Bug 75164

Summary:

DFG does double-to-int conversion incorrectly when storing into int typed arrays

Product:

WebKit

Reporter:

Filip Pizlo <fpizlo>

Component:

JavaScriptCore

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

webkit.review.bot

Priority:

Keywords:

InRadar

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Attachments:

Description	Flags
the patch	none

Description Filip Pizlo 2011-12-23 00:10:07 PST

Patch forthcoming.

Comment 1 Filip Pizlo 2011-12-23 00:10:24 PST

<rdar://problem/10557547>

Comment 2 Filip Pizlo 2011-12-23 00:14:51 PST

Created attachment 120440 [details]
the patch

Comment 3 Geoffrey Garen 2011-12-23 06:29:42 PST

Comment on attachment 120440 [details]
the patch

View in context: https://bugs.webkit.org/attachment.cgi?id=120440&action=review

r=me

> Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h:-806
> -        // FIXME: Generate correct code for a double to unsigned conversion.
> -        m_assembler.cvttsd2si_rr(src, dest);

Yikes!

Comment 4 WebKit Review Bot 2011-12-23 13:06:07 PST

Comment on attachment 120440 [details]
the patch

Clearing flags on attachment: 120440

Committed r103636: <http://trac.webkit.org/changeset/103636>

Comment 5 WebKit Review Bot 2011-12-23 13:06:12 PST

All reviewed patches have been landed.  Closing bug.