Bug 217854 - Ensure %TypedArray% essential internal methods adhere to spec
Summary: Ensure %TypedArray% essential internal methods adhere to spec
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Ross Kirsling
URL:
Keywords: InRadar
: 184749 (view as bug list)
Depends on:
Blocks:
 
Reported: 2020-10-16 16:19 PDT by Ross Kirsling
Modified: 2020-10-19 16:29 PDT (History)
11 users (show)

See Also:

Attachments
Patch (43.11 KB, patch)
2020-10-16 16:42 PDT, Ross Kirsling 		no flags Details | Formatted Diff | Diff
Patch (46.70 KB, patch)
2020-10-16 18:07 PDT, Ross Kirsling 		ews-feeder: commit-queue-
Details | Formatted Diff | Diff
Patch for landing (56.32 KB, patch)
2020-10-17 00:50 PDT, Ross Kirsling 		no flags Details | Formatted Diff | Diff
Patch for landing (56.68 KB, patch)
2020-10-17 02:08 PDT, Ross Kirsling 		no flags Details | Formatted Diff | Diff
Unreviewed fix, for EWS (648 bytes, patch)
2020-10-17 15:55 PDT, Ross Kirsling 		no flags Details | Formatted Diff | Diff
Show Obsolete (4) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ross Kirsling 2020-10-16 16:19:11 PDT 
Ensure %TypedArray% essential internal methods adhere to spec
Comment 1 Ross Kirsling 2020-10-16 16:20:15 PDT 
*** Bug 184749 has been marked as a duplicate of this bug. ***
Comment 2 Ross Kirsling 2020-10-16 16:42:11 PDT 
Created attachment 411629 [details]
Patch
Comment 3 Ross Kirsling 2020-10-16 18:07:52 PDT 
Created attachment 411639 [details]
Patch
Comment 4 Yusuke Suzuki 2020-10-16 18:59:00 PDT 
Comment on attachment 411639 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=411639&action=review

> Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h:343
> +    if (Optional<uint32_t> index = parseIndex(propertyName))
> +        return getOwnPropertySlotByIndex(thisObject, globalObject, index.value(), slot);

Let's insert `static_assert(std::is_final_v<JSGenericTypedArrayView<Adaptor>>, "getOwnPropertySlotByIndex must not be overridden")` to ensure that no derived classes are overriding getOwnPropertySlotByIndex.

> Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h:359
> +        return putByIndex(thisObject, globalObject, index.value(), value, slot.isStrictMode());

Ditto.

> Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h:420
> +        return deletePropertyByIndex(thisObject, globalObject, index.value());

Ditto.

> JSTests/test262/expectations.yaml:1266
> +  strict mode: 'Test262Error: Expected a TypeError but got a Test262Error (Testing with Float64Array.)'

What is the reason of getting these new errors?
Comment 5 Yusuke Suzuki 2020-10-16 20:37:41 PDT 
Comment on attachment 411639 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=411639&action=review

r=me with LayoutTests updates.
And can you check the correct semantics is right in LLInt, JIT, etc.'s TypedArray fast paths?

>> JSTests/test262/expectations.yaml:1266
>> +  strict mode: 'Test262Error: Expected a TypeError but got a Test262Error (Testing with Float64Array.)'
> 
> What is the reason of getting these new errors?

Discussed with Ross offline. They are test262's bugs and tracked right now https://github.com/tc39/test262/pull/2833.
Comment 6 Ross Kirsling 2020-10-17 00:50:20 PDT 
Created attachment 411658 [details]
Patch for landing
Comment 7 Ross Kirsling 2020-10-17 02:08:51 PDT 
Created attachment 411661 [details]
Patch for landing
Comment 8 EWS 2020-10-17 02:59:33 PDT 
Committed r268640: <https://trac.webkit.org/changeset/268640>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 411661 [details].
Comment 9 Radar WebKit Bug Importer 2020-10-17 03:00:25 PDT 
<rdar://problem/70405764>
Comment 10 Ross Kirsling 2020-10-17 15:55:38 PDT Comment hidden (obsolete)
Comment 11 Ross Kirsling 2020-10-17 16:08:49 PDT 
Whoops, it seems I made a late adjustment that broke a test262 test. Opened bug 217883 to have EWS verify that my fix doesn't affect layout tests.
Comment 12 Alexey Shvayka 2020-10-18 14:32:50 PDT 
Comment on attachment 411661 [details]
Patch for landing

View in context: https://bugs.webkit.org/attachment.cgi?id=411661&action=review

> Source/JavaScriptCore/builtins/TypedArrayPrototype.js:-197
> -    function mergeSort(array, valueCount, comparator)

nit: When implementing r267514, I've measured a 10-15% regression when using outer scope variables instead of parameters.
We might also want to make a change similar to r267827, possibly sharing a few functions?
Comment 13 Ross Kirsling 2020-10-18 16:20:41 PDT 
(In reply to Alexey Shvayka from comment #12)
> Comment on attachment 411661 [details]
> Patch for landing
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=411661&action=review
> 
> > Source/JavaScriptCore/builtins/TypedArrayPrototype.js:-197
> > -    function mergeSort(array, valueCount, comparator)
> 
> nit: When implementing r267514, I've measured a 10-15% regression when using
> outer scope variables instead of parameters.
> We might also want to make a change similar to r267827, possibly sharing a
> few functions?

Thanks, that's a great idea! I can look into this tomorrow.