     * Need to unconditionally break here even if the hoisted
+                     * distance is greater than LD_LATENCY (ie more than enough
+                     * cycles are inserted to hide the load latency) since theu
+                     * subsequent code doesn't expect to compare against a
+                     * pseudo opcode (whose opcode value is negative).
                      */
-                    if (slot < LD_LATENCY) break;
+                    break;
                 }
 
                 /*
author	Douglas Leung <douglas@mips.com>	2012-08-01 12:00:33 -0700
committer	Raghu Gandham <raghu@mips.com>	2012-08-01 14:14:30 -0700
commit	bd1b0d74bbf40c69e47863fab7ea99eac418c515 (patch)
tree	7cf04615071232c70fbc0fd873470adcf0721de1 /vm/compiler/codegen
parent	5b861ab5541e9806d6255f17769acad3c2b4029b (diff)
download	android_dalvik-bd1b0d74bbf40c69e47863fab7ea99eac418c515.tar.gz android_dalvik-bd1b0d74bbf40c69e47863fab7ea99eac418c515.tar.bz2 android_dalvik-bd1b0d74bbf40c69e47863fab7ea99eac418c515.zip