Status: Accepted
Owner: [email protected]
Labels: Type-Bug Priority-Medium
New issue 2537 by [email protected]: Range analysis propagates
incorrect relation operators
http://code.google.com/p/v8/issues/detail?id=2537
Token::InvertCompareOp() is borked, leading to the range analysis pass
drawing wrong conclusions, which in turn can cause missing overflow checks
for values that are erroneously believed to be in Smi range. Repro case:
var large_int = 0x40000000;
function foo(x, expected) {
assertEquals(expected, x); // This succeeds.
x += 0; // Force int32 representation so that CompareIDAndBranch is used.
if (3 != x) {
x += 0; // Poor man's "iDef".
assertEquals(expected, x); // Fails due to Smi-tagging without
overflow check.
}
}
foo(1, 1);
foo(3, 3);
%OptimizeFunctionOnNextCall(foo);
foo(large_int, large_int);
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
