[vm/compiler] Fix truncation of class id when it is stored in FieldGuardState

Class id can occupy more than 16 bits, so bit field FieldGuardState::GuardedCidBits is extended. Also added assertion that it has at least target::UntaggedObject::kClassIdTagSize bits. TEST=ci, manually tested repro from b/322790241. Fixes b/322790241 Change-Id: I39d0592a5a1c8e0c83b7af7d30de6f966b358fda Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/349082 Reviewed-by: Ryan Macnak <rmacnak@google.com> Commit-Queue: Alexander Markov <alexmarkov@google.com>
2024-09-05 00:13:50 +00:00 · 2024-01-29 23:44:59 +00:00 · 2024-01-29 23:44:59 +00:00 · 8c5407b3dd
parent 72fdb26e04
commit 8c5407b3dd
2 changed files with 5 additions and 2 deletions
--- a/runtime/vm/compiler/backend/slot.cc
+++ b/runtime/vm/compiler/backend/slot.cc
@ -331,7 +331,10 @@ const Slot& Slot::GetCanonicalSlot(Thread* thread,

 FieldGuardState::FieldGuardState(const Field& field)
    : state_(GuardedCidBits::encode(field.guarded_cid()) |
-             IsNullableBit::encode(field.is_nullable())) {}
+             IsNullableBit::encode(field.is_nullable())) {
+  ASSERT(compiler::target::UntaggedObject::kClassIdTagSize <=
+         GuardedCidBits::bitsize());
+}

 const Slot& Slot::Get(const Field& field,
                      const ParsedFunction* parsed_function) {
--- a/runtime/vm/compiler/backend/slot.h
+++ b/runtime/vm/compiler/backend/slot.h
@ -241,7 +241,7 @@ class FieldGuardState {
  bool is_nullable() const { return IsNullableBit::decode(state_); }

 private:
-  using GuardedCidBits = BitField<int32_t, ClassIdTagType, 0, 16>;
+  using GuardedCidBits = BitField<int32_t, ClassIdTagType, 0, 20>;
  using IsNullableBit = BitField<int32_t, bool, GuardedCidBits::kNextBit, 1>;

  const int32_t state_;