Title: [184414] trunk/Source/_javascript_Core
- Revision
- 184414
- Author
- [email protected]
- Date
- 2015-05-15 14:10:11 -0700 (Fri, 15 May 2015)
Log Message
[ARM64] Do not fail branchConvertDoubleToInt32 when the result is zero and not negative zero
https://bugs.webkit.org/show_bug.cgi?id=144976
Patch by Benjamin Poulain <[email protected]> on 2015-05-15
Reviewed by Michael Saboff.
Failing the conversion on zero is pretty dangerous as we discovered on x86.
This patch does not really impact performance significantly because
r184220 removed the zero checks from Kraken. This patch is just to be
on the safe side for cases not covered by existing benchmarks.
* assembler/MacroAssemblerARM64.h:
(JSC::MacroAssemblerARM64::branchConvertDoubleToInt32):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (184413 => 184414)
--- trunk/Source/_javascript_Core/ChangeLog 2015-05-15 20:48:21 UTC (rev 184413)
+++ trunk/Source/_javascript_Core/ChangeLog 2015-05-15 21:10:11 UTC (rev 184414)
@@ -1,3 +1,19 @@
+2015-05-15 Benjamin Poulain <[email protected]>
+
+ [ARM64] Do not fail branchConvertDoubleToInt32 when the result is zero and not negative zero
+ https://bugs.webkit.org/show_bug.cgi?id=144976
+
+ Reviewed by Michael Saboff.
+
+ Failing the conversion on zero is pretty dangerous as we discovered on x86.
+
+ This patch does not really impact performance significantly because
+ r184220 removed the zero checks from Kraken. This patch is just to be
+ on the safe side for cases not covered by existing benchmarks.
+
+ * assembler/MacroAssemblerARM64.h:
+ (JSC::MacroAssemblerARM64::branchConvertDoubleToInt32):
+
2015-05-15 Sungmann Cho <[email protected]>
Remove unnecessary forward declarations in PropertyNameArray.h.
Modified: trunk/Source/_javascript_Core/assembler/MacroAssemblerARM64.h (184413 => 184414)
--- trunk/Source/_javascript_Core/assembler/MacroAssemblerARM64.h 2015-05-15 20:48:21 UTC (rev 184413)
+++ trunk/Source/_javascript_Core/assembler/MacroAssemblerARM64.h 2015-05-15 21:10:11 UTC (rev 184414)
@@ -1213,9 +1213,14 @@
m_assembler.scvtf<64, 32>(fpTempRegister, dest);
failureCases.append(branchDouble(DoubleNotEqualOrUnordered, src, fpTempRegister));
- // If the result is zero, it might have been -0.0, and the double comparison won't catch this!
- if (negZeroCheck)
- failureCases.append(branchTest32(Zero, dest));
+ // Test for negative zero.
+ if (negZeroCheck) {
+ Jump valueIsNonZero = branchTest32(NonZero, dest);
+ RegisterID scratch = getCachedMemoryTempRegisterIDAndInvalidate();
+ m_assembler.fmov<64>(scratch, src);
+ failureCases.append(makeTestBitAndBranch(scratch, 63, IsNonZero));
+ valueIsNonZero.link(this);
+ }
}
Jump branchDouble(DoubleCondition cond, FPRegisterID left, FPRegisterID right)
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
