[vm, compiler] Fix Load[D]FromOffset for offsets with bits 21-23 set on ARM.

rmacnak-google · Commit Queue · commit 1cf804e1fe1e · 2025-08-05T12:12:59.000-07:00
TEST=vm/cc/Assembler_LargeOffsets Bug: flutter/flutter#172626 Change-Id: I88f41a3f075ea4b22a1211884e6abcf8587515d9 Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/443632 Commit-Queue: Ryan Macnak <rmacnak@google.com> Reviewed-by: Alexander Markov <alexmarkov@google.com>
diff --git a/runtime/vm/compiler/assembler/assembler_arm.h b/runtime/vm/compiler/assembler/assembler_arm.h
@@ -260,13 +260,15 @@ class Address : public ValueObject {
     kind_ = Immediate;
     base_ = rn;
     offset_ = offset;
-    // If the offset can't be encoded in fewer bits, then it'll conflict with
-    // the encoding of the mode and we won't be able to retrieve it later.
-    ASSERT(Utils::MagnitudeIsUint(kOpcodeShift, offset));
+    // The offset might overflow what can be encoded temporarily before being
+    // split by PrepareLargeAddress. Make sure this doesn't lead to corruption
+    // of the mode.
+    constexpr int32_t kOffsetMask = (1 << kOpcodeShift) - 1;
     if (offset < 0) {
-      encoding_ = (am ^ (1 << kUShift)) | -offset;  // Flip U to adjust sign.
+      // Flip U to adjust sign.
+      encoding_ = (am ^ (1 << kUShift)) | ((-offset) & kOffsetMask);
     } else {
-      encoding_ = am | offset;
+      encoding_ = am | (offset & kOffsetMask);
     }
     encoding_ |= ArmEncode::Rn(rn);
   }
diff --git a/runtime/vm/compiler/assembler/assembler_arm_test.cc b/runtime/vm/compiler/assembler/assembler_arm_test.cc
@@ -4077,6 +4077,30 @@ intptr_t RegRegImmTests::Asr(intptr_t value, intptr_t shift, OperandSize sz) {
   return ExtendValue(SignExtendValue(value, sz) >> shift, sz);
 }
 
+// Regression test for https://github.com/flutter/flutter/issues/172626.
+ASSEMBLER_TEST_GENERATE(LargeOffsets, assembler) {
+  __ LoadFromOffset(R0, PP, 0x208577);  // Has bit 21 set.
+  __ LoadDFromOffset(D0, PP, 0x208577);
+  __ StoreToOffset(R0, PP, 0x208577);
+  __ StoreDToOffset(D0, PP, 0x208577);
+}
+
+ASSEMBLER_TEST_RUN(LargeOffsets, test) {
+  EXPECT_DISASSEMBLY(
+      "e285c982 add tmp, pp, #2129920\n"
+      "e59c0577 ldr r0, [tmp, #+1399]\n"
+      "e308c403 movw tmp, #0x8403\n"
+      "e340c020 movt tmp, #0x20\n"
+      "e085c00c add tmp, pp, tmp\n"
+      "ed9c0b5d vldrd d0, [tmp, #+372]\n"
+      "e285c982 add tmp, pp, #2129920\n"
+      "e58c0577 str r0, [tmp, #+1399]\n"
+      "e308c403 movw tmp, #0x8403\n"
+      "e340c020 movt tmp, #0x20\n"
+      "e085c00c add tmp, pp, tmp\n"
+      "ed8c0b5d vstrd d0, [tmp, #+372]\n");
+}
+
 }  // namespace compiler
 }  // namespace dart
 
