From: Ben Cheng <bccheng@android.com>
Date: Tue, 26 Oct 2010 03:54:31 +0000 (-0700)
Subject: Fix for array lower-bound check for count-down loops.
X-Git-Tag: android-x86-4.0-r1~164^2~13^2
X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=36bd1345;p=android-x86%2Fdalvik.git

Fix for array lower-bound check for count-down loops.

If the counted loop is composed as

for (int i = hi; i >= lo; i--) {
    .. = array[i];
}

The hoisted lower-bound check should be asserting "lo >= 0".
On the other hand if the counted loop is composed as

for (int i = hi; i > lo; i--) {
    .. = array[i];
}

The hoisted lower-bound check should be asserting "lo + 1 >= 0".
Previously these two checks are reversed.

Bug: 3130818
Change-Id: Ibc5a6daa837880e9986e45bbc29d1a5e548be3ae
---

diff --git a/vm/compiler/Loop.c b/vm/compiler/Loop.c
index 78f57179e..918d95560 100644
--- a/vm/compiler/Loop.c
+++ b/vm/compiler/Loop.c
@@ -435,11 +435,12 @@ static void genHoistedChecks(CompilationUnit *cUnit)
                 boundCheckMIR->dalvikInsn.vA = loopAnalysis->endConditionReg;
                 boundCheckMIR->dalvikInsn.vB = globalMinC;
                 /*
-                 * If the end condition is ">", add 1 back to the constant field
-                 * to reflect the fact that the smallest index value is
-                 * "endValue + constant + 1".
+                 * If the end condition is ">" in the source, the check in the
+                 * Dalvik bytecode is OP_IF_LE. In this case add 1 back to the
+                 * constant field to reflect the fact that the smallest index
+                 * value is "endValue + constant + 1".
                  */
-                if (loopAnalysis->loopBranchOpcode == OP_IF_LT) {
+                if (loopAnalysis->loopBranchOpcode == OP_IF_LE) {
                     boundCheckMIR->dalvikInsn.vB++;
                 }
                 dvmCompilerAppendMIR(entry, boundCheckMIR);