Bug 126612 - CStack Branch: ARM64 DFG produces the wrong answer for X % 0
Summary: CStack Branch: ARM64 DFG produces the wrong answer for X % 0
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Michael Saboff
URL:
Keywords:
Depends on:
Blocks: 126172
  Show dependency treegraph
 
Reported: 2014-01-07 18:35 PST by Michael Saboff
Modified: 2014-01-08 08:11 PST (History)
0 users

See Also:

Attachments
Patch (3.42 KB, patch)
2014-01-07 19:37 PST, Michael Saboff 		ggaren: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Saboff 2014-01-07 18:35:45 PST 
When running the test js/script-tests/dfg-mod-by-zero-and-then-or-zero-interesting-reg-alloc.js, the DFG generated code for ARM64 mod produces the wrong answer for X % 0.

The function foo is defined as:
function foo(c, d, a, b) {
    return (c + d) + ((a % b) | 0);
}

Here is partial test output, the transition to DFG generated code is where the errors start.
...
PASS foo(0, 0, 76, 0) is 0
PASS foo(0, 0, 77, 0) is 0
PASS foo(0, 0, 78, 0) is 0
PASS foo(0, 0, 79, 0) is 0
FAIL foo(0, 0, 80, 0) should be 0. Was 80.
FAIL foo(0, 0, 81, 0) should be 0. Was 81.
FAIL foo(0, 0, 82, 0) should be 0. Was 82.
FAIL foo(0, 0, 83, 0) should be 0. Was 83.
FAIL foo(0, 0, 84, 0) should be 0. Was 84.
FAIL foo(0, 0, 85, 0) should be 0. Was 85.
FAIL foo(0, 0, 86, 0) should be 0. Was 86.
...

We aren't properly handling the case of X % 0.  It should be NaN or 0 is we know we'll use the result as an Int32.
Comment 1 Michael Saboff 2014-01-07 19:37:28 PST 
Created attachment 220583 [details]
Patch
Comment 2 Geoffrey Garen 2014-01-07 21:59:29 PST 
Comment on attachment 220583 [details]
Patch

r=me
Comment 3 Michael Saboff 2014-01-08 08:11:37 PST 
Committed r161504: <http://trac.webkit.org/changeset/161504>