handle fast locals in amd64 shifts (afl)

Reported by Alessandro Mantovani. Although unlikely in real programs it was found that using the address of a fast local in amd64 shifts triggers assertion failures. We now err when the shift count is given by an address; but we allow shifting an address.
author: Quentin Carbonneaux <quentin@c9x.me> 2021-07-28 01:15:51 +0200
committer: Quentin Carbonneaux <quentin@c9x.me> 2021-07-28 01:57:05 +0200
commit: b543ffed71497fb079bfdca53934870a1189c325 (patch)
tree: 6443ecd62d9fd42ed6203529bd15316ff2082a6c /amd64
parent: 5a4369dd279b1ee50779ae4ab16daaa035eeeb69 (diff)
download: roux-b543ffed71497fb079bfdca53934870a1189c325.tar.gz
1 files changed, 8 insertions, 3 deletions
diff --git a/amd64/isel.c b/amd64/isel.c
index 31199da..e8a78f3 100644
--- a/amd64/isel.c
+++ b/amd64/isel.c
@@ -244,13 +244,18 @@ sel(Ins i, ANum *an, Fn *fn)
 	case Osar:
 	case Oshr:
 	case Oshl:
-		if (rtype(i.arg[1]) == RCon)
-			goto Emit;
 		r0 = i.arg[1];
+		if (rtype(r0) == RCon)
+			goto Emit;
+		if (fn->tmp[r0.val].slot != -1)
+			err("unlikely argument %%%s in %s",
+				fn->tmp[r0.val].name, optab[i.op].name);
 		i.arg[1] = TMP(RCX);
 		emit(Ocopy, Kw, R, TMP(RCX), R);
 		emiti(i);
+		i1 = curi;
 		emit(Ocopy, Kw, TMP(RCX), r0, R);
+		fixarg(&i1->arg[0], argcls(&i, 0), i1, fn);
 		break;
 	case Onop:
 		break;
@@ -336,7 +341,7 @@ Emit:
 		die("unknown instruction %s", optab[i.op].name);
 	}
 
-	while (i0 > curi && --i0) {
+	while (i0>curi && --i0) {
 		assert(rslot(i0->arg[0], fn) == -1);
 		assert(rslot(i0->arg[1], fn) == -1);
 	}
author	Quentin Carbonneaux <quentin@c9x.me>	2021-07-28 01:15:51 +0200
committer	Quentin Carbonneaux <quentin@c9x.me>	2021-07-28 01:57:05 +0200
commit	b543ffed71497fb079bfdca53934870a1189c325 (patch)
tree	6443ecd62d9fd42ed6203529bd15316ff2082a6c /amd64
parent	5a4369dd279b1ee50779ae4ab16daaa035eeeb69 (diff)
download	roux-b543ffed71497fb079bfdca53934870a1189c325.tar.gz