<p>
Hi, there!
</p>
<p>
<br>
</p>
<p>
When reading code of ARMConstantIslands::fixupConditionalBr, I found two possible bugs.
</p>
<p>
<br>
</p>
<p>
The first bug is related to the CFG.
</p>
<p>
If the basic block that contains the conditional branch in question is split, splitBlockBeforeInstr updates the CFG so that the basic block BEFORE the split point has only one successor, that is, the new basic block AFTER the split point. However, later, a new conditional branch, which targets the destination of the original conditional branch in question, is added to the basic block BEFORE the split point. This new conditional branch makes the destination of the original conditional branch a successor of the basic block BEFORE the split point. In addition, the destination of the original conditional branch may no longer be a successor of the basic block AFTER the split point. The CFG is not updated accordingly to reflect these facts.
</p>
<p>
<br>
</p>
<p>
The second bug is that if a new conditional branch, which targets NextBB, i.e., the basic block next to MBB, is added to MBB, the new conditional branch is not added to ImmBranches.
</p>
<p>
Note that after the new conditional branch is added to MBB, an unconditional branch is always added to MBB, making MBB a water block.
</p>
<p>
If a large number of constant pool entries are added after the water block, NextBB may be moved out of the range of the new conditional branch. But the pass will not be able to fix this, since it does not see the new conditional branch in ImmBranches.
</p>
<p>
<br>
</p>
<p>
I haven't performed any test to confirm these bugs.
</p>
<p>
Are these really bugs, or did I miss something?
</p>
<p>
<br>
</p>
<p>
Ming Zhang
</p>