210860 2020-04-22 08:56:27 -0700 [JSC] JSBigInt inc operation does not produce right HeapBigInt zero 2020-04-22 17:12:41 -0700 1 1 1 Unclassified WebKit JavaScriptCore WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 ysuzuki ysuzuki ews-watchlist keith_miller mark.lam msaboff rmorisset saam tzagallo webkit-bug-importer oldest_to_newest 1644319 0 ysuzuki 2020-04-22 08:56:27 -0700 I've crafted the custom build of JSC, and found this. Looking. 1644321 1 ysuzuki 2020-04-22 08:57:04 -0700 --useJIT=0 fails. This is C++ runtime bug. 1644322 2 ysuzuki 2020-04-22 08:57:11 -0700 (In reply to Yusuke Suzuki from comment #1) > --useJIT=0 fails. This is C++ runtime bug. Or LLInt. 1644340 3 397204 ysuzuki 2020-04-22 09:24:42 -0700 Created attachment 397204 Patch 1644344 4 397204 mark.lam 2020-04-22 09:29:10 -0700 Comment on attachment 397204 Patch r=me 1644365 5 397204 rmorisset 2020-04-22 10:03:37 -0700 Comment on attachment 397204 Patch good catch. r=me as well. 1644399 6 ysuzuki 2020-04-22 11:06:47 -0700 EWS gets green (failures are known ones). Landing. 1644401 7 ysuzuki 2020-04-22 11:12:44 -0700 Committed r260522: <https://trac.webkit.org/changeset/260522> 1644402 8 webkit-bug-importer 2020-04-22 11:13:16 -0700 <rdar://problem/62197537> 1644438 9 397204 saam 2020-04-22 12:38:47 -0700 Comment on attachment 397204 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=397204&action=review > Source/JavaScriptCore/runtime/JSCJSValue.cpp:315 > + out.print("BigInt[heap-allocated]: addr=", RawPointer(asCell()), ", length=", jsCast<JSBigInt*>(asCell())->length(), ", sign=", jsCast<JSBigInt*>(asCell())->sign()); nice. Maybe we could also just toString this? 1644586 10 397204 ysuzuki 2020-04-22 17:12:41 -0700 Comment on attachment 397204 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=397204&action=review >> Source/JavaScriptCore/runtime/JSCJSValue.cpp:315 >> + out.print("BigInt[heap-allocated]: addr=", RawPointer(asCell()), ", length=", jsCast<JSBigInt*>(asCell())->length(), ", sign=", jsCast<JSBigInt*>(asCell())->sign()); > > nice. Maybe we could also just toString this? Sounds good. Let's extend it! 397204 2020-04-22 09:24:42 -0700 2020-04-22 09:29:10 -0700 Patch bug-210860-20200422092441.patch text/plain 3914 ysuzuki U3VidmVyc2lvbiBSZXZpc2lvbjogMjYwNTEyCmRpZmYgLS1naXQgYS9Tb3VyY2UvSmF2YVNjcmlw dENvcmUvQ2hhbmdlTG9nIGIvU291cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwppbmRleCAx MWE3N2IyNGJiZWE0NTFkZWU2ZTE1ZDE2YTEzMzhkZjY0ZDE0ZTkwLi4wNjIxMjg3YTczZTVlMDMx ZjE4ZDRjOTM5MDI2YjZjODBiNzQ1NDJjIDEwMDY0NAotLS0gYS9Tb3VyY2UvSmF2YVNjcmlwdENv cmUvQ2hhbmdlTG9nCisrKyBiL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKQEAgLTEs MyArMSwxOCBAQAorMjAyMC0wNC0yMiAgWXVzdWtlIFN1enVraSAgPHlzdXp1a2lAYXBwbGUuY29t PgorCisgICAgICAgIFtKU0NdIEpTQmlnSW50IGluYyBvcGVyYXRpb24gZG9lcyBub3QgcHJvZHVj ZSByaWdodCBIZWFwQmlnSW50IHplcm8KKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcv c2hvd19idWcuY2dpP2lkPTIxMDg2MAorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09Q UyEpLgorCisgICAgICAgIEpTQmlnSW50OjppbmMgY2FuIHByb2R1Y2Ugc2lnbmVkIEhlYXBCaWdJ bnQgemVybywgd2hpY2ggaXMgbm90IG1lZXRpbmcgdGhlIGludmFyaWFudCBvZiBKU0JpZ0ludC4K KyAgICAgICAgVGhpcyBwYXRjaCBmaXhlcyBpdCBieSBjaGVja2luZyB6ZXJvIHN0YXR1cyBiZWZv cmUgc2V0dGluZyBgc2V0U2lnbih0cnVlKWAuCisKKyAgICAgICAgKiBydW50aW1lL0pTQmlnSW50 LmNwcDoKKyAgICAgICAgKEpTQzo6SlNCaWdJbnQ6OmluYyk6CisgICAgICAgICogcnVudGltZS9K U0NKU1ZhbHVlLmNwcDoKKyAgICAgICAgKEpTQzo6SlNWYWx1ZTo6ZHVtcEluQ29udGV4dEFzc3Vt aW5nU3RydWN0dXJlIGNvbnN0KToKKwogMjAyMC0wNC0yMiAgWXVzdWtlIFN1enVraSAgPHlzdXp1 a2lAYXBwbGUuY29tPgogCiAgICAgICAgIFtKU0NdIEFJIHJlc3VsdHMgb2YgQmlnSW50MzIgQml0 d2lzZSBzaGlmdCBvcGVyYXRpb24gZG9lcyBub3QgbWF0Y2ggdG8gcnVudGltZSByZXN1bHRzCmRp ZmYgLS1naXQgYS9Tb3VyY2UvSmF2YVNjcmlwdENvcmUvcnVudGltZS9KU0JpZ0ludC5jcHAgYi9T b3VyY2UvSmF2YVNjcmlwdENvcmUvcnVudGltZS9KU0JpZ0ludC5jcHAKaW5kZXggZDM5OTIzMWNl MDM3ZGFiMmY0ZWMwNGUxNGIyNDkwNDc2ZjUyNDRlYy4uZTg1ODhhMWQ5MzA5NmMxMzNkNjlkNWZj Nzk5NzRhYzgzNzU4ODUzNCAxMDA2NDQKLS0tIGEvU291cmNlL0phdmFTY3JpcHRDb3JlL3J1bnRp bWUvSlNCaWdJbnQuY3BwCisrKyBiL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9ydW50aW1lL0pTQmln SW50LmNwcApAQCAtNDQ2LDYgKzQ0Niw4IEBAIEpTQmlnSW50KiBKU0JpZ0ludDo6aW5jKEpTR2xv YmFsT2JqZWN0KiBnbG9iYWxPYmplY3QsIEpTQmlnSW50KiB4KQogICAgIGlmICgheC0+c2lnbigp KQogICAgICAgICByZXR1cm4gYWJzb2x1dGVBZGRPbmUoZ2xvYmFsT2JqZWN0LCB4LCBTaWduT3B0 aW9uOjpVbnNpZ25lZCk7CiAgICAgSlNCaWdJbnQqIHJlc3VsdCA9IGFic29sdXRlU3ViT25lKGds b2JhbE9iamVjdCwgeCwgeC0+bGVuZ3RoKCkpOworICAgIGlmIChyZXN1bHQtPmlzWmVybygpKQor ICAgICAgICByZXR1cm4gcmVzdWx0OwogICAgIHJlc3VsdC0+c2V0U2lnbih0cnVlKTsKICAgICBy ZXR1cm4gcmVzdWx0OwogfQpkaWZmIC0tZ2l0IGEvU291cmNlL0phdmFTY3JpcHRDb3JlL3J1bnRp bWUvSlNDSlNWYWx1ZS5jcHAgYi9Tb3VyY2UvSmF2YVNjcmlwdENvcmUvcnVudGltZS9KU0NKU1Zh bHVlLmNwcAppbmRleCA4ZjdlYmZiMTUxNGM2ZGVjMjllMzQyODk0ZWM0ZmY0OWZkYWU5OGIzLi5l ODlhMjJjZjA2Yzg0YjA5YTZhY2M5MDEwNTA0MjU4Mzk2MjNmZDhkIDEwMDY0NAotLS0gYS9Tb3Vy Y2UvSmF2YVNjcmlwdENvcmUvcnVudGltZS9KU0NKU1ZhbHVlLmNwcAorKysgYi9Tb3VyY2UvSmF2 YVNjcmlwdENvcmUvcnVudGltZS9KU0NKU1ZhbHVlLmNwcApAQCAtMzEyLDcgKzMxMiw3IEBAIHZv aWQgSlNWYWx1ZTo6ZHVtcEluQ29udGV4dEFzc3VtaW5nU3RydWN0dXJlKAogICAgICAgICBlbHNl IGlmIChzdHJ1Y3R1cmUtPmNsYXNzSW5mbygpLT5pc1N1YkNsYXNzT2YoU3RydWN0dXJlOjppbmZv KCkpKQogICAgICAgICAgICAgb3V0LnByaW50KCJTdHJ1Y3R1cmU6ICIsIGluQ29udGV4dCgqanND YXN0PFN0cnVjdHVyZSo+KGFzQ2VsbCgpKSwgY29udGV4dCkpOwogICAgICAgICBlbHNlIGlmIChp c0hlYXBCaWdJbnQoKSkKLSAgICAgICAgICAgIG91dC5wcmludCgiQmlnSW50W2hlYXAtYWxsb2Nh dGVkXTogYWRkcj0iLCBSYXdQb2ludGVyKGFzQ2VsbCgpKSk7CisgICAgICAgICAgICBvdXQucHJp bnQoIkJpZ0ludFtoZWFwLWFsbG9jYXRlZF06IGFkZHI9IiwgUmF3UG9pbnRlcihhc0NlbGwoKSks ICIsIGxlbmd0aD0iLCBqc0Nhc3Q8SlNCaWdJbnQqPihhc0NlbGwoKSktPmxlbmd0aCgpLCAiLCBz aWduPSIsIGpzQ2FzdDxKU0JpZ0ludCo+KGFzQ2VsbCgpKS0+c2lnbigpKTsKICAgICAgICAgZWxz ZSBpZiAoc3RydWN0dXJlLT5jbGFzc0luZm8oKS0+aXNTdWJDbGFzc09mKEpTT2JqZWN0OjppbmZv KCkpKSB7CiAgICAgICAgICAgICBvdXQucHJpbnQoIk9iamVjdDogIiwgUmF3UG9pbnRlcihhc0Nl bGwoKSkpOwogICAgICAgICAgICAgb3V0LnByaW50KCIgd2l0aCBidXR0ZXJmbHkgIiwgUmF3UG9p bnRlcihhc09iamVjdChhc0NlbGwoKSktPmJ1dHRlcmZseSgpKSk7CmRpZmYgLS1naXQgYS9KU1Rl c3RzL0NoYW5nZUxvZyBiL0pTVGVzdHMvQ2hhbmdlTG9nCmluZGV4IDY2YWQ2MTliZTU1YmZjMzM5 ZDRhZTc1MTI5MzU1NWIxYzljZWU2YzguLmZmMDEyZTRjMGU3MGI4NWQ3ZjVhYWQ4NzIwZDhiMDk4 ZGYxN2U2ZWEgMTAwNjQ0Ci0tLSBhL0pTVGVzdHMvQ2hhbmdlTG9nCisrKyBiL0pTVGVzdHMvQ2hh bmdlTG9nCkBAIC0xLDMgKzEsMTMgQEAKKzIwMjAtMDQtMjIgIFl1c3VrZSBTdXp1a2kgIDx5c3V6 dWtpQGFwcGxlLmNvbT4KKworICAgICAgICBbSlNDXSBKU0JpZ0ludCBpbmMgb3BlcmF0aW9uIGRv ZXMgbm90IHByb2R1Y2UgcmlnaHQgSGVhcEJpZ0ludCB6ZXJvCisgICAgICAgIGh0dHBzOi8vYnVn cy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0yMTA4NjAKKworICAgICAgICBSZXZpZXdlZCBi eSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICAqIHN0cmVzcy9iaWdpbnQtemVyby1jYW5vbmlj YWxpemVkLmpzOiBBZGRlZC4KKyAgICAgICAgKHNob3VsZEJlKToKKwogMjAyMC0wNC0yMiAgWXVz dWtlIFN1enVraSAgPHlzdXp1a2lAYXBwbGUuY29tPgogCiAgICAgICAgIFtKU0NdIEFJIHJlc3Vs dHMgb2YgQmlnSW50MzIgQml0d2lzZSBzaGlmdCBvcGVyYXRpb24gZG9lcyBub3QgbWF0Y2ggdG8g cnVudGltZSByZXN1bHRzCmRpZmYgLS1naXQgYS9KU1Rlc3RzL3N0cmVzcy9iaWdpbnQtemVyby1j YW5vbmljYWxpemVkLmpzIGIvSlNUZXN0cy9zdHJlc3MvYmlnaW50LXplcm8tY2Fub25pY2FsaXpl ZC5qcwpuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwLi42ZTRlZjhhZmQ3NGFiNmEzMjM4N2U1MDE5ZjJmMjBkMWU1MGMxNThh Ci0tLSAvZGV2L251bGwKKysrIGIvSlNUZXN0cy9zdHJlc3MvYmlnaW50LXplcm8tY2Fub25pY2Fs aXplZC5qcwpAQCAtMCwwICsxLDEwIEBACitmdW5jdGlvbiBzaG91bGRCZShhY3R1YWwsIGV4cGVj dGVkKSB7CisgICAgaWYgKGFjdHVhbCAhPT0gZXhwZWN0ZWQpCisgICAgICAgIHRocm93IG5ldyBF cnJvcignYmFkIHZhbHVlOiAnICsgYWN0dWFsKTsKK30KKwordmFyIHplcm8xID0gY3JlYXRlSGVh cEJpZ0ludCgwbik7Cit2YXIgemVybzIgPSBjcmVhdGVIZWFwQmlnSW50KC0xbik7Cit6ZXJvMisr OworCitzaG91bGRCZSh6ZXJvMSA9PT0gemVybzIsIHRydWUpOwo=