Bug 161944

Summary: stringProtoFuncRepeatCharacter will return `null` when it should not
Product: WebKit Reporter: Saam Barati <saam>
Component: JavaScriptCoreAssignee: Saam Barati <saam>
Status: RESOLVED FIXED    
Severity: Normal CC: benjamin, commit-queue, fpizlo, ggaren, gskachkov, jfbastien, joepeck, keith_miller, mark.lam, msaboff, oliver, ticaiolima, ysuzuki
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
patch
ysuzuki: review+
patch none

Description Saam Barati 2016-09-13 19:49:37 PDT 
It doesn't properly detect when an int is in double form.
However, there is also a deeper problem, where it looks like numbers are being polluted into double form instead
of staying in integer form, even though there is only one comparison on that number that needs it in double form.
I'm looking at String.prototype.padStart. the @toLength builtin will cause the pollution.

See this example:
```

function logLinesWithContext(n, context) {
    let start = n - context;
    let end = n + context;
    for (let x = start; x <= end; ++x) {
        let number = x.toString().padStart(3);
        // WHAT?!
        if (parseInt(number) != x)
            print(number);
    }
}

let numbers = [
    19,19,19,19,19,19,19,20,20,20,20,20,20,20,11,11,11,11,11,11,11,20,20,20,20,
    20,20,20,15,15,15,15,15,15,15,21,21,21,21,21,21,21,19,19,19,19,19,19,19,20,
    20,20,20,20,20,20,20,20,20,20,20,20,20,21,21,21,21,21,21,21,24,24,24,24,24,
    24,24,25,25,25,25,25,25,25,11,11,11,11,11,11,11,25,25,25,25,25,25,25,15,15,
    15,15,15,15,15,25,25,25,25,25,25,25,7,7,7,7,7,7,7,26,26,26,26,26,26,26,24,
    24,24,24,24,24,24,25,25,25,25,25,25,25,11,11,11,11,11,11,11,25,25,25,25,25,
    25,25,26,26,26,26,26,26,26,24,24,24,24,24,24,24,25,25,25,25,25,25,25,11,11,
    11,11,11,11,11,12,12,12,12,12,12,12,25,25,25,25,25,25,25,15,15,15,15,15,15,
    15,16,16,16,16,16,16,16,25,25,25,25,25,25,25,7,7,7,7,7,7,7,8,8,8,8,8,8,8,
    26,26,26,26,26,26,26,24,24,24,24,24,24,24,25,25,25,25,25,25,25,11,11,11,11,
    11,11,11,12,12,12,12,12,12,12,25,25,25,25,25,25,25,15,15,15,15,15,15,15,16,
    16,16,16,16,16,16,25,25,25,25,25,25,25,7,7,7,7,7,7,7,8,8,8,8,8,8,8,26,26,
    26,26,26,26,26,29,29,29,29,29,29,29,30,30,30,30,30,30,30,35,35,35,35,35,35,
    35,29,29,29,29,29,29,29,30,30,30,30,30,30,30,11,11,11,11,11,11,11,33,33,33,
    33,33,33,33,35,35,35,35,35,35,35,39,39,39,39,39,39,39,40,40,40,40,40,40,40,
    11,11,11,11,11,11,11,40,40,40,40,40,40,40,40,40,40,40,40,40,40,15,15,15,15,
    15,15,15,41,41,41,41,41,41,41,39,39,39,39,39,39,39,40,40,40,40,40,40,40,40,
    40,40,40,40,40,40,40,40,40,40,40,40,40,41,41,41,41,41,41,41,45,45,45,45,45,
    45,45,46,46,46,46,46,46,46,11,11,11,11,11,11,11,46,46,46,46,46,46,46,15,15,
];
for (let n of numbers)
    logLinesWithContext(n, 3);
```
It will start printing things because the result string is not an integer.
Comment 1 Saam Barati 2016-09-13 19:50:29 PDT 
The bug also goes away when @toLength is not inlined into padStart.
Comment 2 Saam Barati 2016-09-28 16:21:38 PDT 
Created attachment 290133 [details]
patch
Comment 3 Yusuke Suzuki 2016-09-28 16:29:21 PDT 
Comment on attachment 290133 [details]
patch

r=me
Comment 4 Saam Barati 2016-09-28 17:01:49 PDT 
Created attachment 290145 [details]
patch

take 2. I removed the caller that expected the null result value and instead made protoFuncRepeatCharacter throw OOM when it will construct too long of a string.
Comment 5 Yusuke Suzuki 2016-09-28 17:04:52 PDT 
Comment on attachment 290145 [details]
patch

r=me
Comment 6 WebKit Commit Bot 2016-09-28 18:31:25 PDT 
Comment on attachment 290145 [details]
patch

Clearing flags on attachment: 290145

Committed r206573: <http://trac.webkit.org/changeset/206573>
Comment 7 WebKit Commit Bot 2016-09-28 18:31:30 PDT 
All reviewed patches have been landed.  Closing bug.