[Webkit-unassigned] [Bug 170473] New: On ARM, DFG::SpeculativeJIT::compileArithMod() failed to ensure result is of DataFormatInt32.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Apr 4 14:50:12 PDT 2017


https://bugs.webkit.org/show_bug.cgi?id=170473

            Bug ID: 170473
           Summary: On ARM, DFG::SpeculativeJIT::compileArithMod() failed
                    to ensure result is of DataFormatInt32.
           Product: WebKit
           Version: WebKit Local Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mark.lam at apple.com

In Unchecked mode, when DFG::SpeculativeJIT::compileArithMod() detects that the divisor is 0, it just returns the divisor as the result.  However, the result is expected to be of DataFormatIn32, but the divisor in this case is of DataFormatJSInt32.  The fix is to return an immediate 0 instead.

<rdar://problem/29912391>

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170404/af80fcf9/attachment.html>


More information about the webkit-unassigned mailing list