Bug 170473 - On ARM64, DFG::SpeculativeJIT::compileArithMod() failed to ensure result is of DataFormatInt32.
Summary: On ARM64, DFG::SpeculativeJIT::compileArithMod() failed to ensure result is o...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Local Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Mark Lam
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2017-04-04 14:50 PDT by Mark Lam
Modified: 2017-04-04 20:50 PDT (History)
7 users (show)

See Also:

Attachments
proposed patch. (4.62 KB, patch)
2017-04-04 15:28 PDT, Mark Lam 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Lam 2017-04-04 14:50:12 PDT 
In Unchecked mode, when DFG::SpeculativeJIT::compileArithMod() detects that the divisor is 0, it just returns the divisor as the result.  However, the result is expected to be of DataFormatIn32, but the divisor in this case is of DataFormatJSInt32.  The fix is to return an immediate 0 instead.

<rdar://problem/29912391>
Comment 1 Mark Lam 2017-04-04 15:28:36 PDT 
Created attachment 306217 [details]
proposed patch.
Comment 2 Mark Lam 2017-04-04 20:22:20 PDT 
Comment on attachment 306217 [details]
proposed patch.

Thanks for the review.  Landing now.
Comment 3 WebKit Commit Bot 2017-04-04 20:50:10 PDT 
Comment on attachment 306217 [details]
proposed patch.

Clearing flags on attachment: 306217

Committed r214927: <http://trac.webkit.org/changeset/214927>
Comment 4 WebKit Commit Bot 2017-04-04 20:50:12 PDT 
All reviewed patches have been landed.  Closing bug.