Bug 210860 - [JSC] JSBigInt inc operation does not produce right HeapBigInt zero
Summary: [JSC] JSBigInt inc operation does not produce right HeapBigInt zero
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Yusuke Suzuki
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2020-04-22 08:56 PDT by Yusuke Suzuki
Modified: 2020-04-22 17:12 PDT (History)
8 users (show)

See Also:

Attachments
Patch (3.82 KB, patch)
2020-04-22 09:24 PDT, Yusuke Suzuki 		mark.lam: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Yusuke Suzuki 2020-04-22 08:56:27 PDT 
I've crafted the custom build of JSC, and found this.
Looking.
Comment 1 Yusuke Suzuki 2020-04-22 08:57:04 PDT 
--useJIT=0 fails. This is C++ runtime bug.
Comment 2 Yusuke Suzuki 2020-04-22 08:57:11 PDT 
(In reply to Yusuke Suzuki from comment #1)
> --useJIT=0 fails. This is C++ runtime bug.

Or LLInt.
Comment 3 Yusuke Suzuki 2020-04-22 09:24:42 PDT 
Created attachment 397204 [details]
Patch
Comment 4 Mark Lam 2020-04-22 09:29:10 PDT 
Comment on attachment 397204 [details]
Patch

r=me
Comment 5 Robin Morisset 2020-04-22 10:03:37 PDT 
Comment on attachment 397204 [details]
Patch

good catch. r=me as well.
Comment 6 Yusuke Suzuki 2020-04-22 11:06:47 PDT 
EWS gets green (failures are known ones). Landing.
Comment 7 Yusuke Suzuki 2020-04-22 11:12:44 PDT 
Committed r260522: <https://trac.webkit.org/changeset/260522>
Comment 8 Radar WebKit Bug Importer 2020-04-22 11:13:16 PDT 
<rdar://problem/62197537>
Comment 9 Saam Barati 2020-04-22 12:38:47 PDT 
Comment on attachment 397204 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=397204&action=review

> Source/JavaScriptCore/runtime/JSCJSValue.cpp:315
> +            out.print("BigInt[heap-allocated]: addr=", RawPointer(asCell()), ", length=", jsCast<JSBigInt*>(asCell())->length(), ", sign=", jsCast<JSBigInt*>(asCell())->sign());

nice. Maybe we could also just toString this?
Comment 10 Yusuke Suzuki 2020-04-22 17:12:41 PDT 
Comment on attachment 397204 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=397204&action=review

>> Source/JavaScriptCore/runtime/JSCJSValue.cpp:315
>> +            out.print("BigInt[heap-allocated]: addr=", RawPointer(asCell()), ", length=", jsCast<JSBigInt*>(asCell())->length(), ", sign=", jsCast<JSBigInt*>(asCell())->sign());
> 
> nice. Maybe we could also just toString this?

Sounds good. Let's extend it!