Bug 107321

Summary: Harden ArithDiv of integers fix-up by inserting Int32ToDouble node directly
Product: WebKit Reporter: Michael Saboff <msaboff>
Component: JavaScriptCoreAssignee: Michael Saboff <msaboff>
Status: RESOLVED FIXED    
Severity: Normal Keywords: InRadar
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   

Description Michael Saboff 2013-01-18 13:39:32 PST 
For non-X86 platforms, we perform integer division by converting the integer arguments to doubles, perform the division and then convert the result back to an Int32.  The insertion of the conversion nodes is done by the fixup phase.  Currently the code uses fixDoubleEdge() for the inputs, but we have already performed a check of the int-ness of the arguments and this is really a special case.  Therefore it makes more sense to do the Int32ToDouble node insertion without further checks of the child nodes.
Comment 1 Michael Saboff 2013-01-18 13:40:53 PST 
From <rdar://problem/12645632>
Comment 2 Michael Saboff 2013-01-18 13:46:30 PST 
Committed r140203: <http://trac.webkit.org/changeset/140203>