66426 2011-08-17 16:15:46 -0700 [jsfunfuzz] DFG speculative JIT does divide-by-zero checks incorrectly 2011-08-18 04:47:44 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) All All RESOLVED FIXED InRadar P2 Normal --- 1 fpizlo webkit-unassigned barraclough fpizlo ggaren jruderman msaboff oliver webkit.review.bot oldest_to_newest 452684 0 fpizlo 2011-08-17 16:15:46 -0700 The DFG speculative JIT's path for emitting an ArithMod does a divide-by-zero check on a potentially boxed integer by testing the full 64 bit value for zero. This will always succeed if the value is boxed. 452692 1 104270 fpizlo 2011-08-17 16:21:51 -0700 Created attachment 104270 the patch 452697 2 oliver 2011-08-17 16:23:35 -0700 <rdar://problem/9972530> 452958 3 104270 webkit.review.bot 2011-08-18 04:47:40 -0700 Comment on attachment 104270 the patch Clearing flags on attachment: 104270 Committed r93298: <http://trac.webkit.org/changeset/93298> 452959 4 webkit.review.bot 2011-08-18 04:47:44 -0700 All reviewed patches have been landed. Closing bug. 104270 2011-08-17 16:21:51 -0700 2011-08-18 04:47:40 -0700 the patch modbyzero_patch_1.diff text/plain 3774 fpizlo SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gOTMyNTcpCisrKyBTb3VyY2Uv SmF2YVNjcmlwdENvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTUgQEAK KzIwMTEtMDgtMTcgIEZpbGlwIFBpemxvICA8ZnBpemxvQGFwcGxlLmNvbT4KKworICAgICAgICBb anNmdW5mdXp6XSBERkcgc3BlY3VsYXRpdmUgSklUIGRvZXMgZGl2aWRlLWJ5LXplcm8gY2hlY2tz IGluY29ycmVjdGx5CisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNn aT9pZD02NjQyNgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorICAgICAg ICAKKyAgICAgICAgQ2hhbmdlZCB0aGUgYnJhbmNoVGVzdFB0ciB0byBicmFuY2hUZXN0MzIuCisK KyAgICAgICAgKiBkZmcvREZHU3BlY3VsYXRpdmVKSVQuY3BwOgorICAgICAgICAoSlNDOjpERkc6 OlNwZWN1bGF0aXZlSklUOjpjb21waWxlKToKKwogMjAxMS0wOC0xNyAgRmlsaXAgUGl6bG8gIDxm cGl6bG9AYXBwbGUuY29tPgogCiAgICAgICAgIEpTQyB2ZXJib3NlIGRlYnVnZ2luZyBvdXRwdXQg c29tZXRpbWVzIGRvZXNuJ3Qgd29yayBhcyBleHBlY3RlZC4KSW5kZXg6IFNvdXJjZS9KYXZhU2Ny aXB0Q29yZS9kZmcvREZHU3BlY3VsYXRpdmVKSVQuY3BwCj09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9K YXZhU2NyaXB0Q29yZS9kZmcvREZHU3BlY3VsYXRpdmVKSVQuY3BwCShyZXZpc2lvbiA5MzI0NikK KysrIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9kZmcvREZHU3BlY3VsYXRpdmVKSVQuY3BwCSh3b3Jr aW5nIGNvcHkpCkBAIC04MTIsNyArODEyLDcgQEAgdm9pZCBTcGVjdWxhdGl2ZUpJVDo6Y29tcGls ZShOb2RlJiBub2RlKQogICAgICAgICBHUFJSZWcgb3AxR3ByID0gb3AxLmdwcigpOwogICAgICAg ICBHUFJSZWcgb3AyR3ByID0gb3AyLmdwcigpOwogCi0gICAgICAgIHNwZWN1bGF0aW9uQ2hlY2so bV9qaXQuYnJhbmNoVGVzdFB0cihKSVRDb21waWxlcjo6WmVybywgb3AyR3ByKSk7CisgICAgICAg IHNwZWN1bGF0aW9uQ2hlY2sobV9qaXQuYnJhbmNoVGVzdDMyKEpJVENvbXBpbGVyOjpaZXJvLCBv cDJHcHIpKTsKIAogICAgICAgICBHUFJSZWcgdGVtcDIgPSBJbnZhbGlkR1BSUmVnOwogICAgICAg ICBpZiAob3AyR3ByID09IFg4NlJlZ2lzdGVyczo6ZWF4IHx8IG9wMkdwciA9PSBYODZSZWdpc3Rl cnM6OmVkeCkgewpJbmRleDogTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIExh eW91dFRlc3RzL0NoYW5nZUxvZwkocmV2aXNpb24gOTMyNTgpCisrKyBMYXlvdXRUZXN0cy9DaGFu Z2VMb2cJKHdvcmtpbmcgY29weSkKQEAgLTEsMyArMSwxOCBAQAorMjAxMS0wOC0xNyAgRmlsaXAg UGl6bG8gIDxmcGl6bG9AYXBwbGUuY29tPgorCisgICAgICAgIFtqc2Z1bmZ1enpdIERGRyBzcGVj dWxhdGl2ZSBKSVQgZG9lcyBkaXZpZGUtYnktemVybyBjaGVja3MgaW5jb3JyZWN0bHkKKyAgICAg ICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTY2NDI2CisKKyAgICAg ICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisgICAgICAgIAorICAgICAgICBBZGRlZCBh IHRyaXZpYWwgdGVzdCBvZiBtb2QtYnktemVybywgd2hpY2ggZmFpbHMgd2l0aCB0aGUgcHJldmlv dXMgdmVyc2lvbgorICAgICAgICBvZiB0aGUgREZHIHNwZWN1bGF0aXZlIEpJVC4KKworICAgICAg ICAqIGZhc3QvanMvbW9kLWJ5LXplcm8tZXhwZWN0ZWQudHh0OiBBZGRlZC4KKyAgICAgICAgKiBm YXN0L2pzL21vZC1ieS16ZXJvLmh0bWw6IEFkZGVkLgorICAgICAgICAqIGZhc3QvanMvc2NyaXB0 LXRlc3RzL21vZC1ieS16ZXJvLmpzOiBBZGRlZC4KKyAgICAgICAgKG1vZCk6CisKIDIwMTEtMDgt MTcgIFRvbnkgQ2hhbmcgIDx0b255QGNocm9taXVtLm9yZz4KIAogICAgICAgICBbY2hyb21pdW1d IHJlbW92ZSBzdGFsZSByZXN1bHQgYW5kIG1hcmsgMyBuZXcgYXV0aGVudGljYXRpb24gdGVzdHMg YXMKSW5kZXg6IExheW91dFRlc3RzL2Zhc3QvanMvbW9kLWJ5LXplcm8tZXhwZWN0ZWQudHh0Cj09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT0KLS0tIExheW91dFRlc3RzL2Zhc3QvanMvbW9kLWJ5LXplcm8tZXhwZWN0ZWQudHh0 CShyZXZpc2lvbiAwKQorKysgTGF5b3V0VGVzdHMvZmFzdC9qcy9tb2QtYnktemVyby1leHBlY3Rl ZC50eHQJKHJldmlzaW9uIDApCkBAIC0wLDAgKzEsMTAgQEAKK1RoaXMgdGVzdHMgdGhhdCBtb2R1 bG8gd2l0aCB6ZXJvIGRvZXMgbm90IGNyYXNoIGJ1dCByZXR1cm5zIE5hTi4KKworT24gc3VjY2Vz cywgeW91IHdpbGwgc2VlIGEgc2VyaWVzIG9mICJQQVNTIiBtZXNzYWdlcywgZm9sbG93ZWQgYnkg IlRFU1QgQ09NUExFVEUiLgorCisKK1BBU1MgbW9kKDApIGlzIE5hTgorUEFTUyBzdWNjZXNzZnVs bHlQYXJzZWQgaXMgdHJ1ZQorCitURVNUIENPTVBMRVRFCisKSW5kZXg6IExheW91dFRlc3RzL2Zh c3QvanMvbW9kLWJ5LXplcm8uaHRtbAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9mYXN0L2pz L21vZC1ieS16ZXJvLmh0bWwJKHJldmlzaW9uIDApCisrKyBMYXlvdXRUZXN0cy9mYXN0L2pzL21v ZC1ieS16ZXJvLmh0bWwJKHJldmlzaW9uIDApCkBAIC0wLDAgKzEsMTMgQEAKKzwhRE9DVFlQRSBI VE1MIFBVQkxJQyAiLS8vSUVURi8vRFREIEhUTUwvL0VOIj4KKzxodG1sPgorPGhlYWQ+Cis8bGlu ayByZWw9InN0eWxlc2hlZXQiIGhyZWY9InJlc291cmNlcy9qcy10ZXN0LXN0eWxlLmNzcyI+Cis8 c2NyaXB0IHNyYz0icmVzb3VyY2VzL2pzLXRlc3QtcHJlLmpzIj48L3NjcmlwdD4KKzwvaGVhZD4K Kzxib2R5PgorPHAgaWQ9ImRlc2NyaXB0aW9uIj48L3A+Cis8ZGl2IGlkPSJjb25zb2xlIj48L2Rp dj4KKzxzY3JpcHQgc3JjPSJzY3JpcHQtdGVzdHMvbW9kLWJ5LXplcm8uanMiPjwvc2NyaXB0Pgor PHNjcmlwdCBzcmM9InJlc291cmNlcy9qcy10ZXN0LXBvc3QuanMiPjwvc2NyaXB0PgorPC9ib2R5 PgorPC9odG1sPgpJbmRleDogTGF5b3V0VGVzdHMvZmFzdC9qcy9zY3JpcHQtdGVzdHMvbW9kLWJ5 LXplcm8uanMKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PQotLS0gTGF5b3V0VGVzdHMvZmFzdC9qcy9zY3JpcHQtdGVzdHMv bW9kLWJ5LXplcm8uanMJKHJldmlzaW9uIDApCisrKyBMYXlvdXRUZXN0cy9mYXN0L2pzL3Njcmlw dC10ZXN0cy9tb2QtYnktemVyby5qcwkocmV2aXNpb24gMCkKQEAgLTAsMCArMSwxMSBAQAorZGVz Y3JpcHRpb24oCisiVGhpcyB0ZXN0cyB0aGF0IG1vZHVsbyB3aXRoIHplcm8gZG9lcyBub3QgY3Jh c2ggYnV0IHJldHVybnMgTmFOLiIKKyk7CisKK2Z1bmN0aW9uIG1vZChiKSB7CisgICAgcmV0dXJu IGIlYjsKK30KKworc2hvdWxkQmVOYU4oIm1vZCgwKSIpOworCit2YXIgc3VjY2Vzc2Z1bGx5UGFy c2VkID0gdHJ1ZTsK