[Webkit-unassigned] [Bug 119794] [DFG] isDouble(edge.useKind()) assertion fail
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Aug 16 02:37:55 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=119794
--- Comment #7 from Julien Brianceau <jbrianceau at nds.com> 2013-08-16 02:37:28 PST ---
(In reply to comment #4)
> (From update of attachment 208715 [details])
> Let's land this puppy. But please add a layout test if at all possible.
Many layout tests are already covering this issue. For instance:
- LayoutTests/fast/js/dfg-mod-by-neg1-and-then-or-zero-interesting-reg-alloc.js
- LayoutTests/fast/js/dfg-mod-by-zero-and-then-or-zero-interesting-reg-alloc.js
- LayoutTests/fast/js/dfg-mod-neg2tothe31-by-one-and-then-or-zero-with-interesting-reg-alloc.js
Most of the SunSpider 1.0 tests too:
- SunSpider/tests/sunspider-1.0/3d-raytrace.js
- SunSpider/tests/sunspider-1.0/crypto-aes.js
- SunSpider/tests/sunspider-1.0/crypto-md5.js
- SunSpider/tests/sunspider-1.0/crypto-sha1.js
- SunSpider/tests/sunspider-1.0/date-format-xparb.js
- SunSpider/tests/sunspider-1.0/string-base64.js
- SunSpider/tests/sunspider-1.0/string-fasta.js
- SunSpider/tests/sunspider-1.0/string-unpack-code.js
- SunSpider/tests/sunspider-1.0/string-validate-input.js
- SunSpider/tests/sunspider-1.0/math-spectral-norm.js
In fact, any test using modulo (ArithMod in DFGFixupPhase.cpp) on a debug build which is not X86 or ARMv7s will stimulate the issue. For instance, this dummy JavaScript test will stimulate it:
result = 0;
for (i=1; i<100000; i++) {
result += i;
result %= i;
}
Although the issue is already covered by many layout tests, do you think I should add another one ?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list