Bug 138390

Summary: Fix flakey dfg-int8array.js and dfg-int16array.js tests for ARM64
Product: WebKit Reporter: Michael Saboff <msaboff>
Component: JavaScriptCoreAssignee: Michael Saboff <msaboff>
Status: RESOLVED FIXED    
Severity: Normal CC: ossy, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: iPhone / iPad   
OS: iOS 8.1   
See Also: https://bugs.webkit.org/show_bug.cgi?id=142629
Attachments:
Description Flags
Patch mark.lam: review+

Michael Saboff
Reported 2014-11-04 17:26:22 PST
These tests were disabled in change set r175586: <http://trac.webkit.org/changeset/175586>. They need to be investigated and the test or code needs to be fixed and then re-enabled. rdar://problem/18872936
Attachments
Patch (4.97 KB, patch)
2015-03-27 17:13 PDT, Michael Saboff 		mark.lam: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Csaba Osztrogonác
Comment 1 2015-03-26 03:05:13 PDT
They were skipped on iOS, because they are flakey (bug138379). These tests fail on Linux too - bug142629 , but not flakey failures but constant failure after http://trac.webkit.org/changeset/181326, which seems to be absolutely unrelated. Could you provide some information about what kind of failure have you noticed on iOS? Did you get same or similar error log?
Michael Saboff
Comment 2 2015-03-26 07:51:39 PDT
(In reply to comment #1) > They were skipped on iOS, because they are flakey (bug138379). > These tests fail on Linux too - bug142629 , but not flakey failures but > constant failure after http://trac.webkit.org/changeset/181326, which > seems to be absolutely unrelated. > > Could you provide some information about what kind of failure > have you noticed on iOS? Did you get same or similar error log? They are still flakey on iOS. They fail probably 1 out of every 3 test runs. Fixing them and other flakey tests is near the top of my to-do list.
Michael Saboff
Comment 3 2015-03-27 16:52:15 PDT
The issue is that for typed arrays with signed values of 8 or 16 bits, when we do a get_by_val from the array, we sign extend it to a full 64 bits. For negative values this creates an illegal JSValue that causes problems in strict equal (====). The get_by_val slow path code for an Int16Array uses the load16Signed() macro assembler function which usually end up emitting an ldrsh x0, [x0, x1, lsl #1]. If the value of -10 (0xfff6) is stored in the array, we convert this to 64 bit signed value. The fix is to use the 32 bit variant of the instruction, ldrsh w0, ... The same issue exists with Int8Array's. Testing patch now.
Michael Saboff
Comment 4 2015-03-27 17:13:28 PDT
Created attachment 249624 [details] Patch
Mark Lam
Comment 5 2015-03-27 17:16:32 PDT
Comment on attachment 249624 [details] Patch r=me
Michael Saboff
Comment 6 2015-03-27 17:41:38 PDT
Committed r182091: <http://trac.webkit.org/changeset/182091>
Csaba Osztrogonác
Comment 7 2015-03-28 03:00:08 PDT
*** Bug 142629 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.