[Webkit-unassigned] [Bug 35842] New: -(-2147483648) turns to -2147483648 when enabled JSVALUE32_64 flag

Sun Mar 7 00:37:21 PST 2010

https://bugs.webkit.org/show_bug.cgi?id=35842

           Summary: -(-2147483648) turns to -2147483648 when enabled
                    JSVALUE32_64 flag
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
               URL: http://browser.pcslab.com/cbat/f.php?r=189
        OS/Version: Windows XP
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: astleychen at gmail.com
                CC: ggaren at apple.com

Please refer to JS test page: http://browser.pcslab.com/cbat/f.php?r=189
The test case 177 asserts the operation "-(-2147483648) == 2147483648"
For Safari and latest WebKit nightly build will fail on this assertion.
After inspection by version comparison of nightly build, build #46683 gives the
correct result but #46726 fails on it.
Within the code change from #46683 to #46726, there is a critical change on
JSValue found on #46701,
-------------------
#46701
2009-08-02  Geoffrey Garen  <ggaren at apple.com>
        Reviewed by Mark Rowe.
        Enabled JSVALUE32_64 by default on all platforms other than x86_64
(which uses JSVALUE64).
        * wtf/Platform.h:
-------------------

Seems it's the root cause of the issue, since if I compile with
WTF_USE_JSVALUE32,
then I am able to get correct result.
If one compiles with JSVALUE32_64, the issue comes out.
And I found the assertion just happened if the value is exactly 2147483648.
I can't find the issue on Chrome, it could be the engine difference, V8.
Thanks.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.