Bug 130509 - HashTable::add() works wrong when inserting of an empty value causes rehash
Summary: HashTable::add() works wrong when inserting of an empty value causes rehash
Status: RESOLVED INVALID
Alias: None
Product: WebKit
Classification: Unclassified
Component: Web Template Framework (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Mikhail Pozdnyakov
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-03-20 06:51 PDT by Mikhail Pozdnyakov
Modified: 2014-03-20 21:34 PDT (History)
6 users (show)

See Also:

Attachments
patch (3.76 KB, patch)
2014-03-20 07:16 PDT, Mikhail Pozdnyakov 		darin: review-
darin: commit-queue-
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mikhail Pozdnyakov 2014-03-20 06:51:11 PDT 
HashTable::rehash() always skips re-inserting of an empty entry, this causes wrong result of the parent HashTable::add() call i.e. map.add( empty value ).iterator.get() == nullptr.
Comment 1 Mikhail Pozdnyakov 2014-03-20 07:16:45 PDT 
Created attachment 227288 [details]
patch
Comment 2 Darin Adler 2014-03-20 09:09:11 PDT 
Comment on attachment 227288 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=227288&action=review

> Tools/TestWebKitAPI/Tests/WTF/HashMap.cpp:158
> +    ASSERT_TRUE(map.add(0, 0).iterator.get());

This doesn’t look right. We don’t support adding map entries where the key has the empty or deleted value. And 0 is the empty value from HashTraits<int>. So calling add(0, 0) is illegal and should cause an assertion in a debug build and undefined behavior in a release build.
Comment 3 Mikhail Pozdnyakov 2014-03-20 09:55:16 PDT 
(In reply to comment #2)
> (From update of attachment 227288 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=227288&action=review
> 
> > Tools/TestWebKitAPI/Tests/WTF/HashMap.cpp:158
> > +    ASSERT_TRUE(map.add(0, 0).iterator.get());
> 
> This doesn’t look right. We don’t support adding map entries where the key has the empty or deleted value. And 0 is the empty value from HashTraits<int>. So calling add(0, 0) is illegal and should cause an assertion in a debug build and undefined behavior in a release build.

Ah, I see. Thanks for clarification. Does it depend however on whether 'HashFunctions::safeToCompareToEmptyOrDeleted' is true or false? or we just never expect adding empty values?
Comment 4 Darin Adler 2014-03-20 21:34:12 PDT 
Comment on attachment 227288 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=227288&action=review

>>> Tools/TestWebKitAPI/Tests/WTF/HashMap.cpp:158
>>> +    ASSERT_TRUE(map.add(0, 0).iterator.get());
>> 
>> This doesn’t look right. We don’t support adding map entries where the key has the empty or deleted value. And 0 is the empty value from HashTraits<int>. So calling add(0, 0) is illegal and should cause an assertion in a debug build and undefined behavior in a release build.
> 
> Ah, I see. Thanks for clarification. Does it depend however on whether 'HashFunctions::safeToCompareToEmptyOrDeleted' is true or false? or we just never expect adding empty values?

No, it does not depend on that. The empty and deleted values are reserved values, and it’s illegal to use either of them as keys in the map.

HashFunctions::safeToCompareToEmptyOrDeleted is used to control optimizations inside the HashTable template. If it’s false, the template uses a more complex scheme to avoid ever comparing empty and deleted values with the hash function. If it’s true, then the template generates simpler, more efficient code. I’m not sure I remembered that exactly right, but it’s something like that.