[Webkit-unassigned] [Bug 203406] Chakracore test max.js broken in armv7 and mips builds of JSC
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Nov 21 02:30:26 PST 2019
https://bugs.webkit.org/show_bug.cgi?id=203406
--- Comment #8 from Xan Lopez <xan.lopez at gmail.com> ---
Hey, a bit more info about this:
On x86-64 what's happening is that with the eager parameters we optimize the Math.max call, using what's in DFGSpeculativeJIT. For that platform the Math.max check is done with two comparisons, using the UCOMISD instruction. This instruction says 0.0 and -0.0 are equal, so the function just returns whatever value (which randomly turns out to be -0.0). This is wrong and gives us the -Infinity.
(I have not checked but I assume something similar is happening in other architectures)
A couple of questions:
- I assume the fact that the DFG Math.max cannot do this properly is intentional? The code has been there for a while. In that case I suppose the bug is that we end up there.
- If it's not intentional I guess we just figured out and need to change it.
- I really don't understand how the BytecodeIndex patch ended up causing this.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191121/8ccd6d7d/attachment-0001.htm>
More information about the webkit-unassigned
mailing list