Bug 75164

Summary: DFG does double-to-int conversion incorrectly when storing into int typed arrays
Product: WebKit Reporter: Filip Pizlo <fpizlo>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit.review.bot
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
the patch none

Filip Pizlo
Reported 2011-12-23 00:10:07 PST
Patch forthcoming.
Attachments
the patch (625.28 KB, patch)
2011-12-23 00:14 PST, Filip Pizlo 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Filip Pizlo
Comment 1 2011-12-23 00:10:24 PST
<rdar://problem/10557547>
Filip Pizlo
Comment 2 2011-12-23 00:14:51 PST
Created attachment 120440 [details] the patch
Geoffrey Garen
Comment 3 2011-12-23 06:29:42 PST
Comment on attachment 120440 [details] the patch View in context: https://bugs.webkit.org/attachment.cgi?id=120440&action=review r=me > Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h:-806 > - // FIXME: Generate correct code for a double to unsigned conversion. > - m_assembler.cvttsd2si_rr(src, dest); Yikes!
WebKit Review Bot
Comment 4 2011-12-23 13:06:07 PST
Comment on attachment 120440 [details] the patch Clearing flags on attachment: 120440 Committed r103636: <http://trac.webkit.org/changeset/103636>
WebKit Review Bot
Comment 5 2011-12-23 13:06:12 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.