Title: [161504] branches/jsCStack/Source/_javascript_Core
- Revision
- 161504
- Author
- msab...@apple.com
- Date
- 2014-01-08 08:15:29 -0800 (Wed, 08 Jan 2014)
Log Message
CStack Branch: ARM64 DFG produces the wrong answer for X % 0
https://bugs.webkit.org/show_bug.cgi?id=126612
Reviewed by Geoffrey Garen.
Added check for zero divisor. If shouldCheckOverflow() is true, the zero divisor
check is an overflow speculation check. If shouldCheckOverflow() is false, a
zero divisor causes us to set the result to 0.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileArithMod):
Modified Paths
Diff
Modified: branches/jsCStack/Source/_javascript_Core/ChangeLog (161503 => 161504)
--- branches/jsCStack/Source/_javascript_Core/ChangeLog 2014-01-08 16:02:32 UTC (rev 161503)
+++ branches/jsCStack/Source/_javascript_Core/ChangeLog 2014-01-08 16:15:29 UTC (rev 161504)
@@ -1,3 +1,17 @@
+2014-01-07 Michael Saboff <msab...@apple.com>
+
+ CStack Branch: ARM64 DFG produces the wrong answer for X % 0
+ https://bugs.webkit.org/show_bug.cgi?id=126612
+
+ Reviewed by Geoffrey Garen.
+
+ Added check for zero divisor. If shouldCheckOverflow() is true, the zero divisor
+ check is an overflow speculation check. If shouldCheckOverflow() is false, a
+ zero divisor causes us to set the result to 0.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileArithMod):
+
2014-01-07 Filip Pizlo <fpi...@apple.com>
Disable AVX in the FTL
Modified: branches/jsCStack/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (161503 => 161504)
--- branches/jsCStack/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2014-01-08 16:02:32 UTC (rev 161503)
+++ branches/jsCStack/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2014-01-08 16:15:29 UTC (rev 161504)
@@ -3476,6 +3476,17 @@
GPRReg quotientThenRemainderGPR = quotientThenRemainder.gpr();
GPRReg multiplyAnswerGPR = multiplyAnswer.gpr();
+ JITCompiler::JumpList done;
+
+ if (shouldCheckOverflow(node->arithMode()))
+ speculationCheck(Overflow, JSValueRegs(), 0, m_jit.branchTest32(JITCompiler::Zero, divisorGPR));
+ else {
+ JITCompiler::Jump denominatorNotZero = m_jit.branchTest32(JITCompiler::NonZero, divisorGPR);
+ m_jit.move(divisorGPR, quotientThenRemainderGPR);
+ done.append(m_jit.jump());
+ denominatorNotZero.link(&m_jit);
+ }
+
m_jit.assembler().sdiv(quotientThenRemainderGPR, dividendGPR, divisorGPR);
// FIXME: It seems like there are cases where we don't need this? What if we have
// arithMode() == Arith::Unchecked?
@@ -3492,6 +3503,8 @@
numeratorPositive.link(&m_jit);
}
+ done.link(&m_jit);
+
int32Result(quotientThenRemainderGPR, node);
#elif CPU(ARM64)
GPRTemporary temp(this);
@@ -3502,6 +3515,17 @@
GPRReg quotientThenRemainderGPR = quotientThenRemainder.gpr();
GPRReg multiplyAnswerGPR = multiplyAnswer.gpr();
+ JITCompiler::JumpList done;
+
+ if (shouldCheckOverflow(node->arithMode()))
+ speculationCheck(Overflow, JSValueRegs(), 0, m_jit.branchTest32(JITCompiler::Zero, divisorGPR));
+ else {
+ JITCompiler::Jump denominatorNotZero = m_jit.branchTest32(JITCompiler::NonZero, divisorGPR);
+ m_jit.move(divisorGPR, quotientThenRemainderGPR);
+ done.append(m_jit.jump());
+ denominatorNotZero.link(&m_jit);
+ }
+
m_jit.assembler().sdiv<32>(quotientThenRemainderGPR, dividendGPR, divisorGPR);
// FIXME: It seems like there are cases where we don't need this? What if we have
// arithMode() == Arith::Unchecked?
@@ -3518,6 +3542,8 @@
numeratorPositive.link(&m_jit);
}
+ done.link(&m_jit);
+
int32Result(quotientThenRemainderGPR, node);
#else // not architecture that can do integer division
RELEASE_ASSERT_NOT_REACHED();
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
