RESOLVED FIXED 98627
Using float/double as WTF hash table key is unreliable. 
https://bugs.webkit.org/show_bug.cgi?id=98627
Summary Using float/double as WTF hash table key is unreliable.
Andreas Kling
Reported 2012-10-07 19:59:55 PDT
There's a flaw in the way WTF::FloatHash is implemented, hash() hashes the raw underlying bits of the key value, but equal() compares using the regular float/double operator==. Since there are multiple ways to represent the same value in floating point format, we can end up with values that hash() to different results, yet are equal according to equal(). I first discovered this problem when lowering the default minimum table size of WTF hash tables. One unlucky HashMap<double, whatever> got zero (0) and signed zero (-0) values in the same bucket, and hence the first one got picked every time by lookup of both keys since equal() would return true for either one of them. I propose that we fix this by making FloatHash::equal() do a bitwise compare instead.
Attachments
Proposed patch (3.77 KB, patch)
2012-10-07 20:11 PDT, Andreas Kling 		ggaren: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Andreas Kling
Comment 1 2012-10-07 20:11:22 PDT
Created attachment 167498 [details] Proposed patch
Geoffrey Garen
Comment 2 2012-10-07 20:30:31 PDT
Comment on attachment 167498 [details] Proposed patch View in context: https://bugs.webkit.org/attachment.cgi?id=167498&action=review r=me Do we need to test positive infinity vs negative infinity? How about NaN? I guessed that the errors caused by your size=8 patch would be due to smoking out bugs in cases of collisions. I'm surprised by how many bugs there were! Perhaps it's worth doing a test run where you artificially make the first level hash for all hash tables ==0, just in case there are more issues like this. > Source/WTF/wtf/HashFunctions.h:108 > + typedef typename IntTypes<sizeof(T)>::UnsignedType FlattenedType; FWIW, I usually call a type like this "Bits".
Andreas Kling
Comment 3 2012-10-07 21:35:19 PDT
(In reply to comment #2) > I guessed that the errors caused by your size=8 patch would be due to smoking out bugs in cases of collisions. I'm surprised by how many bugs there were! > > Perhaps it's worth doing a test run where you artificially make the first level hash for all hash tables ==0, just in case there are more issues like this. Good idea, I'm gonna do exactly that. > > Source/WTF/wtf/HashFunctions.h:108 > > + typedef typename IntTypes<sizeof(T)>::UnsignedType FlattenedType; > > FWIW, I usually call a type like this "Bits". Will tweak before landing.
Andreas Kling
Comment 4 2012-10-08 07:44:59 PDT
Committed r130639: <http://trac.webkit.org/changeset/130639>
Darin Adler
Comment 5 2012-10-08 17:48:18 PDT
Fantastic. I was worrying about this issue in the back of my mind for a long time. Really happy that it’s this easy to fix. Fix looks elegant too.
Alexey Proskuryakov
Comment 6 2022-07-21 13:21:48 PDT
*** Bug 26334 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.