185038 – Atomics.*: all Atomic operations and functions must allow "undefined" or non-existant index argument

RESOLVED DUPLICATE of bug 212069 185038

Atomics.*: all Atomic operations and functions must allow "undefined" or non-existant index argument

https://bugs.webkit.org/show_bug.cgi?id=185038

Summary Atomics.*: all Atomic operations and functions must allow "undefined" or non-...

Rick Waldron

Reported 2018-04-26 11:50:06 PDT

Atomics.* functions all call ToIndex(...) on the "requestedIndex" argument. This abstract operation will turn "undefined" or "not actually present" into 0. Using a specially compiled JSC with this patch: https://gist.github.com/rwaldron/89ed9a4bb7a459db8d54c8fe77ead4b1, I observe the following: 1. To demonstrate that ToIndex is not broken elsewhere, in JSC: >>> new SharedArrayBuffer(undefined); [object SharedArrayBuffer] >>> new ArrayBuffer(undefined); [object ArrayBuffer] >>> new Int32Array(undefined); >>> var view = new DataView(new ArrayBuffer(4)); undefined >>> view.getUint8() 0 2. To demonstrate that ToIndex is broken for Atomics: >>> var sab = new SharedArrayBuffer(4); undefined >>> var i32a = new Int32Array(sab); undefined >>> Atomics.add(i32a, undefined, 1); Exception: RangeError: Access index is not an integer. >>> Atomics.store(i32a, undefined, 1); Exception: RangeError: Access index is not an integer. >>> Atomics.xor(i32a, undefined, 1); Exception: RangeError: Access index is not an integer. >>> Atomics.and(i32a, undefined, 1); Exception: RangeError: Access index is not an integer. >>> Atomics.sub(i32a, undefined, 1); Exception: RangeError: Access index is not an integer. >>> Atomics.compareExchange(i32a, undefined, 0, 1); Exception: RangeError: Access index is not an integer. >>> Atomics.exchange(i32a, undefined, 0, 1); Exception: RangeError: Access index is not an integer. >>> Atomics.load(i32a) Exception: RangeError: Access index is not an integer. Other engines produce the expected outcome: $ js js> var sab = new SharedArrayBuffer(4); js> var i32a = new Int32Array(sab); js> Atomics.load(i32a) 0 js> Atomics.add(i32a, undefined, 1); 0 js> Atomics.load(i32a); 1 js> Atomics.xor(i32a, undefined, 1); 1 js> Atomics.add(i32a, undefined, 1); 0 js> Atomics.add(i32a, undefined, 1); 1 js> Atomics.add(i32a, undefined, 1); 2 js> Atomics.or(i32a, undefined, 1); 3 js> Atomics.sub(i32a, undefined, 1); 3 js> Atomics.load(i32a); 2 $ v8 --harmony_sharedarraybuffer V8 version 6.8.72 d8> var sab = new SharedArrayBuffer(4); var i32a = new Int32Array(sab); Atomics.load(i32a) undefined d8> undefined d8> 0 d8> Atomics.add(i32a, undefined, 1); 0 d8> Atomics.load(i32a); 1 d8> Atomics.xor(i32a, undefined, 1); 1 d8> Atomics.add(i32a, undefined, 1); 0 d8> Atomics.add(i32a, undefined, 1); 1 d8> Atomics.add(i32a, undefined, 1); 2 d8> Atomics.or(i32a, undefined, 1); 3 d8> Atomics.sub(i32a, undefined, 1); 3 d8> Atomics.load(i32a); 2

Attachments
Add attachment proposed patch, testcase, etc.

Yusuke Suzuki

Comment 1 2020-11-04 01:57:14 PST

Will be fixed as a part of bug 212069. *** This bug has been marked as a duplicate of bug 212069 ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution DUPLICATE

of bug 212069

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Yusuke Suzuki

Reported

2018-04-26 11:50 PDT

Modified

2020-11-04 01:57 PST History

CC List

5 users Show

URL

Keywords

Depends on

Blocks