RESOLVED FIXED 164786
WebAssembly: trap on bad division. 
https://bugs.webkit.org/show_bug.cgi?id=164786
Summary WebAssembly: trap on bad division.
Keith Miller
Reported 2016-11-15 13:03:47 PST
i.e. x / 0 or intMin / -1
Attachments
Patch (19.45 KB, patch)
2016-12-23 09:43 PST, Keith Miller 		no flags
DetailsFormatted DiffDiff
Patch (19.09 KB, patch)
2016-12-23 09:47 PST, Keith Miller 		no flags
DetailsFormatted DiffDiff
Patch (19.19 KB, patch)
2016-12-23 11:00 PST, Keith Miller 		mark.lam: review+
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2016-12-20 14:33:12 PST
<rdar://problem/29760386>
Keith Miller
Comment 2 2016-12-23 09:43:21 PST
Created attachment 297712 [details] Patch
Keith Miller
Comment 3 2016-12-23 09:47:11 PST
Created attachment 297713 [details] Patch
WebKit Commit Bot
Comment 4 2016-12-23 09:49:40 PST
This patch modifies one of the wasm.json files. Please ensure that any changes in one have been mirrored to the other. You can find the wasm.json files at "Source/JavaScriptCore/wasm/wasm.json" and "JSTests/wasm/wasm.json".
Mark Lam
Comment 5 2016-12-23 09:59:58 PST
Comment on attachment 297713 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=297713&action=review > Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp:1017 > + m_currentBlock->appendNew<Value>(m_proc, BitOr, Origin(), Should be BitAnd here.
Keith Miller
Comment 6 2016-12-23 11:00:06 PST
Created attachment 297717 [details] Patch
Mark Lam
Comment 7 2016-12-23 11:02:51 PST
Comment on attachment 297717 [details] Patch r=me
Keith Miller
Comment 8 2016-12-23 11:09:30 PST
Committed r210137: <http://trac.webkit.org/changeset/210137>
Saam Barati
Comment 9 2016-12-23 12:35:25 PST
Comment on attachment 297717 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=297717&action=review > Source/JavaScriptCore/wasm/WasmPlan.cpp:197 > + uint32_t threadCount = Options::useConcurrentJIT() ? WTF::numberOfProcessorCores() : 1; Nit: it might be worth just adding an option for this.
Saam Barati
Comment 10 2016-12-23 12:37:54 PST
Comment on attachment 297717 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=297717&action=review > Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp:1001 > + const B3::Type type = left->type(); Nit: might be worth asserting its Int32 or Int64
Note You need to log in before you can comment on or make changes to this bug.