| Summary: | CStack Branch: ARM64 DFG produces the wrong answer for X % 0 | ||||||
|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Michael Saboff <msaboff> | ||||
| Component: | JavaScriptCore | Assignee: | Michael Saboff <msaboff> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | Normal | ||||||
| Priority: | P2 | ||||||
| Version: | 528+ (Nightly build) | ||||||
| Hardware: | All | ||||||
| OS: | All | ||||||
| Bug Depends on: | |||||||
| Bug Blocks: | 126172 | ||||||
| Attachments: |
|
||||||
Created attachment 220583 [details]
Patch
Comment on attachment 220583 [details]
Patch
r=me
Committed r161504: <http://trac.webkit.org/changeset/161504> |
When running the test js/script-tests/dfg-mod-by-zero-and-then-or-zero-interesting-reg-alloc.js, the DFG generated code for ARM64 mod produces the wrong answer for X % 0. The function foo is defined as: function foo(c, d, a, b) { return (c + d) + ((a % b) | 0); } Here is partial test output, the transition to DFG generated code is where the errors start. ... PASS foo(0, 0, 76, 0) is 0 PASS foo(0, 0, 77, 0) is 0 PASS foo(0, 0, 78, 0) is 0 PASS foo(0, 0, 79, 0) is 0 FAIL foo(0, 0, 80, 0) should be 0. Was 80. FAIL foo(0, 0, 81, 0) should be 0. Was 81. FAIL foo(0, 0, 82, 0) should be 0. Was 82. FAIL foo(0, 0, 83, 0) should be 0. Was 83. FAIL foo(0, 0, 84, 0) should be 0. Was 84. FAIL foo(0, 0, 85, 0) should be 0. Was 85. FAIL foo(0, 0, 86, 0) should be 0. Was 86. ... We aren't properly handling the case of X % 0. It should be NaN or 0 is we know we'll use the result as an Int32.