Bug 105239

Summary: DFG is too aggressive eliding overflow checks for additions involving large constants
Product: WebKit Reporter: Filip Pizlo <fpizlo>
Component: JavaScriptCoreAssignee: Filip Pizlo <fpizlo>
Status: RESOLVED FIXED    
Severity: Normal CC: barraclough, ggaren, mark.lam, mhahnenberg, msaboff, oliver, sam, webkit-ews
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
the patch barraclough: review+, webkit-ews: commit-queue-

Filip Pizlo
Reported 2012-12-17 18:32:05 PST
It's cool to elide the overflow check on: a + 5432645326542 but it's not cool to elide all checks on: a + 654365375437 + 5432645326542 because the combined overflow might lead to bad results. Disclaimer: the above constants were created by randomly tapping the keyboard. The bug actually occurs when you have constants close to 2^48.
Attachments
the patch (18.74 KB, patch)
2012-12-17 18:34 PST, Filip Pizlo 		barraclough: review+
webkit-ews: commit-queue-
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Filip Pizlo
Comment 1 2012-12-17 18:34:00 PST
Created attachment 179850 [details] the patch
Early Warning System Bot
Comment 2 2012-12-17 18:45:17 PST
Comment on attachment 179850 [details] the patch Attachment 179850 [details] did not pass qt-ews (qt): Output: http://queues.webkit.org/results/15375929
Early Warning System Bot
Comment 3 2012-12-17 18:47:44 PST
Comment on attachment 179850 [details] the patch Attachment 179850 [details] did not pass qt-wk2-ews (qt): Output: http://queues.webkit.org/results/15371959
Filip Pizlo
Comment 4 2012-12-17 20:36:45 PST
Landed in http://trac.webkit.org/changeset/137980
Note You need to log in before you can comment on or make changes to this bug.