143396 – In the 64-bit DFG and FTL, Array::Double case for HasIndexedProperty should set its result to true when all is well

RESOLVED FIXED 143396

In the 64-bit DFG and FTL, Array::Double case for HasIndexedProperty should set its result to true when all is well

https://bugs.webkit.org/show_bug.cgi?id=143396

Summary In the 64-bit DFG and FTL, Array::Double case for HasIndexedProperty should s...

Mark Lam

Reported 2015-04-03 19:17:28 PDT

Currently, all other cases do set the result to true when in the successful path. Only the Array::Double case has neglected to do so. This bug does is only present in the 64-bit DFG.

Attachments
the patch. (6.66 KB, patch) 2015-04-06 14:44 PDT, Mark Lam	fpizlo: review-	Details Formatted Diff Diff
patch 2: with Fil's better doubles comparison. (6.67 KB, patch) 2015-04-06 14:53 PDT, Mark Lam	fpizlo: review+	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Mark Lam

Comment 1 2015-04-03 19:20:24 PDT

<rdar://problem/20096787>

Mark Lam

Comment 2 2015-04-06 14:19:16 PDT

Turns out that the FTL implementation of HasIndexedProperty has a similar but different problem. In this case, the FTL is setting the boolean result. However, the value that it is setting it with needs to be inverted. Michael helped me out with figuring out how to invert said bit. My tests appear to be passing now. Patch for fix coming soon.

Mark Lam

Comment 3 2015-04-06 14:44:34 PDT

Created attachment 250226 [details] the patch.

Filip Pizlo

Comment 4 2015-04-06 14:48:03 PDT

Comment on attachment 250226 [details] the patch. View in context: https://bugs.webkit.org/attachment.cgi?id=250226&action=review > Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp:4712 > - m_out.doubleNotEqualOrUnordered(doubleValue, doubleValue)); > - m_out.branch(checkHoleResult.value(), rarely(slowCase), usually(continuation)); > + m_out.bitNot(m_out.doubleNotEqualOrUnordered(doubleValue, doubleValue))); > + m_out.branch(checkHoleResult.value(), usually(continuation), rarely(slowCase)); You should just use doubleEqual() instead of bitNot(doubleNotEqualOrUnordered)

Mark Lam

Comment 5 2015-04-06 14:53:23 PDT

Created attachment 250228 [details] patch 2: with Fil's better doubles comparison.

Mark Lam

Comment 6 2015-04-06 15:49:24 PDT

Thanks. Landed in r182444: <http://trac.webkit.org/r182444>.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Mark Lam

Reported

2015-04-03 19:17 PDT

Modified

2015-04-06 15:49 PDT History

CC List

6 users Show

URL

Keywords InRadar

Depends on

Blocks