Changeset 260720 in webkit
- Timestamp:
- Apr 25, 2020 9:44:22 PM (4 years ago)
- Location:
- trunk
- Files:
-
- 1 added
- 3 edited
-
JSTests/ChangeLog (modified) (1 diff)
-
JSTests/stress/bigint-int32-min-shift.js (added)
-
Source/JavaScriptCore/ChangeLog (modified) (1 diff)
-
Source/JavaScriptCore/runtime/Operations.h (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/JSTests/ChangeLog
r260711 r260720 1 2020-04-25 Yusuke Suzuki <ysuzuki@apple.com> 2 3 [JSC] Handle BigInt32 INT32_MIN shift amount 4 https://bugs.webkit.org/show_bug.cgi?id=211030 5 6 Reviewed by Darin Adler. 7 8 * stress/bigint-int32-min-shift.js: Added. 9 (shouldBe): 10 (shouldThrow): 11 1 12 2020-04-25 Yusuke Suzuki <ysuzuki@apple.com> 2 13 -
trunk/Source/JavaScriptCore/ChangeLog
r260712 r260720 1 2020-04-25 Yusuke Suzuki <ysuzuki@apple.com> 2 3 [JSC] Handle BigInt32 INT32_MIN shift amount 4 https://bugs.webkit.org/show_bug.cgi?id=211030 5 6 Reviewed by Darin Adler. 7 8 Our BigInt shift-operation does not correctly handle INT32_MIN shift amount, and producing a wrong result. 9 This patch fixes it. 10 11 * runtime/Operations.h: 12 (JSC::shift): 13 1 14 2020-04-25 Darin Adler <darin@apple.com> 2 15 -
trunk/Source/JavaScriptCore/runtime/Operations.h
r260711 r260720 763 763 if (rightInt32 < 0) { 764 764 isLeft = !isLeft; 765 rightInt32 = -rightInt32; 765 if (rightInt32 == INT32_MIN) 766 rightInt32 = INT32_MAX; // Shifts one less than requested, but makes no observable difference. 767 else 768 rightInt32 = -rightInt32; 766 769 } 767 770 ASSERT(rightInt32 >= 0);
Note: See TracChangeset
for help on using the changeset viewer.
