DFG::IntegerCheckCombiningPhase's wrap-around check shouldn't trigger C++ undef behav...
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 8 Apr 2015 20:22:53 +0000 (20:22 +0000)
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 8 Apr 2015 20:22:53 +0000 (20:22 +0000)
commit2b9b8b7c39fe6537494c2dba2503036c0f717656
treece96df4a80a9b7dbb591aa315d9bc9ddc750ec66
parentdc040d759197a143118aa21913e09506ef23a963
DFG::IntegerCheckCombiningPhase's wrap-around check shouldn't trigger C++ undef behavior on wrap-around
https://bugs.webkit.org/show_bug.cgi?id=143532

Reviewed by Gavin Barraclough.

Oh the irony!  We were protecting an optimization that only worked if there was no wrap-around in JavaScript.
But the C++ code had wrap-around, which is undef in C++.  So, if the compiler was smart enough, our compiler
would think that there never was wrap-around.

This fixes a failure in stress/tricky-array-boiunds-checks.js when JSC is compiled with bleeding-edge clang.

* dfg/DFGIntegerCheckCombiningPhase.cpp:
(JSC::DFG::IntegerCheckCombiningPhase::isValid):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@182562 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Makefile.shared
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/dfg/DFGIntegerCheckCombiningPhase.cpp