Title: [199025] trunk/Source/_javascript_Core
Revision
199025
Author
[email protected]
Date
2016-04-04 15:12:23 -0700 (Mon, 04 Apr 2016)

Log Message

[JSC][x86] Fix an assertion in MacroAssembler::branch8()
https://bugs.webkit.org/show_bug.cgi?id=156181

Patch by Benjamin Poulain <[email protected]> on 2016-04-04
Reviewed by Geoffrey Garen.

* assembler/MacroAssemblerX86Common.h:
(JSC::MacroAssemblerX86Common::branch8):
The test was wrong because valid negative numbers have ones
in the top bits.

I replaced the assertion to be explicit about the valid range.

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (199024 => 199025)


--- trunk/Source/_javascript_Core/ChangeLog	2016-04-04 22:10:50 UTC (rev 199024)
+++ trunk/Source/_javascript_Core/ChangeLog	2016-04-04 22:12:23 UTC (rev 199025)
@@ -1,3 +1,17 @@
+2016-04-04  Benjamin Poulain  <[email protected]>
+
+        [JSC][x86] Fix an assertion in MacroAssembler::branch8()
+        https://bugs.webkit.org/show_bug.cgi?id=156181
+
+        Reviewed by Geoffrey Garen.
+
+        * assembler/MacroAssemblerX86Common.h:
+        (JSC::MacroAssemblerX86Common::branch8):
+        The test was wrong because valid negative numbers have ones
+        in the top bits.
+
+        I replaced the assertion to be explicit about the valid range.
+
 2016-04-04  Chris Dumez  <[email protected]>
 
         Regression(r196145): Crash in getOwnPropertyDescriptor on http://www.history.com/shows/vikings

Modified: trunk/Source/_javascript_Core/assembler/MacroAssemblerX86Common.h (199024 => 199025)


--- trunk/Source/_javascript_Core/assembler/MacroAssemblerX86Common.h	2016-04-04 22:10:50 UTC (rev 199024)
+++ trunk/Source/_javascript_Core/assembler/MacroAssemblerX86Common.h	2016-04-04 22:12:23 UTC (rev 199025)
@@ -2228,7 +2228,7 @@
 
     Jump branch8(RelationalCondition cond, BaseIndex left, TrustedImm32 right)
     {
-        ASSERT(!(right.m_value & 0xFFFFFF00));
+        ASSERT(std::numeric_limits<int8_t>::min() <= right.m_value && right.m_value <= std::numeric_limits<int8_t>::max());
 
         m_assembler.cmpb_im(right.m_value, left.offset, left.base, left.index, left.scale);
         return Jump(m_assembler.jCC(x86Condition(cond)));
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to