Skip to content

V
V8
Commit 87e924df authored by Bill Budge's avatar Bill Budge Committed by Commit Bot
Browse files
Options

[torque] Fix undefined behavior in Numeric literal handling 

- Undefined behavior resulted from constant 2147483648.0. Fixed by
  checking for an out of range integer before casting.

Change-Id: I1c5093e546dde79babedb70fa4067756b853d206
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2209266Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67923}
parent 65ef6905
Hide whitespace changes
Inline Side-by-side
Showing with 9 additions and 6 deletions
src/torque/implementation-visitor.cc
View file @ 87e924df
......@@ -775,13 +775,16 @@ VisitResult ImplementationVisitor::Visit(AssignmentExpression* expr) {
}
VisitResult ImplementationVisitor::Visit(NumberLiteralExpression* expr) {
int32_t i = static_cast<int32_t>(expr->number);
const Type* result_type = TypeOracle::GetConstFloat64Type();
if (i == expr->number) {
if ((i >> 30) == (i >> 31)) {
result_type = TypeOracle::GetConstInt31Type();
} else {
result_type = TypeOracle::GetConstInt32Type();
if (expr->number >= std::numeric_limits<int32_t>::min() &&
expr->number <= std::numeric_limits<int32_t>::max()) {
int32_t i = static_cast<int32_t>(expr->number);
if (i == expr->number) {
if ((i >> 30) == (i >> 31)) {
result_type = TypeOracle::GetConstInt31Type();
} else {
result_type = TypeOracle::GetConstInt32Type();
}
}
}
return VisitResult{result_type, ToString(expr->number)};
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment