Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fuzz testing: unreachable code for ~/ operator #34679

Closed
aartbik opened this Issue Oct 4, 2018 · 3 comments

Comments

Projects
None yet
2 participants
@aartbik
Copy link
Contributor

commented Oct 4, 2018

Fuzz testing found AOT-DebugX64 crash, code that should not be reached:

runtime/vm/compiler/backend/il_x64.cc: 6015: error: unreachable code

DartFuzz: 1.1:1788080269

@aartbik aartbik self-assigned this Oct 4, 2018

@aartbik

This comment has been minimized.

Copy link
Contributor Author

commented Oct 4, 2018

Code crashes on ~/ operator

v96 <- BinaryUint32Op(~/ [tr], v410 T{_int64!}, v412 T{_int64!}) [0, 4294967295] T{_Smi!}

@aartbik aartbik changed the title Fuzz testing: unreachable code Fuzz testing: unreachable code for ~/ operator Oct 4, 2018

@aartbik

This comment has been minimized.

Copy link
Contributor Author

commented Oct 4, 2018

Again due to range analysis, similar, but slightly different from #34678
I am going to combine the fix into one CL.

@alexmarkov

This comment has been minimized.

Copy link
Contributor

commented Oct 4, 2018

This could be related: flutter/flutter#22293

dart-bot pushed a commit that referenced this issue Oct 5, 2018

[vm/compiler] Fix crashes in AOT X64 DEBUG compiler.
Rationale:
The method ConstructReplacementFor() in range analysis would unconditionally
replace an UnaryInt64Op with an UnaryUint32Op, regardless of whether it contains
an NEGATE or NOT. None of the backends supports a NEGATE UnaryUint32Op,
however (I added a missing assert to X64 for the future, even though we currently
found the issue in the constructor already). Note that alternatively we could implement
NEGATE UnaryUint32Op for all platforms.

Note:
A similar issue was found for TRUNCDIV with a second fuzz test, which is fixed
in same CL with a more general approach.

Bug:
#34678
#34679


Change-Id: I370268620008e5d4cb605c0bd11e423d8fcd5327
Reviewed-on: https://dart-review.googlesource.com/c/78148
Reviewed-by: Alexander Markov <alexmarkov@google.com>
Commit-Queue: Aart Bik <ajcbik@google.com>

@aartbik aartbik closed this Oct 5, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.