Fix JS number rounding on x87

bnoordhuis · bnoordhuis · commit 67956c659d6a · 2025-11-20T23:05:33.000+01:00
Disable 80-bits extended precision, use standard 64-bits precision. The extra precision affects rounding and is user-observable, meaning it causes test262 tests to fail. The rounding mode is a per-CPU (or, more accurately, per-FPU) property, and since quickjs is often used as a library, take care to tweak the FPU control word before sensitive operations, and restore it afterwards. Only affects x87. SSE is IEEE-754 conforming. Fixes: #1236
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -59,6 +59,7 @@ jobs:
           - { os: ubuntu-latest, configType: msan }
           - { os: ubuntu-latest, configType: tcc }
           - { os: ubuntu-latest, arch: x86 }
+          - { os: ubuntu-latest, arch: i686 }
           - { os: ubuntu-latest, arch: riscv64 }
           - { os: ubuntu-latest, arch: s390x }
 
@@ -72,6 +73,11 @@ jobs:
         with:
           submodules: true
 
+      - name: Install gcc-multilib
+        if: ${{ matrix.config.configType == 'i686' }}
+        run: |
+          sudo apt update && sudo apt install -y gcc-multilib
+
       - name: install TCC
         if: ${{ matrix.config.configType == 'tcc' }}
         run: |
@@ -117,7 +123,8 @@ jobs:
           elif [ "${{ matrix.config.configType }}" = "msan" ]; then
             echo "BUILD_TYPE=RelWithDebInfo" >> $GITHUB_ENV;
             echo "QJS_ENABLE_MSAN=ON" >> $GITHUB_ENV;
-            echo "CC=clang" >> $GITHUB_ENV;
+          elif [ "${{ matrix.config.configType }}" = "i686" ]; then
+            echo "CMAKE_C_FLAGS=-m32" >> $GITHUB_ENV;
           fi
 
       - name: build
@@ -128,7 +135,8 @@ jobs:
             BUILD_SHARED_LIBS=$BUILD_SHARED_LIBS \
             QJS_ENABLE_ASAN=$QJS_ENABLE_ASAN \
             QJS_ENABLE_UBSAN=$QJS_ENABLE_UBSAN \
-            QJS_ENABLE_MSAN=$QJS_ENABLE_MSAN
+            QJS_ENABLE_MSAN=$QJS_ENABLE_MSAN \
+            CMAKE_C_FLAGS=$CMAKE_C_FLAGS
 
       - name: stats
         if: ${{ matrix.config.configType != 'examples' }}
diff --git a/Makefile b/Makefile
@@ -59,7 +59,11 @@ fuzz:
 	./fuzz
 
 $(BUILD_DIR):
-	cmake -B $(BUILD_DIR) -DCMAKE_BUILD_TYPE=$(BUILD_TYPE) -DCMAKE_INSTALL_PREFIX=$(INSTALL_PREFIX)
+	cmake							\
+		-B $(BUILD_DIR) 				\
+		-DCMAKE_BUILD_TYPE=$(BUILD_TYPE) 		\
+		-DCMAKE_INSTALL_PREFIX=$(INSTALL_PREFIX)	\
+		-DCMAKE_C_FLAGS="$(CMAKE_C_FLAGS)"
 
 $(QJS): $(BUILD_DIR)
 	cmake --build $(BUILD_DIR) -j $(JOBS)
diff --git a/cutils.h b/cutils.h
@@ -634,6 +634,26 @@ int js_thread_join(js_thread_t thrd);
 
 #endif /* !defined(EMSCRIPTEN) && !defined(__wasi__) */
 
+// JS requires strict rounding behavior. Turn on 64-bits double precision
+// and disable x87 80-bits extended precision for intermediate floating-point
+// results.
+// 0x300 is extended  precision, 0x200 is double precision.
+// Note that `*&cw` in the asm constraints looks redundant but isn't.
+#if defined(__i386__) && !defined(_MSC_VER)
+#define JS_X87_FPCW_SAVE_AND_ADJUST(cw)                                     \
+    unsigned short cw;                                                      \
+    __asm__ __volatile__("fnstcw %0" : "=m"(*&cw));                         \
+    do {                                                                    \
+        unsigned short t = 0x200 | (cw & ~0x300);                           \
+        __asm__ __volatile__("fldcw %0" : /*empty*/ : "m"(*&t));            \
+    } while (0)
+#define JS_X87_FPCW_RESTORE(cw)                                             \
+    __asm__ __volatile__("fldcw %0" : /*empty*/ : "m"(*&cw))
+#else
+#define JS_X87_FPCW_SAVE_AND_ADJUST(cw)
+#define JS_X87_FPCW_RESTORE(cw)
+#endif
+
 #ifdef __cplusplus
 } /* extern "C" { */
 #endif
diff --git a/quickjs.c b/quickjs.c
@@ -17998,8 +17998,10 @@ static JSValue JS_CallInternal(JSContext *caller_ctx, JSValueConst func_obj,
                     sp[-2] = js_int32(r);
                     sp--;
                 } else if (JS_VALUE_IS_BOTH_FLOAT(op1, op2)) {
+                    JS_X87_FPCW_SAVE_AND_ADJUST(fpcw);
                     sp[-2] = js_float64(JS_VALUE_GET_FLOAT64(op1) +
                                         JS_VALUE_GET_FLOAT64(op2));
+                    JS_X87_FPCW_RESTORE(fpcw);
                     sp--;
                 } else {
                 add_slow:
@@ -18066,8 +18068,10 @@ static JSValue JS_CallInternal(JSContext *caller_ctx, JSValueConst func_obj,
                     sp[-2] = js_int32(r);
                     sp--;
                 } else if (JS_VALUE_IS_BOTH_FLOAT(op1, op2)) {
+                    JS_X87_FPCW_SAVE_AND_ADJUST(fpcw);
                     sp[-2] = js_float64(JS_VALUE_GET_FLOAT64(op1) -
                                         JS_VALUE_GET_FLOAT64(op2));
+                    JS_X87_FPCW_RESTORE(fpcw);
                     sp--;
                 } else {
                     goto binary_arith_slow;
@@ -18098,7 +18102,9 @@ static JSValue JS_CallInternal(JSContext *caller_ctx, JSValueConst func_obj,
                     sp[-2] = js_int32(r);
                     sp--;
                 } else if (JS_VALUE_IS_BOTH_FLOAT(op1, op2)) {
+                    JS_X87_FPCW_SAVE_AND_ADJUST(fpcw);
                     d = JS_VALUE_GET_FLOAT64(op1) * JS_VALUE_GET_FLOAT64(op2);
+                    JS_X87_FPCW_RESTORE(fpcw);
                 mul_fp_res:
                     sp[-2] = js_float64(d);
                     sp--;
@@ -52277,7 +52283,9 @@ static double set_date_fields(double fields[minimum_length(7)], int is_local) {
     int yi, mi, i;
     int64_t days;
     volatile double temp;  /* enforce evaluation order */
+    double d = NAN;
 
+    JS_X87_FPCW_SAVE_AND_ADJUST(fpcw);
     /* emulate 21.4.1.15 MakeDay ( year, month, date ) */
     y = fields[0];
     m = fields[1];
@@ -52287,7 +52295,7 @@ static double set_date_fields(double fields[minimum_length(7)], int is_local) {
     if (mn < 0)
         mn += 12;
     if (ym < -271821 || ym > 275760)
-        return NAN;
+        goto out;
 
     yi = ym;
     mi = mn;
@@ -52319,14 +52327,17 @@ static double set_date_fields(double fields[minimum_length(7)], int is_local) {
     /* emulate 21.4.1.16 MakeDate ( day, time ) */
     tv = (temp = day * 86400000) + time;   /* prevent generation of FMA */
     if (!isfinite(tv))
-        return NAN;
+        goto out;
 
     /* adjust for local time and clip */
     if (is_local) {
         int64_t ti = tv < INT64_MIN ? INT64_MIN : tv >= 0x1p63 ? INT64_MAX : (int64_t)tv;
         tv += getTimezoneOffset(ti) * 60000;
     }
-    return time_clip(tv);
+    d = time_clip(tv);
+out:
+    JS_X87_FPCW_RESTORE(fpcw);
+    return d;
 }
 
 static JSValue get_date_field(JSContext *ctx, JSValueConst this_val,
