Beginning on October 25th, 2016, Persona will no longer be an option for authentication on BMO. For more details see Persona Deprecated.
Last Comment Bug 652590 - TI+JM: incorrect result with JSOP_OR, double
: TI+JM: incorrect result with JSOP_OR, double
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: unspecified
: All All
: -- normal (vote)
: ---
Assigned To: general
: Jason Orendorff [:jorendorff]
Depends on:
Blocks: infer-regress
  Show dependency treegraph
Reported: 2011-04-25 11:34 PDT by Jan de Mooij [:jandem]
Modified: 2011-04-26 23:34 PDT (History)
4 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Description Jan de Mooij [:jandem] 2011-04-25 11:34:16 PDT
function f() {
    var x = undefined ? 1 : 4294967295;
    print(false || x);
$ ./js test.js

$ ./js -n -m -a test.js

Revision 8f0c5e12eba9, 32-bit OS X. This seems to be a recent regression.
Comment 1 Brian Hackett (:bhackett) 2011-04-26 23:34:15 PDT
When fixing double types before branching, we did not necessarily know the variable was previously an integer and could convert existing doubles, then get 0x80000000 when trying to convert them back to integers after the branch.  We should only be converting entries that are definitely integers before branching, so this fix ensures that variables inferred as doubles are always maintained as doubles by the FrameState, including within basic blocks (we were already normally doing this, but areas where we lose precision like the stack values transmitted by the '?' operator needed to be accounted for).

Note You need to log in before you can comment on or make changes to this bug.