Ignore:
Timestamp:
Aug 18, 2011, 4:47:26 AM (14 years ago)
Author:
[email protected]
Message:

[jsfunfuzz] DFG speculative JIT does divide-by-zero checks incorrectly
https://bugs.webkit.org/show_bug.cgi?id=66426

Source/JavaScriptCore:

Reviewed by Oliver Hunt.

Changed the branchTestPtr to branchTest32.

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compile):

LayoutTests:

Reviewed by Oliver Hunt.

Added a trivial test of mod-by-zero, which fails with the previous version
of the DFG speculative JIT.

  • fast/js/mod-by-zero-expected.txt: Added.
  • fast/js/mod-by-zero.html: Added.
  • fast/js/script-tests/mod-by-zero.js: Added.

(mod):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ChangeLog

    r93277 r93298  
     12011-08-18  Filip Pizlo  <[email protected]>
     2
     3        [jsfunfuzz] DFG speculative JIT does divide-by-zero checks incorrectly
     4        https://bugs.webkit.org/show_bug.cgi?id=66426
     5
     6        Reviewed by Oliver Hunt.
     7       
     8        Changed the branchTestPtr to branchTest32.
     9
     10        * dfg/DFGSpeculativeJIT.cpp:
     11        (JSC::DFG::SpeculativeJIT::compile):
     12
    1132011-08-17  Thouraya ANDOLSI  <[email protected]>
    214
Note: See TracChangeset for help on using the changeset viewer.