Bug 158368

Summary: Eager FTL failure for strict comparison of NaN with number check
Product: WebKit Reporter: Joseph Pecoraro <joepeck>
Component: JavaScriptCoreAssignee: Benjamin Poulain <benjamin>
Status: RESOLVED FIXED    
Severity: Normal CC: benjamin, commit-queue, fpizlo, ggaren, keith_miller, mark.lam, msaboff, saam, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
[TEST] JS Reduction
none
Patch none

Joseph Pecoraro
Reported 2016-06-03 16:12:00 PDT
Created attachment 280480 [details] [TEST] JS Reduction * SUMMARY Eager FTL failure for strict comparison of NaN with number check * TEST function isNaNOnDouble(value) { return (+value) !== value; } noInline(isNaNOnDouble); function testIsNaNOnDoubles() { var value = isNaNOnDouble(-0); if (value) throw "isNaNOnDouble(-0) = " + value; var value = isNaNOnDouble(NaN); if (!value) throw "isNaNOnDouble(NaN) = " + value; var value = isNaNOnDouble(Number.POSITIVE_INFINITY); if (value) throw "isNaNOnDouble(Number.POSITIVE_INFINITY) = " + value; } noInline(testIsNaNOnDoubles); for (var i = 0; i < 1e6; ++i) { testIsNaNOnDoubles(); } * STEPS TO REPRODUCE 1. $ DYLD_FRAMEWORK_PATH=$build/Release $build/Release/jsc --useFTLJIT=true --useConcurrentJIT=false --thresholdForJITAfterWarmUp=100 --thresholdForJITAfterWarmUp=10 --thresholdForJITSoon=10 --thresholdForOptimizeAfterWarmUp=20 --thresholdForOptimizeAfterLongWarmUp=20 --thresholdForOptimizeSoon=20 --thresholdForFTLOptimizeAfterWarmUp=20 --thresholdForFTLOptimizeSoon=20 number-compare-strict.js Exception: isNaNOnDouble(NaN) = false * NOTES - The issue only reproduces if --useConcurrentJIT=false
Attachments
[TEST] JS Reduction (553 bytes, application/x-javascript)
2016-06-03 16:12 PDT, Joseph Pecoraro 		no flags
Details
Patch (4.09 KB, patch)
2016-06-03 18:55 PDT, Benjamin Poulain 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Benjamin Poulain
Comment 1 2016-06-03 17:44:08 PDT
I'll take it. Scary stuff.
Radar WebKit Bug Importer
Comment 2 2016-06-03 17:45:26 PDT
<rdar://problem/26634629>
Benjamin Poulain
Comment 3 2016-06-03 18:55:11 PDT
Created attachment 280501 [details] Patch
WebKit Commit Bot
Comment 4 2016-06-03 20:27:35 PDT
Comment on attachment 280501 [details] Patch Clearing flags on attachment: 280501 Committed r201678: <http://trac.webkit.org/changeset/201678>
WebKit Commit Bot
Comment 5 2016-06-03 20:27:42 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.