Commit f03430fe authored by Michael Starzinger's avatar Michael Starzinger Committed by Commit Bot

[asm.js] Fix undefined cast from double to float.

This fixes undefined behavior in the implicit cast from double to float
when a double literal is passed through {fround} while declaring a local
variable.

R=jkummerow@chromium.org
TEST=mjsunit/regress/regress-crbug-976934
BUG=chromium:976934

Change-Id: I0efa2bf3f89d32c445f0b9bf719880d17fe9743c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1683999Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62469}
parent 22df7288
......@@ -969,7 +969,8 @@ void AsmJsParser::ValidateFunctionLocals(size_t param_count,
if (negate) {
dvalue = -dvalue;
}
current_function_builder_->EmitF32Const(dvalue);
float fvalue = DoubleToFloat32(dvalue);
current_function_builder_->EmitF32Const(fvalue);
current_function_builder_->EmitSetLocal(info->index);
} else if (CheckForUnsigned(&uvalue)) {
if (uvalue > 0x7FFFFFFF) {
......
......@@ -369,6 +369,7 @@
'regress/regress-6838-3': [SKIP],
'regress/regress-9022': [SKIP],
'regress/regress-crbug-934138': [SKIP],
'regress/regress-crbug-976934': [SKIP],
# Timeouts in lite / jitless mode.
'asm/embenchen/*': [SKIP],
......
// Copyright 2019 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --allow-natives-syntax
function Module(stdlib, imports, heap) {
"use asm";
var fround = stdlib.Math.fround;
function f() {
var x = fround(-1.7976931348623157e+308);
return fround(x);
}
return { f: f };
}
var m = Module(this);
assertEquals(-Infinity, m.f());
assertTrue(%IsAsmWasmCode(Module));
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment