Bug 126612

Summary: CStack Branch: ARM64 DFG produces the wrong answer for X % 0
Product: WebKit Reporter: Michael Saboff <msaboff>
Component: JavaScriptCoreAssignee: Michael Saboff <msaboff>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Bug Depends on:    
Bug Blocks: 126172    
Attachments:
Description Flags
Patch ggaren: review+

Michael Saboff
Reported 2014-01-07 18:35:45 PST
When running the test js/script-tests/dfg-mod-by-zero-and-then-or-zero-interesting-reg-alloc.js, the DFG generated code for ARM64 mod produces the wrong answer for X % 0. The function foo is defined as: function foo(c, d, a, b) { return (c + d) + ((a % b) | 0); } Here is partial test output, the transition to DFG generated code is where the errors start. ... PASS foo(0, 0, 76, 0) is 0 PASS foo(0, 0, 77, 0) is 0 PASS foo(0, 0, 78, 0) is 0 PASS foo(0, 0, 79, 0) is 0 FAIL foo(0, 0, 80, 0) should be 0. Was 80. FAIL foo(0, 0, 81, 0) should be 0. Was 81. FAIL foo(0, 0, 82, 0) should be 0. Was 82. FAIL foo(0, 0, 83, 0) should be 0. Was 83. FAIL foo(0, 0, 84, 0) should be 0. Was 84. FAIL foo(0, 0, 85, 0) should be 0. Was 85. FAIL foo(0, 0, 86, 0) should be 0. Was 86. ... We aren't properly handling the case of X % 0. It should be NaN or 0 is we know we'll use the result as an Int32.
Attachments
Patch (3.42 KB, patch)
2014-01-07 19:37 PST, Michael Saboff 		ggaren: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Michael Saboff
Comment 1 2014-01-07 19:37:28 PST
Created attachment 220583 [details] Patch
Geoffrey Garen
Comment 2 2014-01-07 21:59:29 PST
Comment on attachment 220583 [details] Patch r=me
Michael Saboff
Comment 3 2014-01-08 08:11:37 PST
Committed r161504: <http://trac.webkit.org/changeset/161504>
Note You need to log in before you can comment on or make changes to this bug.