Bug 275939

Summary:	Negative exponent exception for BigInt not thrown in JIT compiler
Product:	WebKit	Reporter:	GuY <q602706150>
Component:	JavaScriptCore	Assignee:	Yijia Huang <yijia_huang>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	mark.lam, webkit-bug-importer, yijia_huang, ysuzuki
Priority:	P2	Keywords:	InRadar
Version:	WebKit Local Build
Hardware:	Unspecified
OS:	All

GuY

Reported 2024-06-26 21:03:44 PDT

The following script should output 10 lines of same result. ``` function opt() { try { 1n ** -1n; } catch (e) { return e } return 0; } for (let i = 0; i < 10; i++) { print(opt()) } ``` Actual output: ``` RangeError: Negative exponent is not allowed RangeError: Negative exponent is not allowed RangeError: Negative exponent is not allowed RangeError: Negative exponent is not allowed RangeError: Negative exponent is not allowed RangeError: Negative exponent is not allowed RangeError: Negative exponent is not allowed 0 0 0 ``` run args: cmake-build-debug/bin/jsc --useConcurrentJIT=0 --jitPolicyScale=0.00005 ./test.js commit id: 47fe298829ac629f561518641b7e6bc4069cb09b

Attachments
Add attachment proposed patch, testcase, etc.

Alexey Proskuryakov

Comment 1 2024-06-28 18:03:35 PDT

I can reproduce this on macOS 14.6 beta.

GuY

Comment 2 2024-07-02 20:24:33 PDT

The same problem happens on div operator. ``` function opt() { try { 0n / 0n } catch (e) { return e } return 0; } for (let i = 0; i < 10; i++) { print(opt()) } ``` Actual output: ``` RangeError: 0 is an invalid divisor value. RangeError: 0 is an invalid divisor value. RangeError: 0 is an invalid divisor value. RangeError: 0 is an invalid divisor value. RangeError: 0 is an invalid divisor value. RangeError: 0 is an invalid divisor value. RangeError: 0 is an invalid divisor value. 0 0 0 ``` seems that some `Node` that have side effect were removed, because no one was using them.

Radar WebKit Bug Importer

Comment 3 2024-07-03 07:47:57 PDT

<rdar://problem/131051084>

Yijia Huang

Comment 4 2024-07-09 14:41:09 PDT

Pull request: https://github.com/WebKit/WebKit/pull/30620

Yijia Huang

Comment 5 2024-07-10 14:57:11 PDT

*** Bug 276435 has been marked as a duplicate of this bug. ***

EWS

Comment 6 2024-07-10 18:32:47 PDT

Committed 280841@main (02429197cd90): <https://commits.webkit.org/280841@main> Reviewed commits have been landed. Closing PR #30620 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.