| Summary: | Add missing overflow checks to DFGIntegerRangeOptimizationPhase::isEquivalentTo() | ||||||
|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Michael Saboff <msaboff> | ||||
| Component: | JavaScriptCore | Assignee: | Michael Saboff <msaboff> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | Normal | CC: | ews-watchlist, keith_miller, mark.lam, saam, tzagallo, webkit-bug-importer | ||||
| Priority: | P2 | Keywords: | InRadar | ||||
| Version: | WebKit Nightly Build | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Attachments: |
|
||||||
Created attachment 441903 [details]
Patch with mini-mode fix.
Comment on attachment 441903 [details]
Patch with mini-mode fix.
r=me
Ignore the "mini-mode" comment - It was auto filled from Safari. Comment on attachment 441903 [details] Patch with mini-mode fix. View in context: https://bugs.webkit.org/attachment.cgi?id=441903&action=review > Source/JavaScriptCore/ChangeLog:8 > + Added overflow chaeck before comparing for equality. typo: chaeck (In reply to Mark Lam from comment #5) > Comment on attachment 441903 [details] > Patch with mini-mode fix. > > View in context: > https://bugs.webkit.org/attachment.cgi?id=441903&action=review > > > Source/JavaScriptCore/ChangeLog:8 > > + Added overflow chaeck before comparing for equality. > > typo: chaeck Will fix. Committed r284573 (243313@main): <https://commits.webkit.org/243313@main> |
In isEquivalentTo() we should check for overflow when adding offsets. bool isEquivalentTo(const Relationship& other) const { ... if (m_right->isInt32Constant() && other.m_right->isInt32Constant()) { return (thisRight + m_offset) == (otherRight + other.m_offset); } ... }