[webkit-reviews] review granted: [Bug 202072] [JSC] Int52Rep(DoubleRepAnyIntUse) should not call operation function : [Attachment 379315] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Sep 21 09:08:26 PDT 2019
Mark Lam <mark.lam at apple.com> has granted Yusuke Suzuki <ysuzuki at apple.com>'s
request for review:
Bug 202072: [JSC] Int52Rep(DoubleRepAnyIntUse) should not call operation
function
https://bugs.webkit.org/show_bug.cgi?id=202072
Attachment 379315: Patch
https://bugs.webkit.org/attachment.cgi?id=379315&action=review
--- Comment #6 from Mark Lam <mark.lam at apple.com> ---
Comment on attachment 379315
--> https://bugs.webkit.org/attachment.cgi?id=379315
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=379315&action=review
r=me
> Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:15909
> + speculate(Int52Overflow, doubleValue(value), edge.node(),
m_out.greaterThanOrEqual(integerValue, m_out.constInt64(static_cast<int64_t>(1)
<< (JSValue::numberOfInt52Bits - 1))));
> + speculate(Int52Overflow, doubleValue(value), edge.node(),
m_out.lessThan(integerValue, m_out.constInt64(-(static_cast<int64_t>(1) <<
(JSValue::numberOfInt52Bits - 1)))));
This looks correct to me, but please also add some tests to verify that these
edge cases are handled correctly ... just to make sure we don't have an off by
1 error.
More information about the webkit-reviews
mailing list