Different division results with Infinity and NaN between default and ignition |
||||||
Issue description
Actually it is the shipping configuration that worries me more.
# Minimized program:
var d = -1073741823 % 3;
var n = 0;
var m = 0;
for (var i = 0; i < 20000; i++) {
result = 0 / d;
if (result === -Infinity)
n++;
if (isNaN(result))
m++;
}
print(n);
print(m);
# Compared default with ignition_staging
# Flags of default:
--abort_on_stack_overflow --expose-gc --allow-natives-syntax --invoke-weak-callbacks --omit-quit --gc-interval=363 --max-semi-space-size=1 --noopt --random-seed -1351133806
# Flags of ignition_staging:
--abort_on_stack_overflow --expose-gc --allow-natives-syntax --invoke-weak-callbacks --omit-quit --gc-interval=363 --max-semi-space-size=1 --noopt --random-seed -1351133806 --ignition-staging
Difference:
- 3608
+ 0
### Start of configuration default:
3608
16392
### End of configuration default
### Start of configuration ignition_staging:
0
20000
### End of configuration ignition_staging
,
Nov 4 2016
Reduced repro that also works as part of mjsunit ...
// Copyright 2016 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --allow-natives-syntax --fold-constants
var result;
var zero = 0;
function f() {
for (var i = 0; i < 3; i++) {
result = 0 / zero;
if (i == 1) %OptimizeOsr();
assertTrue(isNaN(result));
}
}
f();
,
Nov 4 2016
I have a fix in flight. Also, correctness fuzzer FTW!!!
,
Nov 4 2016
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/9906b3e677ccfd43b79efca6892d38fe804f7ff8 commit 9906b3e677ccfd43b79efca6892d38fe804f7ff8 Author: mstarzinger <mstarzinger@chromium.org> Date: Fri Nov 04 15:08:00 2016 [crankshaft] Fix constant folding of HDiv instruction. R=jarin@chromium.org TEST=mjsunit/regress/regress-crbug-662367 BUG= chromium:662367 Review-Url: https://codereview.chromium.org/2472413002 Cr-Commit-Position: refs/heads/master@{#40773} [modify] https://crrev.com/9906b3e677ccfd43b79efca6892d38fe804f7ff8/src/crankshaft/hydrogen-instructions.cc [add] https://crrev.com/9906b3e677ccfd43b79efca6892d38fe804f7ff8/test/mjsunit/regress/regress-crbug-662367.js
,
Nov 4 2016
,
Nov 4 2016
Probably dupe: Also between fullcode and crankshaft:
function g() {
print(undefined / 0);
};
g()
# Compared nocrankshaft with noturbo_opt
# Flags of nocrankshaft:
--abort_on_stack_overflow --expose-gc --allow-natives-syntax --invoke-weak-callbacks --omit-quit --random-seed -1826611417 --nocrankshaft
# Flags of noturbo_opt:
--abort_on_stack_overflow --expose-gc --allow-natives-syntax --invoke-weak-callbacks --omit-quit --random-seed -1826611417 --always-opt --turbo-filter=~
Difference:
- NaN
+ Infinity
### Start of configuration nocrankshaft:
NaN
### End of configuration nocrankshaft
### Start of configuration noturbo_opt:
Infinity
### End of configuration noturbo_opt
,
Nov 4 2016
Re #6: Yep, most definitely a dupe.
,
Nov 7 2016
Then I guess also this is dupe? print(NaN / 0); # Compared nocrankshaft with noturbo_opt # Flags of nocrankshaft: --abort_on_stack_overflow --expose-gc --allow-natives-syntax --invoke-weak-callbacks --omit-quit --random-seed 14641749 --nocrankshaft # Flags of noturbo_opt: --abort_on_stack_overflow --expose-gc --allow-natives-syntax --invoke-weak-callbacks --omit-quit --random-seed 14641749 --always-opt --turbo-filter=~ Difference: - NaN + Infinity ### Start of configuration nocrankshaft: NaN ### End of configuration nocrankshaft ### Start of configuration noturbo_opt: Infinity ### End of configuration noturbo_opt
,
Nov 7 2016
Re #8: Yes, same underlying bug.
,
Nov 8 2016
This still reproes in recent revisions with noturbo_opt. Am I doing something wrong? print(undefined / 0); # Compared nocrankshaft with noturbo_opt # Flags of nocrankshaft: --abort_on_stack_overflow --expose-gc --allow-natives-syntax --invoke-weak-callbacks --omit-quit --random-seed 693739817 --nocrankshaft # Flags of noturbo_opt: --abort_on_stack_overflow --expose-gc --allow-natives-syntax --invoke-weak-callbacks --omit-quit --random-seed 693739817 --always-opt --turbo-filter=~ Difference: - NaN + Infinity ### Start of configuration nocrankshaft: NaN ### End of configuration nocrankshaft ### Start of configuration noturbo_opt: Infinity ### End of configuration noturbo_opt
,
Nov 10 2016
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/25d2268ecc14b07671e94b7835a3519cdc29e8b0 commit 25d2268ecc14b07671e94b7835a3519cdc29e8b0 Author: mstarzinger <mstarzinger@chromium.org> Date: Thu Nov 10 14:27:23 2016 [crankshaft] Fix constant folding of HDiv instruction. R=jarin@chromium.org TEST=mjsunit/regress/regress-crbug-662367 BUG= chromium:662367 Review-Url: https://codereview.chromium.org/2486923004 Cr-Commit-Position: refs/heads/master@{#40897} [modify] https://crrev.com/25d2268ecc14b07671e94b7835a3519cdc29e8b0/src/crankshaft/hydrogen-instructions.cc [modify] https://crrev.com/25d2268ecc14b07671e94b7835a3519cdc29e8b0/test/mjsunit/regress/regress-crbug-662367.js
,
Nov 10 2016
,
Dec 13 2016
|
||||||
►
Sign in to add a comment |
||||||
Comment 1 by mstarzinger@chromium.org
, Nov 4 2016