[B3] JetStream/quicksort.c fails/hangs on Linux with GCC
authorutatane.tea@gmail.com <utatane.tea@gmail.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 30 Jan 2016 20:57:09 +0000 (20:57 +0000)
committerutatane.tea@gmail.com <utatane.tea@gmail.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 30 Jan 2016 20:57:09 +0000 (20:57 +0000)
commitfd6f91b4bbb20b39617a1a1551077b409a3548c1
tree937461492a0e5899ef1c2af80398e15d70f80e53
parentb0632861c4b28c4c3fb85b0ca48886874904c6f7
[B3] JetStream/quicksort.c fails/hangs on Linux with GCC
https://bugs.webkit.org/show_bug.cgi?id=153647

Reviewed by Filip Pizlo.

In B3ComputeDivisionMagic, we accidentally perform sub, add operation onto signed integer. (In this case, int32_t)
But integer overflow is undefined behavior in C![1][2]
As a result, in GCC 4.9 release build, computeDivisionMagic(2) returns unexpected value.
`divisor = 2`
`d = 2`
`signedMin = INT32_MIN = -2147483647 (-0x7fffffff)`
`t = signedMin`
`anc = t - 1 - (t % ad)` Oops, we performed overflow operation!

So, `anc` value becomes undefined.
In this patch, we first cast all the operated values to unsigned one.
Reading the code, there are no operations that depends on signedness. (For example, we used aboveEqual like unsigned operations for comparison.)

[1]: http://blog.llvm.org/2011/05/what-every-c-programmer-should-know.html
[2]: http://dl.acm.org/citation.cfm?id=2522728

* b3/B3ComputeDivisionMagic.h:
(JSC::B3::computeDivisionMagic):
* b3/testb3.cpp:
(JSC::B3::testComputeDivisionMagic):
(JSC::B3::run):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195906 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/b3/B3ComputeDivisionMagic.h
Source/JavaScriptCore/b3/testb3.cpp