Closed
Bug 878435
Opened 11 years ago
Closed 11 years ago
OdinMonkey: (0 > (0x80000000 | 0)) is wrong
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla24
People
(Reporter: jruderman, Assigned: bbouvier)
References
Details
(Keywords: testcase)
Attachments
(1 file)
|
1.62 KB,
patch
|
luke
:
review+
|
Details | Diff | Splinter Review |
function g()
{
"use asm";
function f()
{
return (0 > (0x80000000 | 0)) | 0;
}
return f;
}
print(g()());
asm.js result: 0
normal result: 1
|
Assignee | |
Comment 1•11 years ago
|
||
Looking at the code showed that the constant 0 was directly put in the output register. This happened because the comparison was folded during GVN. The only single problem is that the comparison occurred on *unsigned* int32 values, hence the patch.
|
||
Comment 2•11 years ago
|
||
Comment on attachment 759513 [details] [diff] [review] proposed fix + test case D'oh! Fixnums are both signed and unsigned... nice find and perfect fix!
Attachment #759513 -
Flags: review?(luke) → review+
|
|
Assignee | |
Updated•11 years ago
|
Keywords: checkin-needed
|
||
Comment 3•11 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/aa9a0b34bbd8
Flags: in-testsuite+
Keywords: checkin-needed
|
|
||
Comment 4•11 years ago
|
||
Backed out for test failures. https://hg.mozilla.org/integration/mozilla-inbound/rev/8cf56f52e57c https://tbpl.mozilla.org/php/getParsedLog.php?id=23901715&tree=Mozilla-Inbound
|
|
||
Comment 5•11 years ago
|
||
Going to go out on a limb that opt builds don't care for disassemble.
|
|
||
Comment 6•11 years ago
|
||
Whoops, I meant to backout bug 878495, not this one. Re-landed. https://hg.mozilla.org/integration/mozilla-inbound/rev/5a6922661215
|
|
||
Comment 7•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/5a6922661215
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla24
You need to log in
before you can comment on or make changes to this bug.
Description
•