[Webkit-unassigned] [Bug 85752] New: Truncating multiplication on integers should not OSR exit every time
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun May 6 15:34:02 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=85752
Summary: Truncating multiplication on integers should not OSR
exit every time
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: fpizlo at apple.com
Say you do a * b where the result is larger than what can fit in an int32, but you use the result in integer contexts only (like [_] | 0). Currently the DFG will "prove" that the multiplication will produce integers despite overflowing. But then the multiplication will speculate no overflow, which will typically fail, since in this case a * b does overflow.
Multiplication should be smarter about this. If you do a * b and we know that it overflows then in the general case our best bet is to perform the multiplication using the FPU. But if we know something about a or b, for example if we really have something like a * 42, then we know that integer truncation would be equivalent to double truncation - and hence we can perform an integer multiplication and skip the overflow check.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list