Bug 151515

Summary: [ARM64] stress/op_div.js is failing on some divide by 0 cases.
Product: WebKit Reporter: Mark Lam <mark.lam>
Component: JavaScriptCoreAssignee: Mark Lam <mark.lam>
Status: RESOLVED FIXED    
Severity: Normal CC: benjamin, fpizlo, ggaren, keith_miller, msaboff, ossy, saam, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 108645    
Attachments:
Description Flags
proposed patch. saam: review+

Description Mark Lam 2015-11-20 14:15:39 PST
This newly added is exposing a latent bug somewhere in the ARM64 JITs.
Comment 1 Radar WebKit Bug Importer 2015-11-20 14:16:52 PST
<rdar://problem/23636074>
Comment 2 Mark Lam 2015-11-20 15:47:37 PST
The test has been temporarily skipped in r192708: <http://trac.webkit.org/r192708>.
Comment 3 Mark Lam 2015-11-26 07:10:30 PST
Created attachment 266186 [details]
proposed patch.
Comment 4 Saam Barati 2015-11-27 16:45:01 PST
Comment on attachment 266186 [details]
proposed patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=266186&action=review

LGTM

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:3560
> +            speculationCheck(Overflow, JSValueRegs(), 0, m_jit.branchTest32(MacroAssembler::Zero, op2GPR));

Style: I think this is nicer to read with "0 => nullptr"
Comment 5 Mark Lam 2015-11-30 08:57:45 PST
Thanks for the review.  I've changed the "0" to "nullptr".

Landed in r192795: <http://trac.webkit.org/r192795>.