187537 2018-07-10 16:02:18 -0700 DFG JIT: compileMathIC produces incorrect machine code 2018-07-10 17:35:10 -0700 1 1 1 Unclassified WebKit JavaScriptCore WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 msaboff msaboff commit-queue ews-watchlist keith_miller mark.lam saam webkit-bug-importer oldest_to_newest 1440999 0 msaboff 2018-07-10 16:02:18 -0700 When handling ArithMult in the DFG in some cases with a constant value, we can end up JITMulGenerator::generateInline() without selecting a register. This causes JITMulGenerator::generateInline() to generate bad code. 1441000 1 msaboff 2018-07-10 16:02:42 -0700 <rdar://problem/41952158> 1441007 2 344731 msaboff 2018-07-10 16:18:15 -0700 Created attachment 344731 Patch 1441021 3 344731 saam 2018-07-10 17:01:06 -0700 Comment on attachment 344731 Patch r=me 1441022 4 344731 saam 2018-07-10 17:01:31 -0700 Comment on attachment 344731 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=344731&action=review > Source/JavaScriptCore/jit/JITMulGenerator.cpp:54 > + ASSERT(m_left); > + ASSERT(m_right); Maybe RELEASE_ASSERT? Maybe we can do this for the other generators as well? 1441042 5 344731 commit-queue 2018-07-10 17:35:09 -0700 Comment on attachment 344731 Patch Clearing flags on attachment: 344731 Committed r233716: <https://trac.webkit.org/changeset/233716> 1441043 6 commit-queue 2018-07-10 17:35:10 -0700 All reviewed patches have been landed. Closing bug. 344731 2018-07-10 16:18:15 -0700 2018-07-10 17:35:09 -0700 Patch 187537.patch text/plain 3394 msaboff SW5kZXg6IEpTVGVzdHMvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIEpTVGVzdHMvQ2hhbmdlTG9n CShyZXZpc2lvbiAyMzM3MDMpCisrKyBKU1Rlc3RzL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpA QCAtMSwzICsxLDE2IEBACisyMDE4LTA3LTEwICBNaWNoYWVsIFNhYm9mZiAgPG1zYWJvZmZAYXBw bGUuY29tPgorCisgICAgICAgIERGRyBKSVQ6IGNvbXBpbGVNYXRoSUMgcHJvZHVjZXMgaW5jb3Jy ZWN0IG1hY2hpbmUgY29kZQorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1 Zy5jZ2k/aWQ9MTg3NTM3CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisK KyAgICAgICAgQWRkZWQgbmV3IHRlc3QgY2FzZS4KKworICAgICAgICAqIHN0cmVzcy9hcml0aC1t dWwtd2l0aC1jb25zdGFudHMuanM6CisgICAgICAgICh0ZXN0QXJpdGhNdWxXaXRoVHlwZUNvbmZ1 c2VkQ29uc3RhbnQudGVzdE11bHQpOgorICAgICAgICAodGVzdEFyaXRoTXVsV2l0aFR5cGVDb25m dXNlZENvbnN0YW50KToKKwogMjAxOC0wNy0xMCAgTWljaGFlbCBTYWJvZmYgIDxtc2Fib2ZmQGFw cGxlLmNvbT4KIAogICAgICAgICBZQVJSOiAuIGRvZXNuJ3QgbWF0Y2ggbm9uLUJNUCBVbmljb2Rl IGNoYXJhY3RlcnMgaW4gc29tZSBjYXNlcwpJbmRleDogSlNUZXN0cy9zdHJlc3MvYXJpdGgtbXVs LXdpdGgtY29uc3RhbnRzLmpzCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIEpTVGVzdHMvc3RyZXNzL2FyaXRoLW11 bC13aXRoLWNvbnN0YW50cy5qcwkocmV2aXNpb24gMjMzNjk1KQorKysgSlNUZXN0cy9zdHJlc3Mv YXJpdGgtbXVsLXdpdGgtY29uc3RhbnRzLmpzCSh3b3JraW5nIGNvcHkpCkBAIC0yMTksNCArMjE5 LDIzIEBAIGZ1bmN0aW9uIHRlc3RBcml0aE11bDQyV3JpdHRlbkFzRG91YmxlKCkKICAgICAgICAg fQogICAgIH0KIH0KLXRlc3RBcml0aE11bDQyV3JpdHRlbkFzRG91YmxlKCk7ClwgTm8gbmV3bGlu ZSBhdCBlbmQgb2YgZmlsZQordGVzdEFyaXRoTXVsNDJXcml0dGVuQXNEb3VibGUoKTsKKworZnVu Y3Rpb24gdGVzdEFyaXRoTXVsV2l0aFR5cGVDb25mdXNlZENvbnN0YW50KCkgeworICAgIGxldCB2 MSA9IDEuMDsKKworICAgIGZ1bmN0aW9uIHRlc3RNdWx0KHYyKSB7CisgICAgICAgIGxldCB2MyA9 IFtdOworICAgICAgICBpZiAodjMpIHsKKyAgICAgICAgICAgIHYzID0gdjEgKyAxOworICAgICAg ICB9CisgICAgICAgIHJldHVybiB2MiAqIHYzOworICAgIH0KKworICAgIGZvciAobGV0IGkgPSAx My4zNzsgaSA8IDEwMDAwOyBpKyspIHsKKyAgICAgICAgbGV0IHJlc3VsdCA9IHRlc3RNdWx0KGkp OworICAgICAgICBpZiAoKHJlc3VsdCAvIDIgLSBpKSA+IDAuMUUtMjApCisgICAgICAgICAgICB0 aHJvdyAidGVzdEFyaXRoTXVsV2l0aFR5cGVDb25mdXNlZENvbnN0YW50KGkpID0gIiArIHJlc3Vs dCArICIsIGV4cGVjdGVkICIgKyAoaSAqIDIpOworICAgIH0KK30KK3Rlc3RBcml0aE11bFdpdGhU eXBlQ29uZnVzZWRDb25zdGFudCgpOwpJbmRleDogU291cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5n ZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvSmF2YVNjcmlwdENvcmUvQ2hhbmdlTG9nCShyZXZp c2lvbiAyMzM2OTUpCisrKyBTb3VyY2UvSmF2YVNjcmlwdENvcmUvQ2hhbmdlTG9nCSh3b3JraW5n IGNvcHkpCkBAIC0xLDMgKzEsMTYgQEAKKzIwMTgtMDctMTAgIE1pY2hhZWwgU2Fib2ZmICA8bXNh Ym9mZkBhcHBsZS5jb20+CisKKyAgICAgICAgREZHIEpJVDogY29tcGlsZU1hdGhJQyBwcm9kdWNl cyBpbmNvcnJlY3QgbWFjaGluZSBjb2RlCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3Jn L3Nob3dfYnVnLmNnaT9pZD0xODc1MzcKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9P UFMhKS4KKworICAgICAgICBBZGRlZCBjaGVja3MgZm9yIGNvbnN0YW50IG11bHRpcGxpZXJzIGlu IEpJVE11bEdlbmVyYXRvcjo6Z2VuZXJhdGVJbmxpbmUoKS4gIElmIHdlIGhhdmUgYSBjb25zdGFu dCBtdWx0aXBsaWVyLAorICAgICAgICBmYWxsIGJhY2sgdG8gdGhlIGZhc3QgcGF0aCBnZW5lcmF0 b3Igd2hpY2ggaGFuZGxlcyBzdWNoIGNhc2VzLgorCisgICAgICAgICogaml0L0pJVE11bEdlbmVy YXRvci5jcHA6CisgICAgICAgIChKU0M6OkpJVE11bEdlbmVyYXRvcjo6Z2VuZXJhdGVJbmxpbmUp OgorCiAyMDE4LTA3LTEwICBNaWNoYWVsIFNhYm9mZiAgPG1zYWJvZmZAYXBwbGUuY29tPgogCiAg ICAgICAgIFlBUlI6IC4gZG9lc24ndCBtYXRjaCBub24tQk1QIFVuaWNvZGUgY2hhcmFjdGVycyBp biBzb21lIGNhc2VzCkluZGV4OiBTb3VyY2UvSmF2YVNjcmlwdENvcmUvaml0L0pJVE11bEdlbmVy YXRvci5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL0phdmFTY3JpcHRDb3JlL2ppdC9KSVRNdWxH ZW5lcmF0b3IuY3BwCShyZXZpc2lvbiAyMzM2OTUpCisrKyBTb3VyY2UvSmF2YVNjcmlwdENvcmUv aml0L0pJVE11bEdlbmVyYXRvci5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTQ2LDEwICs0NiwxMiBA QCBKSVRNYXRoSUNJbmxpbmVSZXN1bHQgSklUTXVsR2VuZXJhdG9yOjpnCiAgICAgaWYgKGxocy5p c09ubHlOb25OdW1iZXIoKSAmJiByaHMuaXNPbmx5Tm9uTnVtYmVyKCkpCiAgICAgICAgIHJldHVy biBKSVRNYXRoSUNJbmxpbmVSZXN1bHQ6OkRvbnRHZW5lcmF0ZTsKIAotICAgIGlmIChsaHMuaXNP bmx5TnVtYmVyKCkgJiYgcmhzLmlzT25seU51bWJlcigpKSB7CisgICAgaWYgKGxocy5pc09ubHlO dW1iZXIoKSAmJiByaHMuaXNPbmx5TnVtYmVyKCkgJiYgIW1fbGVmdE9wZXJhbmQuaXNDb25zdCgp ICYmICFtX3JpZ2h0T3BlcmFuZC5pc0NvbnN0KCkpIHsKICAgICAgICAgaWYgKCFqaXQuc3VwcG9y dHNGbG9hdGluZ1BvaW50KCkpCiAgICAgICAgICAgICByZXR1cm4gSklUTWF0aElDSW5saW5lUmVz dWx0OjpEb250R2VuZXJhdGU7CiAKKyAgICAgICAgQVNTRVJUKG1fbGVmdCk7CisgICAgICAgIEFT U0VSVChtX3JpZ2h0KTsKICAgICAgICAgaWYgKCFtX2xlZnRPcGVyYW5kLmRlZmluaXRlbHlJc051 bWJlcigpKQogICAgICAgICAgICAgc3RhdGUuc2xvd1BhdGhKdW1wcy5hcHBlbmQoaml0LmJyYW5j aElmTm90TnVtYmVyKG1fbGVmdCwgbV9zY3JhdGNoR1BSKSk7CiAgICAgICAgIGlmICghbV9yaWdo dE9wZXJhbmQuZGVmaW5pdGVseUlzTnVtYmVyKCkpCg==