Bug 217854

Summary: Ensure %TypedArray% essential internal methods adhere to spec
Product: WebKit Reporter: Ross Kirsling <ross.kirsling>
Component: New BugsAssignee: Ross Kirsling <ross.kirsling>
Status: RESOLVED FIXED    
Severity: Normal CC: ashvayka, ews-watchlist, isol2, joepeck, keith_miller, mark.lam, msaboff, saam, tzagallo, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=184749
https://bugs.webkit.org/show_bug.cgi?id=217928
Attachments:
Description Flags
Patch
none
Patch
ews-feeder: commit-queue-
Patch for landing
none
Patch for landing
none
Unreviewed fix, for EWS none

Ross Kirsling
Reported 2020-10-16 16:19:11 PDT
Ensure %TypedArray% essential internal methods adhere to spec
Attachments
Patch (43.11 KB, patch)
2020-10-16 16:42 PDT, Ross Kirsling 		no flags
DetailsFormatted DiffDiff
Patch (46.70 KB, patch)
2020-10-16 18:07 PDT, Ross Kirsling 		ews-feeder: commit-queue-
DetailsFormatted DiffDiff
Patch for landing (56.32 KB, patch)
2020-10-17 00:50 PDT, Ross Kirsling 		no flags
DetailsFormatted DiffDiff
Patch for landing (56.68 KB, patch)
2020-10-17 02:08 PDT, Ross Kirsling 		no flags
DetailsFormatted DiffDiff
Unreviewed fix, for EWS (648 bytes, patch)
2020-10-17 15:55 PDT, Ross Kirsling 		no flags
DetailsFormatted DiffDiff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.
Ross Kirsling
Comment 1 2020-10-16 16:20:15 PDT
*** Bug 184749 has been marked as a duplicate of this bug. ***
Ross Kirsling
Comment 2 2020-10-16 16:42:11 PDT
Created attachment 411629 [details] Patch
Ross Kirsling
Comment 3 2020-10-16 18:07:52 PDT
Created attachment 411639 [details] Patch
Yusuke Suzuki
Comment 4 2020-10-16 18:59:00 PDT
Comment on attachment 411639 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=411639&action=review > Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h:343 > + if (Optional<uint32_t> index = parseIndex(propertyName)) > + return getOwnPropertySlotByIndex(thisObject, globalObject, index.value(), slot); Let's insert `static_assert(std::is_final_v<JSGenericTypedArrayView<Adaptor>>, "getOwnPropertySlotByIndex must not be overridden")` to ensure that no derived classes are overriding getOwnPropertySlotByIndex. > Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h:359 > + return putByIndex(thisObject, globalObject, index.value(), value, slot.isStrictMode()); Ditto. > Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h:420 > + return deletePropertyByIndex(thisObject, globalObject, index.value()); Ditto. > JSTests/test262/expectations.yaml:1266 > + strict mode: 'Test262Error: Expected a TypeError but got a Test262Error (Testing with Float64Array.)' What is the reason of getting these new errors?
Yusuke Suzuki
Comment 5 2020-10-16 20:37:41 PDT
Comment on attachment 411639 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=411639&action=review r=me with LayoutTests updates. And can you check the correct semantics is right in LLInt, JIT, etc.'s TypedArray fast paths? >> JSTests/test262/expectations.yaml:1266 >> + strict mode: 'Test262Error: Expected a TypeError but got a Test262Error (Testing with Float64Array.)' > > What is the reason of getting these new errors? Discussed with Ross offline. They are test262's bugs and tracked right now https://github.com/tc39/test262/pull/2833.
Ross Kirsling
Comment 6 2020-10-17 00:50:20 PDT
Created attachment 411658 [details] Patch for landing
Ross Kirsling
Comment 7 2020-10-17 02:08:51 PDT
Created attachment 411661 [details] Patch for landing
EWS
Comment 8 2020-10-17 02:59:33 PDT
Committed r268640: <https://trac.webkit.org/changeset/268640> All reviewed patches have been landed. Closing bug and clearing flags on attachment 411661 [details].
Radar WebKit Bug Importer
Comment 9 2020-10-17 03:00:25 PDT
<rdar://problem/70405764>
Ross Kirsling
Comment 10 2020-10-17 15:55:38 PDT Comment hidden (obsolete)
Ross Kirsling
Comment 11 2020-10-17 16:08:49 PDT
Whoops, it seems I made a late adjustment that broke a test262 test. Opened bug 217883 to have EWS verify that my fix doesn't affect layout tests.
Alexey Shvayka
Comment 12 2020-10-18 14:32:50 PDT
Comment on attachment 411661 [details] Patch for landing View in context: https://bugs.webkit.org/attachment.cgi?id=411661&action=review > Source/JavaScriptCore/builtins/TypedArrayPrototype.js:-197 > - function mergeSort(array, valueCount, comparator) nit: When implementing r267514, I've measured a 10-15% regression when using outer scope variables instead of parameters. We might also want to make a change similar to r267827, possibly sharing a few functions?
Ross Kirsling
Comment 13 2020-10-18 16:20:41 PDT
(In reply to Alexey Shvayka from comment #12) > Comment on attachment 411661 [details] > Patch for landing > > View in context: > https://bugs.webkit.org/attachment.cgi?id=411661&action=review > > > Source/JavaScriptCore/builtins/TypedArrayPrototype.js:-197 > > - function mergeSort(array, valueCount, comparator) > > nit: When implementing r267514, I've measured a 10-15% regression when using > outer scope variables instead of parameters. > We might also want to make a change similar to r267827, possibly sharing a > few functions? Thanks, that's a great idea! I can look into this tomorrow.
Note You need to log in before you can comment on or make changes to this bug.