[Webkit-unassigned] [Bug 35842] New: -(-2147483648) turns to -2147483648 when enabled JSVALUE32_64 flag
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Mar 7 00:37:21 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=35842
Summary: -(-2147483648) turns to -2147483648 when enabled
JSVALUE32_64 flag
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
URL: http://browser.pcslab.com/cbat/f.php?r=189
OS/Version: Windows XP
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: astleychen at gmail.com
CC: ggaren at apple.com
Please refer to JS test page: http://browser.pcslab.com/cbat/f.php?r=189
The test case 177 asserts the operation "-(-2147483648) == 2147483648"
For Safari and latest WebKit nightly build will fail on this assertion.
After inspection by version comparison of nightly build, build #46683 gives the
correct result but #46726 fails on it.
Within the code change from #46683 to #46726, there is a critical change on
JSValue found on #46701,
-------------------
#46701
2009-08-02 Geoffrey Garen <ggaren at apple.com>
Reviewed by Mark Rowe.
Enabled JSVALUE32_64 by default on all platforms other than x86_64
(which uses JSVALUE64).
* wtf/Platform.h:
-------------------
Seems it's the root cause of the issue, since if I compile with
WTF_USE_JSVALUE32,
then I am able to get correct result.
If one compiles with JSVALUE32_64, the issue comes out.
And I found the assertion just happened if the value is exactly 2147483648.
I can't find the issue on Chrome, it could be the engine difference, V8.
Thanks.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list