151515 – [ARM64] stress/op_div.js is failing on some divide by 0 cases.

Bug 151515 - [ARM64] stress/op_div.js is failing on some divide by 0 cases.

Summary: [ARM64] stress/op_div.js is failing on some divide by 0 cases.

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	WebKit Local Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Mark Lam

URL:
Keywords:	InRadar

Depends on:
Blocks:	108645
	Show dependency tree / graph

Reported:	2015-11-20 14:15 PST by Mark Lam
Modified:	2015-11-30 08:57 PST (History)
CC List:	8 users (show)

See Also:

Attachments
proposed patch. (1.94 KB, patch) 2015-11-26 07:10 PST, Mark Lam	saam: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mark Lam 2015-11-20 14:15:39 PST

This newly added is exposing a latent bug somewhere in the ARM64 JITs.

Comment 1 Radar WebKit Bug Importer 2015-11-20 14:16:52 PST

<rdar://problem/23636074>

Comment 2 Mark Lam 2015-11-20 15:47:37 PST

The test has been temporarily skipped in r192708: <http://trac.webkit.org/r192708>.

Comment 3 Mark Lam 2015-11-26 07:10:30 PST

Created attachment 266186 [details]
proposed patch.

Comment 4 Saam Barati 2015-11-27 16:45:01 PST

Comment on attachment 266186 [details]
proposed patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=266186&action=review

LGTM

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:3560
> +            speculationCheck(Overflow, JSValueRegs(), 0, m_jit.branchTest32(MacroAssembler::Zero, op2GPR));

Style: I think this is nicer to read with "0 => nullptr"

Comment 5 Mark Lam 2015-11-30 08:57:45 PST

Thanks for the review.  I've changed the "0" to "nullptr".

Landed in r192795: <http://trac.webkit.org/r192795>.