Title: [287235] trunk/Source/_javascript_Core
- Revision
- 287235
- Author
- mikh...@igalia.com
- Date
- 2021-12-18 22:30:39 -0800 (Sat, 18 Dec 2021)
Log Message
[JSC][32bit] Fix undefined behavior causing miscompilation with clang 13 on ARM
https://bugs.webkit.org/show_bug.cgi?id=234399
Reviewed by Yusuke Suzuki.
Compiling JSC with clang 13 on ARMv7 on linux was broken because clang
was marking the constant Infinity as poison during constant folding, if
either -O2 or -O3 were used, causing the constant to not being
initialized.
This patch removes the undefined behaviour by preventing the
static_cast to int32_t if the double is either inf or NaN.
* runtime/MathCommon.h:
(JSC::canBeInt32):
(JSC::canBeStrictInt32):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (287234 => 287235)
--- trunk/Source/_javascript_Core/ChangeLog 2021-12-19 03:38:04 UTC (rev 287234)
+++ trunk/Source/_javascript_Core/ChangeLog 2021-12-19 06:30:39 UTC (rev 287235)
@@ -1,3 +1,22 @@
+2021-12-18 Mikhail R. Gadelha <mikh...@igalia.com>
+
+ [JSC][32bit] Fix undefined behavior causing miscompilation with clang 13 on ARM
+ https://bugs.webkit.org/show_bug.cgi?id=234399
+
+ Reviewed by Yusuke Suzuki.
+
+ Compiling JSC with clang 13 on ARMv7 on linux was broken because clang
+ was marking the constant Infinity as poison during constant folding, if
+ either -O2 or -O3 were used, causing the constant to not being
+ initialized.
+
+ This patch removes the undefined behaviour by preventing the
+ static_cast to int32_t if the double is either inf or NaN.
+
+ * runtime/MathCommon.h:
+ (JSC::canBeInt32):
+ (JSC::canBeStrictInt32):
+
2021-12-18 Yusuke Suzuki <ysuz...@apple.com>
[JSC] Do not allocate m_bbqCallee and m_omgCallee until it becomes necessary
Modified: trunk/Source/_javascript_Core/runtime/MathCommon.h (287234 => 287235)
--- trunk/Source/_javascript_Core/runtime/MathCommon.h 2021-12-19 03:38:04 UTC (rev 287234)
+++ trunk/Source/_javascript_Core/runtime/MathCommon.h 2021-12-19 06:30:39 UTC (rev 287235)
@@ -213,7 +213,8 @@
ALWAYS_INLINE bool canBeStrictInt32(double value)
{
- // Note: while this behavior is undefined for NaN and inf, the subsequent statement will catch these cases.
+ if (std::isinf(value) || std::isnan(value))
+ return false;
const int32_t asInt32 = static_cast<int32_t>(value);
return !(asInt32 != value || (!asInt32 && std::signbit(value))); // true for -0.0
}
@@ -220,7 +221,8 @@
ALWAYS_INLINE bool canBeInt32(double value)
{
- // Note: Strictly speaking this is an undefined behavior.
+ if (std::isinf(value) || std::isnan(value))
+ return false;
return static_cast<int32_t>(value) == value;
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
