Hi,
While working on the AREG0 patches, I noticed strange code in
target-i386/translate.c.
We have this table of function pointers:
static void *sse_op_table3[4 * 3] = {
gen_helper_cvtsi2ss,
gen_helper_cvtsi2sd,
X86_64_ONLY(gen_helper_cvtsq2ss),
X86_64_ONLY(gen_helper_cvtsq2sd),
gen_helper_cvttss2si,
gen_helper_cvttsd2si,
X86_64_ONLY(gen_helper_cvttss2sq),
X86_64_ONLY(gen_helper_cvttsd2sq),
gen_helper_cvtss2si,
gen_helper_cvtsd2si,
X86_64_ONLY(gen_helper_cvtss2sq),
X86_64_ONLY(gen_helper_cvtsd2sq),
};
It's accessed like this (line 3537):
sse_op2 = sse_op_table3[(s->dflag == 2) * 2 + ((b >> 8) - 2)];
b >> 8 can be only either 1 or 0. I don't see how this can work, won't
the array index become negative for s->dflag != 2?
The other access is as follows (line 3594):
sse_op2 = sse_op_table3[(s->dflag == 2) * 2 + ((b >> 8) - 2) + 4 +
(b & 1) * 4];
This looks better because of + 4 but I think some array values are not
accessible (max. 1 * 2 + (1 - 2) + 4 + 1 * 4 == 9).
