Bug 1522710 - Assert |!mod->isZero()| in bigint code where such is not entirely obvious unless you think about it. r=terpri
authorJeff Walden <jwalden@mit.edu>
Thu, 24 Jan 2019 16:00:51 -0800
changeset 515520 fd3b826ffad16e702bffe988c84ab922df1d03c1
parent 515519 c2738c6922b7a35e1890e5f11204613df5a1af7d
child 515521 e4b9b1084292686d3eb50ba0cadd85950824c955
child 515541 6cdc3830637550efc203c376f4ff1db55898b6d9
push id1953
push userffxbld-merge
push dateMon, 11 Mar 2019 12:10:20 +0000
treeherdermozilla-release@9c35dcbaa899 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersterpri
bugs1522710
milestone66.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1522710 - Assert |!mod->isZero()| in bigint code where such is not entirely obvious unless you think about it. r=terpri
js/src/vm/BigIntType.cpp
--- a/js/src/vm/BigIntType.cpp
+++ b/js/src/vm/BigIntType.cpp
@@ -2342,20 +2342,25 @@ BigInt* BigInt::asIntN(JSContext* cx, Ha
   // BigInt.asIntN step 3:  Let `mod` be `x` modulo `2**bits`.
   RootedBigInt mod(cx, asUintN(cx, x, bits));
   if (!mod) {
     return nullptr;
   }
 
   // Step 4: If `mod >= 2**(bits - 1)`, return `mod - 2**bits`; otherwise,
   // return `mod`.
-  if (mod->digitLength() == CeilDiv(bits, DigitBits) &&
-      (mod->digit(mod->digitLength() - 1) & signBit) != 0) {
-    bool resultNegative = true;
-    return truncateAndSubFromPowerOfTwo(cx, mod, bits, resultNegative);
+  if (mod->digitLength() == CeilDiv(bits, DigitBits)) {
+    MOZ_ASSERT(!mod->isZero(),
+               "nonzero bits implies nonzero digit length which implies "
+               "nonzero overall");
+
+    if ((mod->digit(mod->digitLength() - 1) & signBit) != 0) {
+      bool resultNegative = true;
+      return truncateAndSubFromPowerOfTwo(cx, mod, bits, resultNegative);
+    }
   }
 
   return mod;
 }
 
 static bool ValidBigIntOperands(JSContext* cx, HandleValue lhs,
                                 HandleValue rhs) {
   MOZ_ASSERT(lhs.isBigInt() || rhs.isBigInt());