LLInt64 Float64 get_by_val doesn't purify NaN
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 20 Jun 2016 21:25:33 +0000 (21:25 +0000)
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 20 Jun 2016 21:25:33 +0000 (21:25 +0000)
https://bugs.webkit.org/show_bug.cgi?id=158956

Reviewed by Michael Saboff.

* llint/LowLevelInterpreter64.asm: Fix the bug.
* tests/stress/float64-array-nan-inlined.js: Make this test also run in LLInt-only mode to catch this bug.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202244 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/llint/LowLevelInterpreter64.asm
Source/JavaScriptCore/tests/stress/float64-array-nan-inlined.js

index f9316c8..d4532e0 100644 (file)
@@ -1,3 +1,13 @@
+2016-06-20  Filip Pizlo  <fpizlo@apple.com>
+
+        LLInt64 Float64 get_by_val doesn't purify NaN
+        https://bugs.webkit.org/show_bug.cgi?id=158956
+
+        Reviewed by Michael Saboff.
+
+        * llint/LowLevelInterpreter64.asm: Fix the bug.
+        * tests/stress/float64-array-nan-inlined.js: Make this test also run in LLInt-only mode to catch this bug.
+
 2016-06-20  Keith Rollin  <krollin@apple.com>
 
         Remove RefPtr::release() and change calls sites to use WTFMove()
index 01c1f32..0495e27 100644 (file)
@@ -1586,6 +1586,7 @@ _llint_op_get_by_val:
 
     # We have Float64ArrayType.
     loadd [t3, t1, 8], ft0
+    bdnequn ft0, ft0, .opGetByValSlow
     finishDoubleGetByVal(ft0, t0, t1)
 
 .opGetByValSlow: