Bug 228068

Summary: Compiler Incorrect Optimization
Product: WebKit Reporter: zhiyi <vulbugs>
Component: JavaScriptCoreAssignee: Mark Lam <mark.lam>
Status: RESOLVED FIXED    
Severity: Normal CC: ews-watchlist, fpizlo, keith_miller, mark.lam, msaboff, saam, tzagallo, vulbugs, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
proposed patch.
ysuzuki: review+
patch for landing. none

zhiyi
Reported 2021-07-18 19:59:14 PDT
OS: ubuntu18.04 Architecture: <x64> ./jsc bug.js expected output -Infinity -Infinity actual output -Infinity Infinity bug.js ################################## function f() { v0 = (-0.0).toLocaleString(); return parseInt(v0); } let a0 = f(); print(1 / a0); for (let i = 0; i < 0x1000; i++) { f(); } let a3 = f(); print(1 / a3);
Attachments
proposed patch. (2.68 KB, patch)
2021-07-19 15:31 PDT, Mark Lam 		ysuzuki: review+
DetailsFormatted DiffDiff
patch for landing. (2.58 KB, patch)
2021-07-19 15:44 PDT, Mark Lam 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2021-07-19 09:44:59 PDT
<rdar://problem/80788603>
Mark Lam
Comment 2 2021-07-19 15:31:39 PDT
Created attachment 433828 [details] proposed patch.
Yusuke Suzuki
Comment 3 2021-07-19 15:35:10 PDT
Comment on attachment 433828 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=433828&action=review > Source/JavaScriptCore/dfg/DFGOperations.cpp:206 > + if (static_cast<double>(asInt) == input) { > + if (asInt || !std::signbit(input)) I think it is worth putting `LIKELY`. if (LIKELY(static_cast<double>(asInt) == input && (asInt || !std::signbit(input)))) return JSValue::encode(jsNumber(asInt));
Mark Lam
Comment 4 2021-07-19 15:36:22 PDT
(In reply to Yusuke Suzuki from comment #3) > Comment on attachment 433828 [details] > proposed patch. > > View in context: > https://bugs.webkit.org/attachment.cgi?id=433828&action=review > > > Source/JavaScriptCore/dfg/DFGOperations.cpp:206 > > + if (static_cast<double>(asInt) == input) { > > + if (asInt || !std::signbit(input)) > > I think it is worth putting `LIKELY`. > > if (LIKELY(static_cast<double>(asInt) == input && (asInt || > !std::signbit(input)))) > return JSValue::encode(jsNumber(asInt)); OK, will do.
Mark Lam
Comment 5 2021-07-19 15:44:25 PDT
Created attachment 433830 [details] patch for landing.
Mark Lam
Comment 6 2021-07-19 17:49:45 PDT
Thanks for the review. Landed in r280060: <http://trac.webkit.org/r280060>.
Note You need to log in before you can comment on or make changes to this bug.