Title: [280060] trunk
- Revision
- 280060
- Author
- [email protected]
- Date
- 2021-07-19 17:48:54 -0700 (Mon, 19 Jul 2021)
Log Message
DFG's parseIntResult() should check for negative zero.
https://bugs.webkit.org/show_bug.cgi?id=228068
rdar://80788603
Reviewed by Yusuke Suzuki.
JSTests:
* stress/dfg-parseIntResult-should-check-for-negative-zero.js: Added.
Source/_javascript_Core:
We have to check for negative zero explicitly because C++ evaluates 0.0 == -0.0
as true.
* dfg/DFGOperations.cpp:
(JSC::DFG::parseIntResult):
Modified Paths
Added Paths
Diff
Modified: trunk/JSTests/ChangeLog (280059 => 280060)
--- trunk/JSTests/ChangeLog 2021-07-20 00:44:18 UTC (rev 280059)
+++ trunk/JSTests/ChangeLog 2021-07-20 00:48:54 UTC (rev 280060)
@@ -1,3 +1,13 @@
+2021-07-19 Mark Lam <[email protected]>
+
+ DFG's parseIntResult() should check for negative zero.
+ https://bugs.webkit.org/show_bug.cgi?id=228068
+ rdar://80788603
+
+ Reviewed by Yusuke Suzuki.
+
+ * stress/dfg-parseIntResult-should-check-for-negative-zero.js: Added.
+
2021-07-19 Yusuke Suzuki <[email protected]>
[JSC] InByStatus / InByVariant should visit CacheableIdentifier
Added: trunk/JSTests/stress/dfg-parseIntResult-should-check-for-negative-zero.js (0 => 280060)
--- trunk/JSTests/stress/dfg-parseIntResult-should-check-for-negative-zero.js (rev 0)
+++ trunk/JSTests/stress/dfg-parseIntResult-should-check-for-negative-zero.js 2021-07-20 00:48:54 UTC (rev 280060)
@@ -0,0 +1,13 @@
+function assertEq(x, y) {
+ if (x != y)
+ throw "FAILED: expect " + y + ", actual " + x;
+}
+noInline(assertEq);
+
+function test() {
+ assertEq(1.0 / parseInt("-0.0"), "-Infinity");
+}
+noInline(test);
+
+for (let i = 0; i < 10000; ++i)
+ test();
Modified: trunk/Source/_javascript_Core/ChangeLog (280059 => 280060)
--- trunk/Source/_javascript_Core/ChangeLog 2021-07-20 00:44:18 UTC (rev 280059)
+++ trunk/Source/_javascript_Core/ChangeLog 2021-07-20 00:48:54 UTC (rev 280060)
@@ -1,3 +1,17 @@
+2021-07-19 Mark Lam <[email protected]>
+
+ DFG's parseIntResult() should check for negative zero.
+ https://bugs.webkit.org/show_bug.cgi?id=228068
+ rdar://80788603
+
+ Reviewed by Yusuke Suzuki.
+
+ We have to check for negative zero explicitly because C++ evaluates 0.0 == -0.0
+ as true.
+
+ * dfg/DFGOperations.cpp:
+ (JSC::DFG::parseIntResult):
+
2021-07-19 Yusuke Suzuki <[email protected]>
[JSC] InByStatus / InByVariant should visit CacheableIdentifier
Modified: trunk/Source/_javascript_Core/dfg/DFGOperations.cpp (280059 => 280060)
--- trunk/Source/_javascript_Core/dfg/DFGOperations.cpp 2021-07-20 00:44:18 UTC (rev 280059)
+++ trunk/Source/_javascript_Core/dfg/DFGOperations.cpp 2021-07-20 00:48:54 UTC (rev 280060)
@@ -202,7 +202,7 @@
static ALWAYS_INLINE EncodedJSValue parseIntResult(double input)
{
int asInt = static_cast<int>(input);
- if (static_cast<double>(asInt) == input)
+ if (LIKELY(static_cast<double>(asInt) == input && (asInt || !std::signbit(input))))
return JSValue::encode(jsNumber(asInt));
return JSValue::encode(jsNumber(input));
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
