[vm/compiler] Fix truncation of class id when it is stored in FieldGuardState

alexmarkov · Commit Queue · commit 8c5407b3ddf0 · 2024-01-29T23:44:59.000Z
Class id can occupy more than 16 bits, so bit field FieldGuardState::GuardedCidBits is extended. Also added assertion that it has at least target::UntaggedObject::kClassIdTagSize bits. TEST=ci, manually tested repro from b/322790241. Fixes b/322790241 Change-Id: I39d0592a5a1c8e0c83b7af7d30de6f966b358fda Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/349082 Reviewed-by: Ryan Macnak <rmacnak@google.com> Commit-Queue: Alexander Markov <alexmarkov@google.com>
diff --git a/runtime/vm/compiler/backend/slot.cc b/runtime/vm/compiler/backend/slot.cc
@@ -331,7 +331,10 @@ const Slot& Slot::GetCanonicalSlot(Thread* thread,
 
 FieldGuardState::FieldGuardState(const Field& field)
     : state_(GuardedCidBits::encode(field.guarded_cid()) |
-             IsNullableBit::encode(field.is_nullable())) {}
+             IsNullableBit::encode(field.is_nullable())) {
+  ASSERT(compiler::target::UntaggedObject::kClassIdTagSize <=
+         GuardedCidBits::bitsize());
+}
 
 const Slot& Slot::Get(const Field& field,
                       const ParsedFunction* parsed_function) {
diff --git a/runtime/vm/compiler/backend/slot.h b/runtime/vm/compiler/backend/slot.h
@@ -241,7 +241,7 @@ class FieldGuardState {
   bool is_nullable() const { return IsNullableBit::decode(state_); }
 
  private:
-  using GuardedCidBits = BitField<int32_t, ClassIdTagType, 0, 16>;
+  using GuardedCidBits = BitField<int32_t, ClassIdTagType, 0, 20>;
   using IsNullableBit = BitField<int32_t, bool, GuardedCidBits::kNextBit, 1>;
 
   const int32_t state_;
