RESOLVED FIXED 187537
DFG JIT: compileMathIC produces incorrect machine code 
https://bugs.webkit.org/show_bug.cgi?id=187537
Summary DFG JIT: compileMathIC produces incorrect machine code
Michael Saboff
Reported 2018-07-10 16:02:18 PDT
When handling ArithMult in the DFG in some cases with a constant value, we can end up JITMulGenerator::generateInline() without selecting a register. This causes JITMulGenerator::generateInline() to generate bad code.
Attachments
Patch (3.31 KB, patch)
2018-07-10 16:18 PDT, Michael Saboff 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Michael Saboff
Comment 1 2018-07-10 16:02:42 PDT
<rdar://problem/41952158>
Michael Saboff
Comment 2 2018-07-10 16:18:15 PDT
Created attachment 344731 [details] Patch
Saam Barati
Comment 3 2018-07-10 17:01:06 PDT
Comment on attachment 344731 [details] Patch r=me
Saam Barati
Comment 4 2018-07-10 17:01:31 PDT
Comment on attachment 344731 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=344731&action=review > Source/JavaScriptCore/jit/JITMulGenerator.cpp:54 > + ASSERT(m_left); > + ASSERT(m_right); Maybe RELEASE_ASSERT? Maybe we can do this for the other generators as well?
WebKit Commit Bot
Comment 5 2018-07-10 17:35:09 PDT
Comment on attachment 344731 [details] Patch Clearing flags on attachment: 344731 Committed r233716: <https://trac.webkit.org/changeset/233716>
WebKit Commit Bot
Comment 6 2018-07-10 17:35:10 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.