Bug 138390

Summary: Fix flakey dfg-int8array.js and dfg-int16array.js tests for ARM64
Product: WebKit Reporter: Michael Saboff <msaboff>
Component: JavaScriptCoreAssignee: Michael Saboff <msaboff>
Status: RESOLVED FIXED    
Severity: Normal CC: ossy, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: iPhone / iPad   
OS: iOS 8.1   
See Also: https://bugs.webkit.org/show_bug.cgi?id=142629
Attachments:
Description Flags
Patch mark.lam: review+

Description Michael Saboff 2014-11-04 17:26:22 PST
These tests were disabled in change set r175586: <http://trac.webkit.org/changeset/175586>.

They need to be investigated and the test or code needs to be fixed and then re-enabled.

rdar://problem/18872936
Comment 1 Csaba Osztrogonác 2015-03-26 03:05:13 PDT
They were skipped on iOS, because they are flakey (bug138379).
These tests fail on Linux too - bug142629 , but not flakey failures but 
constant failure after http://trac.webkit.org/changeset/181326, which
seems to be absolutely unrelated.

Could you provide some information about what kind of failure 
have you noticed on iOS? Did you get same or similar error log?
Comment 2 Michael Saboff 2015-03-26 07:51:39 PDT
(In reply to comment #1)
> They were skipped on iOS, because they are flakey (bug138379).
> These tests fail on Linux too - bug142629 , but not flakey failures but 
> constant failure after http://trac.webkit.org/changeset/181326, which
> seems to be absolutely unrelated.
> 
> Could you provide some information about what kind of failure 
> have you noticed on iOS? Did you get same or similar error log?

They are still flakey on iOS.  They fail probably 1 out of every 3 test runs.  Fixing them and other flakey tests is near the top of my to-do list.
Comment 3 Michael Saboff 2015-03-27 16:52:15 PDT
The issue is that for typed arrays with signed values of 8 or 16 bits, when we do a get_by_val from the array, we sign extend it to a full 64 bits.  For negative values this creates an illegal JSValue that causes problems in strict equal (====).

The get_by_val slow path code for an Int16Array uses the load16Signed() macro assembler function which usually end up emitting an ldrsh x0, [x0, x1, lsl #1].

If the value of -10 (0xfff6) is stored in the array, we convert this to 64 bit signed value.  The fix is to use the 32 bit variant of the instruction, ldrsh w0, ...

The same issue exists with Int8Array's.

Testing patch now.
Comment 4 Michael Saboff 2015-03-27 17:13:28 PDT
Created attachment 249624 [details]
Patch
Comment 5 Mark Lam 2015-03-27 17:16:32 PDT
Comment on attachment 249624 [details]
Patch

r=me
Comment 6 Michael Saboff 2015-03-27 17:41:38 PDT
Committed r182091: <http://trac.webkit.org/changeset/182091>
Comment 7 Csaba Osztrogonác 2015-03-28 03:00:08 PDT
*** Bug 142629 has been marked as a duplicate of this bug. ***