WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
39034
String Indexing Failure on JSVALUE32 targets
https://bugs.webkit.org/show_bug.cgi?id=39034
Summary
String Indexing Failure on JSVALUE32 targets
Chao-ying Fu
Reported
2010-05-12 17:00:44 PDT
From today's testing, I got two regressions on MIPS. ecma_3/Date/15.9.5.4.js ecma_3/Function/regress-58274.js 2 regressions found. 0 tests fixed. The string access is not correct, if I access from the beginning a[0], a[1], a[2], .... Ex 1: # ./jsc
> a="01"
01
> a[0]
0
> a[1]
0 <--- THIS IS WRONG!
> a[2]
undefined Ex 2: # ./jsc
> a="01"
01
> a[2]
undefined
> a[1]
1 <--- THIS IS CORRECT!
> a[0]
0 From debugging, I think the code in JIT::stringGetByValStubGenerator() may contain redundant code. Ex: ... #if USE(JSVALUE64) jit.zeroExtend32ToPtr(regT1, regT1); #else jit.emitFastArithImmToInt(regT1); #endif ... The same code appears in "JIT::emit_op_get_by_val()". So, we may execute one more time in stringGetByValStubGenerator(). I need to comment out jit.emitFastArithImmToInt(regT1) for MIPS to fix two new regressions. Otherwise, regT1 is shifted right by 1 bit (twice) and the index to a string is wrong. I will post a patch soon. Thanks a lot!
Attachments
Remove zero-extend/shift-right on regT1
(1.48 KB, patch)
2010-05-12 18:26 PDT
,
Chao-ying Fu
no flags
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Chao-ying Fu
Comment 1
2010-05-12 18:26:56 PDT
Created
attachment 55924
[details]
Remove zero-extend/shift-right on regT1 Tested it on MIPS. 0 regressions found. 0 tests fixed. OK. For other platforms, people need to test it. Thanks!
Oliver Hunt
Comment 2
2010-05-12 18:39:13 PDT
Comment on
attachment 55924
[details]
Remove zero-extend/shift-right on regT1 r=me
WebKit Commit Bot
Comment 3
2010-05-14 05:40:04 PDT
Comment on
attachment 55924
[details]
Remove zero-extend/shift-right on regT1 Clearing flags on attachment: 55924 Committed
r59469
: <
http://trac.webkit.org/changeset/59469
>
WebKit Commit Bot
Comment 4
2010-05-14 05:40:08 PDT
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug